forked from Dabz/kafka-security-playbook
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathserver.properties
44 lines (34 loc) · 1.46 KB
/
server.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Basic broker and listener configuration
broker.id=0
listeners=SASL_PLAINTEXT://kafka.kerberos-demo.local:9093
zookeeper.connect=zookeeper.kerberos-demo.local:2181
log.dirs=/var/lib/kafka
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
num.partitions=12
# Kerberos / GSSAPI Authentication mechanism
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka
# Configure replication to require Kerberos:
sasl.mechanism.inter.broker.protocol=GSSAPI
security.inter.broker.protocol=SASL_PLAINTEXT
# Authorization config:
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
zookeeper.set.acl=true
allow.everyone.if.no.acl.found=false
super.users=User:admin;User:kafka
# Demonstrate setting up the Confluent Metrics Reporter with required *client* credentials
metric.reporters=io.confluent.metrics.reporter.ConfluentMetricsReporter
confluent.metrics.reporter.bootstrap.servers=kafka:9093
confluent.metrics.reporter.sasl.mechanism=GSSAPI
confluent.metrics.reporter.security.protocol=SASL_PLAINTEXT
confluent.metrics.reporter.sasl.kerberos.service.name=kafka
confluent.metrics.reporter.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \
useKeyTab=true \
storeKey=true \
keyTab="/var/lib/secret/kafka-admin.key" \
principal="admin/[email protected]";
confluent.metrics.reporter.topic.replicas=1
confluent.support.metrics.enable=false
confluent.support.customer.id=anonymous