-
Notifications
You must be signed in to change notification settings - Fork 36
Expand file tree
/
Copy pathMakefile
More file actions
195 lines (163 loc) · 5.42 KB
/
Makefile
File metadata and controls
195 lines (163 loc) · 5.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
include .env
mtls:
rm -rf ssl
mkdir ssl
make create.ca
make create.keystore FOR=server PASSWORD=$(SRVPASS) HOST=$(BROKER_HOST)
make create.keystore FOR=client PASSWORD=$(CLIPASS) HOST=$(shell hostname)
make add.ca.to.truststore FOR=server PASSWORD=$(SRVPASS)
make add.ca.to.truststore FOR=client PASSWORD=$(CLIPASS)
make get.cert.from.keystore FOR=server PASSWORD=$(SRVPASS)
make get.cert.from.keystore FOR=client PASSWORD=$(CLIPASS)
make sign.cert FOR=server PASSWORD=$(SRVPASS)
make sign.cert FOR=client PASSWORD=$(CLIPASS)
make import.cacert.signed.cert.keystore FOR=server PASSWORD=$(SRVPASS)
make import.cacert.signed.cert.keystore FOR=client PASSWORD=$(CLIPASS)
make send.server
create.ca:
openssl \
req -new -x509 \
-keyout ssl/ca-key \
-out ssl/ca-cert \
-days 365 \
-subj "/CN=sample.myhost.com" \
-nodes
create.keystore:
keytool \
-keystore ssl/kafka.$(FOR).keystore.jks \
-alias $(FOR) \
-validity 365 \
-genkey \
-keyalg RSA \
-storepass ${PASSWORD} \
-keypass ${PASSWORD} \
-dname "CN=${HOST}" \
-ext SAN=DNS:${HOST}
add.ca.to.truststore:
keytool \
-keystore ssl/kafka.$(FOR).truststore.jks \
-alias CARoot \
-storepass $(PASSWORD) \
-importcert \
-file ssl/ca-cert \
-noprompt
get.cert.from.keystore:
keytool \
-keystore ssl/kafka.$(FOR).keystore.jks \
-alias $(FOR) \
-storepass $(PASSWORD) \
-certreq \
-file ssl/$(FOR)-cert-file
sign.cert:
make sign.cert2 IN=ssl/$(FOR)-cert-file OUT=ssl/$(FOR)-cert-signed
sign.cert2:
openssl \
x509 -req \
-CA ssl/ca-cert \
-CAkey ssl/ca-key \
-in $(IN) \
-out $(OUT) \
-days 365 \
-CAcreateserial \
-passin pass:$(PASSWORD)
import.cacert.signed.cert.keystore:
keytool \
-keystore ssl/kafka.$(FOR).keystore.jks \
-alias CARoot \
-storepass $(PASSWORD) \
-importcert \
-file ssl/ca-cert \
-noprompt
keytool \
-keystore ssl/kafka.$(FOR).keystore.jks \
-alias $(FOR) \
-storepass $(PASSWORD) \
-importcert \
-file ssl/$(FOR)-cert-signed \
-noprompt
send.server:
scp -i ${PEMDEVW} ssl/kafka.server.*.jks ec2-user@$(BROKER_HOST):$(SSL_DIR)
ssl.verify:
# openssl s_client -connect ${BROKER_HOST}:9093
openssl s_client -connect 34.222.216.72:9093
delete.stream:
-@decodable stream delete $(shell decodable stream list -o json | jq -sr '.[] |select(.name=="crypto_mtls")|.id ' )
create.stream:
-@decodable stream create \
--name crypto_mtls \
--field id=STRING \
--field currency=STRING \
--field symbol=STRING \
--field name=STRING \
--field logo_url=STRING \
--field status=STRING \
--field price=STRING \
--field price_date=STRING \
--field price_timestamp=STRING \
--field circulating_supply=STRING \
--field max_supply=STRING \
--field market_cap=STRING \
--field market_cap_dominance=STRING \
--field num_exchanges=STRING \
--field num_pairs=STRING \
--field num_pairs_unmapped=STRING \
--field first_candle=STRING \
--field first_trade=STRING \
--field first_order_book=STRING \
--field rank=STRING \
--field rank_delta=STRING \
--field high=STRING \
--field high_timestamp=STRING
deactivate.conn.mtls:
-@decodable conn deactivate $(shell decodable conn list -o json | jq -sr '.[] |select(.name=="kafka_mtls_source")|.id ' )
delete.conn.mtls:
-@decodable conn delete $(shell decodable conn list -o json | jq -sr '.[] |select(.name=="kafka_mtls_source")|.id ' )
create.conn.mtls:
decodable conn create \
--name kafka_mtls_source \
--stream-id $(shell decodable stream list -o json | jq -sr '.[] |select(.name=="crypto_mtls")|.id ' ) \
--connector kafka \
--type source \
--prop format=json \
--prop bootstrap.servers=${BROKER_HOST}:9093 \
--prop topic=crytpo_mtls \
--prop security.protocol=TLS \
--prop tls.client.certificate.type=CSR \
--prop properties.ssl.endpoint.identification.algorithm=\
--prop tls.broker.certificate=@ssl/server-cert-signed \
create.all: mtls deactivate.conn.mtls delete.conn.mtls delete.stream create.stream create.conn.mtls add.decodable
add.decodable:
decodable connection \
get $(shell decodable conn list -o json | jq -sr '.[] |select(.name=="kafka_mtls_source")|.id ' ) \
-o json | jq -r '.properties."tls.client.certificate"' \
> decodable_client_cert.pem
make sign.cert2 IN=decodable_client_cert.pem OUT=decodable_client_cert_signed.pem PASSWORD=$(SRVPASS)
decodable conn \
update $(shell decodable conn list -o json | jq -sr '.[] |select(.name=="kafka_mtls_source")|.id ' ) \
--prop tls.broker.signed_client_certificate=@decodable_client_cert_signed.pem
java.consume:
KAFKA_OPTS="-Djavax.net.debug=ssl"
~/development/cp/confluent-7.1.2/bin/kafka-console-consumer \
--bootstrap-server $(BROKER_HOST):9093 \
--from-beginning \
--topic crytpo_mtls \
--consumer.config client.properties
java.produce:
KAFKA_OPTS="-Djavax.net.debug=ssl"
~/development/cp/confluent-7.1.2/bin/kafka-console-producer \
--bootstrap-server $(BROKER_HOST):9093 \
--topic crytpo_mtls \
--producer.config client.properties
create.topic:
KAFKA_OPTS="-Djavax.net.debug=ssl"
~/development/cp/confluent-7.1.2/bin/kafka-topics \
--bootstrap-server $(BROKER_HOST):9093 \
--create \
--topic crytpo_mtls \
--command-config client.properties
list.topics:
KAFKA_OPTS="-Djavax.net.debug=ssl"
~/development/cp/confluent-7.1.2/bin/kafka-topics \
--bootstrap-server $(BROKER_HOST):9093 \
--list \
--command-config client.properties