Hi
Our Kafka broker has two IPs on two different interfaces.
eth0 has 172.x.x.x for external leg
eth1 has 1.x.x.x for internal leg
Kafka Producer is on 172.x.x.x subnet, and Kafka Consumer is on 1.x.x.x
subnet.
If we use advertised.listeners=SSL://172.x.x.x:9093, then Producer can
producer
gt; inter.broker.listener.name=INTERNAL
>
> On Wed, May 31, 2017 at 6:22 PM, Raghav <raghavas...@gmail.com> wrote:
>
> > Hello Darshan
> >
> > Have you tried SSL://0.0.0.0:9093 ?
> >
> > Rajani had suggested something similar to me a week back while I was
> >
ssl.truststore.type=JKS
security.protocol=SSL
ssl.client.auth=required
# allow.everyone.if.no.acl.found=false
allow.everyone.if.no.acl.found=true
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=KafkaBroker01
Thanks.
--Darshan
Anyone ?
On Mon, Dec 18, 2017 at 7:25 AM, Darshan <purandare.dars...@gmail.com>
wrote:
> Hi
>
> I am wondering if there is a way to run the SSL and PLAINTEXT mode
> together ? I am running Kafka 10.2.1. We want our internal clients to use
> the PLAINTEXT mode to write to ce
java.net.ConnectException: Connection refused
Does anyone know any known caveats or gotchas while upgrading Kafka version
?
Thanks.
--Darshan
if ACLs are
programmed for that topic.
Any idea if such a thing exists ?
Thanks.
On Tue, Dec 19, 2017 at 10:10 PM, Jaikiran Pai <jai.forums2...@gmail.com>
wrote:
> What exact issue are you running into with thta configs?
>
> -Jaikiran
>
>
>
> On 20/12/17 7:24 AM,
ers can be configured with same value across all brokers.
>
> sh kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
> --add --allow-principal User:ANONYMOUS --allow-host \* --operation Read
> --topic test
>
> On Thu, Apr 5, 2018 at 2:39 AM, Darshan <purandare.dar
ore.type=JKSsecurity.protocol=SSLssl.client.auth=requiredallow.everyone.if.no.acl.found=falseauthorizer.class.name
<http://authorizer.class.name/>=kafka.security.auth.SimpleAclAuthorizersuper.users=User:CN=Kafka1*
On Tue, Apr 3, 2018 at 10:42 PM, Manikumar <manikumar.re...@gmail.com
Hi
KIP-226 is released in 1.1. I had a questions about it.
If we add a new certificate (programmatically) in the truststore that Kafka
Broker is using it, do we need to issue any CLI or other command for Kafka
broker to read the new certificate or with KIP-226 everything happens
automatically ?
Hi Rajini
1. Oh so truststores can't be be updated dynamically ? Is it planned for
any future release?
2. By dynamically updated, do you mean that if Broker was using keystore A,
we can now point it to use a different keystore B ?
Thanks.
On Wed, Apr 18, 2018 at 10:51 PM, Darshan
-cluster
>
> (ZK does not support mixed mode but there is a backdoor
> zookeeper.properties config attribute that allows plaintext clients to
> bypass sasl auth)
>
> ?
>
> Martin
> __
>
>
>
> _
pe=JKS
ssl.truststore.type=JKS
security.protocol=SSL
ssl.client.auth=required
allow.everyone.if.no.acl.found=false
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=Kafka1
Can you please point out if anything needs to be modified ?
Many thanks.
--Darshan
On Wed,
e? What does your producer configs
> look like? What exact exception, error or DEBUG logs do you see when you
> attempt this?
>
> We do use a similar setup, so I do know that such a configuration works
> fine.
>
> -Jaikiran
>
>
>
> On 21/12/17 1:49 AM, Darshan wrote
I edited the email subject since it was not correct. Thanks.
On Thu, May 16, 2019 at 2:08 PM Darshan wrote:
> Hi
>
> I am testing out Kafka 2.2.0 and was hoping to test out "Enable dynamic
> reconfiguration of SSL truststores"
> https://issues.apache.o
Hi
I am testing out Kafka 2.2.0 and was hoping to test out "Enable dynamic
reconfiguration of SSL truststores"
https://issues.apache.org/jira/browse/KAFKA-6810. But unfortunately I could
not get it work. Please find the server.properties. Just wondering if we
need an change of config. Please
Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore
> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore
> >
>
>
> > On May 16, 2019, at 2:08 PM, Darshan
>
Hi
We are on Kafka 1.1.1. We add bunch of new entries (say ~ 10 new entries)
in truststore and restart for Kafka to read the truststore file. Everything
works fine.
We wanted to move to Kafka 2.0.x to get this new features, wherein we can
dynamically remove something from truststore. Let's say,
any
client. Just wondering how we can use the CRL or OCSP (Online Certificate
Status Protocol) with Kafka ? I couldn't find any documentation around it,
so I thought of asking the community.
Any help would be appreciated.
Thanks.
--Darshan
Raghav
I saw few posts of yours around Kafka ACLs and the problems. I have seen
similar issues where Writer has not been able to write to any topic. I have
seen "leader not available" and sometimes "unknown topic or partition", and
"topic_authorization_failed" error.
Let me know if you find a
19 matches
Mail list logo
