Forwarding again. Original email did not show up on the OSS mailing list.
---------- Forwarded message ---------
From: Deshpande, Omkar <omkar_deshpa...@intuit.com>
Date: Fri, Mar 22, 2019 at 5:08 PM
Subject: Fwd: SSL with Samza 0.14.1?
To: prateek...@gmail.com <prateek...@gmail.com>
++Prateek gmail
------------------------------
*From:* LeVeck, Matt
*Sent:* Thursday, March 21, 2019 10:33:11 PM
*To:* dev@samza.apache.org; pmaheshw...@linkedin.com; Deshpande, Omkar;
Audo, Nicholas
*Subject:* SSL with Samza 0.14.1?
Prateek, Samza dev team,
This is Matt from Intuit. We met briefly at the beginning of this
week’s meetup. I’m wondering if you could help give us some guidance on
Kafka SSL with Samza. Here, I’m talking about the Kafka cluster that Samza
uses to store checkpoints, etc. We’re trying to connect to a cluster that
has SSL enabled, and we’re getting some errors that are indicative of SSL
connectivity failing. It might just be that our properties file isn’t
correct. But we’re a wondering if there is another possibility. This
indicates that Samza 0.14.1 uses Kafka 0.11 which should have SSL support.
But Samza 0.14.1 also requires access to zookeeper for its consumer client,
which is indicative of older clients (see
https://samza.apache.org/learn/documentation/0.14/jobs/configuration-table.html#kafka).
Is it possible that Samza 0.14.1 doesn’t support SSL for Kafka when
creating its checkpoint topics?
Anyways, I’m hoping that’s not the case, and either our config is wrong or
we’re doing something else wrong. Here is our properties snippet in case
we’ve messed up the config key names. Any guidance is appreciated.
# Kafka System
systems.kafka.zookeeper.connect=sppzookeeper.data-lake-dev.a.intuit.com:2181
,sppzookeeper.data-lake-dev.a.intuit.com:2182,
sppzookeeper.data-lake-dev.a.intuit.com:2183
systems.kafka.security.protocol=SSL
systems.kafka.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
systems.kafka.ssl.truststore.type=JKS
systems.kafka.ssl.truststore.location=/home/appuser/spp/kabini.jks
systems.kafka.ssl.truststore.password=Intuit01
systems.kafka.bootstrap.servers=sppkafka.data-lake-dev.a.intuit.com:19701,
sppkafka.data-lake-dev.a.intuit.com:19801,
sppkafka.data-lake-dev.a.intuit.com:19901
systems.kafka.samza.factory=org.apache.samza.system.kafka.KafkaSystemFactory
We’ve also tried adding producer and consumer specific entries:
systems.kafka.producer.security.protocol=SSL
systems.kafka.producer.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
systems.kafka.producer.ssl.truststore.type=JKS
systems.kafka.producer.ssl.truststore.location=/home/appuser/spp/kabini.jks
systems.kafka.producer.ssl.truststore.password=Intuit01
systems.kafka.producer.bootstrap.servers=
sppkafka.data-lake-dev.a.intuit.com:19701,
sppkafka.data-lake-dev.a.intuit.com:19801,
sppkafka.data-lake-dev.a.intuit.com:19901
systems.kafka.consumer.zookeeper.connect=
sppzookeeper.data-lake-dev.a.intuit.com:2181,
sppzookeeper.data-lake-dev.a.intuit.com:2182,
sppzookeeper.data-lake-dev.a.intuit.com:2183
systems.kafka.consumer.security.protocol=SSL
systems.kafka.consumer.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
systems.kafka.consumer.ssl.truststore.type=JKS
systems.kafka.consumer.ssl.truststore.location=/home/appuser/spp/kabini.jks
systems.kafka.consumer.ssl.truststore.password=Intuit01
systems.kafka.consumer.bootstrap.servers=
sppkafka.data-lake-dev.a.intuit.com:19701,
sppkafka.data-lake-dev.a.intuit.com:19801,
sppkafka.data-lake-dev.a.intuit.com:19901
systems.kafka.zookeeper.connect=sppzookeeper.data-lake-dev.a.intuit.com:2181
,sppzookeeper.data-lake-dev.a.intuit.com:2182,
sppzookeeper.data-lake-dev.a.intuit.com:2183
systems.kafka.security.protocol=SSL
systems.kafka.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
systems.kafka.ssl.truststore.type=JKS
systems.kafka.ssl.truststore.location=/home/appuser/spp/kabini.jks
systems.kafka.ssl.truststore.password=Intuit01
systems.kafka.bootstrap.servers=sppkafka.data-lake-dev.a.intuit.com:19701,
sppkafka.data-lake-dev.a.intuit.com:19801,
sppkafka.data-lake-dev.a.intuit.com:19901
Thanks,
Matt
