vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1041.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

34 lines
7.0 KiB
HTML
Raw Blame History

<a name="mrs_01_1041"></a><a name="mrs_01_1041"></a>
<h1 class="topictitle1">Kafka Token Authentication Mechanism Tool Usage</h1>
<div id="body1590134593902"><div class="section" id="mrs_01_1041__section114521155135419"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1041__p1334914418543">Operations need to be performed on tokens when the token authentication mechanism is used.</p>
<p id="mrs_01_1041__p1944684185813">This section applies to security clusters of MRS 3.<em id="mrs_01_1041__i66518147951922">x</em> or later.</p>
</div>
<div class="section" id="mrs_01_1041__section09120820550"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1041__ul534994119547"><li id="mrs_01_1041__li1535034112546">The system administrator has understood service requirements and prepared a system user.</li><li id="mrs_01_1041__li53502419548">The Kafka client has been installed.</li></ul>
</div>
<div class="section" id="mrs_01_1041__section177871538135511"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1041__ol124875612551"><li id="mrs_01_1041__li122480564554"><span>Log in as a client installation user to the node on which the Kafka client is installed.</span></li><li id="mrs_01_1041__li16918114569"><span>Switch to the Kafka client installation directory, for example, <strong id="mrs_01_1041__b107016349951922">/opt/kafkaclient</strong>.</span><p><p id="mrs_01_1041__p1735010414542"><strong id="mrs_01_1041__b435018418540">cd /opt/kafkaclient</strong></p>
</p></li><li id="mrs_01_1041__li196159493194"><span>Run the following command to configure environment variables:</span><p><p id="mrs_01_1041__p1359972013202"><strong id="mrs_01_1041__b1920152216">source bigdata_env</strong></p>
</p></li><li id="mrs_01_1041__li981818317208"><span>Run the following command to perform user authentication:</span><p><p id="mrs_01_1041__p49521337162017"><strong id="mrs_01_1041__b0991134617424">kinit</strong> <em id="mrs_01_1041__i179914468429">Component service user</em></p>
</p></li><li id="mrs_01_1041__li47671834105611"><span>Run the following command to switch to the Kafka client installation directory:</span><p><p id="mrs_01_1041__p193512041145420"><strong id="mrs_01_1041__b11351124115416">cd Kafka/kafka/bin</strong></p>
</p></li><li id="mrs_01_1041__li161674215560"><span>Use <strong id="mrs_01_1041__b1348204915212">kafka-delegation-tokens.sh</strong> to perform operations on tokens.</span><p><ul id="mrs_01_1041__ul163511041175417"><li id="mrs_01_1041__li235164145414">Generate a token for a user.<p id="mrs_01_1041__p956224715320"><a name="mrs_01_1041__li235164145414"></a><a name="li235164145414"></a><strong id="mrs_01_1041__b18901137946">./kafka-delegation-tokens.sh --create --bootstrap-server &lt;</strong><em id="mrs_01_1041__i484415371349">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__b1745320461242">&gt; --max-life-time-period &lt;</strong><em id="mrs_01_1041__i0580471748">Long: max life period in milliseconds</em><strong id="mrs_01_1041__b9953155516419">&gt; --command-config &lt;</strong><em id="mrs_01_1041__i204891561548">config file</em><strong id="mrs_01_1041__b189587216518">&gt; --renewer-principal User:&lt;</strong><em id="mrs_01_1041__i114801431755">user name</em><strong id="mrs_01_1041__b17958182751">&gt;</strong></p>
<p id="mrs_01_1041__p11562947732">Example: <strong id="mrs_01_1041__b55693335451922">./kafka-delegation-tokens.sh --create --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --command-config ../config/producer.properties --max-life-time-period -1 --renewer-principal User:username</strong></p>
</li></ul>
<ul id="mrs_01_1041__ul335174114542"><li id="mrs_01_1041__li1235164111546">List information about all tokens of a specified user.<p id="mrs_01_1041__p279481714514"><a name="mrs_01_1041__li1235164111546"></a><a name="li1235164111546"></a><strong id="mrs_01_1041__b12441281456">./kafka-delegation-tokens.sh --describe --bootstrap-server &lt;</strong><em id="mrs_01_1041__i1153613285516">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__b1449783315516">&gt; --command-config &lt;</strong><em id="mrs_01_1041__i11930533455">config file</em><strong id="mrs_01_1041__b1868723817513">&gt; --owner-principal User:&lt;</strong><em id="mrs_01_1041__i39253913510">user name</em><strong id="mrs_01_1041__b76871382512">&gt;</strong></p>
<p id="mrs_01_1041__p15794317059">Example: <strong id="mrs_01_1041__b190423373651922">./kafka-delegation-tokens.sh --describe --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --command-config ../config/producer.properties --owner-principal User:username</strong></p>
</li></ul>
<ul id="mrs_01_1041__ul13351204195416"><li id="mrs_01_1041__li14351541115410">Update the token validity period.<p id="mrs_01_1041__p51838483517"><a name="mrs_01_1041__li14351541115410"></a><a name="li14351541115410"></a><strong id="mrs_01_1041__b18804135813512">./kafka-delegation-tokens.sh --renew --bootstrap-server &lt;</strong><em id="mrs_01_1041__i1184759354">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__b43461859613">&gt; --renew-time-period &lt;</strong><em id="mrs_01_1041__i117717518615">Long: renew time period in milliseconds</em><strong id="mrs_01_1041__b193451391964">&gt; --command-config &lt;</strong><em id="mrs_01_1041__i19941493611">config file</em><strong id="mrs_01_1041__b1316951416610">&gt; --hmac &lt;</strong><em id="mrs_01_1041__i97067148612">String: HMAC of the delegation token</em><strong id="mrs_01_1041__b15169514769">&gt;</strong></p>
<p id="mrs_01_1041__p9183134818514">Example: <strong id="mrs_01_1041__b17117096351922">./kafka-delegation-tokens.sh --renew --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --renew-time-period -1 --command-config ../config/producer.properties --hmac ABCDEFG</strong></p>
</li></ul>
<ul id="mrs_01_1041__ul18351104125418"><li id="mrs_01_1041__li23511541115417">Destroy a token.<p id="mrs_01_1041__p174952317613"><a name="mrs_01_1041__li23511541115417"></a><a name="li23511541115417"></a><strong id="mrs_01_1041__b247942264">./kafka-delegation-tokens.sh --expire --bootstrap-server &lt;</strong><em id="mrs_01_1041__i154912426611">IP1:PORT, IP2:PORT,...</em><strong id="mrs_01_1041__b1235104813617">&gt; --expiry-time-period &lt;</strong><em id="mrs_01_1041__i93594483616">Long: expiry time period in milliseconds</em><strong id="mrs_01_1041__b923212526613">&gt; --command-config &lt;</strong><em id="mrs_01_1041__i97076521466">config file</em><strong id="mrs_01_1041__b818655713616">&gt; --hmac &lt;</strong><em id="mrs_01_1041__i18733757467">String: HMAC of the delegation token</em><strong id="mrs_01_1041__b118616571264">&gt;</strong></p>
<p id="mrs_01_1041__p134942311861">Example: <strong id="mrs_01_1041__b204898601151922">./kafka-delegation-tokens.sh --expire --bootstrap-server 192.168.1.1:21007,192.168.1.2:21007,192.168.1.3:21007 --expiry-time-period -1 --command-config ../config/producer.properties --hmac ABCDEFG</strong></p>
</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0375.html">Using Kafka</a></div>
</div>
</div>
View Git Blame Copy Permalink