SSL Security Configuration
Describes how to configure Kafka Connect security on a MapR Data Platform cluster.
Secure by Default
As of Core 6.0, the Installer performs the Kafka Connect configuration for new
installations. This means that:
- If core is installed as secure, then Kafka Connect is also installed as secure.
- If core is installed as unsecure, then Kafka Connect is also installed as unsecure.
IMPORTANT In addition, every time the MapR configuration script
is run with the
-R
option (configure.sh -R
), the default
settings for MapR core are re-established. This means that if you manually configure
Kafka Connect for unsecure on a secure MapR core, Kafka Connect will revert
back to secure when configure.sh -R
is run.
Manually Securing Kafka Connect Only
CAUTION This configuration is not a typical configuration.
If you have an unsecure MapR Data Platform cluster, and you want to secure Kafka Connect, do the following:
- Generate the server and client certificates.
- Add any necessary property configurations to the
connect-distributed.properties
configuration file. For example:listeners=http://0.0.0.0:8083 ssl.keystore.location=<ssl-keystore-path> ssl.keystore.password=<ssl-keystore-password> ssl.key.password=<ssl-keystore-password>
- Restart Kafka
Connect.
maprcli node services -name kafka-connect -action restart -nodes <space delimited list of nodes>
- Run a curl command to ensure that HTTPS is enabled.
curl -X GET https://node1:8083/connectors --cacert <certificate-path>
Manually Unsecuring Kafka Connect
WARNING This scenario is NOT recommended or supported.
If you have a secure MapR Data Platform cluster, and you want to unsecure Kafka Connect, do the following:
- In the
connect-distributed.properties
configuration file, change https:// to http:// for the listeners and remove the ssl.* properties. For example:listeners=http://0.0.0.0:8083
- Restart Kafka
Connect.
maprcli node services -name kafka-connect -action restart -nodes <space delimited list of nodes>