diff --git a/README.md b/README.md index aaa7e1d8f603f416d401dff6e2fed8a75957c465..77729c25f6af62f1ebe284b86ced0629e6ed5122 100644 --- a/README.md +++ b/README.md @@ -67,11 +67,16 @@ - [滴滴Logi-KafkaManager 系列视频教程](https://mp.weixin.qq.com/s/9X7gH0tptHPtfjPPSdGO8g) - [kafka实践(十五):滴滴开源Kafka管控平台 Logi-KafkaManager研究--A叶子叶来](https://blog.csdn.net/yezonggang/article/details/113106244) -## 3 滴滴Logi开源用户钉钉交流群 +## 3 滴滴Logi开源用户交流群 + + +![image](https://user-images.githubusercontent.com/5287750/111266722-e531d800-8665-11eb-9242-3484da5a3099.png) +微信加群:关注公众号 Obsuite(官方公众号) 回复 "Logi加群" ![dingding_group](./docs/assets/images/common/dingding_group.jpg) - 钉钉群ID:32821440 - +钉钉群ID:32821440 + + ## 4 OCE认证 OCE是一个认证机制和交流平台,为滴滴Logi-KafkaManager生产用户量身打造,我们会为OCE企业提供更好的技术支持,比如专属的技术沙龙、企业一对一的交流机会、专属的答疑群等,如果贵司Logi-KafkaManager上了生产,[快来加入吧](http://obsuite.didiyun.com/open/openAuth) diff --git a/docs/user_guide/faq.md b/docs/user_guide/faq.md index b0866a145a9fc51f9e104f97d38f335526db7fc6..c0c6b1a3b1d87e3e9d9fadae268853337f5e202c 100644 --- a/docs/user_guide/faq.md +++ b/docs/user_guide/faq.md @@ -7,7 +7,7 @@ --- -# FAQ +# FAQ - 0、支持哪些Kafka版本? - 1、Topic申请、新建监控告警等操作时没有可选择的集群? @@ -17,9 +17,11 @@ - 5、如何对接夜莺的监控告警功能? - 6、如何使用`MySQL 8`? - 7、`Jmx`连接失败如何解决? -- 8、`topic biz data not exist`错误及处理方式? -- 9、进程启动后,如何查看API文档? -- 10、集群申请审批通过之后,为什么还是看不到集群? +- 8、`topic biz data not exist`错误及处理方式 +- 9、进程启动后,如何查看API文档 +- 10、如何创建告警组? +- 11、连接信息、耗时信息为什么没有数据? +- 12、逻辑集群申请审批通过之后为什么看不到逻辑集群? --- @@ -35,7 +37,7 @@ 逻辑集群的创建参看: -- [kafka-manager 接入集群](docs/user_guide/add_cluster/add_cluster.md) 手册,这里的Region和逻辑集群都必须添加。 +- [kafka-manager 接入集群](add_cluster/add_cluster.md) 手册,这里的Region和逻辑集群都必须添加。 --- @@ -106,14 +108,21 @@ ### 9、进程启动后,如何查看API文档 -- 滴滴Logi-KafkaManager采用Swagger-API工具记录API文档。Swagger-API地址: [http://IP:PORT/swagger-ui.html#/](http://IP:PORT/swagger-ui.html#/) +- 滴滴Logi-KafkaManager采用Swagger-API工具记录API文档。Swagger-API地址: [http://IP:PORT/swagger-ui.html#/](http://IP:PORT/swagger-ui.html#/) ---- -### 10、集群申请审批通过之后,为什么还是看不到集群? +### 10、如何创建告警组? + +这块需要配合监控系统进行使用,现在默认已经实现了夜莺的对接,当然也可以对接自己内部的监控系统,不过需要实现一些接口。 + +具体的文档可见:[监控功能对接夜莺](../dev_guide/monitor_system_integrate_with_n9e.md)、[监控功能对接其他系统](../dev_guide/monitor_system_integrate_with_self.md) + +### 11、连接信息、耗时信息为什么没有数据? + +这块需要结合滴滴内部的kafka-gateway一同使用才会有数据,滴滴kafka-gateway暂未开源。 -集群申请,审批通过,那块的通过只是将工单的状态修改为通过。实际集群的分配搭建等,还需要运维去手动操作。 +### 12、逻辑集群申请审批通过之后为什么看不到逻辑集群? -Logi-KM整体设计上,用户侧看到的是逻辑集群,管控侧看到的是物理集群,因此这里的手动操作,是需要创建一个逻辑集群。 +逻辑集群的申请与审批仅仅只是一个工单流程,并不会去实际创建逻辑集群,逻辑集群的创建还需要手动去创建。 -逻辑集群的创建,具体可以看README里面的用户文档。 +具体的操作可见:[kafka-manager 接入集群](add_cluster/add_cluster.md)。 diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java index 8f0f229bfdab2e2fce68b02ca1765be546b2e276..454a687fe54f89a122374f03c516d6572073e60c 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java @@ -106,7 +106,7 @@ public enum ResultStatus { STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"), STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"), STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"), - LDAP_AUTHENTICATION_FAILED(8053, "LDAP authentication failed"), + LDAP_AUTHENTICATION_FAILED(8053, "ldap authentication failed"), ; diff --git a/kafka-manager-console/package.json b/kafka-manager-console/package.json index f06c4120d6aecb89898218aa0982a03c835e1ee7..920fa61345512e358e40459a7249b0c2bb81efcd 100644 --- a/kafka-manager-console/package.json +++ b/kafka-manager-console/package.json @@ -1,6 +1,6 @@ { - "name": "mobx-ts-example", - "version": "1.0.0", + "name": "logi-kafka", + "version": "2.3.1", "description": "", "scripts": { "start": "webpack-dev-server", @@ -21,7 +21,7 @@ "@types/spark-md5": "^3.0.2", "antd": "^3.26.15", "clean-webpack-plugin": "^3.0.0", - "clipboard": "^2.0.6", + "clipboard": "2.0.6", "cross-env": "^7.0.2", "css-loader": "^2.1.0", "echarts": "^4.5.0", @@ -56,4 +56,4 @@ "dependencies": { "format-to-json": "^1.0.4" } -} +} \ No newline at end of file diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java similarity index 58% rename from kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java rename to kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java index eff3bc25f3f6e31485e7bf9e417a55b01d2e1656..f456c91667e06fa98d8cad1c8644b37ac873d20d 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java @@ -1,6 +1,8 @@ -package com.xiaojukeji.kafka.manager.common.utils.ldap; +package com.xiaojukeji.kafka.manager.account.component.ldap; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -15,33 +17,31 @@ import javax.naming.ldap.LdapContext; import java.util.Hashtable; @Component -public class LDAPAuthentication { +public class LdapAuthentication { + private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthentication.class); - @Value(value = "${ldap.url}") + @Value(value = "${account.ldap.url:}") private String ldapUrl; - @Value(value = "${ldap.basedn}") + @Value(value = "${account.ldap.basedn:}") private String ldapBasedn; - @Value(value = "${ldap.factory}") + @Value(value = "${account.ldap.factory:}") private String ldapFactory; - @Value(value = "${ldap.filter}") - private String ldapfilter; + @Value(value = "${account.ldap.filter:}") + private String ldapFilter; - @Value(value = "${ldap.auth-user-registration-role}") - private String authUserRegistrationRole; - - @Value(value = "${ldap.security.authentication}") + @Value(value = "${account.ldap.security.authentication:}") private String securityAuthentication; - @Value(value = "${ldap.security.principal}") + @Value(value = "${account.ldap.security.principal:}") private String securityPrincipal; - @Value(value = "${ldap.security.credentials}") + @Value(value = "${account.ldap.security.credentials:}") private String securityCredentials; - private LdapContext getConnect() { + private LdapContext getLdapContext() { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory); env.put(Context.PROVIDER_URL, ldapUrl + ldapBasedn); @@ -53,19 +53,19 @@ public class LDAPAuthentication { try { return new InitialLdapContext(env, null); } catch (AuthenticationException e) { - e.printStackTrace(); + LOGGER.warn("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } return null; } - private String getUserDN(String account,LdapContext ctx) { + private String getUserDN(String account, LdapContext ctx) { String userDN = ""; try { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))"; + String filter = "(&(objectClass=*)("+ldapFilter+"=" + account + "))"; NamingEnumeration en = ctx.search("", filter, constraints); if (en == null || !en.hasMoreElements()) { @@ -82,9 +82,8 @@ public class LDAPAuthentication { } } } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e); } - return userDN; } @@ -94,35 +93,38 @@ public class LDAPAuthentication { * @param password * @return */ - public boolean authenricate(String account, String password) { - LdapContext ctx = getConnect(); - - boolean valide = false; + public boolean authenticate(String account, String password) { + LdapContext ctx = getLdapContext(); + if (ValidateUtils.isNull(ctx)) { + return false; + } try { - String userDN = getUserDN(account,ctx); + String userDN = getUserDN(account, ctx); if(ValidateUtils.isBlank(userDN)){ - return valide; + return false; } + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(null); - valide = true; - } catch (AuthenticationException e) { - System.out.println(e.toString()); + + return true; + } catch (AuthenticationException e) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } catch (NamingException e) { - e.printStackTrace(); - }finally { - if(ctx!=null) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } catch (Exception e) { + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } finally { + if(ctx != null) { try { ctx.close(); } catch (NamingException e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } } } - - return valide; + return false; } - } diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java index c67cca085c09eeac7ebb5ccc8fdac575b6111b64..1ff3696451192c8eae2ae321ca881cb3d6572254 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java @@ -10,7 +10,7 @@ import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO; import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO; import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; -import com.xiaojukeji.kafka.manager.common.utils.ldap.LDAPAuthentication; +import com.xiaojukeji.kafka.manager.account.component.ldap.LdapAuthentication; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -28,18 +28,18 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { private AccountService accountService; @Autowired - private LDAPAuthentication ldapAuthentication; + private LdapAuthentication ldapAuthentication; //是否开启ldap验证 - @Value(value = "${ldap.enabled}") - private boolean ldapEnabled; + @Value(value = "${account.ldap.enabled:}") + private Boolean accountLdapEnabled; //ldap自动注册的默认角色。请注意:它通常来说都是低权限角色 - @Value(value = "${ldap.auth-user-registration-role}") + @Value(value = "${account.ldap.auth-user-registration-role:}") private String authUserRegistrationRole; //ldap自动注册是否开启 - @Value(value = "${ldap.auth-user-registration}") + @Value(value = "${account.ldap.auth-user-registration:}") private boolean authUserRegistration; @Override @@ -50,11 +50,10 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { Result accountResult = accountService.getAccountDO(dto.getUsername()); - //modifier limin - //判断是否激活了LDAP验证。若激活并且数据库无此用户则自动注册 - if(ldapEnabled){ + //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证 + if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){ //去LDAP验证账密 - if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ + if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); } @@ -63,14 +62,13 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { AccountDO accountDO = new AccountDO(); accountDO.setUsername(dto.getUsername()); accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); - accountDO.setPassword(EncryptUtil.md5(dto.getPassword())); + accountDO.setPassword(dto.getPassword()); accountService.createAccount(accountDO); } return Result.buildSuc(dto.getUsername()); - } - + if (ValidateUtils.isNull(accountResult) || accountResult.failed()) { return new Result<>(accountResult.getCode(), accountResult.getMessage()); } diff --git a/kafka-manager-web/src/main/resources/application.yml b/kafka-manager-web/src/main/resources/application.yml index 89fca91cfc009ac39234ae0e9a8869aabd929a17..1c6614e2e9de2037cd682c5a15a32899cd46e6fb 100644 --- a/kafka-manager-web/src/main/resources/application.yml +++ b/kafka-manager-web/src/main/resources/application.yml @@ -11,7 +11,6 @@ spring: name: kafkamanager datasource: kafka-manager: - jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8 username: admin password: admin @@ -50,6 +49,17 @@ task: account: ldap: + enabled: false + url: ldap://127.0.0.1:389/ + basedn: dc=tsign,dc=cn + factory: com.sun.jndi.ldap.LdapCtxFactory + filter: sAMAccountName + security: + authentication: simple + principal: cn=admin,dc=tsign,dc=cn + credentials: admin + auth-user-registration: true + auth-user-registration-role: normal kcm: enabled: false @@ -83,16 +93,3 @@ notify: topic-name: didi-kafka-notify order: detail-url: http://127.0.0.1 - -ldap: - enabled: false - url: ldap://127.0.0.1:389/ - basedn: dc=tsign,dc=cn - factory: com.sun.jndi.ldap.LdapCtxFactory - filter: sAMAccountName - security: - authentication: simple - principal: cn=admin,dc=tsign,dc=cn - credentials: admin - auth-user-registration-role: normal - auth-user-registration: true