Re: Running SSL and PLAINTEXT mode together (Kafka 10.2.1)

Wed, 20 Dec 2017 20:17:31 -0800

When you say not able to write to a Kafka broker, do you mean your producer isn't able to produce a message? What does your producer configs look like? What exact exception, error or DEBUG logs do you see when you attempt this?
We do use a similar setup, so I do know that such a configuration works fine. 

-Jaikiran


On 21/12/17 1:49 AM, Darshan wrote:

Hi Jaikiran

With that config, my internal kafka client can't write to the Kafka broker.
What I am looking for is that internal client can write to Kafka topic
without having to have any truststore setup, while external kafka client
MUST have certificate, and truststore setup and can read only if ACLs are
programmed for that topic.

Any idea if such a thing exists ?

Thanks.


On Tue, Dec 19, 2017 at 10:10 PM, Jaikiran Pai <jai.forums2...@gmail.com>
wrote:


What exact issue are you running into with thta configs?

-Jaikiran



On 20/12/17 7:24 AM, Darshan wrote:


Anyone ?

On Mon, Dec 18, 2017 at 7:25 AM, Darshan <purandare.dars...@gmail.com>
wrote:

Hi

I am wondering if there is a way to run the SSL and PLAINTEXT mode
together ? I am running Kafka 10.2.1. We want our internal clients to use
the PLAINTEXT mode to write to certain topics, but any external clients
should use SSL to read messages on those topics. We also want to enforce
ACLs.

To try this out, I modified my server.properties as follows, but without
any luck. Can someone please let me know if it needs any change ?

listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://172.1.1.157:9093
advertised.listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://
172.1.1.157:9093
listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL
inter.broker.listener.name=INTERNAL

ssl.keystore.location=/opt/keystores/keystotr.jks
ssl.keystore.password=ABCDEFGH
ssl.key.password=ABCDEFGH
ssl.truststore.location=/opt/keystores/truststore.jks
ssl.truststore.password=ABCDEFGH
ssl.keystore.type=JKS
ssl.truststore.type=JKS
security.protocol=SSL
ssl.client.auth=required
# allow.everyone.if.no.acl.found=false
allow.everyone.if.no.acl.found=true
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=KafkaBroker01

Thanks.

--Darshan


























					Reply via email to