Configuring Talend Dictionary Service to support Kerberized Apache Kafka - Cloud

Talend Cloud Hybrid Installation Guide for Linux

Version
Cloud
Language
English (United States)
EnrichDitaval
linux
Product
Talend Cloud
Module
Talend Data Preparation
Talend Data Stewardship
Talend Management Console
Content
Installation and Upgrade
You can set up Talend Dictionary Service to work with an external Kerberized Apache Kafka.

Before you begin

Make sure you have the following resources:

  • Client Kerberos configuration file: krb5.conf
  • JAAS Kerberos configuration file: kafka_client_jaas.conf
  • Kerberos keytab file: hostname.keyTab
  • JKS truststore: krb5.truststore

Procedure

  1. Create an <install_dir>/kafka-kerberos/ directory and copy the below files into it:
    • krb5.conf
    • kafka_client_jaas.conf
    • hostname.keyTab
    • krb5.truststore
  2. Add the below java options to the <install_dir>/dq_dict/apache-tomcat/bin/setenv.sh file:
    -Djava.security.auth.login.config=<install_dir>/kafka-kerberos/kafka_client_jaas.conf
    -Djava.security.krb5.conf=<install_dir>/kafka-kerberos/krb5.conf
  3. Open the <install_dir>/kafka-kerberos/kafka_client_jaas.conf file and check that the keyTab property is as below:
    keyTab=<install_dir>/kafka-kerberos/hostname.keyTab
  4. Edit the <install_dir>/dq_dict/apache-tomcat/bin/conf/data-quality.properties file to add or edit the following lines:
    kafka.ssl.truststore.location=<install_dir>/kafka-kerberos/krk5.truststore
    kafka.ssl.truststore.password=<your_truststore_password>
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.location=${kafka.ssl.truststore.location}
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password=${kafka.ssl.truststore.password}
    spring.kafka.properties.ssl.truststore.location=${kafka.ssl.truststore.location}
    spring.kafka.properties.ssl.truststore.password=${kafka.ssl.truststore.password}