Install Confluent Platform using Systemd on RHEL and CentOS

This topic provides instructions for installing a production-ready Confluent Platform configuration in a multi-node RHEL or CentOS environment with a replicated ZooKeeper ensemble.

The YUM repositories provide packages for RHEL, CentOS, and Fedora-based distributions.

Looking for a fully managed cloud-native service for Apache Kafka®?

Sign up for Confluent Cloud and get started for free using the Cloud quick start.

Prerequisites

  • You must complete these steps for each node in your cluster.
  • Before installing Confluent Platform, your environment must meet the prerequisites as described in software and hardware requirements.

Note

RHEL 7 support is deprecated in Confluent Platform 7.x and will be removed in Confluent Platform 8.x.

Get the software

The YUM repositories provide packages for RHEL, CentOS, and Fedora-based distributions. You can install individual Confluent Platform packages or the entire platform. For a list of available packages, see the documentation or you can search the repository (yum search <package-name>).

  1. Install the curl and which tools.

    sudo yum install curl which
    
  2. Install the Confluent Platform public key. This key is used to sign packages in the YUM repository.

    sudo rpm --import https://packages.confluent.io/rpm/7.5/archive.key
    
  3. On RHEL9 and Confluent Platform version 7.4.x, you must set the cryptography policy to SHA1 for each machine you are installing Confluent Platform on. For newer versions of Confluent Platform, this step is not required. For more information, see SHA-1 deprecation on RHEL 9. You can set the policy by running the following command:

    update-crypto-policies --set DEFAULT:SHA1
    
  4. Navigate to /etc/yum.repos.d/ and create a file named confluent.repo with these contents. This adds the Confluent repositories. You must have the entries for both repositories, [Confluent] and [Confluent-Clients], as shown below.

    Attention

    After Confluent Platform 8.0, the librdkafka, Avro, and libserdes C/C++ client packages will NOT be available from the https://packages.confluent.io/rpm location. You will need to obtain those client packages from https://packages.confluent.io/clients after the Confluent Platform 8.0 release.

    The $releasever and $basearch are Yum placeholder variables that change depending on what release version of the OS and CPU Architecture the OS is running. These are meant to be literal $releasever $basearch values in the Yum configuration, not shell variables.

    [Confluent]
    name=Confluent repository
    baseurl=https://packages.confluent.io/rpm/7.5
    gpgcheck=1
    gpgkey=https://packages.confluent.io/rpm/7.5/archive.key
    enabled=1
    
    [Confluent-Clients]
    name=Confluent Clients repository
    baseurl=https://packages.confluent.io/clients/rpm/centos/$releasever/$basearch
    gpgcheck=1
    gpgkey=https://packages.confluent.io/clients/rpm/archive.key
    enabled=1
    
  5. Clear the YUM caches and install Confluent Platform.

    • Confluent Platform:

      sudo yum clean all && sudo yum install confluent-platform
      
    • Confluent Platform with RBAC:

      sudo yum clean all && \
      sudo yum install confluent-platform && \
      sudo yum install confluent-security
      
    • Confluent Platform using only Confluent Community components:

      sudo yum clean all &&  sudo yum install confluent-community-2.13
      

Configure CONFLUENT_HOME and PATH

To more easily use the Confluent CLI and all of the command-line tools that are provided with Confluent Platform, you can optionally configure the CONFLUENT_HOME variable and add the Confluent Platform \bin folder to your PATH. Then you can use the CLI tools without navigating to the CONFLUENT_HOME directory.

  1. Set the environment variable for the Confluent Platform home directory.

    export CONFLUENT_HOME=<The directory where Confluent is installed>
    
  2. Add the Confluent Platform bin directory to your PATH

    export PATH=$PATH:$CONFLUENT_HOME/bin
    
  3. Test that you set the CONFLUENT_HOME variable correctly by running the confluent command:

    confluent --help
    

    Your output should show the available commands for managing Confluent Platform.

Configure Confluent Platform

Tip

You can store passwords and other configuration data securely by using the confluent secret commands. For more information, see Secrets Management.

Configure Confluent Platform with the individual component properties files. By default these are located in CONFLUENT_HOME/etc/. You must minimally configure the following components.

ZooKeeper

These instructions assume you are running ZooKeeper in replicated mode. A minimum of three servers are required for replicated mode, and you must have an odd number of servers for failover. For more information, see the ZooKeeper documentation.

Important

As of Confluent Platform 7.5, ZooKeeper is deprecated for new deployments. Confluent recommends KRaft mode for new deployments. For more information, see KRaft Overview.

  1. Navigate to the ZooKeeper properties file (/etc/kafka/zookeeper.properties) file and modify as shown.

    tickTime=2000
    dataDir=/var/lib/zookeeper/
    clientPort=2181
    initLimit=5
    syncLimit=2
    server.1=zoo1:2888:3888
    server.2=zoo2:2888:3888
    server.3=zoo3:2888:3888
    autopurge.snapRetainCount=3
    autopurge.purgeInterval=24
    

    This configuration is for a three node ensemble. This configuration file should be identical across all nodes in the ensemble. tickTime, dataDir, and clientPort are all set to typical single server values. The initLimit and syncLimit govern how long following ZooKeeper servers can take to initialize with the current leader and how long they can be out of sync with the leader. In this configuration, a follower can take 10000 ms to initialize and can be out of sync for up to 4000 ms based on the tickTime being set to 2000ms.

    The server.* properties set the ensemble membership. The format is

    server.<myid>=<hostname>:<leaderport>:<electionport>
    
    • myid is the server identification number. There are three servers that each have a different myid with values 1, 2, and 3 respectively. The myid is set by creating a file named myid in the dataDir that contains a single integer in human readable ASCII text. This value must match one of the myid values from the configuration file. You will see an error if another ensemble member is already started with a conflicting myid value.
    • leaderport is used by followers to connect to the active leader. This port should be open between all ZooKeeper ensemble members.
    • electionport is used to perform leader elections between ensemble members. This port should be open between all ZooKeeper ensemble members.

    The autopurge.snapRetainCount and autopurge.purgeInterval have been set to purge all but three snapshots every 24 hours.

  2. Navigate to the ZooKeeper log directory (e.g., /var/lib/zookeeper/) and create a file named myid. The myid file consists of a single line that contains the machine ID in the format <machine-id>. When the ZooKeeper server starts up, it knows which server it is by referencing the myid file. For example, server 1 will have a myid value of 1.

Kafka

In a production environment, multiple brokers are required.

ZooKeeper mode

During startup in ZooKeeper mode, brokers register themselves in ZooKeeper to become a member of the cluster.

To configure brokers, navigate to the Apache Kafka® properties file (/etc/kafka/server.properties) and customize the following:

  • Connect to the same ZooKeeper ensemble by setting the zookeeper.connect in all nodes to the same value. Replace all instances of localhost to the hostname or FQDN (fully qualified domain name) of your node. For example, if your hostname is zookeeper:

    zookeeper.connect=zookeeper:2181
    
  • Configure the broker IDs for each node in your cluster using one of these methods.

    • Dynamically generate the broker IDs: add broker.id.generation.enable=true and comment out broker.id. For example:

      ############################# Server Basics #############################
      
      # The ID of the broker. This must be set to a unique integer for each broker.
      #broker.id=0
      broker.id.generation.enable=true
      
    • Manually set the broker IDs: set a unique value for broker.id on each node.

  • Configure how other brokers and clients communicate with the broker using listeners, and optionally advertised.listeners.

    • listeners: Comma-separated list of URIs and listener names to listen on.
    • advertised.listeners: Comma-separated list of URIs and listener names for other brokers and clients to use. The advertised.listeners parameter ensures that the broker advertises an address that is accessible from both local and external hosts.

    For more information, see Production Configuration Options.

  • Configure security for your environment.

KRaft mode

For KRaft mode, you must configure a node to be a broker or a controller. In addition, you must create a unique cluster ID and configure each broker and controller with that ID.

Navigate to the Kafka properties file for KRaft (find example KRaft configuration files under /etc/kafka/kraft/) and customize the following:

  • Configure the process.roles, node.id and controller.quorum.voters for each node. Typically in a production environment, you should have a minimum of three brokers and three controllers.

    • For process.roles, set whether the node will be a broker or a controller. combined mode, meaning process.roles is set to broker,controller, is currently not supported for production workloads.

    • Set a system-wide unique ID for the node.id.

    • controller.quorum.voters should be a comma-separated list of controllers in the format nodeID@hostname:port

      ############################# Server Basics #############################
      
      # The role of this server. Setting this puts us in KRaft mode
      process.roles=broker
      
      # The node id associated with this instance's roles
      node.id=2
      
      # The connect string for the controller quorum
      controller.quorum.voters=1@controller1:9093,3@controller3:9093,5@controller5:9093
      
  • Configure how brokers and clients communicate with the broker using listeners, and where controllers listen with controller.listener.names.

    • listeners: Comma-separated list of URIs and listener names to listen on in the format listener_name://host_name:port
    • controller.listener.names: Comma-separated list of listener_name entries for listeners used by the controller.

    For more information, see Production Configuration Options.

  • Before you start Kafka, you must use the kafka-storage tool with the random-uuid command to generate a cluster ID for each new cluster. You only need one cluster ID, which you will use to format each node in the cluster.

    bin/kafka-storage random-uuid
    

    This results in output like the following:

    q1Sh-9_ISia_zwGINzRvyQ
    

    Then use the cluster ID to format each node in the cluster with the kafka-storage tool that is provided with Confluent Platform, and the format command like the following example.

    bin/kafka-storage format -t q1Sh-9_ISia_zwGINzRvyQ -c etc/kafka/kraft/server.properties
    

    Previously, Kafka would format blank storage directories automatically and generate a new cluster ID automatically. One reason for the change is that auto-formatting can sometimes obscure an error condition. This is particularly important for the metadata log maintained by the controller and broker servers. If a majority of the controllers were able to start with an empty log directory, a leader might be able to be elected with missing committed data.

  • Configure security for your environment.

Control Center

  1. Navigate to the Control Center properties file (/etc/confluent-control-center/control-center-production.properties) and customize the following:

    # host/port pairs to use for establishing the initial connection to the Kafka cluster
    bootstrap.servers=<hostname1:port1,hostname2:port2,hostname3:port3,...>
    # location for Control Center data
    confluent.controlcenter.data.dir=/var/lib/confluent/control-center
    # the Confluent license
    confluent.license=<your-confluent-license>
    
  2. If running any clusters in ZooKeeper mode, configure ZooKeeper.

    # ZooKeeper connection string with host and port of a ZooKeeper servers
    zookeeper.connect=<hostname1:port1,hostname2:port2,hostname3:port3,...>
    

    This configuration is for a three node multi-node cluster. For more information, see Control Center configuration details. For information about Confluent Platform licenses, see Manage Confluent Platform Licenses in Control Center.

  3. Navigate to the Kafka server configuration file and enable Confluent Metrics Reporter.

    ##################### Confluent Metrics Reporter #######################
    # Confluent Control Center and Confluent Auto Data Balancer integration
    #
    # Uncomment the following lines to publish monitoring data for
    # Confluent Control Center and Confluent Auto Data Balancer
    # If you are using a dedicated metrics cluster, also adjust the settings
    # to point to your metrics Kafka cluster.
    metric.reporters=io.confluent.metrics.reporter.ConfluentMetricsReporter
    confluent.metrics.reporter.bootstrap.servers=localhost:9092
    #
    # Uncomment the following line if the metrics cluster has a single broker
    confluent.metrics.reporter.topic.replicas=1
    
  4. Add these lines to the Kafka Connect properties file (/etc/kafka/connect-distributed.properties) to add support for the interceptors.

    # Interceptor setup
    consumer.interceptor.classes=io.confluent.monitoring.clients.interceptor.MonitoringConsumerInterceptor
    producer.interceptor.classes=io.confluent.monitoring.clients.interceptor.MonitoringProducerInterceptor
    

Confluent REST Proxy

Navigate to the Confluent REST Proxy properties file (/etc/kafka-rest/kafka-rest.properties) and customize the following:

  • Optionally configure zookeeper.connect. ZooKeeper connectivity is needed for the earlier /v1/ consumer endpoints. Change localhost to the hostname or FQDN (fully qualified domain name) of your node. For example, if your hostname is zookeeper:

    zookeeper.connect=zookeeper:2181
    

Schema Registry

Navigate to the Schema Registry properties file (/etc/schema-registry/schema-registry.properties) and specify the following properties:

# Specify the address the socket server listens on, e.g. listeners = PLAINTEXT://your.host.name:9092
listeners=http://0.0.0.0:8081

# The host name advertised in ZooKeeper. This must be specified if your running Schema Registry
# with multiple nodes.
host.name=192.168.50.1

# List of Kafka brokers to connect to, e.g. PLAINTEXT://hostname:9092,SSL://hostname2:9092
kafkastore.bootstrap.servers=PLAINTEXT://hostname:9092,SSL://hostname2:9092

This configuration is for a three node multi-node cluster. For more information, see Deploy Schema Registry in Production on Confluent Platform.

Start Confluent Platform

Start Confluent Platform and its components using systemd service unit files. You can start immediately by using the systemctl start command or enable for automatic startup by using the systemctl enable command. These instructions use the syntax for immediate startup.

Tip

In ZooKeeper mode, ZooKeeper must be started first. Kafka, and Schema Registry must be started in this order, and must be started after ZooKeeper, if you are using it, and before any other components.

  1. For ZooKeeper mode, start ZooKeeper. For KRaft mode, skip to step 2. .. include:: ../../includes/zk-deprecation.rst

    sudo systemctl start confluent-zookeeper
    
  2. Start Kafka.

    • Confluent Platform:

      sudo systemctl start confluent-server
      
    • Confluent Platform using only Confluent Community components:

      sudo systemctl start confluent-kafka
      
  3. Start Schema Registry.

    sudo systemctl start confluent-schema-registry
    
  4. Start other Confluent Platform components as desired.

    • Control Center

      sudo systemctl start confluent-control-center
      
    • Kafka Connect

      sudo systemctl start confluent-kafka-connect
      
    • Confluent REST Proxy

      sudo systemctl start confluent-kafka-rest
      
    • ksqlDB

      sudo systemctl start confluent-ksqldb
      

Tip

You can check service status with this command: systemctl status confluent*. For more information about the systemd service unit files, see Use Confluent Platform systemd Service Unit Files.

Uninstall

Run this command to remove Confluent Platform, where <component-name> is either confluent-platform (Confluent Platform) or confluent-community-2.13 (Confluent Platform using only Confluent Community components).

sudo yum autoremove <component-name>

For example, run this command to remove Confluent Platform:

sudo yum autoremove confluent-platform