confluentinc · mansi-jain-1206 · Sep 25, 2024 · Oct 16, 2024 · Oct 16, 2024 · Oct 16, 2024
@@ -0,0 +1,49 @@
+---
+##
+## The following is an example inventory file of the configuration required for setting up Confluent Platform with Kraft Controller with SCRAM.
+## This will set up controller-controller communication via plain and other communication via scram.
+
+all:
+  vars:
+    ansible_connection: ssh
+    ansible_user: ec2-user
+    ansible_become: true
+    ansible_ssh_private_key_file: /home/ec2-user/guest.pem
+    ansible_python_interpreter: /usr/bin/python3
+
+    ssl_enabled: true
+    sasl_protocol: scram
+
+kafka_controller:
+  vars:
+    kafka_controller_sasl_protocol: plain,scram
+  hosts:
+    ec2-35-160-193-90.us-west-2.compute.amazonaws.com:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
+    ec2-34-219-169-190.us-west-2.compute.amazonaws.com:
+
+kafka_broker:
+  hosts:
+    ec2-35-91-214-11.us-west-2.compute.amazonaws.com:
+    ec2-54-71-228-219.us-west-2.compute.amazonaws.com:
+    ec2-54-218-9-145.us-west-2.compute.amazonaws.com:
+
+schema_registry:
+  hosts:
+    ec2-35-160-193-90.us-west-2.compute.amazonaws.com:
+
+kafka_connect:
+  hosts:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
+
+kafka_rest:
+  hosts:
+    ec2-34-219-169-190.us-west-2.compute.amazonaws.com:
+
+ksql:
+  hosts:
+    ec2-35-91-214-11.us-west-2.compute.amazonaws.com:
+
+control_center:
+  hosts:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
@@ -0,0 +1,49 @@
+---
+##
+## The following is an example inventory file of the configuration required for setting up Confluent Platform with Kraft Controller with SCRAM.
+## This will set up controller-controller and controller-broker communication via plain and other communication, including inter-broker via scram.
+
+all:
+  vars:
+    ansible_connection: ssh
+    ansible_user: ec2-user
+    ansible_become: true
+    ansible_ssh_private_key_file: /home/ec2-user/guest.pem
+    ansible_python_interpreter: /usr/bin/python3
+
+    ssl_enabled: true
+    sasl_protocol: scram
+
+    kafka_controller_sasl_protocol: plain
+
+kafka_controller:
+  hosts:
+    ec2-35-160-193-90.us-west-2.compute.amazonaws.com:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
+    ec2-34-219-169-190.us-west-2.compute.amazonaws.com:
+
+kafka_broker:
+  hosts:
+    ec2-35-91-214-11.us-west-2.compute.amazonaws.com:
+    ec2-54-71-228-219.us-west-2.compute.amazonaws.com:
+    ec2-54-218-9-145.us-west-2.compute.amazonaws.com:
+
+schema_registry:
+  hosts:
+    ec2-35-160-193-90.us-west-2.compute.amazonaws.com:
+
+kafka_connect:
+  hosts:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
+
+kafka_rest:
+  hosts:
+    ec2-34-219-169-190.us-west-2.compute.amazonaws.com:
+
+ksql:
+  hosts:
+    ec2-35-91-214-11.us-west-2.compute.amazonaws.com:
+
+control_center:
+  hosts:
+    ec2-35-85-219-150.us-west-2.compute.amazonaws.com:
diff --git a/docs/sample_inventories/migration_sample.yml b/docs/sample_inventories/migration_sample.yml
@@ -4,8 +4,9 @@
 ## steps to run:
 ## 1. Run command "ansible-playbook -i <inv.yml> confluent.platform.all" to setup a ZK cluster
 ## 2. Once ZK cluster setup is complete, uncomment "kraft_migration: true" and kafka_controller section.
-## 3. Run command "ansible-playbook -i <inv.yml> confluent.platform.ZKtoKraftMigration"
-## 4. Once Kraft cluster is up and running, Remove "kraft_migration: true" and Zookeeper section from the inventory file.
+## 3. If your sasl_protocol is scram or scram256, uncomment the kafka_controller_sasl_protocol variable and set it to "plain"
+## 4. Run command "ansible-playbook -i <inv.yml> confluent.platform.ZKtoKraftMigration"
+## 5. Once Kraft cluster is up and running, Remove "kraft_migration: true" and Zookeeper section from the inventory file.
 
 all:
   vars:
@@ -14,6 +15,7 @@ all:
     ansible_become: true
     ansible_ssh_private_key_file: /home/ec2-user/guest.pem
     ansible_python_interpreter: /usr/bin/python3
+#    kafka_controller_sasl_protocol: plain
 
     #kraft_migration: true
 

@@ -7,10 +7,11 @@
 driver:
   name: docker
 platforms:
-  - name: zookeeper1
-    hostname: zookeeper1.confluent
+  - name: ${KRAFT_CONTROLLER:-zookeeper}1
+    hostname: ${KRAFT_CONTROLLER:-zookeeper}1.confluent
     groups:
-      - zookeeper
+      - ${CONTROLLER_HOSTGROUP:-zookeeper}
+      - ${CONTROLLER_HOSTGROUP:-zookeeper}_migration
     image: oraclelinux:8-slim
     dockerfile: ../Dockerfile-rhel-tar.j2
     command: ""
@@ -94,18 +95,22 @@ platforms:
     networks:
       - name: confluent
 provisioner:
+  playbooks:
+    converge: ${MIGRATION_CONVERGE:-../collections_converge.yml}
   inventory:
     group_vars:
       all:
         ssl_enabled: true
-        sasl_protocol: scram
+        sasl_protocol: scram256
 
         installation_method: archive
 
         archive_group: custom
         archive_owner: cp-custom
 
         mask_secrets: false
-
         kafka_broker_custom_properties:
           log.dirs: /tmp/logs1,/tmp/logs2
+
+      kafka_controller:
+        kafka_controller_sasl_protocol: plain,scram256
@@ -10,3 +10,7 @@
     - name: Create Custom User
       user:
         name: "{{archive_owner}}"
+
+- name: Install Zookeeper Cluster
+  import_playbook: confluent.platform.all
+  when: lookup('env', 'MIGRATION')|default('false') == 'true'
@@ -23,6 +23,42 @@
           - archive.stat.pw_name == 'cp-custom'
         quiet: true
 
+- name: Verify - kafka_controller
+  hosts: kafka_controller
+  gather_facts: false
+  tasks:
+    - import_role:
+        name: variables
+    - import_role:
+        name: confluent.test
+        tasks_from: check_property.yml
+      vars:
+        file_path: /opt/confluent/etc/controller/server.properties
+        property: sasl.enabled.mechanisms
+        expected_value: SCRAM-SHA-256,PLAIN
+    - import_role:
+        name: confluent.test
+        tasks_from: check_property.yml
+      vars:
+        file_path: /opt/confluent/etc/controller/server.properties
+        property: sasl.mechanism.controller.protocol
+        expected_value: PLAIN
+
+- name: Verify - kafka_broker
+  hosts: kafka_broker
+  gather_facts: false
+  tasks:
+    - set_fact:
+        kraft_mode: "{{ ('kafka_controller' in groups.keys() and groups['kafka_controller'] | length > 0) }}"
+
+    - import_role:
+        name: confluent.test
+        tasks_from: check_property.yml
+      vars:
+        file_path: /opt/confluent/etc/kafka/server.properties
+        property: sasl.mechanism.controller.protocol
+        expected_value: SCRAM-SHA-256
+
 - name: Verify - kafka_connect
   hosts: kafka_connect
   gather_facts: false

@@ -45,7 +45,7 @@ platforms:
     privileged: true
     networks:
       - name: confluent
-  # MDS Zookeeper and Kafka
+  # MDS Controller, Zookeeper and Kafka
   - name: mds-${KRAFT_CONTROLLER:-zookeeper}1
     hostname: mds-${KRAFT_CONTROLLER:-zookeeper}1.confluent
     groups:
@@ -86,10 +86,10 @@ platforms:
     networks:
       - name: confluent
   # Cluster 2 goups, groupnames will be changed during converge phase
-  - name: zookeeper1
-    hostname: zookeeper1.confluent
+  - name: ${KRAFT_CONTROLLER:-zookeeper}1
+    hostname: ${KRAFT_CONTROLLER:-zookeeper}1.confluent
     groups:
-      - zookeeper2
+      - ${KRAFT_CONTROLLER:-zookeeper}2
       - cluster2
     image: rockylinux:9-minimal
     dockerfile: ../Dockerfile-rhel-java17.j2
@@ -216,6 +216,7 @@ provisioner:
 
         ssl_enabled: true
         sasl_protocol: scram
+        kafka_controller_sasl_protocol: plain
 
         ssl_custom_certs: true
         ssl_ca_cert_filepath: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/generated_ssl_files/ca.crt"

@@ -10,3 +10,7 @@
 
 - name: Install MDS Cluster
   import_playbook: confluent.platform.all
+
+- name: Install Zookeeper Cluster
+  import_playbook: confluent.platform.all
+  when: lookup('env', 'MIGRATION')|default('false') == 'true'
@@ -189,6 +189,7 @@ provisioner:
 
         ssl_enabled: true
         sasl_protocol: scram
+        kafka_controller_sasl_protocol: plain
         ssl_custom_certs: true
         ssl_ca_cert_filepath: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/generated_ssl_files/ca.crt"
         ssl_signed_cert_filepath: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/generated_ssl_files/{{inventory_hostname}}-ca1-signed.crt"

@@ -4,3 +4,7 @@
 
 - name: Provision LDAP Server
   import_playbook: ../ldap.yml
+
+- name: Install Zookeeper Cluster
+  import_playbook: confluent.platform.all
+  when: lookup('env', 'MIGRATION')|default('false') == 'true'
@@ -8,6 +8,27 @@
 ### Validates that FIPS is in use in OpenSSL.
 ### Validates that both the Connectors are Running
 
+- name: Verify - kafka_controller
+  hosts: kafka_controller
+  gather_facts: false
+  tasks:
+    - import_role:
+        name: variables
+    - import_role:
+        name: confluent.test
+        tasks_from: check_property.yml
+      vars:
+        file_path: /etc/controller/server.properties
+        property: sasl.enabled.mechanisms
+        expected_value: SCRAM-SHA-512,PLAIN
+    - import_role:
+        name: confluent.test
+        tasks_from: check_property.yml
+      vars:
+        file_path: /etc/controller/server.properties
+        property: sasl.mechanism.controller.protocol
+        expected_value: PLAIN
+
 - name: Verify - kafka_broker
   hosts: kafka_broker
   gather_facts: false