diff --git a/restagent/etc/restconf.yaml b/restagent/etc/restconf.yaml index fb569ca..2086e4f 100644 --- a/restagent/etc/restconf.yaml +++ b/restagent/etc/restconf.yaml @@ -41,9 +41,9 @@ webServer: database: type: mysql user: root - password: 1000omc@kp! - host: 127.0.0.1 - port: 33066 + password: "root@1234" + host: "192.168.5.59" + port: 3306 name: omc_db backup: d:/local.git/be.ems/restagent/database @@ -53,14 +53,14 @@ redis: # OMC系统使用库 default: port: 6379 # Redis port - host: "192.168.2.219" # Redis host - password: "123456" + host: "192.168.5.59" # Redis host + password: "redis@1234" db: 10 # Redis db_num # UDM网元用户库 udmuser: port: 6379 # Redis port - host: "192.168.2.219" - password: "123456" + host: "192.168.13.140" + password: "" db: 0 # Redis db_num # 多个数据源时可以用这个指定默认的数据源 defaultDataSourceName: "default" @@ -79,7 +79,7 @@ mml: # NE config ne: - user: root + user: agtuser etcdir: /usr/local/etc bindir: /usr/local/bin omcdir: /usr/local/omc @@ -195,6 +195,16 @@ nmsCXY: - "192.168.5.59:19092" - "192.168.5.59:29092" - "192.168.5.59:39092" + # 启用 Kerberos 认证 + krb5: + enable: false + config: + configPath: "/path/to/krb5.conf" + keyTabPath: "/path/to/keytab" + serviceName: "kafka" + realm: "EXAMPLE.COM" + username: "client" + # OSS配置 oss: bucketname: "omc-bucket" diff --git a/src/modules/nms_cxy/utils/kafka/kafka.go b/src/modules/nms_cxy/utils/kafka/kafka.go index 93c5b5b..567cda7 100644 --- a/src/modules/nms_cxy/utils/kafka/kafka.go +++ b/src/modules/nms_cxy/utils/kafka/kafka.go @@ -20,11 +20,18 @@ func InitConfig() { for _, v := range addrsArr { addrs = append(addrs, v.(string)) } + + // 实例 k := Kafka{ Addrs: addrs, } k.NewConfig() - k.Config.Net.SASL.Enable = false + + // 是否启用krb5认证 + krb5Enable := config.Get("nmsCXY.kafka.krb5.enable").(bool) + if krb5Enable { + k.NewKerberosConfig() + } KInitConm = k } @@ -34,6 +41,7 @@ type Kafka struct { Config *sarama.Config } +// NewConfig 默认基础配置 func (k *Kafka) NewConfig() { // 设置Kafka配置 config := sarama.NewConfig() @@ -45,6 +53,35 @@ func (k *Kafka) NewConfig() { k.Config = config } +// NewKerberosConfig 认证krb5登录 +func (k *Kafka) NewKerberosConfig() { + configPath := config.Get("nmsCXY.kafka.krb5.config.configPath").(string) // /path/to/krb5.conf + keyTabPath := config.Get("nmsCXY.kafka.krb5.config.keyTabPath").(string) // /path/to/keytab + serviceName := config.Get("nmsCXY.kafka.krb5.config.serviceName").(string) // kafka + realm := config.Get("nmsCXY.kafka.krb5.config.realm").(string) // EXAMPLE.COM + username := config.Get("nmsCXY.kafka.krb5.config.username").(string) // client + // krb5Enable := config.Get("nmsCXY.kafka.krb5.enable").(bool) + k.Config.Net.SASL.Enable = true + k.Config.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI + k.Config.Net.SASL.GSSAPI = sarama.GSSAPIConfig{ + AuthType: sarama.KRB5_KEYTAB_AUTH, + KerberosConfigPath: configPath, + KeyTabPath: keyTabPath, + ServiceName: serviceName, + Realm: realm, + Username: username, + } + + client, err := sarama.NewKerberosClient(&k.Config.Net.SASL.GSSAPI) + if err != nil { + logger.Fatalf("kafka kerberos NewKerberosClient err %v", err) + } + err = client.Login() + if err != nil { + logger.Fatalf("kafka kerberos Login err %v", err) + } +} + // MessageSyncSend 消息同步发送 func (k *Kafka) MessageSyncSend(topic string, partition int32, msg string) (int32, int64, error) { // 创建Kafka生产者