mdt-dialout-collector icon indicating copy to clipboard operation
mdt-dialout-collector copied to clipboard

Published 20 hours ago verified publisher icon network-analytics

Ability to disable SSL verification for Kafka connection

Open sgaragan opened this issue 9 months ago • 6 comments

In our lab environment, the certificate being used by Kafka is not always a valid one (either self-signed or the CN/SAN does not match the hostname). Kafka has a property that can be set, "enable.ssl.certificate.verification" but this is not available to the gRPC Kafka configuration. We are looking for something like the following for the pmtelemetryd-grpc-dialout.conf

## Kafka configuration ###
bootstrap_servers = "jedha-kafka-kafka-mtlsext-0.kafka.svc:9096,jedha-kafka-kafka-mtlsext-1.kafka.svc:9096,jedha-kafka-kafka-mtlsext-2.kafka.svc:9096";
topic = "matterhorn.ietf.grpc-raw";
enable_idempotence = "true";
client_id = "mdt-dialout-collector";
# valid options are either plaintext or ssl
security_protocol = "ssl";
ssl_key_location = "/etc/pmacct/ssl/kafka.key";
ssl_certificate_location = "/etc/pmacct/ssl/kafka.crt";
ssl_ca_location = "/etc/pmacct/ssl/ca.crt";
enable_ssl_certificate_verification = "false";  <---- New Kafka config property

Thanks, Sean

sgaragan avatar May 09 '24 14:05 sgaragan