feat: kafka启用krb5认证

restagent/etc/restconf.yaml

@@ -41,9 +41,9 @@ webServer:
 database:
   type: mysql
   user: root
-  password: 1000omc@kp!
+  password: "root@1234"
-  host: 127.0.0.1
+  host: "192.168.5.59"
-  port: 33066
+  port: 3306
   name: omc_db
   backup: d:/local.git/be.ems/restagent/database
 
@@ -53,14 +53,14 @@ redis:
     # OMC系统使用库
     default:
       port: 6379 # Redis port
-      host: "192.168.2.219" # Redis host
+      host: "192.168.5.59" # Redis host
-      password: "123456"
+      password: "redis@1234"
       db: 10 # Redis db_num
     # UDM网元用户库
     udmuser:
       port: 6379 # Redis port
-      host: "192.168.2.219"
+      host: "192.168.13.140"
-      password: "123456"
+      password: ""
       db: 0 # Redis db_num
   # 多个数据源时可以用这个指定默认的数据源
   defaultDataSourceName: "default"
@@ -79,7 +79,7 @@ mml:
 
 # NE config
 ne:
-  user: root
+  user: agtuser
   etcdir: /usr/local/etc
   bindir: /usr/local/bin
   omcdir: /usr/local/omc
@@ -195,6 +195,16 @@ nmsCXY:
       - "192.168.5.59:19092"
       - "192.168.5.59:29092"
       - "192.168.5.59:39092"
+    # 启用 Kerberos 认证
+    krb5:
+      enable: false
+      config:
+        configPath: "/path/to/krb5.conf"
+        keyTabPath: "/path/to/keytab"
+        serviceName: "kafka"
+        realm: "EXAMPLE.COM"
+        username: "client"
+
   # OSS配置
   oss:
     bucketname: "omc-bucket"

src/modules/nms_cxy/utils/kafka/kafka.go

@@ -20,11 +20,18 @@ func InitConfig() {
 	for _, v := range addrsArr {
 		addrs = append(addrs, v.(string))
 	}
+
+	// 实例
 	k := Kafka{
 		Addrs: addrs,
 	}
 	k.NewConfig()
-	k.Config.Net.SASL.Enable = false
+
+	// 是否启用krb5认证
+	krb5Enable := config.Get("nmsCXY.kafka.krb5.enable").(bool)
+	if krb5Enable {
+		k.NewKerberosConfig()
+	}
 	KInitConm = k
 }
 
@@ -34,6 +41,7 @@ type Kafka struct {
 	Config *sarama.Config
 }
 
+// NewConfig 默认基础配置
 func (k *Kafka) NewConfig() {
 	// 设置Kafka配置
 	config := sarama.NewConfig()
@@ -45,6 +53,35 @@ func (k *Kafka) NewConfig() {
 	k.Config = config
 }
 
+// NewKerberosConfig 认证krb5登录
+func (k *Kafka) NewKerberosConfig() {
+	configPath := config.Get("nmsCXY.kafka.krb5.config.configPath").(string)   // /path/to/krb5.conf
+	keyTabPath := config.Get("nmsCXY.kafka.krb5.config.keyTabPath").(string)   // /path/to/keytab
+	serviceName := config.Get("nmsCXY.kafka.krb5.config.serviceName").(string) // kafka
+	realm := config.Get("nmsCXY.kafka.krb5.config.realm").(string)             // EXAMPLE.COM
+	username := config.Get("nmsCXY.kafka.krb5.config.username").(string)       // client
+	// krb5Enable := config.Get("nmsCXY.kafka.krb5.enable").(bool)
+	k.Config.Net.SASL.Enable = true
+	k.Config.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI
+	k.Config.Net.SASL.GSSAPI = sarama.GSSAPIConfig{
+		AuthType:           sarama.KRB5_KEYTAB_AUTH,
+		KerberosConfigPath: configPath,
+		KeyTabPath:         keyTabPath,
+		ServiceName:        serviceName,
+		Realm:              realm,
+		Username:           username,
+	}
+
+	client, err := sarama.NewKerberosClient(&k.Config.Net.SASL.GSSAPI)
+	if err != nil {
+		logger.Fatalf("kafka kerberos NewKerberosClient err %v", err)
+	}
+	err = client.Login()
+	if err != nil {
+		logger.Fatalf("kafka kerberos Login err %v", err)
+	}
+}
+
 // MessageSyncSend 消息同步发送
 func (k *Kafka) MessageSyncSend(topic string, partition int32, msg string) (int32, int64, error) {
 	// 创建Kafka生产者