Hi Ryanne, thanks for the reply. My kafka clusters are on AWS, their serverless platform, MSK. I'm stuck with using the default java cacerts unless I use their AWS PCA which is pretty pricey.
I ran the CURL command yesterday with the -v and --tlsv1.2 flag and got the following verbose message: curl -s -X POST -H 'Content-Type: application/json' --data @connector.json https://localhost:8443/connectors -v --tlsv1.2 * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 8443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Unknown (21): * TLSv1.2 (IN), TLS alert, handshake failure (552): * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Thanks On Mon, Apr 5, 2021 at 7:26 AM Ryanne Dolan <ryannedo...@gmail.com> wrote: > Yes it's possible. The most common issue in my experience is the location > of the trust store and key store being different or absent on some hosts. > You need to make sure that these locations are consistent across all hosts > in your Connect cluster, or use a ConfigProvider to provide the location > dynamically. Otherwise, a task will get scheduled on some host and fail to > find these files. > > Ryanne > > > On Wed, Mar 31, 2021, 8:22 PM Men Lim <zulu...@gmail.com> wrote: > > > Hello. I was wondering if someone can help answer my question. I'm > trying > > to run MirrorMaker 2 in distributed mode using SSL. I have the > distributor > > running in SSL but when I can't get the curl REST api to do so. I saw > that > > kif-208 fixed this but I can't seem to implement it. > > > > in my mm2-dist.prop file I have set: > > //// > > listeners=https://localhost:8443 > > security.protocol=SSL > > > > > ssl.truststore.location=/home/ec2-user/kafka_2.13-2.7.0/cert/kafka.client.truststore.jks > > //// > > my connector.json file look like this: > > > > //// > > { > > "name": "mm2-connect-cluster", > > "config":{ > > "connector.class": > "org.apache.kafka.connect.mirror.MirrorSourceConnector", > > "connector.client.config.override.policy": "All", > > "name": "mm2-connect-cluster", > > "topics": "test.*", > > "tasks.max": "1", > > "source.cluster.alias": "source", > > "target.cluster.alias": "target", > > "source.cluster.bootstrap.servers": "source:9094", > > "target.cluster.bootstrap.servers": "target:9094", > > "source->target.enabled": "true", > > "target->source.enabled": "false", > > "offset-syncs.topic.replication.factor": "4", > > "topics.exclude": ".*[\\-\\.]internal, .*\\.replica, > > __consumer_offsets", > > "groups.blacklist": "console-consumer-.*, connect-.*, __.*", > > "topic.creation.enabled": "true", > > "topic.creation.default.replication.factor": "4", > > "topic.creation.default.partitions": "1" > > "key.converter": "org.apache.kafka.connect.json.JsonConverter", > > "value.converter": "org.apache.kafka.connect.json.JsonConverter", > > "security.protocol": "SSL", > > "ssl.truststore.password": > > "/home/ec2-user/kafka_2.13-2.7.0/cert/kafka.client.truststore.jks" > > } > > } > > //// > > > > I would then start up the distributor and it launched fine. So I try to > > run the CURl command > > > > //// > > curl -s -X POST -H 'Content-Type: application/json' --data > @connector.json > > https://localhost:8443/connectors > > //// > > nada. nothing. no error. no reasons for not starting. > > > > Is it possible to run MM2 with SSL? If so, can someone point me to a > > working example? > > > > thanks. > > >
