You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@flink.apache.org by "alex.decastro" <al...@lab49.com> on 2017/02/08 15:40:58 UTC

#kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Dear flinkers, 
I'm consuming from a kafka broker in a server that has ssl authentication
enabled? How do I config my consumer to compy with it? 

Many thanks
Alex



--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by "Tzu-Li (Gordon) Tai" <tz...@apache.org>.

Hi Alex,

Kafka authentication and data transfer encryption using SSL can be simply
done be configuring brokers and the connecting client.

You can take a look at this:
https://kafka.apache.org/documentation/#security_ssl.

The Kafka client that the Flink connector uses can be configured through the
`Properties` configuration provided when instantiating `FlinkKafkaConsumer`.
You just need to set values for these config properties:
https://kafka.apache.org/documentation/#security_configclients.

Note that SSL truststore / keystore locations must exist on all of your
Flink TMs for this to work.

Hope this helps!

- Gordon



--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11610.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by "alex.decastro" <al...@lab49.com>.

 Cool, thanks. Just checked it. 

One last question: 

if the server hosting my Kafka broker has only SSL enabled, but not SASL
(Kerberos) how to go about enabling connection authentication between client
consumer and broker? 

Same for data transfer? 



--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11547.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by Robert Metzger <rm...@apache.org>.

I've added another answer on SO that explains how you can pass a custom
configuration object to the execution environment.

On Thu, Feb 9, 2017 at 11:09 AM, alex.decastro <al...@lab49.com>
wrote:

> I found a similar question and answer at #stackoverflow
> http://stackoverflow.com/questions/37743194/local-flink-config-running-
> standalone-from-ide
>
> Verify?
>
>
>
> --
> View this message in context: http://apache-flink-user-
> mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-
> to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11539.html
> Sent from the Apache Flink User Mailing List archive. mailing list archive
> at Nabble.com.
>

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by "alex.decastro" <al...@lab49.com>.

I found a similar question and answer at #stackoverflow 
http://stackoverflow.com/questions/37743194/local-flink-config-running-standalone-from-ide

Verify? 



--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11539.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by "alex.decastro" <al...@lab49.com>.

Thanks Robert.
As a beginner Flinker, hot to tell my Flink app (in Intellij say) where the
flink-conf.yaml is.  

Alex





--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11538.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.

Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?

Posted by Robert Metzger <rm...@apache.org>.

Check out the documentation:
https://ci.apache.org/projects/flink/flink-docs-release-1.2/dev/connectors/kafka.html#enabling-kerberos-authentication-for-versions-09-and-above-only

On Wed, Feb 8, 2017 at 4:40 PM, alex.decastro <al...@lab49.com>
wrote:

> Dear flinkers,
> I'm consuming from a kafka broker in a server that has ssl authentication
> enabled? How do I config my consumer to compy with it?
>
> Many thanks
> Alex
>
>
>
> --
> View this message in context: http://apache-flink-user-
> mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-
> to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532.html
> Sent from the Apache Flink User Mailing List archive. mailing list archive
> at Nabble.com.
>