This section takes the example of creating a Kafka 2.7 instance (ciphertext access and SASL_SSL) and accessing it on the client (private network, within a virtual private cloud (VPC)) for message production and consumption to get you quickly started with Distributed Message Service (DMS).
- Step 1: Preparations
A Kafka instance runs in a VPC. Before creating a Kafka instance, ensure that a VPC is available.
After a Kafka instance is created, download and install the Kafka open-source client on your ECS before producing and consuming messages.
- Step 2: Create a Kafka Instance
You can select the specification and quantity, and enable ciphertext access and SASL_SSL when creating a Kafka instance.
When connecting to a Kafka instance with SASL_SSL enabled, SASL is used for authentication. Data is encrypted with SSL certificates for high-security transmission.
- Step 3: Create a Topic
Topics store messages created by producers and subscribed by consumers.
This section uses the example of creating a topic on the console.
- Step 4: Connect to a Kafka Instance to Produce and Consume Messages
Before connecting to a Kafka instance with SASL_SSL enabled, download the certificate and configure the connection in the client configuration file.
Step 1: Preparations
- Before creating a Kafka instance, ensure that your account has permissions to perform operations on Kafka instances.
To achieve fine-grained management of your cloud resources, create IAM user groups and users and grant specified permissions to the users. For more information, see Creating a User and Granting DMS for Kafka Permissions.
- Before creating a Kafka instance, ensure that a VPC and a subnet are available.
Configure the VPC and subnet for Kafka instances as required. You can use the current account's existing VPC and subnet, or create new ones. For details about how to create a VPC and a subnet, see Creating a VPC. Note that the VPC must be in the same region as the Kafka instance.
- Before creating a Kafka instance, ensure that a security group is available.
Configure the security group for Kafka instances as required. You can use the current account's existing security groups, or create new ones. For details about how to create a security group, see Creating a Security Group.
To connect to Kafka instances, add the security group rules described in Table 1. Other rules can be added based on site requirements.Table 1 Security group rules Direction
Protocol
Port
Source address
Description
Inbound
TCP
9093
0.0.0.0/0
Accessing a Kafka instance over a private network within a VPC (in ciphertext)
After a security group is created, it has a default inbound rule that allows communication among ECSs within the security group and a default outbound rule that allows all outbound traffic. If you access your Kafka instance using the private network within a VPC, you do not need to add the rules described in Table 1.
- Before connecting to a Kafka instance, ensure that you have created an elastic cloud server (ECS) that has an EIP, installed the JDK, configured environment variables, and downloaded an open-source Kafka client. The following steps describe how to complete these preparations.A Linux ECS is taken as an example. For more information on how to install JDK and configure the environment variables for a Windows ECS, please search the Internet.
- Log in to the console, click
in the upper left corner, click Elastic Cloud Server under Computing, and then create an ECS.For details about how to create an ECS, see Creating an ECS. If you already have an available ECS, skip this step.
- Log in to an ECS as user root.
- Install Java JDK and configure the environment variables JAVA_HOME and PATH.
- Download a JDK.
Use Oracle JDK instead of ECS's default JDK (for example, OpenJDK), because ECS's default JDK may not be suitable. Obtain Oracle JDK 1.8.111 or later from Oracle's official website.
- Decompress the JDK.
tar -zxvf jdk-8u321-linux-x64.tar.gz
Change jdk-8u321-linux-x64.tar.gz to your JDK version.
- Open the .bash_profile file.
vim ~/.bash_profile
- Add the following content:
export JAVA_HOME=/opt/java/jdk1.8.0_321 export PATH=$JAVA_HOME/bin:$PATH
Change /opt/java/jdk1.8.0_321 to the path where you install JDK.
- Press Esc. Enter the following line and press Enter. Save the .bash_profile file and exit.
:wq
- Run the following command to make the change take effect:
source .bash_profile
- Check whether the JDK is installed.
java -version
If the following message is returned, the JDK is installed.java version "1.8.0_321"
- Download a JDK.
- Download an open-source Kafka client.
wget https://archive.apache.org/dist/kafka/2.7.2/kafka_2.12-2.7.2.tgz
- Run the following command to decompress the package:
tar -zxf kafka_2.12-2.7.2.tgz
- Log in to the console, click
Step 2: Create a Kafka Instance
- Log in to the DMS console, then click Create Instance in the upper right corner of the page.
- Specify the basic instance settings. For details, see Table 2.
Table 2 Basic instance settings Parameter
Description
Region
DMS for Kafka in different regions cannot communicate with each other over an intranet. Select a nearest location for low latency and fast access.
Select eu-de.
Project
Projects isolate compute, storage, and network resources across geographical regions. For each region, a preset project is available.
Select eu-de (default).
AZ
An AZ is a physical region where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network.
Select AZ1, AZ2, and AZ3.
Instance Name
You can customize a name that complies with the rules: 4–64 characters; starts with a letter; can contain only letters, digits, hyphens (-), and underscores (_).
Enter kafka-test.
Enterprise Project
This parameter is for enterprise users. An enterprise project manages project resources in groups. Enterprise projects are logically isolated.
Select default.
Specifications
Select Cluster to create a cluster Kafka instance.
Version
Kafka version. Cannot be changed once the instance is created.
Select 2.7.
CPU Architecture
x86
Retain the default value.
Broker Flavor
Select a broker flavor as required.
Select kafka.2u4g.cluster.
Brokers
Specify the number of brokers as required.
Enter 3.
Storage Space per Broker
Select the disk type and specify the disk size as required.
Total storage space = Storage space per broker × Broker quantity. After the instance is created, you cannot change the disk type.
Select Ultra-high I/O and enter 100.
Disk Encryption
Skip it.
Capacity Threshold Policy
Select Automatically delete: When the disk reaches the disk capacity threshold (95%), messages can still be produced and consumed, but the earliest 10% of messages will be deleted to ensure sufficient disk space. Use this policy for services intolerant of interruptions. However, data may be lost.
- Configure the instance network. For details, see Table 3.
- Set the instance access mode. For details, see Table 4.
Table 4 Setting the instance access mode Parameter
Sub-Parameter
Description
Private Network Access
Plaintext Access
Disable it.
Ciphertext Access
When this parameter is enabled, SASL authentication is required when a client connects to the Kafka instance.
- Ciphertext Access is enabled.
- SASL_SSL is selected. Username and Password can be set.
- SASL/PLAIN is enabled.
Public Network Access
-
Skip it.
- Click Advanced Settings. For more information, see Table 5.
- Click Create.
- Confirm the instance settings.
- Return to the DMS for Kafka page and check whether the instance has been created.
It takes 3 to 15 minutes to create an instance. During this period, the instance status is Creating.
- If the instance is created successfully, its status changes to Running.
- If the instance is in the Creation failed state, delete it. Then create a new one. If the instance creation fails again, contact customer service.
Instances that fail to be created do not occupy other resources.
Step 3: Create a Topic
- On the DMS for Kafka page, click a Kafka instance.
- In the navigation pane, choose Topics.
- Click Create Topic.
- Enter the topic name, specify other parameters by referring to Table 6, and click OK.
Table 6 Topic parameters Parameter
Description
Topic Name
Customize a name that contains 3 to 200 characters, starts with a letter or underscore (_), and contains only letters, digits, periods (.), hyphens (-), and underscores (_).
The name must be different from preset topics:
- _consumer_offsets
- _transaction_state
- _trace
- _connect-status
- _connect-configs
- _connect-offsets
Cannot be changed once the topic is created.
Enter topic-01.
Partitions
If the number of partitions is the same as that of consumers, the larger the partitions, the higher the consumption concurrency.
Enter 3.
Replicas
Data is automatically backed up to each replica. When one Kafka broker becomes faulty, data is still available. A higher number of replicas delivers higher reliability.
Enter 3.
Aging Time (h)
How long messages will be preserved in the topic. Messages older than this period cannot be consumed. They will be deleted, and can no longer be consumed.
Enter 72.
Synchronous Replication
Skip it. When this option is disabled, leader replicas are independent from follower replica synchronization. They receive messages and write them to local logs, then immediately send the successfully written ones to the client.
Synchronous Flushing
Skip it. When this option is disabled, messages are produced and stored in memory instead of written to the disk immediately.
Message Timestamp
Select CreateTime: time when the producer created the message.
Max. Message Size (bytes)
Maximum batch processing size allowed by Kafka. If message compression is enabled in the client configuration file or code of producers, this parameter indicates the size after compression.
Enter 10,485,760.
Step 4: Connect to a Kafka Instance to Produce and Consume Messages
- Obtain the instance connection address.
- In the navigation pane, click Basic Information.
- In the Connection area, view the connection address.Figure 2 Kafka instance addresses (private network) for intra-VPC access
- Prepare the file for production and consumption configuration.
- Log in to a Linux ECS.
- Download the client.jks certificate and upload it to the /root directory on the ECS.
To obtain the certificate: On the Kafka console, click the Kafka instance to go to the Basic Information page. Click Download next to SSL Certificate in the Connection area. Decompress the package to obtain the client certificate file client.jks.
/root is the path for storing the certificate. Change it to the actual path if needed.
- Go to the /config directory on the Kafka client.
cd kafka_2.12-2.7.2/config
- Add the following commands in both the consumer.properties and producer.properties files (PLAIN is used as an example).
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ username="**********" \ password="**********"; sasl.mechanism=PLAIN security.protocol=SASL_SSL ssl.truststore.location={ssl_truststore_path} ssl.truststore.password=dms@kafka ssl.endpoint.identification.algorithm=Description:
- username and password are specified when enabling ciphertext access during instance creation.
- ssl.truststore.location is the path for storing the certificate obtained in 2.b.
- ssl.truststore.password is certified by the server, which must be set to dms@kafka and cannot be changed.
- ssl.endpoint.identification.algorithm decides whether to verify the certificate domain name. In this example, leave this parameter blank, which indicates disabling domain name verification.
- Go to the /bin directory on the Kafka client.
cd ../bin
- Produce messages.
./kafka-console-producer.sh --broker-list ${connection addr} --topic ${topic name} --producer.config ../config/producer.propertiesDescription:
For example, 192.xxx.xxx.xxx:9093, 192.xxx.xxx.xxx:9093, 192.xxx.xxx.xxx:9093 are the connection addresses of the Kafka instance.
After running this command, you can send messages to the Kafka instance by entering the information as prompted and pressing Enter. Each line of content will be sent as a message.
[root@ecs-kafka bin]#./kafka-console-producer.sh --broker-list 192.xxx.xxx.xxx:9093,192.xxx.xxx.xxx:9093,192.xxx.xxx.xxx:9093 --topic topic-demo --producer.config ../config/producer.properties >Hello >DMS >Kafka! >^C[root@ecs-kafka bin]#
Press Ctrl+C to cancel.
- Consume messages.
./kafka-console-consumer.sh --bootstrap-server ${connection addr} --topic ${topic name} --from-beginning --consumer.config ../config/consumer.propertiesDescription:
Sample:
[root@ecs-kafka bin]# ./kafka-console-consumer.sh --bootstrap-server 192.xxx.xxx.xxx:9093,192.xxx.xxx.xxx:9093,192.xxx.xxx.xxx:9093 --topic topic-demo --from-beginning --consumer.config ../config/consumer.properties Hello Kafka! DMS ^CProcessed a total of 3 messages [root@ecs-kafka bin]#
Press Ctrl+C to cancel.