Kafka:动态更新 jaas 配置 [英] Kafka : Update jaas config dynamically

问题描述

我已经使用 sasl.jaas.config 属性为 kafka 设置了 jaas 配置.我想更新这个配置并动态添加用户.

根据此文档 -

我尝试使用以下命令更新 sasl.jaas.config:

bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config sasl.jaas.config="KafkaServer {\n org.apache.kafka.common.security.plain.PlainLoginModule 需要\n username=\"myuser\"\n password=\"mypassword\";\n};\nClient {\n org.apache.zookeeper.server.auth.DigestLoginModule 需要\n username=\"myuser2\"\n password=\"mypassword2\";\n};"

但它给了我以下错误:

requirement failed: Invalid entity config: 所有要添加的配置必须是key=val"格式

如果我查看上面的列，它说sasl.jaas.config 属性值的格式是(=)*.这是什么意思?

应如何传递 'sasl.jaas.config' 的值以动态更新 jaas 配置?

解决方案

虽然可以动态更新 sasl.jaas.config 以添加更多用户，但默认的普通登录模块并非旨在用于生产.

相反，您应该定义回调处理程序来处理用户身份验证.这在 Kafka Sasl Plain docs 中有描述.

另一个需要更多工作(但提供更多灵活性)的选项是创建您自己的登录模块.该过程在Kafka 可以提供自定义 LoginModule 以支持 LDAP?

<小时>

关于您收到的错误消息，这似乎是 kafka-config.sh 工具的问题.它不期望配置值包含 =.您应该能够使用 AdminClient API 更新该配置.

我在 JIRA 中找不到现有问题，因此创建了一个新问题:https://issues.apache.org/jira/browse/KAFKA-8010

I have setup the jaas config for kafka using sasl.jaas.config property. I want to update this config and add users dynamically.

As per this doc - http://kafka.apache.org/11/documentation.html#dynamicbrokerconfigs, we can do that by using bin/kafka-configs.sh.

The above doc has config column, which says as follow -

I have tried updating sasl.jaas.config with below command:

bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config sasl.jaas.config="KafkaServer {\n org.apache.kafka.common.security.plain.PlainLoginModule required\n username=\"myuser\"\n password=\"mypassword\";\n};\nClient {\n org.apache.zookeeper.server.auth.DigestLoginModule required\n username=\"myuser2\"\n password=\"mypassword2\";\n};"

But it gives me following error:

requirement failed: Invalid entity config: all configs to be added must be in the format "key=val"

If I look to above column, it says the format for value of sasl.jaas.config property is (=)*. What does this means?

How the value for 'sasl.jaas.config' should be passed to update jaas config dynamically?

解决方案

While it's possible to dynamically update sasl.jaas.config to add more users, the default Plain login module is not intended to be used in production.

Instead you should define callback handlers to handle authentication of users. This is described in the Kafka Sasl Plain docs.

Another option that requires more work (but give even more flexibility) is to create your own login module. The process is described in Can Kafka be provided with custom LoginModule to support LDAP?

---

Regarding the error message you get, this seems to be an issue with the kafka-config.sh tool. It's not expecting the config value to contain =. You should be able to update that config using the AdminClient API.

I couldn't find an existing issue in JIRA so created a new one: https://issues.apache.org/jira/browse/KAFKA-8010

这篇关于Kafka:动态更新 jaas 配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！