Hi Harsha,Ben, Thanks for your help. With advertised.listeners specified, it works perfect.
Qi On Fri, Aug 21, 2015 at 11:46 AM, Sriharsha Chintalapani <ka...@harsha.io> wrote: > Qi, > yes you can use inter-broker communication over non-ssl(PLAINTEXT) > You can use this config security.inter.broker.protocol by default its > PLAINTEXT and make sure you’ve two listeners one is for PLAINTEXT and > another one SSL. > > Thanks, > Harsha > > > On August 21, 2015 at 11:37:09 AM, Gwen Shapira (g...@confluent.io) wrote: > > You can have a list of advertised.listeners > > On Fri, Aug 21, 2015 at 11:09 AM, Qi Xu <shkir...@gmail.com> wrote: > > > Hi Ben, > > Thank you very much for the information. This is very helpful. > > One question I have about the listeners and the advertising host and > port. > > Now the listeners can have two host and port for non SSL and SSL. > > For advertising host and port, how do I specify both for remote client > and > > brokers respectively? > > So my scenario is that I like the SSL port to be accessed by the > > remote client and the advertising host will be the NLB's IP (with some > > port mapping) , but for the inter-broker communication, I hope it uses > > non-SSL port with internal IP. Is that do-able? > > > > Thanks again, > > Qi > > > > > > On Fri, Aug 21, 2015 at 6:28 AM, Ben Stopford <b...@confluent.io> wrote: > > > > > Hi Qi > > > > > > Trunk seems fairly stable. > > > > > > There are guidelines here which includes how to generate keys > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > > < > > > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > > > > > > > > > Your server config needs these properties (also on the webpage): > > > > > > listeners=PLAINTEXT://:9092,SSL://:9093 > > > > > > ssl.protocol = TLS > > > ssl.keystore.type = JKS > > > ssl.keystore.location = <path>/keystore.jks > > > ssl.keystore.password = <pass> > > > ssl.key.password = <pass> > > > ssl.truststore.type = JKS > > > ssl.truststore.location = <path>/truststore.jks > > > ssl.truststore.password = <pass> > > > > > > To get yourself going it’s easiest to just generate a set of certs > > locally > > > and spark up the console producer/consumer pair. You’ll need the latest > > cut > > > from trunk (from today) to get a console consumer that works. > > > > > > Hope that helps > > > > > > Ben > > > > > > > > > > On 21 Aug 2015, at 07:10, Qi Xu <shkir...@gmail.com> wrote: > > > > > > > > Hi folks, > > > > I tried to clone the latest version of kafka truck and try to enable > > the > > > > SSL. The server.properties seems not having any security related > > > settings, > > > > and it seems there's no other config file relevant to SSL either. > > > > So may I know is this feature ready to use now in truck branch? > > > > > > > > BTW, we're using the SSL feature from the branch : > > > > https://github.com/relango/kafka/tree/0.8.2. Is there any > significant > > > > difference between Kafka-truck and relango's branch? > > > > > > > > Thanks, > > > > Qi > > > > > > > > >
