kafka-manager
# 要求 Kafka 0.8.. or 0.9.. or 0.10.. or 0.11.. Java 11+ [root@kafka ~]# https://github.com/yahoo/CMAK/releases/download/3.0.0.5/cmak-3.0.0.5.zip [root@kafka ~]# cd /usr/local [root@kafka localhost]# unzip -o cmak-3.0.0.5.zip [root@kafka localhost]# cd cmak/conf [root@kafka conf]# cp application.conf{,.bak} [root@kafka conf]# vim application.conf # kafka-manager.zkhosts="kafka-manager-zookeeper:2181" # kafka-manager.zkhosts=${?ZK_HOSTS} cmak.zkhosts="192.168.57.130:12181,192.168.57.131:12181,192.168.57.132:12181" # cmak.zkhosts=${?ZK_HOSTS} [root@kafka conf]# ../bin/cmak # 启动
# 默认情况下,它将选择端口9000。这是可覆盖的,配置文件的位置也是如此 [root@kafka bin]# ./cmak -Dconfig.file=/path/to/application.conf -Dhttp.port=8080 # 如果java不在您的路径中,或者您需要针对其他版本的Java运行,请添加-java-home选项 [root@kafka bin]# ./cmak -java-home /usr/lib/jvm/zulu-11-amd64 # 通过安全性启动服务,要为SASL添加JAAS配置(注意:确保运行CMAK(pka kafka管理器)的用户具有jaas配置文件的读取权限) [root@kafka bin]# ./cmak -Djava.security.auth.login.config=/path/to/my-jaas.conf
配置文件解释(从github上拉取的)
#版权所有2015 Yahoo Inc.。已获得Apache许可,版本2.0 #请参阅随附的LICENSE文件。 #这是应用程序的主要配置文件。 #~~~~~ # 密钥 #~~~~~ #密钥用于保护密码功能。 #如果将应用程序部署到多个实例,请确保使用相同的密钥! play.crypto.secret =“ ^ <csmm5Fx4d = r2HEX8pelM3iBkFVv?k [mc; IZE <_Qoq8EkX_ / 7 @ Zt6dP05Pzea3U” play.crypto.secret = $ {?APPLICATION_SECRET} play.http.session.maxAge =“ 1h” #应用语言 #~~~~~ play.i18n.langs = [“ en”] play.http.requestHandler =“ play.http.DefaultHttpRequestHandler” play.http.context =“ /” play.application.loader = loader.KafkaManagerLoader # 以'kafka-manager'开头的设置。将不推荐使用,请使用“ cmak”。代替。 # https://github.com/yahoo/CMAK/issues/713 kafka-manager.zkhosts =“ kafka-manager-zookeeper:2181” kafka-manager.zkhosts = $ {?ZK_HOSTS} cmak.zkhosts =“ kafka-manager-zookeeper:2181” cmak.zkhosts = $ {?ZK_HOSTS} pinned-dispatcher.type =“ PinnedDispatcher” pinned-dispatcher.executor =“线程池执行器” application.features = [“” KMClusterManagerFeature“,” KMTopicManagerFeature“,” KMPreferredReplicaElectionFeature“,” KMReassignPartitionsFeature“,” KMScheduleLeaderElectionFeature“] 阿卡{ 记录器= [“ akka.event.slf4j.Slf4jLogger”] loglevel =“ INFO” } akka.logger-startup-timeout = 60s basicAuthentication.enabled = false basicAuthentication.enabled = $ {?KAFKA_MANAGER_AUTH_ENABLED} basicAuthentication.ldap.enabled = false basicAuthentication.ldap.enabled = $ {?KAFKA_MANAGER_LDAP_ENABLED} basicAuthentication.ldap.server =“” basicAuthentication.ldap.server = $ {?KAFKA_MANAGER_LDAP_SERVER} basicAuthentication.ldap.port = 389 basicAuthentication.ldap.port = $ {?KAFKA_MANAGER_LDAP_PORT} basicAuthentication.ldap.username =“” basicAuthentication.ldap.username = $ {?KAFKA_MANAGER_LDAP_USERNAME} basicAuthentication.ldap.password =“” basicAuthentication.ldap.password = $ {?KAFKA_MANAGER_LDAP_PASSWORD} basicAuthentication.ldap.search-base-dn =“” basicAuthentication.ldap.search-base-dn = $ {?KAFKA_MANAGER_LDAP_SEARCH_BASE_DN} basicAuthentication.ldap.search-filter =“(uid = $ capturedLogin $)” basicAuthentication.ldap.search-filter = $ {?KAFKA_MANAGER_LDAP_SEARCH_FILTER} basicAuthentication.ldap.group-filter =“” basicAuthentication.ldap.group-filter = $ {?KAFKA_MANAGER_LDAP_GROUP_FILTER} basicAuthentication.ldap.connection-pool-size = 10 basicAuthentication.ldap.connection-pool-size = $ {?KAFKA_MANAGER_LDAP_CONNECTION_POOL_SIZE} basicAuthentication.ldap.ssl = false basicAuthentication.ldap.ssl = $ {?KAFKA_MANAGER_LDAP_SSL} basicAuthentication.ldap.ssl-trust-all = false basicAuthentication.ldap.ssl-trust-all = $ {?KAFKA_MANAGER_LDAP_SSL_TRUST_ALL} basicAuthentication.username =“ admin” basicAuthentication.username = $ {?KAFKA_MANAGER_USERNAME} basicAuthentication.password =“密码” basicAuthentication.password = $ {?KAFKA_MANAGER_PASSWORD} basicAuthentication.realm =“ Kafka-管理器” basicAuthentication.excluded = [“ / api / health”]#ping不经过身份验证的实例的运行状况 kafka-manager.consumer.properties.file = $ {?CONSUMER_PROPERTIES_FILE}
cmak.zkhosts="my.zookeeper.host.com:2181" # 您可以通过逗号分隔来指定多个zookeeper主机,如下所示: cmak.zkhosts="my.zookeeper.host.com:2181,other.zookeeper.host.com:2181" # 另外,ZK_HOSTS如果您不想对任何值进行硬编码,请使用环境变量。 ZK_HOSTS="my.zookeeper.host.com:2181"
# 您可以选择通过修改application.conf中的默认列表来启用/禁用以下功能: application.features=["KMClusterManagerFeature","KMTopicManagerFeature","KMPreferredReplicaElectionFeature","KMReassignPartitionsFeature"] KMClusterManagerFeature-'允许从CMAK添加,更新,删除集群(pka Kafka Manager) KMTopicManagerFeature-'允许从Kafka集群添加,更新,删除主题 KMPreferredReplicaElectionFeature-'允许运行Kafka集群的首选副本选举 KMReassignPartitionsFeature-'允许生成分区分配并重新分配分区
# 考虑为启用了jmx的较大群集设置这些参数: cmak.broker-view-thread-pool-size = <3 '经纪人人数'> cmak.broker-view-max-queue-size = <3 '所有主题的分区总数'> cmak.broker-view-update-seconds = <cmak.broker-view-max-queue-size /(10 * number_of_brokers)> # 这是一个具有10个代理,100个主题的kafka集群的示例,每个主题有10个分区,其中启用了JMX的分区总数为1000: cmak.broker-view-thread-pool-size = 30 cmak.broker-view-max-queue-size = 3000 cmak.broker-view-update-seconds = 30
# follow控制使用者偏移缓存的线程池和队列: cmak.offset-cache-thread-pool-size = <'默认为处理器数量'> cmak.offset-cache-max-queue-size = <'默认值为1000'> cmak.kafka-admin-client-thread-pool-size = <'默认为处理器数量'> cmak.kafka-admin-client-max-queue-size = <'默认值为1000'> # 对于启用了消费者轮询的大量消费者,您应该增加上述值。尽管它主要影响基于ZK的用户轮询。 # Kafka管理的使用者偏移量现在由KafkaManagedOffsetCache从"__consumer_offsets"主题中使用。请注意,这尚未经过大量偏移量的测试。每个群集只有一个线程在使用该主题,因此它可能无法跟上大量推送到该主题的偏移量。
使用LDAP验证用户 # 警告 您需要使用CMAK(pka Kafka管理器)配置SSL,以确保您的凭据不会未经加密地传递。通过将用户凭据与Authorization标头一起传递,可以使用LDAP验证用户。首次访问时会进行LDAP身份验证,如果成功,则会设置一个cookie。在下一个请求时,将cookie值与Authorization标头中的凭据进行比较。LDAP支持通过基本身份验证过滤器进行。 # 配置基本身份验证 basicAuthentication.enabled = true basicAuthentication.realm = <'基本身份验证领域'> # 加密参数(可选,否则在启动时随机生成): basicAuthentication.salt ='某些十六进制字符串表示字节数组' basicAuthentication.iv ="某些十六进制字符串表示字节数组" basicAuthentication.secret ="my-secret-string" # 配置LDAP / LDAPS身份验证 basicAuthentication.ldap.enabled = <'用于启用/禁用ldap认证的布尔标志'> basicAuthentication.ldap.server = <'LDAP服务器的fqdn'> basicAuthentication.ldap.port = <'LDAP服务器的端口'> basicAuthentication.ldap.username = <'LDAP搜索用户名'> basicAuthentication.ldap.password = <'LDAP搜索密码'> basicAuthentication.ldap.search-base-dn = <'LDAP搜索库'> basicAuthentication.ldap.search-filter = <'LDAP搜索过滤器'> basicAuthentication.ldap.connection-pool-size = <'与LDAP服务器的连接数'> basicAuthentication.ldap.ssl = <'用于启用/禁用LDAPS的布尔标志'> # (可选)限制对特定LDAP组的访问 basicAuthentication.ldap.group-filter = <'LDAP组过滤器'> basicAuthentication.ldap.ssl-trust-all = <'用于允许未过期无效证书的布尔标志'> # 示例(在线LDAP测试服务器): basicAuthentication.ldap.enabled = true basicAuthentication.ldap.server =“ ldap.forumsys.com” basicAuthentication.ldap.port = 389 basicAuthentication.ldap.username =“ cn =只读管理员,dc =示例,dc = com” basicAuthentication.ldap.password =“密码” basicAuthentication.ldap.search-base-dn =“ dc = example,dc = com” basicAuthentication.ldap.search-filter =“(uid = $ capturedLogin $)” basicAuthentication.ldap.group-filter =“ cn =允许组,ou =组,dc =示例,dc = com” basicAuthentication.ldap.connection-pool-size = 10 basicAuthentication.ldap.ssl = false basicAuthentication.ldap.ssl-trust-all = false
