Folks - regarding kafka-config.xml.nxftl: Presently, SASL is only enabled if SSL is enabled. (The sasl if directive is enclosed in the ssl if directive.) In a local server testing environment, it might be beneficial to configure Kafka for SASL PLAINTEXT (or SCRAM_SHA_nnn) – to simplify the configuration for development and testing. (In fact, that's what I had tried.) But as kafka-config.xml.nxftl is presently structured, this isn't possible without supplying a custom contrib. If the if/else statements in the nxftl were structured such that SASL and SSL were independent of one another, then SASL/PLAINTEXT (or SCRAM_SHA_nnn) could be tested without SSL just using nuxeo.conf settings.

0 votes

2 answers



Hi, You are right for now when using nuxeo.conf to generate the Kafka configuration you can use SASL only when TLS is enabled which is recommended configuration in production. I have created https://jira.nuxeo.com/browse/NXP-27100 for your testing case. In the meantime you can create your own configuration or enable SSL by generating self-signed certificates like here https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl Regards ben

0 votes

Thank you.


I believe the problem you're describing is NXP-26746 and has already been fixed.

0 votes

Thanks - I was describing setting up for sasl-only:

other sasl properties...

In this case, the sasl properties are not included in the generated XML.