You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Radu Radutiu <rr...@gmail.com> on 2016/06/22 12:47:04 UTC

SSL support for command line tools

Hi,

Is is possible to configure the command line tools like
kafka-consumer-groups.sh , kafka-topics.sh and all other command that are
not a consumer or producer to connect to a SSL only kafka cluster ?

Regards,
Radu

Re: SSL support for command line tools

Posted by Gerard Klijs <ge...@dizzit.com>.

That particular tool doen't seem to support ssl, at least not the 0.10
version.

On Thu, Jun 23, 2016 at 9:17 AM Radu Radutiu <rr...@gmail.com> wrote:

> I have read the documentation and I can connect the consumer and producer
> successfully with SSL. However I have trouble running other scripts like
>
> bin/kafka-run-class.sh kafka.tools.GetOffsetShell --broker-list
> {brokerUrl} —topic {topicName} --time -2
>
> if the broker is configured with SSL only.
>
> Regards,
> Radu
>
> On 23 June 2016 at 01:46, Harsha <ka...@harsha.io> wrote:
>
> > Radu,
> >          Please follow the instructions here
> >          http://kafka.apache.org/documentation.html#security_ssl . At
> >          the end of the SSL section we've an example for produce and
> >          consumer command line tools to pass in ssl configs.
> >
> > Thanks,
> > Harsha
> >
> > On Wed, Jun 22, 2016, at 07:40 AM, Gerard Klijs wrote:
> > > To eleborate:
> > > We start the process with --command-config /some/folder/ssl.properties
> > > the
> > > file we include in the image, and contains the ssl properties it needs,
> > > which is a subset of the properties (those specific for ssl) the client
> > > uses. In this case the certificate is accessed in a data container,
> > > having
> > > access to the same certificate as the broker (so we don't need to set
> > > acl's
> > > to use the tool).
> > >
> > > On Wed, Jun 22, 2016 at 2:47 PM Gerard Klijs <ge...@dizzit.com>
> > > wrote:
> > >
> > > > You need to pass the correct options, similar to how you would do to
> a
> > > > client. We use the consumer-groups in a docker container, in an
> > environment
> > > > witch is now only SSL (since the schema registry now supports it).
> > > >
> > > > On Wed, Jun 22, 2016 at 2:47 PM Radu Radutiu <rr...@gmail.com>
> > wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> Is is possible to configure the command line tools like
> > > >> kafka-consumer-groups.sh , kafka-topics.sh and all other command
> that
> > are
> > > >> not a consumer or producer to connect to a SSL only kafka cluster ?
> > > >>
> > > >> Regards,
> > > >> Radu
> > > >>
> > > >
> >
>

Re: SSL support for command line tools

Posted by Radu Radutiu <rr...@gmail.com>.

I have read the documentation and I can connect the consumer and producer
successfully with SSL. However I have trouble running other scripts like

bin/kafka-run-class.sh kafka.tools.GetOffsetShell --broker-list
{brokerUrl} —topic {topicName} --time -2

if the broker is configured with SSL only.

Regards,
Radu

On 23 June 2016 at 01:46, Harsha <ka...@harsha.io> wrote:

> Radu,
>          Please follow the instructions here
>          http://kafka.apache.org/documentation.html#security_ssl . At
>          the end of the SSL section we've an example for produce and
>          consumer command line tools to pass in ssl configs.
>
> Thanks,
> Harsha
>
> On Wed, Jun 22, 2016, at 07:40 AM, Gerard Klijs wrote:
> > To eleborate:
> > We start the process with --command-config /some/folder/ssl.properties
> > the
> > file we include in the image, and contains the ssl properties it needs,
> > which is a subset of the properties (those specific for ssl) the client
> > uses. In this case the certificate is accessed in a data container,
> > having
> > access to the same certificate as the broker (so we don't need to set
> > acl's
> > to use the tool).
> >
> > On Wed, Jun 22, 2016 at 2:47 PM Gerard Klijs <ge...@dizzit.com>
> > wrote:
> >
> > > You need to pass the correct options, similar to how you would do to a
> > > client. We use the consumer-groups in a docker container, in an
> environment
> > > witch is now only SSL (since the schema registry now supports it).
> > >
> > > On Wed, Jun 22, 2016 at 2:47 PM Radu Radutiu <rr...@gmail.com>
> wrote:
> > >
> > >> Hi,
> > >>
> > >> Is is possible to configure the command line tools like
> > >> kafka-consumer-groups.sh , kafka-topics.sh and all other command that
> are
> > >> not a consumer or producer to connect to a SSL only kafka cluster ?
> > >>
> > >> Regards,
> > >> Radu
> > >>
> > >
>

Re: SSL support for command line tools

Posted by Harsha <ka...@harsha.io>.

Radu,
         Please follow the instructions here
         http://kafka.apache.org/documentation.html#security_ssl . At
         the end of the SSL section we've an example for produce and
         consumer command line tools to pass in ssl configs.

Thanks,
Harsha

On Wed, Jun 22, 2016, at 07:40 AM, Gerard Klijs wrote:
> To eleborate:
> We start the process with --command-config /some/folder/ssl.properties
> the
> file we include in the image, and contains the ssl properties it needs,
> which is a subset of the properties (those specific for ssl) the client
> uses. In this case the certificate is accessed in a data container,
> having
> access to the same certificate as the broker (so we don't need to set
> acl's
> to use the tool).
> 
> On Wed, Jun 22, 2016 at 2:47 PM Gerard Klijs <ge...@dizzit.com>
> wrote:
> 
> > You need to pass the correct options, similar to how you would do to a
> > client. We use the consumer-groups in a docker container, in an environment
> > witch is now only SSL (since the schema registry now supports it).
> >
> > On Wed, Jun 22, 2016 at 2:47 PM Radu Radutiu <rr...@gmail.com> wrote:
> >
> >> Hi,
> >>
> >> Is is possible to configure the command line tools like
> >> kafka-consumer-groups.sh , kafka-topics.sh and all other command that are
> >> not a consumer or producer to connect to a SSL only kafka cluster ?
> >>
> >> Regards,
> >> Radu
> >>
> >

Re: SSL support for command line tools

Posted by Gerard Klijs <ge...@dizzit.com>.

To eleborate:
We start the process with --command-config /some/folder/ssl.properties the
file we include in the image, and contains the ssl properties it needs,
which is a subset of the properties (those specific for ssl) the client
uses. In this case the certificate is accessed in a data container, having
access to the same certificate as the broker (so we don't need to set acl's
to use the tool).

On Wed, Jun 22, 2016 at 2:47 PM Gerard Klijs <ge...@dizzit.com>
wrote:

> You need to pass the correct options, similar to how you would do to a
> client. We use the consumer-groups in a docker container, in an environment
> witch is now only SSL (since the schema registry now supports it).
>
> On Wed, Jun 22, 2016 at 2:47 PM Radu Radutiu <rr...@gmail.com> wrote:
>
>> Hi,
>>
>> Is is possible to configure the command line tools like
>> kafka-consumer-groups.sh , kafka-topics.sh and all other command that are
>> not a consumer or producer to connect to a SSL only kafka cluster ?
>>
>> Regards,
>> Radu
>>
>

Re: SSL support for command line tools

Posted by Gerard Klijs <ge...@dizzit.com>.

You need to pass the correct options, similar to how you would do to a
client. We use the consumer-groups in a docker container, in an environment
witch is now only SSL (since the schema registry now supports it).

On Wed, Jun 22, 2016 at 2:47 PM Radu Radutiu <rr...@gmail.com> wrote:

> Hi,
>
> Is is possible to configure the command line tools like
> kafka-consumer-groups.sh , kafka-topics.sh and all other command that are
> not a consumer or producer to connect to a SSL only kafka cluster ?
>
> Regards,
> Radu
>