问题描述
在尝试使用kerberos auth连接Kafka时遇到问题.使用scala和我的 jaas.config
看起来像这样.
Running into issues when trying to use kerberos auth with connecting to Kafka. Using scala and my jaas.config
looks something like this.
KafkaClient { <br />
com.sun.security.auth.module.Krb5LoginModule required <br />
useKeyTab=true<br />
keyTab="/etc/security/keytabs/storm.service.keytab"<br />
storeKey=true<br />
useTicketCache=false<br />
serviceName="kafka"<br />
principal="[email protected]";<br />
debug=true<br />
client=true; };<br />
Exception in thread "main" org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:799)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:615)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:596)
at org.apache.spark.sql.kafka010.SubscribeStrategy.createConsumer(ConsumerStrategy.scala:62)
at org.apache.spark.sql.kafka010.KafkaOffsetReader.createConsumer(KafkaOffsetReader.scala:314)
at org.apache.spark.sql.kafka010.KafkaOffsetReader.<init>(KafkaOffsetReader.scala:78)
at
org.apache.spark.sql.kafka010.KafkaSourceProvider.createContinuousReader(KafkaSourceProvider.scala:130)
at org.apache.spark.sql.kafka010.KafkaSourceProvider.createContinuousReader(KafkaSourceProvider.scala:43)
at org.apache.spark.sql.streaming.DataStreamReader.load(DataStreamReader.scala:185)
at com.gm.SparkDataIngest.Main$.main(Main.scala:119)
at com.gm.SparkDataIngest.Main.main(Main.scala)
Caused by: java.lang.IllegalArgumentException: Login module control flag is not available in the JAAS config
at org.apache.kafka.common.security.JaasConfig.loginModuleControlFlag(JaasConfig.java:85)
at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:111)
at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)
at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:148)
at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:142)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:119)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:65)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:88)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:713)
推荐答案
如果您的JAAS配置确实是您所显示的,那么您会遇到语法错误-特别是,多余的分号; ,使解析器失败,因为它找到了没有意义的第二个配置条目.
If your JAAS config is indeed what you have shown, then you have a syntax error -- specifically, an extra semicolon ; that makes the parser fail because it finds a 2nd config entry that does not make sense.
JAAS配置应该很简单(并注意分号在哪里)...
The JAAS config should be either simple (and note where the semicolons are)...
Blurb {
some.login.module.class status
option1=value1
option2="value2"
;
};
...或者复杂(现在您了解了分号的含义...
...or complex (and now you understand what the semicolons imply...
Blurb {
some.login.module.class status
option1=value1
option2="value2"
;
other.login.module.class status
option3=value3
;
};
DahDah {
some.login.module.class status
option1=value99
option2="value88"
;
};
顺便说一句,您可以通过设置
-Djava.security.debug = configparser
我个人在对Kerberos进行故障排除时总是使用组合 -Dsun.security.krb5.debug = true
-Djava.security.debug = gssloginconfig,configfile,configparser,logincontext
问题.
Personally I always use the combo -Dsun.security.krb5.debug=true
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext
when troubleshooting Kerberos issues.
这篇关于登录模块控制标志在JAAS配置中不可用-Scala Kafka的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!