求助一个 zookeeper 配置 acl， kafka 是否需要做相关修改的问题

我登陆到 zookeeper 后通过下方命令新增一个账号密码

addauth digest admin:123456
setAcl / auth:admin:cdrwa

通过下方测试看到 zookeeper 的账号密码应是生效了

[root@local-test bin]# ./zookeeper-shell.sh localhost:2181
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is disabled

WATCHER::

WatchedEvent state:SyncConnected type:None path:null
ls /          
Insufficient permission : /
addauth digest admin:123456
ls /
[admin, brokers, cluster, config, consumers, controller, controller_epoch, feature, isr_change_notification, latest_producer_id_block, log_dir_event_notification, zookeeper]

可我未对 kafka 做任何修改，为什么 kafka 创建 topic 、生产、消费依旧正常？

理论上 zookeeper 作为服务端添加了认证，kafka 作为客户端也需要修改一些配置吗。很是奇怪。

PS：我用的是 kafka v3.6.0 版本，zookeeper 使用的是 kafka 安装包中内置的。

OneXT

49 天前

重启了 kafka 后发现 kafka 起不来了。去掉 zookeeper 的 acl 后正常。

[2024-04-02 01:23:53,752] INFO Initiating client connection, connectString=127.0.0.1:2181 sessionTimeout=18000 watcher=kafka.zookeeper.ZooKeeperClient$ZooKeeperClientWatcher$@13c9d689 (org.apache.zookeeper.ZooKeeper)
[2024-04-02 01:23:53,757] INFO jute.maxbuffer value is 4194304 Bytes (org.apache.zookeeper.ClientCnxnSocket)
[2024-04-02 01:23:53,769] INFO zookeeper.request.timeout value is 0. feature enabled=false (org.apache.zookeeper.ClientCnxn)
[2024-04-02 01:23:53,772] INFO [ZooKeeperClient Kafka server] Waiting until connected. (kafka.zookeeper.ZooKeeperClient)
[2024-04-02 01:23:53,774] INFO Opening socket connection to server /127.0.0.1:2181. (org.apache.zookeeper.ClientCnxn)
[2024-04-02 01:23:53,779] INFO Socket connection established, initiating session, client: /127.0.0.1:33298, server: /127.0.0.1:2181 (org.apache.zookeeper.ClientCnxn)
[2024-04-02 01:23:53,788] INFO Session establishment complete on server /127.0.0.1:2181, session id = 0x100197062f30039, negotiated timeout = 18000 (org.apache.zookeeper.ClientCnxn)
[2024-04-02 01:23:53,792] INFO [ZooKeeperClient Kafka server] Connected. (kafka.zookeeper.ZooKeeperClient)
[2024-04-02 01:23:53,877] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /consumers
at org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:570)
at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1883)
at kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1781)
at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1773)
at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1773)
at scala.collection.immutable.List.foreach(List.scala:333)
at kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1773)
at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:658)
at kafka.server.KafkaServer.startup(KafkaServer.scala:222)
at kafka.Kafka$.main(Kafka.scala:113)
at kafka.Kafka.main(Kafka.scala)
[2024-04-02 01:23:53,882] INFO shutting down (kafka.server.KafkaServer)
[2024-04-02 01:23:53,900] INFO [ZooKeeperClient Kafka server] Closing. (kafka.zookeeper.ZooKeeperClient)
[2024-04-02 01:23:54,005] INFO Session: 0x100197062f30039 closed (org.apache.zookeeper.ZooKeeper)