Page History
...
Add your hub's Kafka user name (set in the Kafka servers' kafka_server_jaas.conf) and your client truststore location to shrine.conf:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine {
...
kafka {
sasl.jaas.username = "yourShrineHubUser"
ssl.truststore.location = "yourKafkaUserNamepath/to/your/client/truststore.pkcs12"
}
...
}//shrine
|
Tomcat will need the And your hub's Kafka credentials to send and receive messages in tomcat's user password as well as the client truststore password to password.conf:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine.kafka.sasl.jaas.password = "hubPassword" |
...
yourShrineHubUserPassword" shrine.kafka.ssl.truststore.password = |
...
"clientTruststorePassword" |
Configure shrineLifecycle tool
The shrine-network-lifecycle-tool (aka "shrineLifecycle")
Configure shrineNetworkLifecycle
The shrineNetworkLifecycle needs the admin Kafka credentials to create, modify, and delete Kafka topics, as well as your client truststore. Add that to the shrineNetworkLifecyclethem to shrine-network-lifecycle-tool's conf /override.conf and conf/password.conf files:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine.kafka.sasl.jaas.username = "andminUsername" kafka-admin" shrine.kafka.ssl.truststore.location = "path/to/your/client/truststore.pkcs12" |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine.kafka.sasl.jaas.password = "andminPasswordyourKafkaAdminPassword" |
...
shrine.kafka.ssl.truststore.password = |
...
"clientTruststorePassword" |
Note: it's safe to mix the "curly-bracket" and "dot" syntax styles in the same file.
Configure shrineLifecycle tool
network.conf
To use Kafka: in network.conf, specify a Kafka section with the specifics to share with downstream nodes:
| Code Block | ||||
|---|---|---|---|---|
| ||||
shrine {
network {
network {
name = "Network Name"
hubQueueName = "hub"
adminEmail = "yourEmail@yourhospital.edu"
momId = "hubUsernameyourShrineHubKafkaUser"
kafka = {
networkPrefix = "BestNetworkNetworkName"
bootstrapServers = "YourBootstrap1:Port,YourBootstrap2:Port,YourBootstrap3:Portkafka-1.yourDomain.com:9092,kafka-2.yourDomain.com:9092,kafka-3.yourDomain.com:9092"
securityProtocol = "SASL_SSL"
securityMechanism = "SCRAM-SHA-512PLAIN"
}
}
nodes = [
{
name = "Hub's nodeNetwork Name hub"
key = "hub-nodeqep"
userDomainName = "network-hub"
queueName = "hubNodehubQep"
sendQueries = "false"
adminEmail = "yourEmail@yourhospital.edu"
momId = "hubUsernameyourShrineHubKafkaUser"
}
]
}
} |
TODO current code uses something less secure. What's right?
| Code Block | ||||
|---|---|---|---|---|
| ||||
kafka = { networkPrefix = "shrinedev" bootstrapServers = "kafka-1.catalyst.harvard.edu:9092,kafka-2.catalyst.harvard.edu:9092,kafka-3.catalyst.harvard.edu:9092" securityProtocol = "SASL_PLAINTEXT" securityMechanism = "PLAIN" } |
Choose a network prefix. This will be prepended to queue names to allow managing enable the scenario of multiple networks on the same Kafka cluster.
Use the Kafka user name of the account to receive the messages for the momId. Find this on TODO
Note that the network's momId is the same as hub's node momId. You - the Kafka admin - will make a Kafka account for each downstream node, and share the username and password by a secure channel
The bootstrapServers parameter is a list of some or all server nodes running in the cluster. Once connection is made to one of them, the cluster's controller.quorum.voters setting takes precedence. At least 2 bootstrapServers are recommended, but the real number of server nodes can grow or shrink without clients needing to know.
Overview
Content Tools