Kafka:动态更新jaas配置 [英] Kafka : Update jaas config dynamically
问题描述
我已经使用 sasl.jaas.config
属性为kafka设置了jaas配置。我想更新此配置并动态添加用户。
根据此文档-
我尝试使用以下命令更新 sasl.jaas.config
:
bin / kafka-configs.sh --bootstrap-server localhost:9092-实体类型代理-实体名称59 --alter --add-config sasl.jaas。 config = KafkaServer {\n org.apache.kafka.common.security.plain.PlainLoginModule required\n username = \ myuser\ \n password = \ mypassword\; \n }; \nClient {\n org.apache.zookeeper.server.auth.D需要igestLoginModule\n username = \ myuser2\ \n password = \ mypassword2\; \n};
但是它给了我以下错误:
要求失败:无效的实体配置:要添加的所有配置必须采用以下格式: key = val
如果我看一下上面的列,它表示 sasl.jaas值的格式.config
属性为(=)*
。
应如何传递 sasl.jaas.config的值以动态更新jaas配置?
虽然可以动态更新 sasl.jaas.config
来添加更多用户,但是默认的Plain登录模块是
相反,您应该定义回调处理程序来处理用户身份验证。 Kafka Sasl Plain文档中对此进行了描述。
另一个需要更多工作(但具有更大灵活性)的选项是创建您自己的登录模块。该过程在中可以描述
关于收到的错误消息,这似乎是一个 kafka-config.sh
工具出现问题。它不希望配置值包含 =
。您应该能够使用AdminClient API更新该配置。
我在JIRA中找不到现有问题,因此创建了一个新问题: https://issues.apache.org/jira/browse/KAFKA-8010
I have setup the jaas config for kafka using sasl.jaas.config
property. I want to update this config and add users dynamically.
As per this doc - http://kafka.apache.org/11/documentation.html#dynamicbrokerconfigs, we can do that by using bin/kafka-configs.sh
.
The above doc has config column, which says as follow -
I have tried updating sasl.jaas.config
with below command:
bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config sasl.jaas.config="KafkaServer {\n org.apache.kafka.common.security.plain.PlainLoginModule required\n username=\"myuser\"\n password=\"mypassword\";\n};\nClient {\n org.apache.zookeeper.server.auth.DigestLoginModule required\n username=\"myuser2\"\n password=\"mypassword2\";\n};"
But it gives me following error:
requirement failed: Invalid entity config: all configs to be added must be in the format "key=val"
If I look to above column, it says the format for value of sasl.jaas.config
property is (=)*
. What does this means?
How the value for 'sasl.jaas.config' should be passed to update jaas config dynamically?
While it's possible to dynamically update sasl.jaas.config
to add more users, the default Plain login module is not intended to be used in production.
Instead you should define callback handlers to handle authentication of users. This is described in the Kafka Sasl Plain docs.
Another option that requires more work (but give even more flexibility) is to create your own login module. The process is described in Can Kafka be provided with custom LoginModule to support LDAP?
Regarding the error message you get, this seems to be an issue with the kafka-config.sh
tool. It's not expecting the config value to contain =
. You should be able to update that config using the AdminClient API.
I couldn't find an existing issue in JIRA so created a new one: https://issues.apache.org/jira/browse/KAFKA-8010
这篇关于Kafka:动态更新jaas配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!