Disabling the non-TLS port for the Apache Kafka broker

When the software containers are installed, the included Apache Kafka broker is configured with both a TLS port for encrypted communication, and a non-TLS port. For production environments, disable the non-TLS port.

About this task

The default TLS port is 9093, and the default non-TLS port is 9092.

Procedure

To disable the non-TLS port, complete the following instructions, based on the container tool that you are using.
Container tool Instructions
Docker
  1. In a text editor, open the ZOA_HOME/zoacommon-docker-compose.yml file, and comment out the following line by adding the comment character # at the beginning of the line, as indicated in the following example:
    # - ${ZAIOPS_KAFKA_BOOTSTRAP_SERVER_PORT}:${ZAIOPS_KAFKA_BOOTSTRAP_SERVER_PORT}
  2. Without making any further changes, save and close the zoacommon-docker-compose.yml file.
  3. Run the following command, which reloads the Apache Kafka broker service with the updated configuration: 
    cd ZOA_HOME
./bin/dockerManageZoa.sh up kafkabroker
Podman
  1. In the podmanManageZoa.sh script, remove the following line: -p ${ZAIOPS_KAFKA_BOOTSTRAP_SERVER_PORT}:9092 \
  2. Stop the Apache Kafka service, and restart it, as shown in the following example:
    
cd <ZOA_HOME>
podman stop kafkabroker
podman rm kafkabroker
./bin/podmanManageZoa.sh up kafkabroker