Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Kafka Secuirty

    Încărcat de

    Naidu
    67 vizualizări4 pagini
    Kafka Security

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    RTF, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Kafka Security

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca RTF, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    67 vizualizări4 pagini

    Kafka Secuirty

    Încărcat de

    Naidu
    Kafka Security

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca RTF, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    Starting zookeeper

    ————————
    kafka/bin/zookeeper-server-start.sh -daemon kafka/config/zookeeper.properties

    tail -n 100 kafka/logs/zookeeper.out

    echo "ruok" |nc localhost 2181 ;echo

    To start Kafka
    ———————
    kafka/bin/kafka-server-start.sh -daemon kafka/config/server.propertie

    tail -n 10 kafka/logs/kafkaServer.out

    To stop Kafka and zookeeper


    ———————————————————-
    kafka/bin/kafka-server-stop.sh
    kafka/bin/zookeeper-server-stop.sh

    Change/add the following properties in server.properties


    ————————————————————————————————————————
    Advertised.listeners=PLAINTEXT://localhost:9092
    Zookeeper.connect=localhost:2181

    Settingup in the Kafka client


    ————————————————

    kafka/bin/kafka-topics.sh -zookeeper localhost:2181 --create --topic


    kafka-security-topic --replication-factor 1 --partitions 2

    To start Kafka producer and consumer


    —————————————————

    kafka/bin/kafka-console-producer.sh --broker-list localhost:9092


    --topic kafka-security-topic

    kafka/bin/kafka-console-consumer.sh --bootstrap-server
    localhost:9092 --topic kafka-security-topic

    Creating Certificate Authority(CA)


    —————————————————

    openssl req -new -newkey rsa:4906 -days 365 -x509 -subj


    "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes
    this will generate private key ‘ca-key’ and public certificate ‘ca-cert
    file’

    Setting up SSL in Kafka


    ————————————

    export SRVPASS=serversecret

    Generate Kafka broker certificate using key tool command

    keytool -genkey -keystore kafka.server.keystore.jks -validity 365


    -storepass $SRVPASS -keypass $SRVPASS -dname "CN=localhost"
    -storetype pkcs12

    keytool -list -v -keystore kafka.server.keystore.jks

    To get signed version of certificate for Kafka broker( 2 way process)

    keytool -keystore kafka.server.keystore.jks -certreq -file cert-file


    -storepass $SRVPASS -keypass $SRVPASS

    To sign certificate

    openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-
    signed -days 365 -CAcreateserial -passin pass:$SRVPASS

    keytool -printcert -v -file cert-signed

    To create trust store on Kafka broker


    ——————————————

    keytool -keystore kafka.server.truststore.jks -alias CARoot -import


    -file ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt

    To import signed certificate into keystore


    —————————————————————

    keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file


    ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt

    -keystore kafka.server.keystore.jks -import -file cert-signed


    -storepass $SRVPASS -keypass $SRVPASS -noprompt

    Configure Kafka broker


    ——————————

    /config/server.properties

    listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093
    advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093
    zookeeper.connect=localhost:2181

    ssl.keystore.location=/Users/nmalla/naidu/softwares/sslcrerts/kafka.server.
    keystore.jks
    ssl.keystore.password=serversecret
    ssl.key.password=serversecret
    ssl.truststore.location=/Users/nmalla/naidu/softwares/sslcrerts/kafka.serve
    r.truststore.jks
    ssl.truststore.password=serversecret

    Restart Kafka

    grep "EndPoint" kafka/logs/server.log

    ———
    Confluent blog

    # With user prompts


    keytool -keystore kafka.server.keystore.jks -alias localhost -genkey

    # Without user prompts, pass command line arguments


    keytool -keystore kafka.server.keystore.jks -alias localhost -validity
    365 -genkey -storepass password -keypass password -dname
    {distinguished-name} -ext SAN=DNS:{hostname}

    S-ar putea să vă placă și