kafka connect

Author: AhmetFurkanDEMIR

kafka_connect/ansible_kafka_connect.yml

@@ -75,14 +75,6 @@
         group: ubuntu
         mode: '0755'
 
-    - name: Copy setup script
-      copy:
-        src: "{{ playbook_dir }}/scripts/setup-kafka-connect.sh"
-        dest: "{{ kafka_connect_dir }}/scripts/setup-kafka-connect.sh"
-        owner: ubuntu
-        group: ubuntu
-        mode: '0755'
-        
     - name: Copy all management scripts
       copy:
         src: "{{ playbook_dir }}/scripts/"
@@ -91,11 +83,19 @@
         group: ubuntu
         mode: '0755'
 
-    - name: Run Kafka Connect setup script
-      command: "{{ kafka_connect_dir }}/scripts/setup-kafka-connect.sh"
+    - name: Run Kafka Connect setup script (Node 1)
+      command: "{{ kafka_connect_dir }}/scripts/setup-kafka-connect-1.sh"
+      args:
+        chdir: "{{ kafka_connect_dir }}"
+      register: setup_result
+      when: inventory_hostname == 'kafka-connect-node-1'
+      
+    - name: Run Kafka Connect setup script (Node 2)
+      command: "{{ kafka_connect_dir }}/scripts/setup-kafka-connect-2.sh"
       args:
         chdir: "{{ kafka_connect_dir }}"
       register: setup_result
+      when: inventory_hostname == 'kafka-connect-node-2'
 
     - name: Display setup results
       debug:

kafka_connect/connectors/http-source-connector.json

@@ -0,0 +1,20 @@
+{
+  "name": "http-source-topics-connector",
+  "config": {
+    "connector.class": "com.github.castorm.kafka.connect.http.HttpSourceConnector",
+    "tasks.max": "1",
+    "http.request.url": "http://ec2-54-217-66-144.eu-west-1.compute.amazonaws.com:2020/topics",
+    "http.request.method": "GET",
+    "http.request.headers": "Authorization: Bearer token",
+    "http.timer.interval.millis": "60000",
+    "http.timer.catchup.interval.millis": "1000",
+    "http.response.policy.class": "com.github.castorm.kafka.connect.http.response.PolicyHttpResponsePolicy",
+    "http.response.policy.policy": "com.github.castorm.kafka.connect.http.response.timestamp.EpochMillisTimestampPolicy",
+    "kafka.topic": "topic-1",
+    "key.converter": "org.apache.kafka.connect.storage.StringConverter",
+    "value.converter": "org.apache.kafka.connect.json.JsonConverter",
+    "value.converter.schemas.enable": "false",
+    "http.offset.initial": "Offset{timestamp=0}",
+    "http.auth.type": "None"
+  }
+}

kafka_connect/docker-compose.yml kafka_connect/docker-compose-1.ymlkafka_connect/docker-compose.yml renamed to kafka_connect/docker-compose-1.yml

@@ -13,7 +13,7 @@ services:
       # Connect Worker Configuration
       CONNECT_BOOTSTRAP_SERVERS: "${KAFKA_BOOTSTRAP_SERVERS}"
       CONNECT_REST_PORT: 8083
-      CONNECT_REST_ADVERTISED_HOST_NAME: kafka-connect
+      CONNECT_REST_ADVERTISED_HOST_NAME: "kafka-connect-1"
 
       # Cluster Configuration
       CONNECT_GROUP_ID: "kafka-connect-cluster"

kafka_connect/docker-compose-2.yml

@@ -0,0 +1,119 @@
+version: '3.8'
+
+services:
+  kafka-connect:
+    image: confluentinc/cp-kafka-connect:7.5.0
+    container_name: kafka-connect
+    hostname: kafka-connect
+    user: "0:0"  # Run as root to access mounted SSL certificates
+    ports:
+      - "8083:8083"
+      - "9404:9404"  # JMX Exporter
+    environment:
+      # Connect Worker Configuration
+      CONNECT_BOOTSTRAP_SERVERS: "${KAFKA_BOOTSTRAP_SERVERS}"
+      CONNECT_REST_PORT: 8083
+      CONNECT_REST_ADVERTISED_HOST_NAME: "kafka-connect-2"
+      
+      # Cluster Configuration
+      CONNECT_GROUP_ID: "kafka-connect-cluster"
+      CONNECT_CONFIG_STORAGE_TOPIC: "connect-configs"
+      CONNECT_OFFSET_STORAGE_TOPIC: "connect-offsets"
+      CONNECT_STATUS_STORAGE_TOPIC: "connect-status"
+      
+      # Topic Replication Factors
+      CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 3
+      CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR: 3
+      CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 3
+      
+      # Converters
+      CONNECT_KEY_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"
+      CONNECT_VALUE_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"
+      CONNECT_KEY_CONVERTER_SCHEMAS_ENABLE: "false"
+      CONNECT_VALUE_CONVERTER_SCHEMAS_ENABLE: "false"
+      
+      # Internal Converters
+      CONNECT_INTERNAL_KEY_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"
+      CONNECT_INTERNAL_VALUE_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"
+      
+      # Security Configuration (SASL_SSL)
+      CONNECT_SECURITY_PROTOCOL: "${KAFKA_SECURITY_PROTOCOL:-SASL_SSL}"
+      CONNECT_SASL_MECHANISM: "${KAFKA_SASL_MECHANISM:-SCRAM-SHA-512}"
+      CONNECT_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"${KAFKA_SASL_USERNAME:-admin}\" password=\"${KAFKA_SASL_PASSWORD}\";"
+      CONNECT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
+      CONNECT_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.truststore.jks"
+      CONNECT_SSL_TRUSTSTORE_PASSWORD: "${SSL_TRUSTSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_SSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.keystore.jks"
+      CONNECT_SSL_KEYSTORE_PASSWORD: "${SSL_KEYSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_SSL_KEY_PASSWORD: "${SSL_KEY_PASSWORD:-confluenttruststorepass}"
+      
+      # Admin Client Security
+      CONNECT_ADMIN_SECURITY_PROTOCOL: "${KAFKA_SECURITY_PROTOCOL:-SASL_SSL}"
+      CONNECT_ADMIN_SASL_MECHANISM: "${KAFKA_SASL_MECHANISM:-SCRAM-SHA-512}"
+      CONNECT_ADMIN_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"${KAFKA_SASL_USERNAME:-admin}\" password=\"${KAFKA_SASL_PASSWORD}\";"
+      CONNECT_ADMIN_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
+      CONNECT_ADMIN_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.truststore.jks"
+      CONNECT_ADMIN_SSL_TRUSTSTORE_PASSWORD: "${SSL_TRUSTSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_ADMIN_SSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.keystore.jks"
+      CONNECT_ADMIN_SSL_KEYSTORE_PASSWORD: "${SSL_KEYSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_ADMIN_SSL_KEY_PASSWORD: "${SSL_KEY_PASSWORD:-confluenttruststorepass}"
+      
+      # Producer Security
+      CONNECT_PRODUCER_SECURITY_PROTOCOL: "${KAFKA_SECURITY_PROTOCOL:-SASL_SSL}"
+      CONNECT_PRODUCER_SASL_MECHANISM: "${KAFKA_SASL_MECHANISM:-SCRAM-SHA-512}"
+      CONNECT_PRODUCER_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"${KAFKA_SASL_USERNAME:-admin}\" password=\"${KAFKA_SASL_PASSWORD}\";"
+      CONNECT_PRODUCER_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
+      CONNECT_PRODUCER_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.truststore.jks"
+      CONNECT_PRODUCER_SSL_TRUSTSTORE_PASSWORD: "${SSL_TRUSTSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_PRODUCER_SSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.keystore.jks"
+      CONNECT_PRODUCER_SSL_KEYSTORE_PASSWORD: "${SSL_KEYSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_PRODUCER_SSL_KEY_PASSWORD: "${SSL_KEY_PASSWORD:-confluenttruststorepass}"
+      
+      # Consumer Security
+      CONNECT_CONSUMER_SECURITY_PROTOCOL: "${KAFKA_SECURITY_PROTOCOL:-SASL_SSL}"
+      CONNECT_CONSUMER_SASL_MECHANISM: "${KAFKA_SASL_MECHANISM:-SCRAM-SHA-512}"
+      CONNECT_CONSUMER_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"${KAFKA_SASL_USERNAME:-admin}\" password=\"${KAFKA_SASL_PASSWORD}\";"
+      CONNECT_CONSUMER_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
+      CONNECT_CONSUMER_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.truststore.jks"
+      CONNECT_CONSUMER_SSL_TRUSTSTORE_PASSWORD: "${SSL_TRUSTSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_CONSUMER_SSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka_connect.keystore.jks"
+      CONNECT_CONSUMER_SSL_KEYSTORE_PASSWORD: "${SSL_KEYSTORE_PASSWORD:-confluenttruststorepass}"
+      CONNECT_CONSUMER_SSL_KEY_PASSWORD: "${SSL_KEY_PASSWORD:-confluenttruststorepass}"
+      
+      # Plugin Path
+      CONNECT_PLUGIN_PATH: "/usr/share/java,/usr/share/confluent-hub-components,/etc/kafka-connect/plugins"
+      
+      # Logging
+      CONNECT_LOG4J_ROOT_LOGLEVEL: INFO
+      CONNECT_LOG4J_LOGGERS: "org.reflections=ERROR"
+      
+      # JMX Configuration
+      KAFKA_JMX_PORT: 9101
+      KAFKA_JMX_HOSTNAME: localhost
+      KAFKA_JMX_OPTS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=localhost -Dcom.sun.management.jmxremote.rmi.port=9101"
+      
+      # JMX Exporter for Prometheus + SSL Certificate Verification Disable
+      KAFKA_OPTS: "-javaagent:/usr/share/jmx_exporter/jmx_prometheus_javaagent.jar=9404:/etc/kafka-connect/jmx-exporter-config.yml -Dssl.endpoint.identification.algorithm="
+    
+    volumes:
+      - ./plugins:/etc/kafka-connect/plugins
+      - ./jmx_prometheus_javaagent.jar:/usr/share/jmx_exporter/jmx_prometheus_javaagent.jar
+      - ./jmx-exporter-config.yml:/etc/kafka-connect/jmx-exporter-config.yml
+      - ./connectors:/etc/kafka-connect/connectors
+      - /var/ssl/private:/etc/kafka/secrets:ro
+    
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8083/"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 60s
+    
+    restart: unless-stopped
+    
+    networks:
+      - kafka-network
+
+networks:
+  kafka-network:
+    driver: bridge

kafka_connect/generate-inventory.sh

@@ -116,14 +116,6 @@ SSL_TRUSTSTORE_PASSWORD=${SSL_TRUSTSTORE_PASSWORD:-confluenttruststorepass}
 SSL_KEYSTORE_PASSWORD=${SSL_KEYSTORE_PASSWORD:-confluentkeystorestorepass}
 SSL_KEY_PASSWORD=${SSL_KEY_PASSWORD:-confluentkeystorestorepass}
 
-# Kafka Connect Configuration (Node 1 as primary for connector config)
-CONNECT_PUBLIC_DNS=${CONNECT_NODE1_DNS}
-CONNECT_PUBLIC_IP=${CONNECT_NODE1_IP}
-
-# Kafka Connect Node 2
-CONNECT_PUBLIC_DNS_NODE2=${CONNECT_NODE2_DNS}
-CONNECT_PUBLIC_IP_NODE2=${CONNECT_NODE2_IP}
-
 # JWT Token for FastAPI Authentication
 JWT_TOKEN=${JWT_TOKEN:-token}
 EOF
@@ -157,17 +149,17 @@ if [ -d "${SCRIPT_DIR}/scripts" ]; then
         if [ -f "$script" ]; then
             # Check if script contains KAFKA_BOOTSTRAP_SERVERS or CONNECT_HOST
             if grep -q "KAFKA_BOOTSTRAP_SERVERS\|CONNECT_HOST" "$script" 2>/dev/null; then
-                # Create backup
-                cp "$script" "$script.bak"
-                
                 # Update KAFKA_BOOTSTRAP_SERVERS and CONNECT_HOST
                 sed -i "s|KAFKA_BOOTSTRAP_SERVERS=.*|KAFKA_BOOTSTRAP_SERVERS=\"${KAFKA_BOOTSTRAP_SERVERS}\"|g" "$script"
-                sed -i "s|CONNECT_HOST=.*|CONNECT_HOST=\"${CONNECT_NODE1_DNS}\"|g" "$script"
+                sed -i "s|CONNECT_HOST=.*|CONNECT_HOST=\"localhost:8083\"|g" "$script"
 
                 echo "   ✅ Updated $(basename $script)"
             fi
         fi
     done
+    
+    # Clean up backup files
+    rm -f "${SCRIPT_DIR}/scripts"/*.sh.bak
     echo ""
 fi