Kafka Connect Reference Guide

Connecter Settings

The Connecter settings are defined in the connect-distributed.properties file. This file is used to start the Connect instances and would be expected to have the following properties and security and/or authentication protocols configured.

Security and Authentication

The Privitar Connector should be configured to use one of the following three security and/or authentication protocols:

  • SASL_PLAINTEXT

  • SASL_SSL

  • SSL

Warning

It is important to check these settings. If the Kerberos connection is not setup correctly, it will retry indefinitely, without issuing any error or warning message.

Configuration

The Privitar Connecter acts as both a Sink Connecter (Consumer) as well as a Source connecter (Producer). Therefore, you need to add both definitions for this Connecter.

  • The Sink Connecter (Consumer) can use the definitions used by all Connectors in the connect.distributed.properties file.

  • The Source Connecter (Producer) definitions need to be added to the configuration.json file for the connector. The configuration statements are added using the dest prefix. Some examples are provided in the following section.

For more information about setting up Kerberos together with any additional encryption or security authentication protocol, refer to the Confluent documentation. Here are some appropriate links:

Producer settings

A column can also be also be configured as Do not generalise. If you choose this option, you must also set this as a sensitive column by selecting the Sensitive check box. Specifying a column as Sensitive and Do not generalise ensures that for each cluster of rows with the same quasi-identifier values, there is a diverse mix of values for the sensitive columns. See Sensitive fields and L-diversity for more information.

  • SASL_PLAINTEXT - auth but no encryption

  • SASL_SSL - auth with kerberos and encrypted comms

Warning

It is important to check these settings. If the Kerberos connection is not setup correctly, it will retry indefinitely, without issuing any error or warning message.

Producer settings (using SASL_PLAINTEXT security protocol)

The producer configuration should look as follows:

Note

For the dest.sasl.jaas.config property, make sure there are no spaces between lines of the jaas.config (i.e. where there are \n, there should be no spaces before or after)

"dest.bootstrap.servers": "1.1.1.1:9092,1.1.1.2:9092,1.1.1.3:9092",
"dest.sasl.mechanism":"GSSAPI",
"dest.sasl.kerberos.service.name":"kafka",
"dest.security.protocol":"SASL_PLAINTEXT",
"dest.sasl.jaas.config":"com.sun.security.auth.module.Krb5LoginModule required\nuseKeyTab=true\nkeyTab=\"/path/to/keytab/file/kafka.keytab\"\nstoreKey=true\nuseTicketCache=false\nserviceName=\"kafka\"\nprincipal=\"kafka/a-full-host-name@APRINCIPALNAME.COM\";"
Producer settings (using SASL_SSL security protocol)

To use SASL_SSL as the security protocol between the connector and the brokers instead, use the following configuration in addition to what is above (some properties need to be replaced):

"dest.security.protocol":"SASL_SSL",
"dest.ssl.keystore.location":"/path/to/a/client/keystore/file/kafka.client.keystore.jks",
"dest.ssl.keystore.password":"client-keystore-password",
"dest.ssl.truststore.location":"/path/to/a/client/truststore/file/kafka.client.truststore.jks",
"dest.ssl.truststore.password":"client-truststore-password",
"dest.ssl.key.password":"client-keystore-password"

Note

For the dest.bootstrap.servers property, make sure to use the right port for the SASL_SSL protocol.

In this section: