API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 5th, 2017
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.50 KB | None | 0 0
raw download clone embed print report
  1. [kafka@myserverA confluent-3.0.1]$ /kafka/confluent-3.0.1/bin/kafka-console-consumer --bootstrap-server myserverA:9093 --zookeeper myserverA:2181/kafka --topic ssl-test --from-beginning --new-consumer --consumer.config /kafka/data/client/ssl/client.properties
  2. [2017-06-27 13:11:50,462] WARN Attempt to fetch offsets for partition ssl-test-0 failed due to: Not authorized to access topics: [Topic authorization failed.] (org.apache.kafka.clients.consumer.internals.Fetcher)
  3. [2017-06-27 13:11:50,473] WARN Error while fetching metadata with correlation id 6 : {ssl-test=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient)
  4. [2017-06-27 13:11:50,476] ERROR Unknown error when running consumer: (kafka.tools.ConsoleConsumer$)
  5. org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [ssl-test]
  6.  
  7. ###################### SSL Configuration ################
  8. #
  9. ssl.keystore.location=/kafka/data/ssl/keystore/kafka.keystore.jks
  10. ssl.keystore.password=<hidden for this posting>
  11. ssl.key.password=<hidden for this posting>
  12. ssl.truststore.location=/kafka/data/ssl/truststore/kafka.truststore.jks
  13. ssl.truststore.password=<hidden for this posting>
  14.  
  15. ssl.client.auth=requested
  16. #ssl.cipher.suites=
  17. ssl.enabled.protocols = TLSv1.2,TLSv1.1,TLSv1
  18. ssl.keystore.type = JKS
  19. ssl.truststore.type = JKS
  20.  
  21. security.inter.broker.protocol=ssl
  22.  
  23. # #### Enable ACLs ####
  24. authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
  25. allow.everyone.if.no.acl.found=true
  26.  
  27. super.users=User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US;User:myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US;User:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US
  28.  
  29. ###################### SSL Configuration ################
  30. #
  31. security.protocol=ssl
  32.  
  33. ssl.keystore.location=/kafka/data/client/ssl/keystore/kafka.client.keystore.jks
  34. ssl.keystore.password=<hidden for this posting>
  35. ssl.key.password=<hidden for this posting>
  36. ssl.truststore.location=/kafka/data/client/ssl/truststore/kafka.client.truststore.jks
  37. ssl.truststore.password=<hidden for this posting>
  38.  
  39. #ssl.provider=
  40. #ssl.cipher.suites=
  41. ssl.enabled.protocols = TLSv1.2,TLSv1.1,TLSv1
  42. ssl.keystore.type = JKS
  43. ssl.truststore.type = JKS
  44.  
  45. [root@myserverA ~]# /kafka/confluent-3.0.1/bin/kafka-acls --authorizer-properties zookeeper.connect=myserverA:2181/kafka --list --topic ssl-test
  46. Current ACLs for resource `Topic:ssl-test`:
  47. User:CN=Test Client,OU=Test Client Unit,O=Test Client Org,L=LA,ST=CA,C=US has Allow permission for operations: Read from hosts: *
  48. User:CN=Test Client, OU=Test Client Unit, O=Test Client Org, L=LA, ST=CA, C=US has Allow permission for operations: Read from hosts: *
  49. User:myserverA has Allow permission for operations: Write from hosts: *
  50. User:myserverC has Allow permission for operations: Read from hosts: *
  51. User:CN=myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
  52. User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
  53. User:Test Client has Allow permission for operations: Read from hosts: *
  54. User:Test Client has Allow permission for operations: Write from hosts: *
  55. User:myserverB has Allow permission for operations: Write from hosts: *
  56. User:CN=Test Client,OU=Test Client Unit,O=Test Client Org,L=LA,ST=CA,C=US has Allow permission for operations: Write from hosts: *
  57. User:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
  58. User:CN=myserverA,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
  59. User:CN=myserverB,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Read from hosts: *
  60. User:myserverB has Allow permission for operations: Read from hosts: *
  61. User:myserverA has Allow permission for operations: Read from hosts: *
  62. User:CN=Test Client, OU=Test Client Unit, O=Test Client Org, L=LA, ST=CA, C=US has Allow permission for operations: Write from hosts: *
  63. ser:myserverC has Allow permission for operations: Write from hosts: *
  64. ser:CN=myserverC,OU=NBCUniversal,O=NBCUniversal,L=NY,ST=NY,C=US has Allow permission for operations: Write from hosts: *
  65.  
  66. [kafka@myserverA confluent-3.0.1]$ bin/kafka-console-producer --broker-list myserverA:9093 --topic ssl-test --producer.config /kafka/data/client/ssl/client.properties
  67. j
  68. k
  69. <Ctrl-D>
  70.  
  71. bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
  72. --add
  73. --allow-principal User:Bob
  74. --consumer
  75. --topic Test-topic
  76. --group Group-1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!