Kafka Kerberos认证报WARN Error while fetching metadata with correlation id 1 : {las=LEADER_NOT_AVAILABLE}

July。 发表于: 2021-05-31   最后更新时间: 2021-05-31 13:56:00   2,373 游览

服务器没有域名,本来只有一个网口,IP是10.43.190.104,配置Kerberos认证时,创建principal为kafka/10.43.190.104@HADOOP.COM启动认证没问题,可以正常生产消费消息。

后来服务器加了一个万兆网口,IP是10.0.1.1创建principal为kafka/10.0.1.1@HADOOP.COM,生产消息报错。

环境

kafka kafka_2.11-0.11.0.1

相关配置

krb5.conf

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = HADOOP.COM
 dns_lookup_realm = false
 dns_lookup_kdc = 10.0.1.1:88
 ticket_lifetime = 500d
 renew_lifetime = 500d
 forwardable = true

[realms]
 HADOOP.COM = {
  kdc = 10.0.1.1:88
  admin_server = 10.0.1.1:749
  default_domain = HADOOP.COM
 }

[domain_realm]
 .hadoop.com = HADOOP.COM
 hadoop.com = HADOOP.COM

server.properties

advertised.listeners=SASL_PLAINTEXT://10.0.1.1:9092
listeners=SASL_PLAINTEXT://10.0.1.1:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka

producer.properties,增加如下配置

security.protocol = SASL_PLAINTEXT
sasl.mechanism = GSSAPI
sasl.kerberos.service.name =kafka

consumer.properties,增加如下配置

security.protocol = SASL_PLAINTEXT
sasl.mechanism = GSSAPI
sasl.kerberos.service.name =kafka

kafka-run-class.sh

if [ -z "$KAFKA_JVM_PERFORMANCE_OPTS" ]; then
  KAFKA_JVM_PERFORMANCE_OPTS="-server -XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35 -XX:+DisableExplicitGC -Djava.awt.headless=true -Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/home/install/kafka_2.11-0.11.0.1//config/kafka-jaas.conf"
fi

报错信息

采用命令行生产数据

bin/kafka-console-producer.sh --broker-list 10.0.1.1:9092 --topic las --producer.config config/producer.properties

报错信息

WARN Error while fetching metadata with correlation id 1 : {las=LEADER_NOT_AVAILABLE}
WARN Error while fetching metadata with correlation id 2 : {las=LEADER_NOT_AVAILABLE}
WARN Error while fetching metadata with correlation id 3 : {las=LEADER_NOT_AVAILABLE}
kafka Kerberos
发表于 2021-05-31
July。
添加评论

1、生产带上KAFKA_OPTS:

export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf"

bin/kafka-console-producer.sh --broker-list orchome:9093 --topic test --producer.config config/producer.properties

2、你关注下kafka服务端的日志,看看是否有什么异常信息,包括认认证日志(非常重要)。

回复
回答于 3年前
半兽人
你的答案

查看kafka相关的其他问题或提一个您自己的问题
提问

找不到想要的答案?提一个您自己的问题。