.. _migrate-confluent-server: Migrate to Confluent Server =========================== |cp| includes a commercial component named ``confluent-server``. This includes |ak| broker with support for commercial features, |ak| Java client, :ref:`kafka_streams`, :ref:`kafka_connect`. This also includes proprietary plugins for security features including :ref:`kafka_ldap_authorizer` and :ref:`rbac-overview`. |cp| also includes a version of ``confluent-kafka``, which is an open source Apache 2.0 licensed component. Both ``confluent-community`` and ``confluent-platform`` packages have a dependency on ``confluent-kafka``. You can replace ``confluent-kafka`` with ``confluent-server`` package to use commercial features not available in ``confluent-kafka``. For more information about the packages, see :ref:`available_packages`. .. note:: If you have already installed some packages using ``confluent-kafka``, you must remove this package before installing ``confluent-server``. You may need to run ``yum autoremove`` or ``apt autoremove`` to remove packages installed as dependencies by a previous install. Upgrade from 5.2.x to 5.3.x ^^^^^^^^^^^^^^^^^^^^^^^^^^^ If using confluent-kafka 5.2.x only """"""""""""""""""""""""""""""""""" If you are currently using ``confluent-kafka`` 5.2.x and are not using commercial features like LDAP authorizer, you can upgrade ``confluent-kafka`` using the regular :ref:`upgrade` process. If using confluent-kafka 5.2.x and confluent-security 5.2.x """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" .. important:: Note that ``confluent-security`` 5.2.x is not compatible with ``confluent-kafka`` 5.3.x, so you must uninstall or upgrade ``confluent-security`` when upgrading ``confluent-kafka``. If you are using the existing commercially-licensed :ref:`LDAP authorizer` from ``confluent-security`` 5.2.x and want to upgrade to 5.3.x, you must install ``confluent-server``, which contains the LDAP authorizer. You must first uninstall 5.2.x versions of ``confluent-kafka`` and ``confluent-security`` and then install the new ``confluent-server`` package. This can be done on one server at a time for rolling upgrades. **Debian packages via APT** #. Backup all configuration files from ``/etc``, including, for example, ``/etc/kafka``. #. Stop the broker and remove the existing packages and their dependencies. .. codewithvars:: bash # stop the current kafka broker process sudo kafka-server-stop # uninstall existing 5.2.x confluent-kafka sudo apt-get remove confluent-kafka-|scala_version| # uninstall existing 5.2.x confluent-security sudo apt-get remove confluent-security # To remove Confluent Platform and all its dependencies at once, run the following after stopping all services sudo apt-get autoremove confluent-platform-|scala_version| #. Remove the repository files of the previous version .. codewithvars:: bash sudo add-apt-repository -r "deb https://packages.confluent.io/deb/5.2 stable main" #. Add the |version| repository to ``/etc/apt/sources.list``. .. codewithvars:: bash sudo add-apt-repository "deb https://packages.confluent.io/deb/|version| stable main" #. Refresh repository metadata. .. sourcecode:: bash sudo apt-get update #. Install ``confluent-server``. (Note that if you modified the configuration files, apt will prompt you to resolve the conflicts. You should keep your original configuration.) .. sourcecode:: bash sudo apt-get install confluent-server #. Start the |ak| broker. If no additional features are being used (e.g., RBAC), no changes are required for the existing ``server.properties`` file. .. sourcecode:: bash kafka-server-start -daemon /etc/kafka/server.properties **RPM packages via Yum** #. Backup all configuration files from ``/etc``, including ``/etc/kafka``. #. Stop the broker and remove the existing packages and their dependencies. .. codewithvars:: bash # stop the current kafka broker process sudo kafka-server-stop # uninstall existing 5.2.x confluent-kafka sudo yum remove confluent-kafka-|scala_version| # uninstall existing 5.2.x confluent-security sudo yum remove confluent-security # To remove Confluent Platform and all its dependencies at once, run the following after stopping all services sudo yum autoremove confluent-platform-|scala_version| #. Remove the repository files of the previous version .. sourcecode:: bash sudo rm /etc/yum.repos.d/confluent.repo #. Add the |version| repository to directory in a file named :litwithvars:`confluent-|version|.repo`. .. codewithvars:: ini [confluent-|version|] name=Confluent repository for |version|.x packages baseurl=https://packages.confluent.io/rpm/|version| gpgcheck=1 gpgkey=https://packages.confluent.io/rpm/|version|/archive.key enabled=1 #. Refresh repository metadata. .. sourcecode:: bash sudo yum clean all #. Install ``confluent-server``. Note that yum may override your existing configuration files, so you must restore them from backup after installing the packages. .. sourcecode:: bash sudo yum install confluent-server #. Restore any updated configuration files and start |ak| broker. If no additional features are being used (e.g., RBAC), no changes are required for the existing ``server.properties`` file. .. sourcecode:: bash kafka-server-start -daemon /etc/kafka/server.properties **TAR or ZIP archives** Follow :ref:`upgrade` instructions to upgrade your broker using TAR or ZIP archives. Use :litwithvars:`confluent-|release|-|scala_version|.tar.gz` or the zip archive :litwithvars:`confluent-|release|-|scala_version|.zip` to install |ak| when using commercial features like :ref:`LDAP authorizer`. Upgrade confluent-kafka and Remove confluent-security """"""""""""""""""""""""""""""""""""""""""""""""""""" If you are currently using ``confluent-kafka`` with :ref:`LDAP authorizer` from ``confluent-security`` 5.2.x, but do not intend to upgrade to the commercially licensed ``confluent-server`` package, you can upgrade ``confluent-kafka`` and use it without the LDAP authorizer. You can use the built-in ``SimpleAclAuthorizer`` for authorization using ACLs as described in :ref:`kafka_authorization`. You must replace group-based ACLs with equivalent user-based ACLs to ensure that all your existing authorization rules are applied. Note that you must remove or upgrade ``confluent-security`` when you upgrade ``confluent-kafka``.