forked from docs/doc-exports
Yang, Tong
6182f91ba8
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
26 lines
3.2 KiB
HTML
26 lines
3.2 KiB
HTML
<a name="mrs_01_1071"></a><a name="mrs_01_1071"></a>
|
|
|
|
<h1 class="topictitle1">Connecting Flume to Kafka in Security Mode</h1>
|
|
<div id="body1590374670980"><div class="section" id="mrs_01_1071__section118041730183910"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1071__p9709853203911">This section describes how to connect to Kafka using the Flume client in security mode.</p>
|
|
<p id="mrs_01_1071__p44851455145513">This section applies to MRS 3.<em id="mrs_01_1071__i41449140742246">x</em> or later.</p>
|
|
</div>
|
|
<div class="section" id="mrs_01_1071__section323012579385"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1071__ol233532210497"><li id="mrs_01_1071__li1733512219493"><span>Create a <strong id="mrs_01_1071__b115743271542246">jaas.conf</strong> file and save it to <strong id="mrs_01_1071__b14147301242246">${</strong><em id="mrs_01_1071__i84811857742246">Flume client installation directory</em><strong id="mrs_01_1071__b66522575842246">} /conf</strong>. The content of the <strong id="mrs_01_1071__b19051782042246">jaas.conf</strong> file is as follows:</span><p><pre class="screen" id="mrs_01_1071__screen185662027125014">KafkaClient {
|
|
com.sun.security.auth.module.Krb5LoginModule required
|
|
useKeyTab=true
|
|
keyTab="<strong id="mrs_01_1071__b19566202715504">/opt/test/conf/user.keytab</strong>"
|
|
principal="<strong id="mrs_01_1071__b69461821105813">flume_hdfs@</strong><em id="mrs_01_1071__i16771222155811"><System domain name></em>"
|
|
useTicketCache=false
|
|
storeKey=true
|
|
debug=true;
|
|
};</pre>
|
|
<p id="mrs_01_1071__p1220119488420">Set <strong id="mrs_01_1071__b11076003342246">keyTab</strong> and <strong id="mrs_01_1071__b202755782042246">principal</strong> based on site requirements. The configured <strong id="mrs_01_1071__b39460068642246">principal</strong> must have certain kafka permissions.</p>
|
|
</p></li><li id="mrs_01_1071__li6380193494919"><span>Configure services. Set the port number of <strong id="mrs_01_1071__b90706449742246">kafka.bootstrap.servers</strong> to <strong id="mrs_01_1071__b14632465042246">21007</strong>, and set <strong id="mrs_01_1071__b60579623242246">kafka.security.protocol</strong> to <strong id="mrs_01_1071__b109678081342246">SASL_PLAINTEXT</strong>.</span></li><li id="mrs_01_1071__li1267133920497"><span>If the domain name of the cluster where Kafka is located is changed, change the value of <em id="mrs_01_1071__i2143611742246">-Dkerberos.domain.name</em> in the <strong id="mrs_01_1071__b124202632442246">flume-env.sh</strong> file in <strong id="mrs_01_1071__b52403596742246">$</strong>{<em id="mrs_01_1071__i205740266042246">Flume client installation directory</em>}<strong id="mrs_01_1071__b113935388342246"> /conf/</strong> based on the site requirements.</span></li><li id="mrs_01_1071__li543924394912"><span>Upload the configured <strong id="mrs_01_1071__b144249962642246">properties.properties</strong> file to <strong id="mrs_01_1071__b89496333842246">$</strong>{<em id="mrs_01_1071__i45267693742246">Flume client installation directory</em>} <strong id="mrs_01_1071__b93461629742246">/conf</strong>.</span></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0390.html">Using Flume</a></div>
|
|
</div>
|
|
</div>
|
|
|