Confluent
1 前言
一个问题,一篇文章,一出故事。
笔者安装Confluent Kafka没有认证,于是整理此文。
2 最佳实践
2.1 部署Confluent Kafka环境
本章基于以上环境,如果你需要理解本文,建议你先按如下章节搭建环境,
2.2 配置基本认证
2.2.1 启用基本身份验证
vim /etc/confluent-control-center/control-center-production.properties
添加如下配置,
# Enable Basic authentication for Control Center confluent.controlcenter.rest.authentication.method=BASIC confluent.controlcenter.rest.authentication.realm=c3 confluent.controlcenter.rest.authentication.roles=Administrators,Restricted confluent.controlcenter.auth.restricted.roles=Restricted confluent.controlcenter.auth.session.expiration.ms=600000
2.2.2 声明认证域名c3的配置文件
vim /etc/confluent-control-center/propertyfile.jaas.conf
添加如下配置,
c3 { org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required file="/etc/confluent-control-center/password.properties"; };
根据以上定义,你需要使用如下命令定义登录的账号信息,
vim /etc/confluent-control-center/password.properties
添加如下配置,
admin: adminpwd,Administrators user: userpwd,Restricted
2.2.3 加载认证域名c3的配置文件
vim /etc/default/confluent-control-center
添加如下配置,
CONTROL_CENTER_OPTS="-Djava.security.auth.login.config=/etc/confluent-control-center/propertyfile.jaas.conf"
配置修改后,你需要使用如下命令重载使配置生效,
systemctl daemon-reload
2.2.4 重启服务使配置生效
systemctl restart confluent-control-center
2.2.5 测试登录
http://cfkafka01.cmdschool.org:9021
参阅文档
=================
https://docs.confluent.io/platform/current/control-center/security/authentication.html
没有评论