quickstart-aiven

Quick Start with Aiven for Apache Kafka

This folder contains a variant of the Quick Start SSL app configured to use Aiven for Apache Kafka as the target cluster. You may follow the Getting started on the Aiven site to perform the following operations:

• Create a new Apache Kafka service.
• Enable the SASL authentication mechanism.
• Download the CA certificate to create the trust store file with:.

  $ keytool -import -file ca.pem -alias CA -keystore secrets/client.truststore.jks

• Create the topic stocks.

The docker-compose.yml file has been revised to realize the integration with Aiven for Apache Kafka as follows:

• Removal of the broker service, because replaced by the remote cluster

• kafka-connector:

  • Definition of new environment variables to configure remote endpoint, credentials in the adapters.xml through the variable-expansion feature of Lightstreamer:

    ...
    environment:
      - bootstrap_server=${bootstrap_server}
      - username=${username}
      - password=${password}
      - truststore_password=${truststore_password}
    ...

  • Mounting of the local secrets folder to /lightstreamer/adapters/lightstreamer-kafka-connector-${version}/secrets in the container:

    volumes:
      ...
      - ./secrets:/lightstreamer/adapters/lightstreamer-kafka-connector-${version}/secrets

  • Adaption of adapters.xml to include:

    • new Kafka cluster address retrieved from the environment variable bootstrap_server:

      <param name="bootstrap.servers">$env.bootstrap_server</param>

    • encryption settings, with the trust store password retrieved from the environment variable truststore_password

      <param name="encryption.enable">true</param>
      <param name="encryption.protocol">TLSv1.2</param>
      <param name="encryption.hostname.verification.enable">false</param>
      <param name="encryption.truststore.path">secrets/client.truststore.jks</param>
      <param name="encryption.truststore.password">$env.truststore_password</param>
      

    • authentication settings, with the credentials retrieved from environment variables username and password:

      <param name="authentication.enable">true</param>
      <param name="authentication.mechanism">SCRAM-SHA-256</param>
      <param name="authentication.username">$env.username</param>
      <param name="authentication.password">$env.password</param>

• producer:

  • mounting of the local secrets folder to /usr/app/secrets in the container:

    volumes:
      - ./secrets:/usr/app/secrets

  • parameter --boostrap-servers retrieved from the environment variable bootstrap_server

  • provisioning of the producer.properties configuration file to enable SASL/SCRAM over TLS, with username, password, and trust store password retrieved from the environment variables username, password, and truststore_password:

  # Configure SASL/SCRAM mechanism
  sasl.mechanism=SCRAM-SHA-256
  # Enable SSL encryption
  security.protocol=SASL_SSL
  # JAAS configuration
  sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="${username}" password="${password}";
  # Trust store configuration to authenticate the broker
  ssl.truststore.location=/usr/app/secrets/client.truststore.jks
  ssl.truststore.password=password   
  ssl.endpoint.identification.algorithm=

Run

From this directory, run follow the command:

$ bootstrap_server=<bootstrap_server> username=<username> password=<password> truststore_password=<truststore_password> ./start.sh 

where:

• bootstrap_server is the bootstrap server address of the Apache Kafka service
• username and password are the credentials of the user automatically created from the Aiven Console
• truststore_password is the password of the trust store file

Then, point your browser to http://localhost:8080/QuickStart.