Yes, it is still relevant — unless you’ve enabled SSL for inter-broker communication and you are trying to update the truststore associated with that listener.
You should use the kafka-configs command to set the dynamic config value: https://kafka.apache.org/21/documentation.html#dynamicbrokerconfigs <https://kafka.apache.org/21/documentation.html#dynamicbrokerconfigs> > bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers > --entity-default --alter --add-config > {listener.name.[listener_name].}ssl.truststore.location=/path/to/new/truststore The part in brackets may be optional if you don’t have more than one listener configured with a truststore. > On May 16, 2019, at 3:26 PM, Darshan <purandare.dars...@gmail.com> wrote: > > I sent another email that I am looking to dynamically update SSL > truststore, and not keystore. Would that be still relevant? Thanks. > > On Thu, May 16, 2019 at 2:54 PM Peter Bukowinski <pmb...@gmail.com> wrote: > >> It’s my understanding that dynamic configuration requires you to write >> znodes, e.g. /config/brokers/ssl.keystore.location. I believe you can use >> the same path. Brokers should be watching that path and if a node is added >> or updated the config values will be read in and loaded over existing >> values. >> >> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore >> < >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration#KIP-226-DynamicBrokerConfiguration-SSLkeystore >>> >> >> >>> On May 16, 2019, at 2:08 PM, Darshan <purandare.dars...@gmail.com> >> wrote: >>> >>> Hi >>> >>> I am testing out Kafka 2.2.0 and was hoping to test out "Enable dynamic >>> reconfiguration of SSL truststores" >>> https://issues.apache.org/jira/browse/KAFKA-6810. But unfortunately I >> could >>> not get it work. Please find the server.properties. Just wondering if we >>> need an change of config. Please advise.. >>> >>> 1. I added a new entry in the truststore, and validated it that it is >>> present. >>> 2. The client (kafka writer) could not write to Kafka due to >> SSLException. >>> 3. I restarted Kafka broker. >>> 4. The client could write messages. >>> >>> >>> server.properties >>> >> ---------------------------------------------------------------------------- >>> >>> ############################# Server Basics ############################# >>> >>> # The id of the broker. This must be set to a unique integer for each >>> broker. >>> broker.id=1 >>> auto.create.topics.enable=true >>> delete.topic.enable=true >>> >>> #################### Upgrading from 1.1.0 to 2.2.0 #################### >>> inter.broker.protocol.version=1.1 >>> log.message.format.version=1.1 >>> >>> ############################# Socket Server Settings >>> ############################# >>> >>> listeners=INTERNAL://1.1.1.65:9092,EXTERNAL://10.28.118.172:443 >>> ,INTERNAL_PLAINTEXT://1.1.1.65:9094 >>> advertised.listeners=INTERNAL://1.1.1.65:9092,EXTERNAL:// >> 10.28.118.172:443 >>> ,INTERNAL_PLAINTEXT://1.1.1.65:9094 >>> >> listener.security.protocol.map=INTERNAL:SSL,EXTERNAL:SSL,INTERNAL_PLAINTEXT:PLAINTEXT >>> inter.broker.listener.name=INTERNAL_PLAINTEXT >>> >>> default.replication.factor=1 >>> offsets.topic.replication.factor=1 >>> >>> # Hostname the broker will bind to. If not set, the server will bind to >> all >>> interfaces >>> host.name=10.28.118.172 >>> >>> # The number of threads handling network requests >>> num.network.threads=12 >>> >>> # The number of threads doing disk I/O >>> num.io.threads=12 >>> >>> # The send buffer (SO_SNDBUF) used by the socket server >>> socket.send.buffer.bytes=102400 >>> >>> # The receive buffer (SO_RCVBUF) used by the socket server >>> socket.receive.buffer.bytes=102400 >>> >>> # The maximum size of a request that the socket server will accept >>> (protection against OOM) >>> socket.request.max.bytes=104857600 >>> >>> # Max message size is 10 MB >>> message.max.bytes=10000120 >>> >>> # Consumer side largest message size is 10 MB >>> fetch.message.max.bytes=10000120 >>> >>> # Replica max fetch size is 10MB >>> replica.fetch.max.bytes=10000120 >>> >>> # Max request size 10MB >>> max.request.size=10000120 >>> >>> ################ SHUTDOWN and REBALANCING ####################### >>> # Both the following properties are also enabled by default as well, also >>> explicitly settings here >>> controlled.shutdown.enable=true >>> auto.leader.rebalance.enable=true >>> unclean.leader.election.enable=true >>> >>> >>> ######################### Security Settings ########################## >>> ssl.endpoint.identification.algorithm="" >>> ssl.keystore.location=/dir/keystore.jks >>> ssl.keystore.password=pwd >>> ssl.key.password=pwd >>> ssl.truststore.location=/dir/truststore.jks >>> ssl.truststore.password=pwd >>> ssl.keystore.type=JKS >>> ssl.truststore.type=JKS >>> security.protocol=SSL >>> ssl.client.auth=required >>> allow.everyone.if.no.acl.found=false >>> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer >>> # User.ANONYMOUS is included for AMS to be able to program ACL via 9094 >> port >>> super.users=User:CN=KafkaBroker1;User:ANONYMOUS >> >>
