Configuring the client configuration used for rolling restart checks
Cloudera Manager requires Kafka client configuration files to perform rolling restart checks. These files are generated automatically. However, if your Kafka service has custom listeners configured, you must manually update these client configuration files. Otherwise, the rolling restart check might fail.
When Cloudera Manager executes a rolling restart check, it uses the
kafka-topics tool to gather information about the brokers, topics, and
kafka-topics tool requires a valid client configuration
file to run. Cloudera Manager automatically generates two configuration files for this
purpose. One is used for the
kafka-topics commands initiated before the
brokers are stopped, the other, after brokers are restarted.
If your Kafka service is configured to use custom listeners, you must manually update the configuration files generated by Cloudera Manager. This is required because Cloudera Manager might not be able to automatically extract the information required to establish a connection with the Kafka service when custom listeners are configured. The client configuration files can be updated using advanced security snippets.
- In Cloudera Manager, select the Kafka service.
- Go to Configuration.
- Manually update the client configuration files used during rolling restart
checks.This can be done by adding a valid client configuration to the following advanced configuration snippets:
- Kafka Broker Advanced Configuration Snippet (Safety Valve) for rolling_restart_check_before_stop_admin_client_configs.properties
- Kafka Broker Advanced Configuration Snippet (Safety Valve) for rolling_restart_check_after_start_admin_client_configs.properties
Ensure that you add the same client configuration to both snippets. The client configuration you add must contain all properties that are required to establish a connection with the brokers. The client configuration you add here is similar to any other client configuration you create for Kafka command line tools. However, this specific configuration accepts the
bootstrap.serversproperty. Use this property to specify your custom host:port pairs that you use as your custom listeners.The following client configuration example is for a Kafka service that has both TLS/SSL and Kerberos enabled. You can use this example as a template and make changes as needed. For more client configuration examples, see the Securing Apache Kafka publication in the Streams Messaging documentation.
bootstrap.servers=[***HOST***]:[***PORT***] security.protocol=SASL_SSL ssl.client.auth=none sasl.mechanism=GSSAPI sasl.kerberos.service.name=kafka sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="[***PATH TO KEYTAB***]" principal="[***KERBEROS PRINCIPAL***]"; ssl.keystore.location=[***PATH TO KEYSTORE.JKS***] ssl.key.password=[***PASSWORD***] ssl.keystore.password=[***PASSWORD***] ssl.keystore.type=jks ssl.truststore.location=[***PATH TO TRUSTSTORE.JKS***] ssl.truststore.type=jks ssl.truststore.password=[***PASSWORD***]
- Click Save Changes.
Enable and configure rolling restart checks. Complete Configuring rolling restart checks.