Page History
...
controller.quorum.voters is a comma-separated list of all server nodes’ id, hostname or IP, and port, and can be set consistently across server nodes if using FQDNS:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
controller.quorum.voters=1@kafka-1.yourDomain.com:9093,2@kafka-2.yourDomain.com:9093,3@kafka-3.yourDomain.com:9093 |
...
where advertised.listeners is the second parameter (after node.id) that is unique to each server node.
...
log.dirs specifies not the location of server logs (that is in <kafkaInstallationDir/logs>, but actual topic data, so provide a reliable location outside the default /tmp; for example /var/opt/kafka.
...
SASL_SSL on the broker listener is required to enforce client/server user authentication and authorization since that traffic is traversing the public internet. SASL_SSL may also be enabled for the controller listener with properly configured keystores and truststores; however if the server nodes communicate exclusively in private network space (as described above), then SASL_PLAINTEXT may be considered sufficient.
log.dirs specifies not the location of server logs (that is in <kafkaInstallationDir/logs>, but actual topic data, so provide a reliable location outside the default /tmp; for example /var/opt/kafka.
Set the SASL mechanism parameters to PLAIN:
...
The username and password lines define the user to be used by this broker for inter-broker communication. All lines beginning with user_ define the users that can be authenticated by clients (including other brokers in the inter-broker communication context). When sharing SHRINE node user credentials with SHRINE site admins, be sure to use a secure transfer mechanism.
...
Changes to this file (user additions or removals) requires a Kafka process restart on each node (. This is one drawback to the PLAIN mechanism which will be alleviated when SCRAM becomes available for KRaft).
Create Server Keystores and Truststores
...
Overview
Content Tools