From 663a9aa3a9f3dc285ea78847813db8c5c3443cca Mon Sep 17 00:00:00 2001 From: Kai Moritz Date: Wed, 11 Oct 2023 18:40:55 +0200 Subject: [PATCH] DOCKER und LOCALHOST erfordern Authentifizierung --- README.sh | 2 ++ docker/client.properties | 5 +++ docker/docker-compose.yml | 64 ++++++++++++++++++++++++++++++++++----- 3 files changed, 63 insertions(+), 8 deletions(-) create mode 100644 docker/client.properties diff --git a/README.sh b/README.sh index 7d6406d..9eb16c4 100755 --- a/README.sh +++ b/README.sh @@ -30,3 +30,5 @@ echo echo "Nachrichten lesen mit kafkacat" echo docker-compose -f docker/docker-compose.yml exec cli kafkacat -C -b kafka:9092 -t test -o beginning -e + +kafkacat -L -b :9092 -Xsecurity.protocol=sasl_plaintext -Xsasl.mechanisms=PLAIN -Xsasl.username=client -Xsasl.password=client-secret diff --git a/docker/client.properties b/docker/client.properties new file mode 100644 index 0000000..8a04387 --- /dev/null +++ b/docker/client.properties @@ -0,0 +1,5 @@ +sasl.mechanism=PLAIN +security.protocol=SASL_PLAINTEXT +sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ + username="client" \ + password="client-secret"; diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 1239f56..bf9addd 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -15,7 +15,7 @@ services: environment: KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9081 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-1:9091, DOCKER://kafka-1:9092, LOCALHOST://localhost:9081 KAFKA_BROKER_ID: 1 KAFKA_INTER_BROKER_LISTENER_NAME: BROKER @@ -29,7 +29,19 @@ services: -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_schemaregistry="schemaregistry-secret" \ + user_connect="connect-secret" \ + user_client="client-secret"; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_client="client-secret"; + KAFKA_INTER_BROKER_LISTENER_NAME: BROKER + KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: - ./jmx-exporter.yml:/etc/jmx-exporter.yml:ro - ./cruise-control-metrics-reporter.jar:/usr/share/java/kafka/cruise-control-metrics-reporter.jar:ro @@ -45,7 +57,7 @@ services: environment: KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9082 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-2:9091, DOCKER://kafka-2:9092, LOCALHOST://localhost:9082 KAFKA_BROKER_ID: 2 KAFKA_INTER_BROKER_LISTENER_NAME: BROKER @@ -59,7 +71,19 @@ services: -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_schemaregistry="schemaregistry-secret" \ + user_connect="connect-secret" \ + user_client="client-secret"; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_client="client-secret"; + KAFKA_INTER_BROKER_LISTENER_NAME: BROKER + KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: - ./jmx-exporter.yml:/etc/jmx-exporter.yml:ro - ./cruise-control-metrics-reporter.jar:/usr/share/java/kafka/cruise-control-metrics-reporter.jar:ro @@ -80,7 +104,7 @@ services: environment: KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9083 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-3:9091, DOCKER://kafka-3:9092, LOCALHOST://localhost:9083 KAFKA_BROKER_ID: 3 KAFKA_INTER_BROKER_LISTENER_NAME: BROKER @@ -94,7 +118,19 @@ services: -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_schemaregistry="schemaregistry-secret" \ + user_connect="connect-secret" \ + user_client="client-secret"; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_client="client-secret"; + KAFKA_INTER_BROKER_LISTENER_NAME: BROKER + KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: - ./jmx-exporter.yml:/etc/jmx-exporter.yml:ro - ./cruise-control-metrics-reporter.jar:/usr/share/java/kafka/cruise-control-metrics-reporter.jar:ro @@ -110,7 +146,7 @@ services: environment: KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9084 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-4:9091, DOCKER://kafka-4:9092, LOCALHOST://localhost:9084 KAFKA_BROKER_ID: 4 KAFKA_INTER_BROKER_LISTENER_NAME: BROKER @@ -124,7 +160,19 @@ services: -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_schemaregistry="schemaregistry-secret" \ + user_connect="connect-secret" \ + user_client="client-secret"; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN + KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | + org.apache.kafka.common.security.plain.PlainLoginModule required \ + user_client="client-secret"; + KAFKA_INTER_BROKER_LISTENER_NAME: BROKER + KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: - ./jmx-exporter.yml:/etc/jmx-exporter.yml:ro - ./cruise-control-metrics-reporter.jar:/usr/share/java/kafka/cruise-control-metrics-reporter.jar:ro -- 2.20.1