You can set up Talend Data Stewardship to
work with an external Kerberized Apache Kafka.
Before you begin
Make sure you have the following resources:
- Client Kerberos configuration file: krb5.conf
- JAAS Kerberos configuration file:
kafka_client_jaas.conf
- Kerberos keytab file: hostname.keyTab
- JKS truststore: krb5.truststore
Procedure
-
Create an <install_dir>/kafka-kerberos/ directory and
copy the below files into it:
-
krb5.conf
-
kafka_client_jaas.conf
-
hostname.keyTab
-
krb5.truststore
-
Add the below Java options to the
<install_dir>/tds/apache-tomcat/bin/setenv.sh
file:
-Djava.security.auth.login.config=<install_dir>/kafka-kerberos/kafka_client_jaas.conf
-Djava.security.krb5.conf=<install_dir>/kafka-kerberos/krb5.conf
-
Open the
<install_dir>/kafka-kerberos/kafka_client_jaas.conf file
and check that the
keyTab property is as below:
keyTab=<install_dir>/kafka-kerberos/hostname.keyTab
-
Edit the
<install_dir>/tds/apache-tomcat/bin/conf/data-stewardship.properties
file to add or edit the following lines:
kafka.ssl.truststore.location=<install_dir>/kafka-kerberos/krk5.truststore
kafka.ssl.truststore.password=<your_truststore_password>
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.location=${kafka.ssl.truststore.location}
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password=${kafka.ssl.truststore.password}
spring.kafka.properties.ssl.truststore.location=${kafka.ssl.truststore.location}
spring.kafka.properties.ssl.truststore.password=${kafka.ssl.truststore.password}