Install Confluent Platform using Systemd on RHEL and CentOS¶
This topic provides instructions for installing a production-ready Confluent Platform configuration in a multi-node RHEL or CentOS environment with a replicated ZooKeeper ensemble.
The YUM repositories provide packages for RHEL, CentOS, and Fedora-based distributions.
Looking for a fully managed cloud-native service for Apache Kafka®?
Sign up for Confluent Cloud and get started for free using the Cloud quick start.
Prerequisites¶
- You must complete these steps for each node in your cluster.
- Before installing Confluent Platform, your environment must meet the prerequisites as described in software and hardware requirements.
Note
RHEL 7 support is deprecated in Confluent Platform 7.x and will be removed in Confluent Platform 8.x.
Get the software¶
The YUM repositories provide packages for RHEL, CentOS, and Fedora-based distributions. You can install individual Confluent Platform
packages or the entire platform. For a list of available packages, see the documentation
or you can search the repository (yum search <package-name>
).
Install the
curl
andwhich
tools.sudo yum install curl which
Install the Confluent Platform public key. This key is used to sign packages in the YUM repository.
sudo rpm --import https://packages.confluent.io/rpm/7.5/archive.key
On RHEL9 and Confluent Platform version 7.4.x, you must set the cryptography policy to
SHA1
for each machine you are installing Confluent Platform on. For newer versions of Confluent Platform, this step is not required. For more information, see SHA-1 deprecation on RHEL 9. You can set the policy by running the following command:update-crypto-policies --set DEFAULT:SHA1
Navigate to
/etc/yum.repos.d/
and create a file namedconfluent.repo
with these contents. This adds the Confluent repositories. You must have the entries for both repositories,[Confluent]
and[Confluent-Clients]
, as shown below.Attention
After Confluent Platform 8.0, the librdkafka, Avro, and libserdes C/C++ client packages will NOT be available from the
https://packages.confluent.io/rpm
location. You will need to obtain those client packages fromhttps://packages.confluent.io/clients
after the Confluent Platform 8.0 release.The
$releasever
and$basearch
are Yum placeholder variables that change depending on what release version of the OS and CPU Architecture the OS is running. These are meant to be literal$releasever
$basearch
values in the Yum configuration, not shell variables.[Confluent] name=Confluent repository baseurl=https://packages.confluent.io/rpm/7.5 gpgcheck=1 gpgkey=https://packages.confluent.io/rpm/7.5/archive.key enabled=1 [Confluent-Clients] name=Confluent Clients repository baseurl=https://packages.confluent.io/clients/rpm/centos/$releasever/$basearch gpgcheck=1 gpgkey=https://packages.confluent.io/clients/rpm/archive.key enabled=1
Clear the YUM caches and install Confluent Platform.
Confluent Platform:
sudo yum clean all && sudo yum install confluent-platform
Confluent Platform with RBAC:
sudo yum clean all && \ sudo yum install confluent-platform && \ sudo yum install confluent-security
Confluent Platform using only Confluent Community components:
sudo yum clean all && sudo yum install confluent-community-2.13
Configure CONFLUENT_HOME and PATH¶
To more easily use the Confluent CLI and all of the command-line tools that are provided with Confluent Platform, you can optionally configure the CONFLUENT_HOME
variable and add the Confluent Platform \bin
folder to your PATH
.
Then you can use the CLI tools without navigating to the CONFLUENT_HOME
directory.
Set the environment variable for the Confluent Platform home directory.
export CONFLUENT_HOME=<The directory where Confluent is installed>
Add the Confluent Platform
bin
directory to yourPATH
export PATH=$PATH:$CONFLUENT_HOME/bin
Test that you set the
CONFLUENT_HOME
variable correctly by running theconfluent
command:confluent --help
Your output should show the available commands for managing Confluent Platform.
Configure Confluent Platform¶
Tip
You can store passwords and other configuration data securely by using the confluent secret commands. For more information, see Secrets Management.
Configure Confluent Platform with the individual component properties files. By default these are located in CONFLUENT_HOME/etc/
.
You must minimally configure the following components.
ZooKeeper¶
These instructions assume you are running ZooKeeper in replicated mode. A minimum of three servers are required for replicated mode, and you must have an odd number of servers for failover. For more information, see the ZooKeeper documentation.
Important
As of Confluent Platform 7.5, ZooKeeper is deprecated for new deployments. Confluent recommends KRaft mode for new deployments. For more information, see KRaft Overview.
Navigate to the ZooKeeper properties file (
/etc/kafka/zookeeper.properties
) file and modify as shown.tickTime=2000 dataDir=/var/lib/zookeeper/ clientPort=2181 initLimit=5 syncLimit=2 server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 autopurge.snapRetainCount=3 autopurge.purgeInterval=24
This configuration is for a three node ensemble. This configuration file should be identical across all nodes in the ensemble.
tickTime
,dataDir
, andclientPort
are all set to typical single server values. TheinitLimit
andsyncLimit
govern how long following ZooKeeper servers can take to initialize with the current leader and how long they can be out of sync with the leader. In this configuration, a follower can take 10000 ms to initialize and can be out of sync for up to 4000 ms based on thetickTime
being set to 2000ms.The
server.*
properties set the ensemble membership. The format isserver.<myid>=<hostname>:<leaderport>:<electionport>
myid
is the server identification number. There are three servers that each have a differentmyid
with values1
,2
, and3
respectively. Themyid
is set by creating a file namedmyid
in thedataDir
that contains a single integer in human readable ASCII text. This value must match one of themyid
values from the configuration file. You will see an error if another ensemble member is already started with a conflictingmyid
value.leaderport
is used by followers to connect to the active leader. This port should be open between all ZooKeeper ensemble members.electionport
is used to perform leader elections between ensemble members. This port should be open between all ZooKeeper ensemble members.
The
autopurge.snapRetainCount
andautopurge.purgeInterval
have been set to purge all but three snapshots every 24 hours.Navigate to the ZooKeeper log directory (e.g.,
/var/lib/zookeeper/
) and create a file namedmyid
. Themyid
file consists of a single line that contains the machine ID in the format<machine-id>
. When the ZooKeeper server starts up, it knows which server it is by referencing themyid
file. For example, server 1 will have amyid
value of1
.
Kafka¶
In a production environment, multiple brokers are required.
ZooKeeper mode¶
During startup in ZooKeeper mode, brokers register themselves in ZooKeeper to become a member of the cluster.
To configure brokers, navigate to the Apache Kafka® properties file (/etc/kafka/server.properties
) and customize the following:
Connect to the same ZooKeeper ensemble by setting the
zookeeper.connect
in all nodes to the same value. Replace all instances oflocalhost
to the hostname or FQDN (fully qualified domain name) of your node. For example, if your hostname iszookeeper
:zookeeper.connect=zookeeper:2181
Configure the broker IDs for each node in your cluster using one of these methods.
Dynamically generate the broker IDs: add
broker.id.generation.enable=true
and comment outbroker.id
. For example:############################# Server Basics ############################# # The ID of the broker. This must be set to a unique integer for each broker. #broker.id=0 broker.id.generation.enable=true
Manually set the broker IDs: set a unique value for
broker.id
on each node.
Configure how other brokers and clients communicate with the broker using
listeners
, and optionallyadvertised.listeners
.listeners
: Comma-separated list of URIs and listener names to listen on.advertised.listeners
: Comma-separated list of URIs and listener names for other brokers and clients to use. Theadvertised.listeners
parameter ensures that the broker advertises an address that is accessible from both local and external hosts.
For more information, see Production Configuration Options.
Configure security for your environment.
- For general security guidance, see Security Overview.
- For role-based access control (RBAC), see Configure the Confluent Platform Metadata Service (MDS).
- For TLS encryption, SASL authentication, and authorization, see Security Tutorial.
KRaft mode¶
For KRaft mode, you must configure a node to be a broker or a controller. In addition, you must create a unique cluster ID and configure each broker and controller with that ID.
Navigate to the Kafka properties file for KRaft (find example KRaft configuration files under /etc/kafka/kraft/
) and customize the following:
Configure the
process.roles
,node.id
andcontroller.quorum.voters
for each node. Typically in a production environment, you should have a minimum of three brokers and three controllers.For
process.roles
, set whether the node will be abroker
or acontroller
.combined
mode, meaningprocess.roles
is set tobroker,controller
, is currently not supported for production workloads.Set a system-wide unique ID for the
node.id
.controller.quorum.voters
should be a comma-separated list of controllers in the formatnodeID@hostname:port
############################# Server Basics ############################# # The role of this server. Setting this puts us in KRaft mode process.roles=broker # The node id associated with this instance's roles node.id=2 # The connect string for the controller quorum controller.quorum.voters=1@controller1:9093,3@controller3:9093,5@controller5:9093
Configure how brokers and clients communicate with the broker using
listeners
, and where controllers listen withcontroller.listener.names
.listeners
: Comma-separated list of URIs and listener names to listen on in the formatlistener_name://host_name:port
controller.listener.names
: Comma-separated list oflistener_name
entries for listeners used by the controller.
For more information, see Production Configuration Options.
Before you start Kafka, you must use the kafka-storage tool with the
random-uuid
command to generate a cluster ID for each new cluster. You only need one cluster ID, which you will use to format each node in the cluster.bin/kafka-storage random-uuid
This results in output like the following:
q1Sh-9_ISia_zwGINzRvyQ
Then use the cluster ID to format each node in the cluster with the
kafka-storage
tool that is provided with Confluent Platform, and theformat
command like the following example.bin/kafka-storage format -t q1Sh-9_ISia_zwGINzRvyQ -c etc/kafka/kraft/server.properties
Previously, Kafka would format blank storage directories automatically and generate a new cluster ID automatically. One reason for the change is that auto-formatting can sometimes obscure an error condition. This is particularly important for the metadata log maintained by the controller and broker servers. If a majority of the controllers were able to start with an empty log directory, a leader might be able to be elected with missing committed data.
Configure security for your environment.
- For general security guidance, see Security Overview.
- For role-based access control (RBAC), see Configure the Confluent Platform Metadata Service (MDS).
- For TLS encryption, SASL authentication, and authorization, see Security Tutorial.
Control Center¶
Navigate to the Control Center properties file (
/etc/confluent-control-center/control-center-production.properties
) and customize the following:# host/port pairs to use for establishing the initial connection to the Kafka cluster bootstrap.servers=<hostname1:port1,hostname2:port2,hostname3:port3,...> # location for Control Center data confluent.controlcenter.data.dir=/var/lib/confluent/control-center # the Confluent license confluent.license=<your-confluent-license>
If running any clusters in ZooKeeper mode, configure ZooKeeper.
# ZooKeeper connection string with host and port of a ZooKeeper servers zookeeper.connect=<hostname1:port1,hostname2:port2,hostname3:port3,...>
This configuration is for a three node multi-node cluster. For more information, see Control Center configuration details. For information about Confluent Platform licenses, see Manage Confluent Platform Licenses in Control Center.
Navigate to the Kafka server configuration file and enable Confluent Metrics Reporter.
##################### Confluent Metrics Reporter ####################### # Confluent Control Center and Confluent Auto Data Balancer integration # # Uncomment the following lines to publish monitoring data for # Confluent Control Center and Confluent Auto Data Balancer # If you are using a dedicated metrics cluster, also adjust the settings # to point to your metrics Kafka cluster. metric.reporters=io.confluent.metrics.reporter.ConfluentMetricsReporter confluent.metrics.reporter.bootstrap.servers=localhost:9092 # # Uncomment the following line if the metrics cluster has a single broker confluent.metrics.reporter.topic.replicas=1
Add these lines to the Kafka Connect properties file (
/etc/kafka/connect-distributed.properties
) to add support for the interceptors.# Interceptor setup consumer.interceptor.classes=io.confluent.monitoring.clients.interceptor.MonitoringConsumerInterceptor producer.interceptor.classes=io.confluent.monitoring.clients.interceptor.MonitoringProducerInterceptor
Confluent REST Proxy¶
Navigate to the Confluent REST Proxy properties file (/etc/kafka-rest/kafka-rest.properties
) and customize the following:
Optionally configure
zookeeper.connect
. ZooKeeper connectivity is needed for the earlier /v1/ consumer endpoints. Changelocalhost
to the hostname or FQDN (fully qualified domain name) of your node. For example, if your hostname iszookeeper
:zookeeper.connect=zookeeper:2181
Schema Registry¶
Navigate to the Schema Registry properties file (/etc/schema-registry/schema-registry.properties
)
and specify the following properties:
# Specify the address the socket server listens on, e.g. listeners = PLAINTEXT://your.host.name:9092
listeners=http://0.0.0.0:8081
# The host name advertised in ZooKeeper. This must be specified if your running Schema Registry
# with multiple nodes.
host.name=192.168.50.1
# List of Kafka brokers to connect to, e.g. PLAINTEXT://hostname:9092,SSL://hostname2:9092
kafkastore.bootstrap.servers=PLAINTEXT://hostname:9092,SSL://hostname2:9092
This configuration is for a three node multi-node cluster. For more information, see Deploy Schema Registry in Production on Confluent Platform.
Start Confluent Platform¶
Start Confluent Platform and its components using systemd service unit files. You can start immediately by using the
systemctl start
command or enable for automatic startup by using the systemctl enable
command. These instructions
use the syntax for immediate startup.
Tip
In ZooKeeper mode, ZooKeeper must be started first. Kafka, and Schema Registry must be started in this order, and must be started after ZooKeeper, if you are using it, and before any other components.
For ZooKeeper mode, start ZooKeeper. For KRaft mode, skip to step 2. .. include:: ../../includes/zk-deprecation.rst
sudo systemctl start confluent-zookeeper
Start Kafka.
Confluent Platform:
sudo systemctl start confluent-server
Confluent Platform using only Confluent Community components:
sudo systemctl start confluent-kafka
Start Schema Registry.
sudo systemctl start confluent-schema-registry
Start other Confluent Platform components as desired.
Control Center
sudo systemctl start confluent-control-center
Kafka Connect
sudo systemctl start confluent-kafka-connect
Confluent REST Proxy
sudo systemctl start confluent-kafka-rest
ksqlDB
sudo systemctl start confluent-ksqldb
Tip
You can check service status with this command: systemctl status confluent*
. For more information
about the systemd service unit files, see Use Confluent Platform systemd Service Unit Files.
Uninstall¶
Run this command to remove Confluent Platform, where <component-name>
is either confluent-platform
(Confluent Platform) or confluent-community-2.13
(Confluent Platform using only Confluent Community components).
sudo yum autoremove <component-name>
For example, run this command to remove Confluent Platform:
sudo yum autoremove confluent-platform