Page History
...
At the top level of the IAM console, far right column, find your account ID. It will be a long number.
Send both of these to your hub admins so that they can add your node to the network. Neither is secret; sending them in the clear is fine. TODO
Run shrineDownstream setMomUserPolicy
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
shrine {
...
kafka {
sasl.jaas.username = "yourKafkaUserName"
}
...
}//shrine
|
...
Create a Kafka client certificate truststore
In order to secure traffic through the internet, Kafka requires clients to authenticate servers via public key infrastructure (PKI). Each client needs a client truststore, in PKCS12 format, containing a list of individual server certificates signed by a Certificate Authority (CA), or alternatively the CA's cert itself. Ask the hub admin for the certificate(s), and import them each with Java keytool:
| Code Block | ||||
|---|---|---|---|---|
| ||||
keytool -keystore kafka_client_truststore.pkcs12 -alias <name of cert> -import -file <certificate-file> |
This will create the truststore file if it does not exist. You will be prompted for a password, despite the trustore containing no secret material since certificates are public.TODO: bit about creating a client truststore consisting of the hub's Kafka server's signed x509 cert
Add the truststore's location and password to the same two sections as your Kafka user credentials:
...
Overview
Content Tools