Kafka/SASL

Folks - regarding kafka-config.xml.nxftl: Presently, SASL is only enabled if SSL is enabled. (The sasl if directive is enclosed in the ssl if directive.) In a local server testing environment, it might be beneficial to configure Kafka for SASL PLAINTEXT (or SCRAM_SHA_nnn) – to simplify the configuration for development and testing. (In fact, that's what I had tried.) But as kafka-config.xml.nxftl is presently structured, this isn't possible without supplying a custom contrib. If the if/else statements in the nxftl were structured such that SASL and SSL were independent of one another, then SASL/PLAINTEXT (or SCRAM_SHA_nnn) could be tested without SSL just using nuxeo.conf settings.

0 votes

2 answers

68 views

ANSWER



Hi, You are right for now when using nuxeo.conf to generate the Kafka configuration you can use SASL only when TLS is enabled which is recommended configuration in production. I have created https://jira.nuxeo.com/browse/NXP-27100 for your testing case. In the meantime you can create your own configuration or enable SSL by generating self-signed certificates like here https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl Regards ben

0 votes



Thank you.
03/28/2019


Hi,

I believe the problem you're describing is NXP-26746 and has already been fixed.

0 votes



Thanks - I was describing setting up for sasl-only:

kafka.ssl=false
kafka.sasl.enabled=true
other sasl properties...

In this case, the sasl properties are not included in the generated XML.

03/28/2019