Lucifer

0 声望

这家伙太懒,什么都没留下

个人动态
  • 嘟嘟 回复 Luciferkafka实战kerberos(笔记) 中 :

    你好你的问题解决了吗,我现在也是storm对接kafka, kafka和zookeeper都有kerberos认证

    6年前
  • Luciferkafka实战kerberos(笔记) 发表评论:

    你好,storm 消费kafka,认证不通过,storm 、kafka、zookeeper都需要认证。认证storm_jaas.conf配置如下:

    StormServer {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/etc/security/keytabs/nimbus.service.keytab"
   storeKey=true
   useTicketCache=false
   principal="nimbus/zdhdpvdca03.crhd0a.crc.hk@ZDHDPVDCA01.CRHD0A.CRC.HK";
};
StormClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/etc/security/keytabs/storm.headless.keytab"
   storeKey=true
   useTicketCache=false
   serviceName="nimbus"
   principal="storm-bdos@ZDHDPVDCA01.CRHD0A.CRC.HK";
};
Client {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/etc/security/keytabs/storm.headless.keytab"
   storeKey=true
   useTicketCache=false
   serviceName="zookeeper"
   principal="storm-bdos@ZDHDPVDCA01.CRHD0A.CRC.HK";
};

KafkaClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/etc/security/keytabs/storm.headless.keytab"
   storeKey=true
   useTicketCache=false
   serviceName="kafka"
   principal="storm-bdos@ZDHDPVDCA01.CRHD0A.CRC.HK";
};

    错误信息:

    2018-10-29 16:40:14.267 o.a.z.c.ZooKeeperSaslClient [ERROR] An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state.
2018-10-29 16:40:14.267 o.a.z.ClientCnxn [ERROR] SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state.
2018-10-29 16:40:14.268 o.a.c.ConnectionState [ERROR] Authentication failed
2018-10-29 16:40:14.281 b.s.util [ERROR] Async loop died!
java.lang.RuntimeException: java.lang.RuntimeException: org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /brokers/topics/test/partitions
 at storm.kafka.DynamicBrokersReader.getBrokerInfo(DynamicBrokersReader.java:82) ~[stormjar.jar:?]
    6年前