It’s my understanding that dynamic configuration requires you to write znodes, e.g. /config/brokers/ssl.keystore.location. I believe you can use the same path. Brokers should be watching that path and if a node is added or updated the config values will be read in and loaded over existing values.
https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore <https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore> > On May 16, 2019, at 2:08 PM, Darshan <purandare.dars...@gmail.com> wrote: > > Hi > > I am testing out Kafka 2.2.0 and was hoping to test out "Enable dynamic > reconfiguration of SSL truststores" > https://issues.apache.org/jira/browse/KAFKA-6810. But unfortunately I could > not get it work. Please find the server.properties. Just wondering if we > need an change of config. Please advise.. > > 1. I added a new entry in the truststore, and validated it that it is > present. > 2. The client (kafka writer) could not write to Kafka due to SSLException. > 3. I restarted Kafka broker. > 4. The client could write messages. > > > server.properties > ---------------------------------------------------------------------------- > > ############################# Server Basics ############################# > > # The id of the broker. This must be set to a unique integer for each > broker. > broker.id=1 > auto.create.topics.enable=true > delete.topic.enable=true > > #################### Upgrading from 1.1.0 to 2.2.0 #################### > inter.broker.protocol.version=1.1 > log.message.format.version=1.1 > > ############################# Socket Server Settings > ############################# > > listeners=INTERNAL://1.1.1.65:9092,EXTERNAL://10.28.118.172:443 > ,INTERNAL_PLAINTEXT://1.1.1.65:9094 > advertised.listeners=INTERNAL://1.1.1.65:9092,EXTERNAL://10.28.118.172:443 > ,INTERNAL_PLAINTEXT://1.1.1.65:9094 > listener.security.protocol.map=INTERNAL:SSL,EXTERNAL:SSL,INTERNAL_PLAINTEXT:PLAINTEXT > inter.broker.listener.name=INTERNAL_PLAINTEXT > > default.replication.factor=1 > offsets.topic.replication.factor=1 > > # Hostname the broker will bind to. If not set, the server will bind to all > interfaces > host.name=10.28.118.172 > > # The number of threads handling network requests > num.network.threads=12 > > # The number of threads doing disk I/O > num.io.threads=12 > > # The send buffer (SO_SNDBUF) used by the socket server > socket.send.buffer.bytes=102400 > > # The receive buffer (SO_RCVBUF) used by the socket server > socket.receive.buffer.bytes=102400 > > # The maximum size of a request that the socket server will accept > (protection against OOM) > socket.request.max.bytes=104857600 > > # Max message size is 10 MB > message.max.bytes=10000120 > > # Consumer side largest message size is 10 MB > fetch.message.max.bytes=10000120 > > # Replica max fetch size is 10MB > replica.fetch.max.bytes=10000120 > > # Max request size 10MB > max.request.size=10000120 > > ################ SHUTDOWN and REBALANCING ####################### > # Both the following properties are also enabled by default as well, also > explicitly settings here > controlled.shutdown.enable=true > auto.leader.rebalance.enable=true > unclean.leader.election.enable=true > > > ######################### Security Settings ########################## > ssl.endpoint.identification.algorithm="" > ssl.keystore.location=/dir/keystore.jks > ssl.keystore.password=pwd > ssl.key.password=pwd > ssl.truststore.location=/dir/truststore.jks > ssl.truststore.password=pwd > ssl.keystore.type=JKS > ssl.truststore.type=JKS > security.protocol=SSL > ssl.client.auth=required > allow.everyone.if.no.acl.found=false > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > # User.ANONYMOUS is included for AMS to be able to program ACL via 9094 port > super.users=User:CN=KafkaBroker1;User:ANONYMOUS
