vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1041.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

33 lines
9.3 KiB
HTML
Raw Blame History

<a name="mrs_01_1041"></a><a name="mrs_01_1041"></a>
<h1 class="topictitle1">Kafka Token Authentication Mechanism Tool Usage</h1>
<div id="body8662426"><div class="section" id="mrs_01_1041__en-us_topic_0000001173471006_section114521155135419"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1041__en-us_topic_0000001173471006_p1334914418543">Operations need to be performed on tokens when the token authentication mechanism is used.</p>
</div>
<div class="section" id="mrs_01_1041__en-us_topic_0000001173471006_section09120820550"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1041__en-us_topic_0000001173471006_ul534994119547"><li id="mrs_01_1041__en-us_topic_0000001173471006_li1535034112546">The system administrator has understood service requirements and prepared a system user.</li><li id="mrs_01_1041__en-us_topic_0000001173471006_li53502419548">The Kafka client has been installed.</li></ul>
</div>
<div class="section" id="mrs_01_1041__en-us_topic_0000001173471006_section177871538135511"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1041__en-us_topic_0000001173471006_ol124875612551"><li id="mrs_01_1041__en-us_topic_0000001173471006_li122480564554"><span>Log in as a client installation user to the node on which the Kafka client is installed.</span></li><li id="mrs_01_1041__en-us_topic_0000001173471006_li16918114569"><span>Switch to the Kafka client installation directory, for example, <strong id="mrs_01_1041__en-us_topic_0000001173471006_b107016349951922">/opt/kafkaclient</strong>.</span><p><p id="mrs_01_1041__en-us_topic_0000001173471006_p1735010414542"><strong id="mrs_01_1041__en-us_topic_0000001173471006_b435018418540">cd /opt/kafkaclient</strong></p>
</p></li><li id="mrs_01_1041__en-us_topic_0000001173471006_li196159493194"><span>Run the following command to configure environment variables:</span><p><p id="mrs_01_1041__en-us_topic_0000001173471006_p1359972013202"><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1920152216">source bigdata_env</strong></p>
</p></li><li id="mrs_01_1041__en-us_topic_0000001173471006_li15295192685612"><span>Run the following command to perform user authentication (skip this step in normal mode):</span><p><p id="mrs_01_1041__en-us_topic_0000001173471006_p735004119545"><strong id="mrs_01_1041__en-us_topic_0000001173471006_b71158334151922">kinit</strong> <em id="mrs_01_1041__en-us_topic_0000001173471006_i94730247451922">Component service user</em></p>
</p></li><li id="mrs_01_1041__en-us_topic_0000001173471006_li47671834105611"><span>Run the following command to switch to the Kafka client installation directory:</span><p><p id="mrs_01_1041__en-us_topic_0000001173471006_p193512041145420"><strong id="mrs_01_1041__en-us_topic_0000001173471006_b11351124115416">cd Kafka/kafka/bin</strong></p>
</p></li><li id="mrs_01_1041__en-us_topic_0000001173471006_li161674215560"><span>Use <strong id="mrs_01_1041__en-us_topic_0000001173471006_b1348204915212">kafka-delegation-tokens.sh</strong> to perform operations on tokens.</span><p><ul id="mrs_01_1041__en-us_topic_0000001173471006_ul163511041175417"><li id="mrs_01_1041__en-us_topic_0000001173471006_li235164145414">Generate a token for a user.<p id="mrs_01_1041__en-us_topic_0000001173471006_p956224715320"><a name="mrs_01_1041__en-us_topic_0000001173471006_li235164145414"></a><a name="en-us_topic_0000001173471006_li235164145414"></a><strong id="mrs_01_1041__en-us_topic_0000001173471006_b18901137946">./kafka-delegation-tokens.sh --create --bootstrap-server &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i484415371349">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1745320461242">&gt; --max-life-time-period &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i0580471748">Long: max life period in milliseconds</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b9953155516419">&gt; --command-config &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i204891561548">config file</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b189587216518">&gt; --renewer-principal User:&lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i114801431755">user name</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b17958182751">&gt;</strong></p>
<p id="mrs_01_1041__en-us_topic_0000001173471006_p11562947732">Example: <strong id="mrs_01_1041__en-us_topic_0000001173471006_b55693335451922">./kafka-delegation-tokens.sh --create --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --command-config ../config/producer.properties --max-life-time-period -1 --renewer-principal User:username</strong></p>
</li></ul>
<ul id="mrs_01_1041__en-us_topic_0000001173471006_ul335174114542"><li id="mrs_01_1041__en-us_topic_0000001173471006_li1235164111546">List information about all tokens of a specified user.<p id="mrs_01_1041__en-us_topic_0000001173471006_p279481714514"><a name="mrs_01_1041__en-us_topic_0000001173471006_li1235164111546"></a><a name="en-us_topic_0000001173471006_li1235164111546"></a><strong id="mrs_01_1041__en-us_topic_0000001173471006_b12441281456">./kafka-delegation-tokens.sh --describe --bootstrap-server &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i1153613285516">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1449783315516">&gt; --command-config &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i11930533455">config file</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1868723817513">&gt; --owner-principal User:&lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i39253913510">user name</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b76871382512">&gt;</strong></p>
<p id="mrs_01_1041__en-us_topic_0000001173471006_p15794317059">Example: <strong id="mrs_01_1041__en-us_topic_0000001173471006_b190423373651922">./kafka-delegation-tokens.sh --describe --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --command-config ../config/producer.properties --owner-principal User:username</strong></p>
</li></ul>
<ul id="mrs_01_1041__en-us_topic_0000001173471006_ul13351204195416"><li id="mrs_01_1041__en-us_topic_0000001173471006_li14351541115410">Update the token validity period.<p id="mrs_01_1041__en-us_topic_0000001173471006_p51838483517"><a name="mrs_01_1041__en-us_topic_0000001173471006_li14351541115410"></a><a name="en-us_topic_0000001173471006_li14351541115410"></a><strong id="mrs_01_1041__en-us_topic_0000001173471006_b18804135813512">./kafka-delegation-tokens.sh --renew --bootstrap-server &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i1184759354">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b43461859613">&gt; --renew-time-period &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i117717518615">Long: renew time period in milliseconds</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b193451391964">&gt; --command-config &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i19941493611">config file</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1316951416610">&gt; --hmac &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i97067148612">String: HMAC of the delegation token</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b15169514769">&gt;</strong></p>
<p id="mrs_01_1041__en-us_topic_0000001173471006_p9183134818514">Example: <strong id="mrs_01_1041__en-us_topic_0000001173471006_b17117096351922">./kafka-delegation-tokens.sh --renew --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --renew-time-period -1 --command-config ../config/producer.properties --hmac ABCDEFG</strong></p>
</li></ul>
<ul id="mrs_01_1041__en-us_topic_0000001173471006_ul18351104125418"><li id="mrs_01_1041__en-us_topic_0000001173471006_li23511541115417">Destroy a token.<p id="mrs_01_1041__en-us_topic_0000001173471006_p174952317613"><a name="mrs_01_1041__en-us_topic_0000001173471006_li23511541115417"></a><a name="en-us_topic_0000001173471006_li23511541115417"></a><strong id="mrs_01_1041__en-us_topic_0000001173471006_b247942264">./kafka-delegation-tokens.sh --expire --bootstrap-server &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i154912426611">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b1235104813617">&gt; --expiry-time-period &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i93594483616">Long: expiry time period in milliseconds</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b923212526613">&gt; --command-config &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i97076521466">config file</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b818655713616">&gt; --hmac &lt;</strong><em id="mrs_01_1041__en-us_topic_0000001173471006_i18733757467">String: HMAC of the delegation token</em><strong id="mrs_01_1041__en-us_topic_0000001173471006_b118616571264">&gt;</strong></p>
<p id="mrs_01_1041__en-us_topic_0000001173471006_p134942311861">Example: <strong id="mrs_01_1041__en-us_topic_0000001173471006_b204898601151922">./kafka-delegation-tokens.sh --expire --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --expiry-time-period -1 --command-config ../config/producer.properties --hmac ABCDEFG</strong></p>
</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0375.html">Using Kafka</a></div>
</div>
</div>
View Git Blame Copy Permalink