SSL Security Configuration

Describes how to configure Kafka Connect security on a MapR cluster.

Secure by Default

As of MapR 6.0, the MapR Installer performs the Kafka Connect configuration for new installations. This means that:
  • If MapR core is installed as secure, then Kafka Connect is also installed as secure.
  • If MapR core is installed as unsecure, then Kafka Connect is also installed as unsecure.
Important: In addition, every time the MapR configuration script is run with the -R option (configure.sh -R), the default settings for MapR core are re-established.

This means that if you manually configure Kafka Connect for unsecure on a secure MapR core, Kafka Connect will revert back to secure when configure.sh -R is run.

Manually Securing Kafka Connect Only

CAUTION:
This configuration is not a typical configuration.

If you have an unsecure MapR cluster, and you want to secure Kafka Connect, do the following:

  1. Generate the server and client certificates.
  2. Add any necessary property configurations to the connect-distributed.properties configuration file. For example:
    listeners=http://0.0.0.0:8083
                ssl.keystore.location=<ssl-keystore-path>
                ssl.keystore.password=<ssl-keystore-password> 
                ssl.key.password=<ssl-keystore-password>
  3. Restart Kafka Connect.
    maprcli node services -name kafka-connect -action restart -nodes <space delimited list of nodes>
  4. Run a curl command to ensure that HTTPS is enabled.
    curl -X GET https://node1:8083/connectors --cacert <certificate-path>

Manually Unsecuring Kafka Connect

Warning: This scenario is NOT recommended or supported.

If you have an secure MapR cluster, and you want to unsecure Kafka Connect, do the following:

  1. In the connect-distributed.properties configuration file, change https:// to http:// for the listeners and remove the ssl.* properties. For example:
    listeners=http://0.0.0.0:8083
  2. Restart Kafka Connect.
    maprcli node services -name kafka-connect -action restart -nodes <space delimited list of nodes>