Preliminaries
Set up a Kafka server. TODO.
Security configuration for Kafka. TODO
Configuring users for Kafka TODO
Configure the Hub's shrine.conf
In tomcat's shrine.conf in the hub, turn off the in-tomcat messaging by setting shrine.hub.messagequeue.blockingWebApi.enabled to it's default false value by removing it from the hub block:
shrine { ... hub { create = true }//hub ... }//shrine
Add your hub's Kafka user name to shrine.conf:
shrine { ... kafka{ sasl.jaas.username = "yourKafkaUserName" } ... }//shrine
Tomcat will need the hub's Kafka credentials to send and receive messages in tomcat's password.conf:
shrine.kafka.sasl.jaas.password = "hubPassword"
TODO - what's the final list? current code requires shrine.kafka.ssl.truststore.password = "dummy-password" but doesn't use it. (And ssl.truststore.location = "/dummy/location" in shrine.conf)
Configure shrineNetworkLifecycle
The shrineNetworkLifecycle needs the admin Kafka credentials to create, modify, and delete Kafka topics. Add that to the shrineNetworkLifecycle's conf/override.conf and conf/password.conf :
shrine.kafka.sasl.jaas.password = "andminPassword"
shrine.kafka.sasl.jaas.username = "andminUsername"
TODO - what's the final list? current code requires shrine.kafka.ssl.truststore.password = "dummy-password" but doesn't use it. (And ssl.truststore.location = "/dummy/location" in shrine.conf)
network.conf
To use Kafka: in network.conf, specify a Kafka section with the specifics to share with downstream nodes:
shrine { network { network { name = "Network Name" hubQueueName = "hub" adminEmail = "yourEmail@yourhospital.edu" momId = "hubUsername" kafka = { networkPrefix = "BestNetwork" bootstrapServers = "YourBootstrap1:Port,YourBootstrap2:Port,YourBootstrap3:Port" securityProtocol = "SASL_SSL" securityMechanism = "SCRAM-SHA-512" } } nodes = [ { name = "Hub's node" key = "hub-node" userDomainName = "network-hub" queueName = "hubNode" sendQueries = "false" adminEmail = "yourEmail@yourhospital.edu" momId = "hubUsername" } ] } }
TODO current code uses something less secure. What's right?
kafka = { networkPrefix = "shrinedev" bootstrapServers = "kafka-1.catalyst.harvard.edu:9092,kafka-2.catalyst.harvard.edu:9092,kafka-3.catalyst.harvard.edu:9092" securityProtocol = "SASL_PLAINTEXT" securityMechanism = "PLAIN" }
Choose a network prefix. This will be prepended to queue names to allow managing multiple networks on the same Kafka cluster.
Use the Kafka user name of the account to receive the messages for the momId. Find this on TODO
Note that the network's momId is the same as hub's node momId. You - the Kafka admin - will make a Kafka account for each downstream node, and share the username and password by a secure channel.