Connecting to Kafka by using SSL only
Pass the keystore and truststore properties. The security protocol is SSL. There is no JAAS configuration.
Procedure
Add the following properties to the configuration file of the Content event emitter, which is
located in the cpe-cfgstore persistent volume claim for the Content Platform Engine
configuration.
The configuration file is located in the
ConfigDropins/overrides/BAIConfiguration/configuration directory.
- contentemitter.input.content.server
- The Content Platform Engine server that has the configured content event emitter.
- contentemitter.output.kafka.topic
- The name of the Kafka topic where raw content events are stored.
- contentemitter.output.kafka.bootstrap.servers
- The list of Kafka servers that is used to bootstrap connections to Kafka. For connecting to a Kafka cluster, this list must be in the format of host1:port1,host2:port2. These servers, which might change dynamically, are used for the initial connection to discover the full cluster membership. This list does not need to contain the full set of servers. You might want to list more than one server in case one is down.
- contentemitter.output.kafka.security.protocol
- The value is SSL.
- contentemitter.output.kafka.ssl.truststore.location
- The full path to a truststore client.truststore.jks must be in the /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/BAIForContent directory. To generate the truststore file, see Generate delegation tokens for Kafka client.
- contentemitter.output.kafka.ssl.truststore.password
- The password to the truststore.
- contentemitter.output.kafka.ssl.keystore.location
- The full path to a keystore client.keystore.jks must be in the /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/BAIForContent directory. To generate the keystore file, see Generate delegation tokens for Kafka client.
- contentemitter.output.kafka.ssl.keystore.password
- The password to the keystore.
- contentemitter.output.kafka.ssl.key.password
- The private key password in the keystore file.
- contentemitter.output.kafka.ssl.enabled.protocols
- The value is TLSv1.2
- contentemitter.output.kafka.ssl.truststore.type
- The file format of the truststore file.
- contentemitter.output.kafka.ssl.keystore.type
- The file format of the keystore file.
- contentemitter.output.kafka.ssl.endpoint.identification.algorithm
- The value is HTTPS.
Example
contentemitter.input.content.server=${CPE_HOSTNAME}
contentemitter.output.kafka.topic=ibm-bai-ingress
contentemitter.output.kafka.bootstrap.servers=${KAFKA_HOST}:{PORT}
contentemitter.output.kafka.security.protocol=SSL
contentemitter.output.kafka.ssl.truststore.location=/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/BAIForContent/client.truststore.jks
contentemitter.output.kafka.ssl.truststore.password=${KAFKA_BROKERS_TRUSTSTORE_PASSWORD}
contentemitter.output.kafka.ssl.keystore.location=/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/BAIForContent/client.keystore.jks
contentemitter.output.kafka.ssl.keystore.password=${KAFKA_BROKERS_KEYSTORE_PASSWORD}
contentemitter.output.kafka.ssl.key.password=${KAFKA_KEYSTORE_PASSWORD}
contentemitter.output.kafka.ssl.enabled.protocols=TLSv1.2
contentemitter.output.kafka.ssl.truststore.type=JKS
contentemitter.output.kafka.ssl.keystore.type=JKS
contentemitter.output.kafka.ssl.endpoint.identification.algorithm=HTTPS