根据flume官网:当kafka涉及kerberos认证:
涉及两点配置,如下:
配置一:见下实例中红色部分
配置conf实例:
[root@gz237-107 conf]# cat flume_slipstream.conf
a1.sources =r1
a1.sinks = k1
a1.channels = c1
# 定义source
a1.sources.r1.type = avro
a1.sources.r1.bind = 0.0.0.0
a1.sources.r1.port = 8888
a1.sources.r1.channels = c1
# 定义sink
a1.sinks.k1.type = org.apache.flume.sink.kafka.KafkaSink
a1.sinks.k1.topic = test
a1.sinks.k1.brokerList = 172.20.237.107:9092
a1.sinks.k1.kafka.producer.security.protocol = SASL_PLAINTEXT
a1.sinks.k1.kafka.producer.sasl.mechanism = GSSAPI
a1.sinks.k1.kafka.producer.sasl.kerberos.service.name = kafka
a1.sinks.k1.requiredAcks = 1
a1.sinks.k1.batchSize = 20
a1.sinks.k1.channel = c1
a1.channels.c1.type = memory
a1.channels.c1.capacity = 1000
a1.channels.c1.transactionCapacity = 100
配置二:
配置flume-env.sh:加入
export JAVA_OPTS="-Djava.security.auth.login.config=/etc/kafka1/conf/jaas.conf -Djava.security.krb5.conf=/etc/kafka1/conf/krb5.conf"
jaas.conf配置如下:
KafkaServer { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/kafka1/conf/kafka.keytab" storeKey=true useTicketCache=false principal="kafka/gz237-107@TDH"; }; KafkaClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/kafka1/conf/kafka.keytab" storeKey=true useTicketCache=false principal="kafka/gz237-107@TDH"; }; // Zookeeper client authentication Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="/etc/kafka1/conf/kafka.keytab" principal="kafka/gz237-107@TDH"; };