Security support for mesos-kafka
CBR09 opened this issue · 7 comments
Hi,
I see mesos-kafka isn't support security, I want to authenticating between broker and producer. For short term, is there any workaround for this, for long term, where is code I need to modify?
Thanks
As a drop in solution, you can change this line
https://github.com/mesos/kafka/blob/master/src/scala/main/ly/stealth/mesos/kafka/scheduler/mesos/MesosTaskFactory.scala#L95
into
defaults += ("listeners" -> s"SSL://:${ reservation.port }")
Then, pass configurations for kafka SSL when you create broker. Make sure that you enable interbroker SSL in the config too since we only listen on 1 port.
I'm willing to work on a PR for this to support PLAINTEXT in interbroker connect too. ( Basically, we have to make listeners listen on one more port, right?)
I'm interested in this too and willing to pick up some part of the implementation if needed.
Hi, anyone is working on it? I'm sort of stuck on enabling PLAINTEXT. I'll appreciate some help with how to approach this.
I can help you conceptually, want to detail what you've tried so far?
@ror6ax As i say, i have only tried to change the listeners in that file to SSL. And it works with SSL flawlessly. However, i think it would be a plus if we can make it listen on both SSL and PLAINTEXT. Namely, we need to make it listens on 2 ports and i doubt this would be an easy change... Haven't taken a close look into it though.
@codenamelxl can you please show how do you enable SSL in the config?
@ror6ax Forget what i say earlier. You just have to put appropriate config to set up kafka security like define at : https://kafka.apache.org/documentation/#security_ssl into a file (Ex:server.properties).
Then update broker through kafka mesos CLI with flag --options file:server.properties . That's it.