SSL Security Configuration

Describes how to configure Kafka Connect security on a HPE Ezmeral Data Fabric cluster.

Secure by Default

As of Core 6.0, the Installer performs the Kafka Connect configuration for new installations. This means that:
  • If core is installed as secure, then Kafka Connect is also installed as secure.
  • If core is installed as unsecure, then Kafka Connect is also installed as unsecure.

Manually Securing Kafka Connect Only

CAUTION
This configuration is not a typical configuration.

If you have an unsecure HPE Ezmeral Data Fabric cluster, and you want to secure Kafka Connect, do the following:

  1. Generate the server and client certificates.
  2. Add any necessary property configurations to the connect-distributed.properties configuration file. For example:
    listeners=http://0.0.0.0:8083
                ssl.keystore.location=<ssl-keystore-path>
                ssl.keystore.password=<ssl-keystore-password> 
                ssl.key.password=<ssl-keystore-password>
  3. Restart Kafka Connect.
    maprcli node services -name kafka-connect -action restart -nodes <space delimited list of nodes>
  4. Run a curl command to ensure that HTTPS is enabled.
    curl -X GET https://node1:8083/connectors --cacert <certificate-path>