Enabling Transport Layer Security communications with Apache Kafka

Update the configuration file of the Data Streamer to enable Transport Layer Security (TLS) communications with the Kafka server.

1. Copy the sample configuration file from the z/OS® UNIX System Services directory where the Data Streamer is installed to the directory that is assigned to the CDP_HOME environment variable for the Data Streamer.
   Tip: Check the started task JCL of the Data Streamer in the SYS1.PROCLIB for the z/OS UNIX System Services directories of CDP_HOME.

   Under z/OS UNIX System Services, run the following commands to copy the sample configuration file to the CDP_HOME directory. The commands assume the Z Common Data Provider is installed at /usr/lpp/IBM/zcdp/v5r1m0 by SMP/E, and the /var/zcdp/ds is the directory set for CDP_HOME environment variable in the Data Streamer started task. Specify the correct directories according to your environment.

   cp /usr/lpp/IBM/zcdp/v5r1m0/DS/LIB/gatherer.consumer.properties /var/zcdp/ds/ 
   cd /var/zcdp/ds
   ls -l 
   

   Tip: The Data Streamer can share the same configuration file with the System Data Engine if the same CDP_HOME environment variable is specified in the started task JCLs of the Data Streamer and the System Data Engine.
2. Update the configuration file gatherer.consumer.properties under the CDP_HOME directory. You can update the file via the vi command under z/OS UNIX System Services or OEDIT command under ISPF.
   At the minimum, you need to enable the following parameters:

   security.protocol=SSL                                                                                                                                                            
   ssl.truststore.type=JKS                                   
   ssl.truststore.location=/u/kafka/ssl/kafka.truststore.jks   
   ssl.truststore.password=test1234                             
   

   If client authentication is required for Kafka client, you need to enable the following parameters too.

   ssl.keystore.type=JKS                                     
   ssl.keystore.location=/u/kafka/ssl/kafka.keystore.jks 
   ssl.keystore.password=test1234                               
   ssl.key.password=test1234                                    
   

   Ensure that the keystore and truststore file names and their passwords match what you did in previous steps.
3. Edit the Policy Profile and in the "Configure subscriber" window, update the Kafka Producer Config and Kafka Consumer Config fields to specify the full path name of the configuration file gatherer.consumer.properties under the CDP_HOME directory.
4. Restart the Data Streamer to take the updated parameters from the configuration file.