Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [kafka@myserverA confluent-3.0.1]$ /kafka/confluent-3.0.1/bin/kafka-console-consumer --bootstrap-server myserverA:9093 --zookeeper myserverA:2181/kafka --topic ssl-test --from-beginning --new-consumer --consumer.config /kafka/data/client/ssl/client.properties
- [2017-06-27 13:11:50,462] WARN Attempt to fetch offsets for partition ssl-test-0 failed due to: Not authorized to access topics: [Topic authorization failed.] (org.apache.kafka.clients.consumer.internals.Fetcher)
- [2017-06-27 13:11:50,473] WARN Error while fetching metadata with correlation id 6 : {ssl-test=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient)
- [2017-06-27 13:11:50,476] ERROR Unknown error when running consumer: (kafka.tools.ConsoleConsumer$)
- org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [ssl-test]
- ###################### SSL Configuration ################
- #
- ssl.keystore.location=/kafka/data/ssl/keystore/kafka.keystore.jks
- ssl.keystore.password=<hidden for this posting>
- ssl.key.password=<hidden for this posting>
- ssl.truststore.location=/kafka/data/ssl/truststore/kafka.truststore.jks
- ssl.truststore.password=<hidden for this posting>
- ssl.client.auth=requested
- #ssl.cipher.suites=
- ssl.enabled.protocols = TLSv1.2,TLSv1.1,TLSv1
- ssl.keystore.type = JKS
- ssl.truststore.type = JKS
- security.inter.broker.protocol=ssl
- # #### Enable ACLs ####
- authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
- allow.everyone.if.no.acl.found=true
- super.users=User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US;User:myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US;User:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US
- ###################### SSL Configuration ################
- #
- security.protocol=ssl
- ssl.keystore.location=/kafka/data/client/ssl/keystore/kafka.client.keystore.jks
- ssl.keystore.password=<hidden for this posting>
- ssl.key.password=<hidden for this posting>
- ssl.truststore.location=/kafka/data/client/ssl/truststore/kafka.client.truststore.jks
- ssl.truststore.password=<hidden for this posting>
- #ssl.provider=
- #ssl.cipher.suites=
- ssl.enabled.protocols = TLSv1.2,TLSv1.1,TLSv1
- ssl.keystore.type = JKS
- ssl.truststore.type = JKS
- [root@myserverA ~]# /kafka/confluent-3.0.1/bin/kafka-acls --authorizer-properties zookeeper.connect=myserverA:2181/kafka --list --topic ssl-test
- Current ACLs for resource `Topic:ssl-test`:
- User:CN=Test Client,OU=Test Client Unit,O=Test Client Org,L=LA,ST=CA,C=US has Allow permission for operations: Read from hosts: *
- User:CN=Test Client, OU=Test Client Unit, O=Test Client Org, L=LA, ST=CA, C=US has Allow permission for operations: Read from hosts: *
- User:myserverA has Allow permission for operations: Write from hosts: *
- User:myserverC has Allow permission for operations: Read from hosts: *
- User:CN=myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
- User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
- User:Test Client has Allow permission for operations: Read from hosts: *
- User:Test Client has Allow permission for operations: Write from hosts: *
- User:myserverB has Allow permission for operations: Write from hosts: *
- User:CN=Test Client,OU=Test Client Unit,O=Test Client Org,L=LA,ST=CA,C=US has Allow permission for operations: Write from hosts: *
- User:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
- User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
- User:CN=myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
- User:myserverB has Allow permission for operations: Read from hosts: *
- User:myserverA has Allow permission for operations: Read from hosts: *
- User:CN=Test Client, OU=Test Client Unit, O=Test Client Org, L=LA, ST=CA, C=US has Allow permission for operations: Write from hosts: *
- ser:myserverC has Allow permission for operations: Write from hosts: *
- ser:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
- [kafka@myserverA confluent-3.0.1]$ bin/kafka-console-producer --broker-list myserverA:9093 --topic ssl-test --producer.config /kafka/data/client/ssl/client.properties
- j
- k
- <Ctrl-D>
- bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
- --add
- --allow-principal User:Bob
- --consumer
- --topic Test-topic
- --group Group-1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement