Hi I am testing out Kafka 2.2.0 and was hoping to test out "Enable dynamic reconfiguration of SSL truststores" https://issues.apache.org/jira/browse/KAFKA-6810. But unfortunately I could not get it work. Please find the server.properties. Just wondering if we need an change of config. Please advise..
1. I added a new entry in the truststore, and validated it that it is present. 2. The client (kafka writer) could not write to Kafka due to SSLException. 3. I restarted Kafka broker. 4. The client could write messages. server.properties ---------------------------------------------------------------------------- ############################# Server Basics ############################# # The id of the broker. This must be set to a unique integer for each broker. broker.id=1 auto.create.topics.enable=true delete.topic.enable=true #################### Upgrading from 1.1.0 to 2.2.0 #################### inter.broker.protocol.version=1.1 log.message.format.version=1.1 ############################# Socket Server Settings ############################# listeners=INTERNAL://1.1.1.65:9092,EXTERNAL://10.28.118.172:443 ,INTERNAL_PLAINTEXT://1.1.1.65:9094 advertised.listeners=INTERNAL://1.1.1.65:9092,EXTERNAL://10.28.118.172:443 ,INTERNAL_PLAINTEXT://1.1.1.65:9094 listener.security.protocol.map=INTERNAL:SSL,EXTERNAL:SSL,INTERNAL_PLAINTEXT:PLAINTEXT inter.broker.listener.name=INTERNAL_PLAINTEXT default.replication.factor=1 offsets.topic.replication.factor=1 # Hostname the broker will bind to. If not set, the server will bind to all interfaces host.name=10.28.118.172 # The number of threads handling network requests num.network.threads=12 # The number of threads doing disk I/O num.io.threads=12 # The send buffer (SO_SNDBUF) used by the socket server socket.send.buffer.bytes=102400 # The receive buffer (SO_RCVBUF) used by the socket server socket.receive.buffer.bytes=102400 # The maximum size of a request that the socket server will accept (protection against OOM) socket.request.max.bytes=104857600 # Max message size is 10 MB message.max.bytes=10000120 # Consumer side largest message size is 10 MB fetch.message.max.bytes=10000120 # Replica max fetch size is 10MB replica.fetch.max.bytes=10000120 # Max request size 10MB max.request.size=10000120 ################ SHUTDOWN and REBALANCING ####################### # Both the following properties are also enabled by default as well, also explicitly settings here controlled.shutdown.enable=true auto.leader.rebalance.enable=true unclean.leader.election.enable=true ######################### Security Settings ########################## ssl.endpoint.identification.algorithm="" ssl.keystore.location=/dir/keystore.jks ssl.keystore.password=pwd ssl.key.password=pwd ssl.truststore.location=/dir/truststore.jks ssl.truststore.password=pwd ssl.keystore.type=JKS ssl.truststore.type=JKS security.protocol=SSL ssl.client.auth=required allow.everyone.if.no.acl.found=false authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer # User.ANONYMOUS is included for AMS to be able to program ACL via 9094 port super.users=User:CN=KafkaBroker1;User:ANONYMOUS
