Skip to main content
Skip table of contents

Enable ACLs between Kafka and z/IRIS

Created , Updated


Prerequisites


z/IRIS z/OS Client (Kafka Producer)

ACL authorization need to be enabled on the Kafka Brokers of the Kafka Cluster.

The following proposed configurations are just illustrative examples. Change the used parameter values according to your needs.

Configure write permission

The z/IRIS z/OS Clients (e.g. CN=zosclients) need a write permission to a Kafka Topic (e.g. smf) in order to send SMF records. This can be granted via the Kafka CLI.

CODE
kafka-acls --bootstrap-server <broker-ip>:<broker-port> --add --allow-principal User:CN=zosclients --operation Write --topic <topic-name> --command-config /path/to/broker-ssl-cli.properties 

Hereby, the provided properties file broker-ssl-cli.properties contains the following parameters

CODE
security.protocol=SSL
ssl.keystore.location=/path/to/broker.keystore.jks
ssl.keystore.password=changeMe
ssl.truststore.location=/path/to/broker.truststore.jks
ssl.truststore.password=changeMe
ssl.key.password=changeMe

z/IRIS IronTap (Kafka Consumer)

ACL authorization need to be enabled on the Kafka Brokers of the Kafka Cluster.

The following proposed configurations are just illustrative examples. Change the used parameter values according to your needs.

Configure read permission

The consumer group (e.g. smf-group) for the z/IRIS IronTap instances (e.g. CN=irontap) need a read permission to a Kafka Topic (e.g. smf) in order to read SMF records. This can be granted via the Kafka CLI.

CODE
kafka-acls --bootstrap-server <broker-ip>:<broker-port> --add --allow-principal User:CN=irontap --operation Read --topic smf --group smf-group --command-config /path/to/broker-ssl-cli.properties 

Hereby, the provided properties file broker-ssl-cli.properties contains the following parameters

CODE
security.protocol=SSL
ssl.keystore.location=/path/to/broker.keystore.jks
ssl.keystore.password=changeMe
ssl.truststore.location=/path/to/broker.truststore.jks
ssl.truststore.password=changeMe
ssl.key.password=changeMe

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.