加入kerberos 之后用普通命令行就无法直接操作kafka和zk了 需要增加几个文件
首先添加kafka的环境文件
- KafkaClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- storeKey=true
- keyTab="/var/lib/keytab/kafka.keytab"
- principal="kafka@TEST.COM";
- };
-
- 需要修改的就keytab位置和域
启动producer consumer 需要另外一个文件
- [root@master keytab]# cat producer.properties
- security.protocol=SASL_PLAINTEXT
- sasl.mechanism=GSSAPI
- sasl.kerberos.service.name=kafka
-
-
- [root@master keytab]# cat consumer.properties
- security.protocol=SASL_PLAINTEXT
- sasl.mechanism=GSSAPI
- sasl.kerberos.service.name=kafka
- group.id=test-consumer-group
然后命令行启动即可
- Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
- 这个报错可以这样清空一下缓存再试试
- kdestroy
- kinit -kt /var/lib/keytab/kafka.keytab kafka
-
-
- export KAFKA_OPTS="-Djava.security.auth.login.config=/var/lib/keytab/kafka_jaas.conf"
-
- kafka-console-producer --broker-list master.test.com:9092 --topic test1 --producer.config /var/lib/keytab/producer.properties
-
- consmer改一下对应的命令就行
连接zk也需要同样的一个配置文件
编写jaas-zk-keytab.conf文件
- Client {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/root/hbasenew.keytab"
- storeKey=true
- useTicketCache=false
- principal="hbase@RSD.COM";
- };
将jaas-zk-keytab.conf加载到环境变量
export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=jaas-zk-keytab.conf"
zookeeper-client -server master:2181连接客户端时候一定要用-server参数指定zookeeper节点,不然连接不上
不行就也kinit 一下 再连接