Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Community Manager
Created on
12-08-2019
09:39 PM
- edited on
12-22-2020
11:31 PM
by
VidyaSargur
The video provides the steps to connect to the Kafka server using SASL_SSL protocol.
Open the video on YouTube here
To connect to Kafka server using SASL_SSL protocol using one way SSL, do the following:
Server side
- Configure the following properties in Ambari server > Kafka > config > Custom kafka-broker.
ssl.keystore.location=path-to-your-keystore ssl.keystore.password=keystore-password ssl.truststore.location=path-to-your-truststore ssl.truststore.password=keystore-password
- Under Ambari server > Kafka > config > Kafka Broker > Listeners can add the security protocol as: SASL_SSL://localhost:<port>
- Since this is a one way SSL communication between client-server, ensure to have enabled the property ssl.client.auth=none. This means that a client authentication is not required. By default this property is set to None. This can be double checked from Ambari console > Kafka > Configs. The same can be searched using the filter text box at the top right of the service screen.
Client Side
- Create a file client.properties with the following content:
ssl.truststore.location=<pathToTrustStore> // This file must contain server rootCA ssl.truststore.password=<trustStore password>
- Get a valid Kerberos ticket and execute new producer/consumer API as follows:
Producer
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list <brokerHost>:<brokerSASL_SSLPort> --topic <topicName> --producer.config <path_To_client.properties> --security-protocol SASL_SSL
Consumer
/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server <brokerHost>:<brokerSASL_SSLPort> --topic <topicName> --consumer.config <path_To_client.properties> --security-protocol SASL_SSL