Community Articles

Find and share helpful community-sourced technical articles.
Labels (2)
avatar
Community Manager

The video provides the steps to connect to the Kafka server using SASL_SSL protocol.

 

Open the video on YouTube here

 

To connect to Kafka server using SASL_SSL protocol using one way SSL, do the following:

Server side

  1. Configure the following properties in Ambari server > Kafka > config > Custom kafka-broker.
    ssl.keystore.location=path-to-your-keystore
    ssl.keystore.password=keystore-password
    ssl.truststore.location=path-to-your-truststore
    ssl.truststore.password=keystore-password
  2. Under Ambari server > Kafka > config Kafka Broker > Listeners can add the security protocol as: SASL_SSL://localhost:<port>
  3. Since this is a one way SSL communication between client-server, ensure to have enabled the property ssl.client.auth=none. This means that a client authentication is not required. By default this property is set to None. This can be double checked from Ambari console > Kafka > Configs. The same can be searched using the filter text box at the top right of the service screen.

Client Side

  1. Create a file client.properties with the following content:
    ssl.truststore.location=<pathToTrustStore> // This file must contain server rootCA
    ssl.truststore.password=<trustStore password>
  2. Get a valid Kerberos ticket and execute new producer/consumer API as follows:

Producer

/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list <brokerHost>:<brokerSASL_SSLPort> 
--topic <topicName> --producer.config <path_To_client.properties> --security-protocol SASL_SSL

Consumer

/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server <brokerHost>:<brokerSASL_SSLPort> 
--topic <topicName> --consumer.config <path_To_client.properties> --security-protocol SASL_SSL
1,060 Views
0 Kudos