kafka sasl认证

修改配置文件server.properties

端口监听信息修改成以下内容：

listeners=SASL_PLAINTEXT://192.168.0.1:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN

增加sever、client和配置文件

vim config/kafka_server_jaas.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="kafka"
    password="kafkapswd"
    user_kafka="kafkapswd"
    user_user1="iam password";
};

vim config/kafka_client_jaas.conf

KafkaClient {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="user1"
        password="iam password";
};

启动文件增加server配置信息

vim bin/kafka-server-start.sh

#添加账号
if [ "x$KAFKA_OPTS"  ]; then
    export KAFKA_OPTS="-Djava.security.auth.login.config=../config/kafka_server_jaas.conf"
fi

consumer 启动文件增加 client账号路径相关信息（调试使用）

vim bin/kafka-console-consumer.sh

#增加账号
if [ "x$KAFKA_OPTS"  ]; then
    export KAFKA_OPTS="-Djava.security.auth.login.config=./config/kafka_client_jaas.conf"
fi

启动kafka

#! /bin/bash
nohup  ./bin/kafka-server-start.sh  ./config/server.properties >nohup.log 2>&1 &

使用实例：

./bin/kafka-console-consumer.sh --bootstrap-server 192.168.0.1:9092  --topic iamtopic  --consumer-property security.protocol=SASL_PLAINTEXT --consumer-property sasl.mechanism=PLAIN

应用 logstash 连接带sasl kafka

vim config/logstash.conf
output 配置

output {
 kafka {
    bootstrap_servers => "10.100.25.145:9092,10.100.25.54:9092,10.100.25.120:9092"
    security_protocol => "SASL_PLAINTEXT"
    sasl_mechanism => "PLAIN"
    jaas_path => "./kafka-client-jaas.conf"
    topic_id => "link"
    enable_metric => false
    codec => json
 }