kafka berberos报错?

大海 发表于: 2019-07-30   最后更新时间: 2019-07-30 23:10:12   12,733 游览

环境

4个节点,1个kerberos server节点,另外3个节点为zookeeper+kafka集群,

前提

zookeeper配置kerberos运行正常;

问题出在kafka配置kerberos,kafka启动报错:

[2019-07-30 22:38:20,641] INFO Session establishment complete on server 10.206.20.162/10.206.20.162:2181, sessionid = 0x20002b818b20005, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)
[2019-07-30 22:38:20,642] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient)
[2019-07-30 22:38:20,654] ERROR SASL authentication failed using login context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)
[2019-07-30 22:38:20,655] INFO zookeeper state changed (AuthFailed) (org.I0Itec.zkclient.ZkClient)
[2019-07-30 22:38:20,655] INFO Terminate ZkClient event thread. (org.I0Itec.zkclient.ZkEventThread)
[2019-07-30 22:38:20,658] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure
        at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946)
        at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923)
        at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230)
        at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156)
        at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130)
        at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75)
        at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57)
        at kafka.server.KafkaServer.initZk(KafkaServer.scala:294)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:180)
        at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37)
        at kafka.Kafka$.main(Kafka.scala:67)
        at kafka.Kafka.main(Kafka.scala)
[2019-07-30 22:38:20,662] INFO shutting down (kafka.server.KafkaServer)
[2019-07-30 22:38:20,668] INFO shut down completed (kafka.server.KafkaServer)
[2019-07-30 22:38:20,669] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable)
org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure

相关配置:

kafka_server_jaas.conf 文件内容:

KafkaServer {
        com.sun.security.auth.module.Krb5LoginModule required
        useKeyTab=true
        storeKey=true
        keyTab="/apps/kafka/kafka.keytab"
        principal="kafka/rjzx162@ZH.COM";
};

KafkaClient {
        com.sun.security.auth.module.Krb5LoginModule required
        useKeyTab=true
        storeKey=true
        useTicketCache=true
        keyTab="/apps/kafka/kafka.keytab"
        principal="kafka/rjzx162@ZH.COM";
};

Client {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   storeKey=true
   useTicketCache=true
   keyTab="/apps/kafka/kafka.keytab"
   principal="kafka/rjzx162@ZH.COM";
};

zookeeper的jaas文件内容:

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/apps/kafka/kafka.keytab"
storeKey=true
useTicketCache=false
principal="kafka/rjzx162@ZH.COM";
};

kerberos服务器principles:

kadmin.local:  list_principals
K/M@ZH.COM
kadmin/admin@ZH.COM
kadmin/changepw@ZH.COM
kadmin/rjzx-161@ZH.COM
kafka/admin@ZH.COM
kafka/rjzx109@ZH.COM
kafka/rjzx162@ZH.COM
kafka/rjzx50@ZH.COM
kiprop/rjzx-161@ZH.COM
krbtgt/ZH.COM@ZH.COM
root/admin@ZH.COM
zookeeper/10.206.20.162@ZH.COM
zookeeper/10.206.20.50@ZH.COM
zookeeper/10.206.23.109@ZH.COM
zookeeper/rjzx109@ZH.COM
zookeeper/rjzx162@ZH.COM
zookeeper/rjzx50@ZH.COM

版本

  • zookeeper 3.4.14;
  • kafka:0.10.0.0;
  • jdk 1.8.0_202(JCE文件已替换)

==========
求大佬指教

发表于 2019-07-30
添加评论

先看看这篇文章
https://www.orchome.com/500

半兽人 -> 半兽人 5年前

/etc/krb5.conf修改东西,或重新生成keytabs之后,一定要重启kafka集群。

你的答案

查看kafka相关的其他问题或提一个您自己的问题