Authenticating, encrypting, and enabling

  • Log in to the IBM Spectrum® Discover server and extract the information from the following example, which contains an example of Kafka user name and password.
    moadmin@server kafka]$ cd /etc/kafka
    
    [moadmin@server kafka]$ cat kafka_server_jaas.conf
    KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    user_cos="meezDMxFNZJMSxdyWQKSjVbs";
    };
    
    User= cos
    Password = meezDMxFNZJMSxdyWQKSjVbs
    

Encryption

The following information shows an example of a certificate of authority for the PEM file.

  1. Log in to the IBM Spectrum Discover server as moadmin.
  2. In the /etc/kafka/ca.crt file, copy the block of text that starts with BEGIN CERTIFICATE and that ends with END CERTIFICATE. The following example displays what the copied block of text might look like:
    -----BEGIN CERTIFICATE-----
    MIIExTCCA62gAwIBAgIJAKMX/n6ULb6YMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
    VQQGEwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNV
    BAoMA0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3Bl
    Y3RydW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5j
    b20wHhcNMTkwMTAyMTY1MDU5WhcNMzgxMjI4MTY1MDU5WjCBmDELMAkGA1UEBhMC
    R0IxDjAMBgNVBAgMBUhBTlRTMRAwDgYDVQQHDAdIdXJzbGV5MQwwCgYDVQQKDANJ
    Qk0xGTAXBgNVBAsMEHNwZWN0cnVtZGlzY292ZXIxGTAXBgNVBAMMEHNwZWN0cnVt
    ZGlzY292ZXIxIzAhBgkqhkiG9w0BCQEWFG1sYXdyZW5jZUB1ay5pYm0uY29tMIIB
    IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg7z4gDeWlkeJjPvj3wobDBB
    JrHJngooDbPLicRSf/yjl1NgwbWbjIjIeL9R8My+24hRUGfym9IWCM8qMWyEHG+w
    +Rr/6jdQyD89j+m1c2ly3nDhXYsTQZR03UylC/TimF6fc07CfuQ1E2ljHf/JXVK4
    ESVilhZR23/tWIfbITZmLvdftJSx0Kgu0Ow4BIr9kpQ3bXwt/eoDvAhdKztDouWN
    lYCGmdzFOi6E3asspxHhcsGW3bcMu5mqzT6BEnSzrxr8kRbRDL6Q0Pqv33XVxP6z
    OHIvv1uFg9Vq6XHIZLBhWNDqPgYoAbT0Q43vUxk7mJ3uJQY6bgbfuEa+PxygQwID
    AQABo4IBDjCCAQowHQYDVR0OBBYEFEKxmmHeSfxgHuFL1dd82WMyf190MIHNBgNV
    HSMEgcUwgcKAFEKxmmHeSfxgHuFL1dd82WMyf190oYGepIGbMIGYMQswCQYDVQQG
    EwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNVBAoM
    A0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3BlY3Ry
    dW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5jb22C
    CQCjF/5+lC2+mDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
    AQsFAAOCAQEANINRvyeuJh69iRK5dPJssmcISXcZv4X33ukAyRt4zLNFToSkTfj2
    ZAtQCNgQNl9Ln7Twuit+e6wifxAkA+UD7wrxMzb32+Mpw/XNzo5DnhInfvkAfC62
    SHqWIaqTLXDeGbE8O7ieFsI7kAgEQCf23z/vESB2+m1XBI1UcuxMioYwX4YTb14/
    GLDJkqhXMLWV+h/7NU7KbERSBia24N5zlR6Ed/rx83uD2AwBnBqt24sD6Q8Gbm+e
    HLMv0JrH1vty1vGsfkZnSHb+E6V/5+GsnpIaDyIpsCvM1LqS/wMzBg9hlT5sii8l
    mmqMTK6yqcqS7CfWFv/DjQr/i9ECyJ8fAQ==
    -----END CERTIFICATE-----
    

Notification service configuration setup

  1. Check Enable Configuration.
    NAME: <NAME>
    Topic: cos-le-connector-topic
    Hosts: <SD hostname> :9093
    Type: IBM Spectrum Discover

Enabling authentication

  • Check Enable authentication.
    Username: cos
    Password: <PASSWORD>
    

Enabling encryption

  1. Check Enable TLS for Apache Kafka network connections.
  2. Add the certificate PEM file from the IBM Spectrum Discover platform. See Figure 1.
    Figure 1. Add a storage vault to the configuration
    Add a storage vault to the configuration