Skip to content

Instantly share code, notes, and snippets.

Avatar
🌴

Stephane Maarek simplesteph

🌴
View GitHub Profile
@simplesteph
simplesteph / attach-eni.py
Created Jan 4, 2018 — forked from rcillo/attach-eni.py
This gist contains code that attaches an ENI to a running EC2 instance and configures the network accordingly
View attach-eni.py
# -*- coding: utf-8 -*-\
"""
The MIT License (MIT)
Copyright (c) 2015 Zalando SE
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
View schema-registry-test-ssl.sh
# double check that the certificates are loaded
openssl s_client -debug -connect kafka-schema-registry-1.kafka-schema-registry.example.com:443 -tls1
# to verify if the schema registry is responding to REST requests
curl -k https://kafka-schema-registry-1.kafka-schema-registry.example.com:443/subjects
# to verify if your public certificate matches the SSL certificate from the schema registry
curl --cacert cacert.pem https://kafka-schema-registry-1.kafka-schema-registry.example.com:443/subjects
View schema-registry.properties
listeners=https://0.0.0.0:443/
ssl.keystore.location=/etc/kafka/secrets/yourkeystore.jks
ssl.keystore.password=yourkeystorepassword
ssl.key.password=yourkeypassword
# The following are optional only if you’d like to authenticate HTTPS clients
ssl.truststore.location=/etc/kafka/secrets/yourtruststore.jks
ssl.truststore.password=yourtruststorepassword
View authorize-sch-reg-consumer-simple.sh
kafka-acls --add --allow-principal User:schemaregistry \
--consumer --topic _schemas --consumer-group schema-registry
View authorize-sch-reg-consumer.sh
kafka-acls --add --allow-principal User:schemaregistry \
--consumer --topic _schemas \
--consumer-group schema-registry-kafka-schema-registry-1.kafka-schema-registry.example.com-443
View authorize-sch-reg-producer.sh
kafka-acls --add --allow-principal User:schemaregistry \
--producer --topic _schemas
View schema-reg-create-topic.sh
kafka-topics --create --topic _schemas --zookeeper zoo1:2181 \
--config cleanup.policy=compact --partitions 1 --replication-factor 3
View kafka-server.properties
# java properties file:
# SASL related properties
kafkastore.bootstrap.servers=SASL_SSL://kafka-1:9095/
kafkastore.sasl.kerberos.service.name=kafka
zookeeper.set.acl=true
# SSL related properties
kafkastore.ssl.truststore.location=/etc/kafka/secrets/kafkatruststore.jks
kafkastore.ssl.truststore.password=kafkatruststorepassword
# environment variable:
View kafka_server_jaas.conf
// Kafka Client authentication
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/kafka/keytabs/schemaregistry.keytab"
principal="schemaregistry@EXAMPLE.COM";
};
// Zookeeper client authentication
@simplesteph
simplesteph / swagger.json
Created Oct 13, 2016
Apache NiFi 1.0.0 fixed swagger file
View swagger.json
{
"swagger" : "2.0",
"info" : {
"description" : "The Rest Api provides programmatic access to command and control a NiFi instance in real time. Start and \n stop processors, monitor queues, query provenance data, and more. Each endpoint below includes a description,\n definitions of the expected input and output, potential response codes, and the authorizations required\n to invoke each service.",
"version" : "1.0.0",
"title" : "NiFi Rest Api",
"contact" : {
"url" : "https://nifi.apache.org",
"email" : "dev@nifi.apache.org"
},