Defining co-located Kafka clusters using Kafka credentials

Before you can start replicating data with SRM, you must define the co-located Kafka clusters that take part in the replication process. This can be done using Cloudera Manager by creating Kafka credentials.

The following list of steps walk you through how you can define the co-located Kafka cluster using Kafka credentials.

  1. In Cloudera Manager, go to Administration > > External Accounts.
  2. Go to the Kafka Credentials tab.

    The Kafka Credentials tab enables you to create, configure, and manage Kafka credentials. On this tab you will create a credential for your co-located Kafka cluster.

  3. Create and configure Kafka credentials for the external clusters:
    1. Click Add Kafka credentials.
    2. Configure the Kafka credential:
      The security configuration of the co-located cluster determines which of the available properties you must set. To see which exact properties are required for your scenario, click one of the following tabs matching the security protocol of the cluster you are defining:
      • Name
      • Bootstrap servers
      • Security protocol
      Encryption only
      • Name
      • Bootstrap servers
      • Security protocol
      • Truststore Password
      • Truststore Path
      • Truststore Type
      Encryption and authentication
      • Name
      • Bootstrap servers
      • Security protocol
      • Truststore Password
      • Truststore Path
      • Truststore Type
      • Key Password
      • Keystore Password
      • Keystore Path
      • Keystore Type
      • Name
      • Bootstrap servers
      • Security protocol
      • JAAS Secret [1-3]
      • JAAS Template
      • Kerberos Service Name
      • SASL Mechanism
      • Name
      • Bootstrap servers
      • Security protocol
      • Truststore Password
      • Truststore Path
      • Truststore Type
      • JAAS Secret [1-3]
      • JAAS Template
      • Kerberos Service Name
      • SASL Mechanism
    3. Click Add.
      If credential creation is successful, a new entry corresponding to the Kafka credential you specified appears on the page.
    The following tabs collect examples of different Kafka credentials as well as some notes regarding configuration. Review these examples to better understand how to correctly configure a Kafka credential.
    name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9092,uswest-node2.cluster.com:9092,uswest-node3.cluster.com:9092
    Security protocol=PLAINTEXT
    Encryption only
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9093,uswest-node2.cluster.com:9093,uswest-node3.cluster.com:9093
    Security protocol=SSL
    Truststore Password=password
    Truststore Path=/opt/srm/us-west-truststore.jks
    Truststore Type=JKS 
    Encryption and authentication
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9093,uswest-node2.cluster.com:9093,uswest-node3.cluster.com:9093
    Security protocol=SSL
    Truststore Password=password
    Truststore Path=/opt/srm/us-west-truststore.jks
    Truststore Type=JKS
    Keystore Password=password
    Keystore Path=/opt/srm/us-west-keystore.jks
    Keystore Type=JKS
    Key Password=password
    Kerberos
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9092,uswest-node2.cluster.com:9092,uswest-node3.cluster.com:9092
    Security protocol=SASL_PLAINTEXT
    JAAS Template=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/opt/srm/streamsrepmgr.keytab" principal="streamsrepmgr@REALM.COM";
    Kerberos Service Name=kafka
    SASL Mechanism=GSSAPI
    PLAIN
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9092,uswest-node2.cluster.com:9092,uswest-node3.cluster.com:9092
    Security protocol=SASL_PLAINTEXT
    JAAS Secret 1=password
    JAAS Template=org.apache.kafka.common.security.plain.PlainLoginModule required username="username" password="##JAAS_SECRET_1##";
    SASL Mechanism=PLAIN
    Kerberos
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9093,uswest-node2.cluster.com:9093,uswest-node3.cluster.com:9093
    Security protocol=SASL_SSL
    Truststore Password=password
    Truststore Path=/opt/srm/us-west-truststore.jks
    Truststore Type=JKS
    JAAS Template=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/opt/srm/streamsrepmgr.keytab" principal="streamsrepmgr@REALM.COM";
    Kerberos Service Name=kafka
    SASL Mechanism=GSSAPI
    PLAIN
    Name=uswest
    Bootstrap servers=uswest-node1.cluster.com:9093,uswest-node2.cluster.com:9093,uswest-node3.cluster.com:9093
    Security protocol=SASL_SSL
    Truststore Password=password
    Truststore Path=/opt/srm/us-west-truststore.jks
    Truststore Type=JKS
    JAAS Secret 1=password
    JAAS Template=org.apache.kafka.common.security.plain.PlainLoginModule required username="username" password="##JAAS_SECRET_1##";
    SASL Mechanism=PLAIN
The co-located Kafka cluster is defined using Kafka credentials.
Add both external and co-located Kafka clusters to SRM’s configuration.