Important
You are viewing documentation for an older version of Confluent Platform. For the latest, click here.
Data Diode Sink Connector Configuration Properties¶
To use this connector, specify the name of the connector class in the connector.class
configuration property.
connector.class=io.confluent.connect.diode.sink.DataDiodeSinkConnector
Connector-specific configuration properties are described below.
diode¶
diode.encryption.password
The password used to derive a shared secret between the sink and source connectors. You must use the same password in sink and source connectors.
- Type: password
- Valid Values: non-empty string of a specific min length
- Importance: high
diode.host
The hostname or ip address of the remote server where this sink connector sends datagram packets.
- Type: string
- Importance: high
diode.encryption.salt
The salt used to derive a shared secret between the sink and source connectors. You must use the same salt in sink and source connectors.
- Type: password
- Valid Values: non-empty string of a specific min length
- Importance: high
diode.port
The port number to connect to on the remote server.
- Type: int
- Default: 3456
- Valid Values: [1024,…,65535]
- Importance: high
diode.buffer.size.kb
The maximum packet size in kilobytes.
- Type: int
- Default: 40
- Valid Values: [1,…,64]
- Importance: medium
diode.encryption.class
Fully qualified class used for encrypting and decryption datagram packets. Currently, there are two implementations.
io.confluent.connect.diode.serde.Aes256CbcEncryptor
uses the AES algorithm with a 256 bit symmetric key derived from a password and salt.io.confluent.connect.diode.serde.NoopEncryptor
disables encryption and decryption and sends packets in plaintext. Custom encryption/decryption algorithms are possible by implementingio.confluent.connect.diode.serde.Encryptor
.- Type: class
- Default: io.confluent.connect.diode.serde.Aes256CbcEncryptor
- Importance: medium
diode.compression.class
Fully qualified class used for compression and decompression on datagram packets. Compression is CPU intensive, but reduces size of packets. Enable compression if the records are largely text data. Compression is only effective if multiple records are batched. Currently, there are two implementations.
io.confluent.connect.diode.serde.GzipCompressor
for gzip andio.confluent.connect.diode.serde.NoopCompressor
to disable compression. You can provied a different implementation by implementingio.confluent.connect.diode.serde.Compressor
.- Type: class
- Default: io.confluent.connect.diode.serde.NoopCompressor
- Importance: medium
Confluent Platform license¶
confluent.topic.bootstrap.servers
A list of host/port pairs to use for establishing the initial connection to the Kafka cluster used for licensing. All servers in the cluster will be discovered from the initial connection. This list should be in the form <code>host1:port1,host2:port2,…</code>. Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down).
- Type: list
- Importance: high
confluent.topic
Name of the Kafka topic used for Confluent Platform configuration, including licensing information.
- Type: string
- Default: _confluent-command
- Importance: low
confluent.topic.replication.factor
The replication factor for the Kafka topic used for Confluent Platform configuration, including licensing information. This is used only if the topic does not already exist, and the default of 3 is appropriate for production use. If you are using a development environment with less than 3 brokers, you must set this to the number of brokers (often 1).
- Type: int
- Default: 3
- Importance: low
Confluent license properties¶
Note
This connector is proprietary and requires a license. The license information
is stored in the _confluent-command
topic. If the broker requires SSL for
connections, you must include the security-related confluent.topic.*
properties as described below.
confluent.license
Confluent issues enterprise license keys to each subscriber. The license key is text that you can copy and paste as the value for
confluent.license
. A trial license allows using the connector for a 30-day trial period. A developer license allows using the connector indefinitely for single-broker development environments.If you are a subscriber, please contact Confluent Support for more information.
- Type: string
- Default: “”
- Valid Values: Confluent Platform license
- Importance: high
confluent.topic.ssl.truststore.location
The location of the trust store file.
- Type: string
- Default: null
- Importance: high
confluent.topic.ssl.truststore.password
The password for the trust store file. If a password is not set access to the truststore is still available, but integrity checking is disabled.
- Type: password
- Default: null
- Importance: high
confluent.topic.ssl.keystore.location
The location of the key store file. This is optional for client and can be used for two-way authentication for client.
- Type: string
- Default: null
- Importance: high
confluent.topic.ssl.keystore.password
The store password for the key store file. This is optional for client and only needed if ssl.keystore.location is configured.
- Type: password
- Default: null
- Importance: high
confluent.topic.ssl.key.password
The password of the private key in the key store file. This is optional for client.
- Type: password
- Default: null
- Importance: high
confluent.topic.security.protocol
Protocol used to communicate with brokers. Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL.
- Type: string
- Default: “PLAINTEXT”
- Importance: medium
License topic configuration¶
A Confluent enterprise license is stored in the _confluent-command
topic.
This topic is created by default and contains the license that corresponds to
the license key supplied through the confluent.license
property.
Note
No public keys are stored in Kafka topics.
The following describes how the default _confluent-command
topic is
generated under different scenarios:
- A 30-day trial license is automatically generated for the
_confluent command
topic if you do not add theconfluent.license
property or leave this property empty (for example,confluent.license=
). - Adding a valid license key (for example,
confluent.license=<valid-license-key>
) adds a valid license in the_confluent-command
topic.
Here is an example of the minimal properties for development and testing.
You can change the name of the _confluent-command
topic using the
confluent.topic
property (for instance, if your environment has strict
naming conventions). The example below shows this change and the configured
Kafka bootstrap server.
confluent.topic=foo_confluent-command
confluent.topic.bootstrap.servers=localhost:9092
The example above shows the minimally required bootstrap server property that
you can use for development and testing. For a production environment, you add
the normal producer, consumer, and topic configuration properties to the
connector properties, prefixed with confluent.topic.
.
License topic ACLs¶
The _confluent-command
topic contains the license that corresponds to the
license key supplied through the confluent.license
property. It is created
by default. Connectors that access this topic require the following ACLs
configured:
- CREATE and DESCRIBE on the resource cluster, if the connector needs to create the topic.
- DESCRIBE, READ, and WRITE on the
_confluent-command
topic.
You can provide access either individually for each principal that will
use the license or use a wildcard entry to
allow all clients. The following examples show commands that you can use to
configure ACLs for the resource cluster and _confluent-command
topic.
Set a CREATE and DESCRIBE ACL on the resource cluster:
kafka-acls --bootstrap-server localhost:9092 --command-config adminclient-configs.conf \ --add --allow-principal User:<principal> \ --operation CREATE --operation DESCRIBE --cluster
Set a DESCRIBE, READ, and WRITE ACL on the
_confluent-command
topic:kafka-acls --bootstrap-server localhost:9092 --command-config adminclient-configs.conf \ --add --allow-principal User:<principal> \ --operation DESCRIBE --operation READ --operation WRITE --topic _confluent-command
Overriding Default Configuration Properties¶
You can override the replication factor using
confluent.topic.replication.factor
. For example, when using a Kafka cluster
as a destination with less than three brokers (for development and testing) you
should set the confluent.topic.replication.factor
property to 1
.
You can override producer-specific properties by using the
confluent.topic.producer.
prefix and consumer-specific properties by using
the confluent.topic.consumer.
prefix.
You can use the defaults or customize the other properties as well. For example,
the confluent.topic.client.id
property defaults to the name of the connector
with -licensing
suffix. You can specify the configuration settings for
brokers that require SSL or SASL for client connections using this prefix.
You cannot override the cleanup policy of a topic because the topic always has a single partition and is compacted. Also, do not specify serializers and deserializers using this prefix; they are ignored if added.