Security support for mesos-kafka about kafka HOT 7 OPEN

As a drop in solution, you can change this line
https://github.com/mesos/kafka/blob/master/src/scala/main/ly/stealth/mesos/kafka/scheduler/mesos/MesosTaskFactory.scala#L95
into
defaults += ("listeners" -> s"SSL://:${ reservation.port }")
Then, pass configurations for kafka SSL when you create broker. Make sure that you enable interbroker SSL in the config too since we only listen on 1 port.

I'm willing to work on a PR for this to support PLAINTEXT in interbroker connect too. ( Basically, we have to make listeners listen on one more port, right?)

from kafka.

I'm interested in this too and willing to pick up some part of the implementation if needed.

from kafka.

Hi, anyone is working on it? I'm sort of stuck on enabling PLAINTEXT. I'll appreciate some help with how to approach this.

from kafka.

I can help you conceptually, want to detail what you've tried so far?

from kafka.

@ror6ax As i say, i have only tried to change the listeners in that file to SSL. And it works with SSL flawlessly. However, i think it would be a plus if we can make it listen on both SSL and PLAINTEXT. Namely, we need to make it listens on 2 ports and i doubt this would be an easy change... Haven't taken a close look into it though.

from kafka.

@codenamelxl can you please show how do you enable SSL in the config?

from kafka.

@ror6ax Forget what i say earlier. You just have to put appropriate config to set up kafka security like define at : https://kafka.apache.org/documentation/#security_ssl into a file (Ex:server.properties).
Then update broker through kafka mesos CLI with flag --options file:server.properties . That's it.

from kafka.