Skip to content

C
ClickHouse

2dot5 / ClickHouse

通知 3
Star 0
Fork 0
C
ClickHouse

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
docker_compose_kerberized_kafka.yml 2.7 KB
Newer Older
A
Revert "Revert "Test and doc for PR12771 krb5 + cyrus-sasl + kerberized kafka""  
Alexander Tokmakov 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 
version: '2.3'

services:
  kafka_kerberized_zookeeper:
    image: confluentinc/cp-zookeeper:5.2.0
    # restart: always
    hostname: kafka_kerberized_zookeeper
    environment:
        ZOOKEEPER_SERVER_ID: 1
        ZOOKEEPER_CLIENT_PORT: 2181
        ZOOKEEPER_SERVERS: "kafka_kerberized_zookeeper:2888:3888"
        KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/zookeeper_jaas.conf -Djava.security.krb5.conf=/etc/kafka/secrets/krb.conf -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dsun.security.krb5.debug=true"
    volumes:
        - ${KERBERIZED_KAFKA_DIR}/secrets:/etc/kafka/secrets
        - /dev/urandom:/dev/random
    depends_on:
        - kafka_kerberos
    security_opt:
        - label:disable

  kerberized_kafka1:
    image: confluentinc/cp-kafka:5.2.0
    # restart: always
    hostname: kerberized_kafka1
    ports:
        - "9092:9092"
        - "9093:9093"
    environment:
        KAFKA_LISTENERS: OUTSIDE://:19092,UNSECURED_OUTSIDE://:19093,UNSECURED_INSIDE://:9093
        KAFKA_ADVERTISED_LISTENERS: OUTSIDE://kerberized_kafka1:19092,UNSECURED_OUTSIDE://kerberized_kafka1:19093,UNSECURED_INSIDE://localhost:9093
        # KAFKA_LISTENERS: INSIDE://kerberized_kafka1:9092,OUTSIDE://kerberized_kafka1:19092
        # KAFKA_ADVERTISED_LISTENERS: INSIDE://localhost:9092,OUTSIDE://kerberized_kafka1:19092
        KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: GSSAPI
        KAFKA_SASL_ENABLED_MECHANISMS: GSSAPI
        KAFKA_SASL_KERBEROS_SERVICE_NAME: kafka
        KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: OUTSIDE:SASL_PLAINTEXT,UNSECURED_OUTSIDE:PLAINTEXT,UNSECURED_INSIDE:PLAINTEXT,
        KAFKA_INTER_BROKER_LISTENER_NAME: OUTSIDE
        KAFKA_BROKER_ID: 1
        KAFKA_ZOOKEEPER_CONNECT: "kafka_kerberized_zookeeper:2181"
        KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
        KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
        KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/broker_jaas.conf -Djava.security.krb5.conf=/etc/kafka/secrets/krb.conf -Dsun.security.krb5.debug=true"
    volumes:
        - ${KERBERIZED_KAFKA_DIR}/secrets:/etc/kafka/secrets
        - /dev/urandom:/dev/random
    depends_on:
        - kafka_kerberized_zookeeper
        - kafka_kerberos
    security_opt:
        - label:disable

  kafka_kerberos:
A
Merge pull request #17486 from ClickHouse/fix_more_flaky_tests  
alesapin 已提交
53 
    image: yandex/clickhouse-kerberos-kdc:${DOCKER_KERBEROS_KDC_TAG:-latest}
A
Revert "Revert "Test and doc for PR12771 krb5 + cyrus-sasl + kerberized kafka""  
Alexander Tokmakov 已提交
54 55 56 57 58 59 
    hostname: kafka_kerberos
    volumes:
        - ${KERBERIZED_KAFKA_DIR}/secrets:/tmp/keytab
        - ${KERBERIZED_KAFKA_DIR}/../../kerberos_image_config.sh:/config.sh
        - /dev/urandom:/dev/random
    ports: [88, 749]