diff --git a/config/blobs.yml b/config/blobs.yml index a4ee51c..181a540 100644 --- a/config/blobs.yml +++ b/config/blobs.yml @@ -1,7 +1,7 @@ -confluent-platform/confluent-5.2.1-2.12.zip: - size: 530385649 - object_id: 1084d580-918f-4c92-7dc8-d390b8739e2b - sha: sha256:079fee8774671769fbb2124428f5f75224d0c8836d36efede643b597727944b9 +confluent-platform/confluent-5.4.1-2.12.zip: + size: 957589905 + object_id: 5904c30e-7e80-4164-5f5b-9003a45434eb + sha: sha256:95b3f1afad740bf3be9a38c16babe8b87e0c74b0a14792a63841bf9aa2d4cf08 java/jdk8u192-b03.tar.gz: size: 45670457 object_id: 5a70262f-3127-4a35-6685-b271ba939661 @@ -9,4 +9,4 @@ java/jdk8u192-b03.tar.gz: minio/mc: size: 16605184 object_id: 0fb6f283-7aea-4c8a-5157-c6d3a509680f - sha: sha256:67280ce05acdd656156ca39b266f2931889ed2b58b703300639b1ccba645a6b3 \ No newline at end of file + sha: sha256:67280ce05acdd656156ca39b266f2931889ed2b58b703300639b1ccba645a6b3 diff --git a/jobs/confluent-server/templates/config/confluent-server-jaas.conf.erb b/jobs/confluent-server/templates/config/confluent-server-jaas.conf.erb index 684f7b4..b886709 100644 --- a/jobs/confluent-server/templates/config/confluent-server-jaas.conf.erb +++ b/jobs/confluent-server/templates/config/confluent-server-jaas.conf.erb @@ -1,11 +1,17 @@ KafkaServer { - org.apache.kafka.common.security.scram.ScramLoginModule required - username="<%= p("jaas.username") %>" - password="<%= p("jaas.password") %>"; + org.apache.kafka.common.security.scram.ScramLoginModule required + username="<%= p("jaas.username") %>" + password="<%= p("jaas.password") %>"; }; KafkaClient { - org.apache.kafka.common.security.scram.ScramLoginModule required - username="<%= p("metric.jaas.username") %>" - password="<%= p("metric.jaas.password") %>"; + org.apache.kafka.common.security.scram.ScramLoginModule required + username="<%= p("metric.jaas.username") %>" + password="<%= p("metric.jaas.password") %>"; +}; + +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="<%= p("jaas.username") %>" + password="<%= p("jaas.password") %>"; }; \ No newline at end of file diff --git a/jobs/confluent-server/templates/config/server.properties.erb b/jobs/confluent-server/templates/config/server.properties.erb index d2acb93..549b97a 100644 --- a/jobs/confluent-server/templates/config/server.properties.erb +++ b/jobs/confluent-server/templates/config/server.properties.erb @@ -34,14 +34,16 @@ delete.topic.enable=<%= p("delete_topic") %> # listeners = PLAINTEXT://your.host.name:9092 listeners=SASL_SSL://<%= spec.address %>:9092 +listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \ + username="<%= p("jaas.username") %>" \ + password="<%= p("jaas.password") %>"; + security.inter.broker.protocol=SASL_SSL sasl.enabled.mechanisms=SCRAM-SHA-512 sasl.mechanism=SCRAM-SHA-512 sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512 -sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \ - username="<%= p("jaas.username") %>" \ - password="<%= p("jaas.password") %>"; + ssl.keystore.location=/var/vcap/jobs/confluent-server/config/generated.keystore.jks ssl.keystore.password=<%= p("keystore_password") %> @@ -55,10 +57,9 @@ ssl.truststore.type=PKCS12 # Hostname and port the broker will advertise to producers and consumers. If not set, # it uses the value for "listeners" if configured. Otherwise, it will use the value # returned from java.net.InetAddress.getCanonicalHostName(). -#advertised.listeners=PLAINTEXT://your.host.name:9092 <% if_p('advertised.listener') do |advertised_listener| if advertised_listener[spec.index] != nil %> -advertised.listeners=PLAINTEXT://<%= spec.address %>:9092,<%= security_protocol %>://<%= spec.address %>:9092 +advertised.listeners=SASL_SSL://<%= spec.address %>:9092 <% end end %>