Kafka“JAAS 配置中未指定登录模块" [英] Kafka "Login module not specified in JAAS config"

问题描述

我在使用控制台脚本与使用 sasl 保护的 Kafka 通信时遇到问题.Kafka 使用 sasl 保护，监听器是 SASL_PLAINTEXT，机制是 PLAIN.

I have a problem communicating with Kafka secured with sasl using console scripts. Kafka is secured with sasl, listener is SASL_PLAINTEXT and mechanism is PLAIN.

我做了什么:我尝试使用 kafka 脚本之一列出一些数据:

What I did: I tried listing some data using one of kafka scripts:

bin/kafka-consumer-groups.sh --bootstrap-server (address) --list

但是我得到了

WARN Bootstrap broker (address) disconnected (org.apache.kafka.clients.NetworkClient)

并且命令失败，这是可以理解的，因为它是由 sasl 保护的.

and command fails, which is understandable because it's secured with sasl.

所以我尝试了如何将客户端用户名/密码添加到该命令中.首先，我尝试运行 kafka-console-consumer 脚本，我使用 --command-config 添加必要的文件.我很快发现我不能直接添加 jaas 文件，我需要使用 .properties 文件，所以我做了.

So I tried how to add client username/password to that command. First, I tried to run kafka-console-consumer script, I used --command-config to add necessary file. I quickly discovered that I can't add jaas file directly and I needed to use .properties file, so I did.

我的属性文件(请记住，括号表示审查"数据，我不能将所有真实数据放在这里):

My properties file(keep in mind that brackets indicate "censored" data, I can't put all real data here):

bootstrap.servers=(address)
zookeeper.connect=127.0.0.1:2181
zookeeper.connection.timeout.ms=6000
sasl.jaas.config=(path)/consumer_jaas.conf
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
group.id=(group)

我的 jaas 文件:

My jaas file:

KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username=(username)
    password=(password);
};

这个 jaas 文件适用于我的标准 Java 应用程序.

This jaas file works in my standard java applications.

但是，当我尝试运行 kafka-console-groups 脚本或 kafka-console-consumer 时，出现此错误:

However, when I'm trying to run either kafka-consumer-groups script or kafka-console-consumer, I get this error:

Exception in thread "main" org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:94)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:93)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:51)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:84)
at kafka.admin.AdminClient$.create(AdminClient.scala:229)
at kafka.admin.AdminClient$.create(AdminClient.scala:223)
at kafka.admin.AdminClient$.create(AdminClient.scala:221)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.createAdminClient(ConsumerGroupCommand.scala:454)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.<init>(ConsumerGroupCommand.scala:389)
at kafka.admin.ConsumerGroupCommand$.main(ConsumerGroupCommand.scala:65)
at kafka.admin.ConsumerGroupCommand.main(ConsumerGroupCommand.scala)
Caused by: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:68)
at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:59)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:85)

这个 jaas 文件是我在与 kafka 通信的 java 应用程序中使用的文件的直接副本，它可以工作，但是在这里，使用控制台工具，它不起作用.我尝试寻找解决方案，但找不到任何有用的东西.

This jaas file is a direct copy of a file that I'm using in java app that communicates with kafka and it works, however here, using console tools, it just doesn't work. I tried searching for a solution but I can't find anything useful.

谁能帮我解决这个问题?

Can anyone help me with this?

推荐答案

有两种方法可以向 Kafka 客户端提供 JAAS 配置.

There are 2 ways to provide the JAAS configuration to the Kafka clients.

• 通过客户端属性:sasl.jaas.config.在这种情况下，您将其设置为实际的 JAAS 配置条目.比如你的配置文件变成:

• Via the client property: sasl.jaas.config. In that case you set it to the actual JAAS configuration entry. For example, your configuration file becomes:

bootstrap.servers=(address)
zookeeper.connect=127.0.0.1:2181
zookeeper.connection.timeout.ms=6000
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
group.id=(group)

正如您已经发现的，您可以使用 --command-config 将属性文件传递给 kafka-consumer-groups.sh.

As you've already figured out, you can use --command-config to pass a properties file to kafka-consumer-groups.sh.

通过 Java 属性:java.security.auth.login.config.在这种情况下，您将其设置为 JAAS 文件的路径.此外，如果您在 KAFKA_OPTS 中设置它，kafka-consumer-groups.sh 将自动获取.

Via the Java property: java.security.auth.login.config. In this case, you set it to the path of your JAAS file. Also if you set it in KAFKA_OPTS, kafka-consumer-groups.sh will pick it up automatically.

export KAFKA_OPTS="-Djava.security.auth.login.config=(path)/consumer_jaas.conf"

这篇关于Kafka“JAAS 配置中未指定登录模块"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！