- What's New
- Function Overview
- Product Bulletin
-
Service Overview
- Infographics
- What Is DMS for Kafka?
- Product Advantages
- Application Scenarios
- Kafka Instance Specifications
- Comparing Single-node and Cluster Kafka Instances
- Comparing Kafka, RabbitMQ, and RocketMQ
- Comparing DMS for Kafka and Open-Source Kafka
- Security
- Notes and Constraints
- Related Services
- Basic Concepts
- Permissions
- Billing
- Getting Started
-
User Guide
- Process of Using Kafka
- Permissions Management
- Buying a Kafka Instance
- Configuring Topics
- Connecting to an Instance
- Managing Messages
- Managing Consumer Groups
- Managing Quotas
-
Managing Instances
- Viewing and Modifying Basic Information of a Kafka Instance
- Viewing Kafka Disk Usage
- Viewing Kafka Background Tasks
- Viewing Sample Code of Kafka Production and Consumption
- Modifying Kafka Instance Configuration Parameters
- Configuring Kafka Instance Tags
- Configuring Kafka Recycling Policies
- Upgrading the Kafka Instance Kernel
- Exporting the Kafka Instance List
- Restarting a Kafka Instance
- Deleting Kafka Instances
- Using Kafka Manager
- Modifying Instance Specifications
- Migrating Data
- Testing Instance Performance
- Applying for Increasing Kafka Quotas
- Monitoring and Alarms
- Viewing Kafka Audit Logs
-
Best Practices
- Kafka Best Practices
- Improving Kafka Message Processing Efficiency
- Optimizing Consumer Polling
- Interconnecting Logstash to Kafka to Produce and Consume Messages
- Using MirrorMaker to Synchronize Data Across Clusters
- Handling Message Accumulation
- Handling Service Overload
- Handling Uneven Service Data
- Configuring Message Accumulation Monitoring
- Suggestions on Using DMS for Kafka Securely
- Developer Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs V2 (Recommended)
- Managing Lifecycle
-
Instance Management
- Resetting the Password
- Resetting Kafka Manager Password
- Restarting Kafka Manager
- Configuring Automatic Topic Creation
- Modifying the Private IP Address for Cross-VPC Access
- Querying Kafka Cluster Metadata
- Querying Coordinator Details of a Kafka Instance
- Reassigning Replicas of a Topic for a Kafka Instance
- Modifying Kafka Access Modes
- Querying the Disk Usage Status of Topics
- Initiating Partition Reassigning for a Kafka Instance
- Disabling Kafka Manager
- Deleting a User or Client Quota
- Querying User or Client Quotas
- Creating User or Client Quotas
- Modifying User or Client Quotas
-
Smart Connect
- Enabling Smart Connect (Pay-per-Use Instance)
- Disabling Smart Connect (Pay-per-Use Instance)
- Creating a Smart Connect Task
- Querying Smart Connect Tasks
- Querying Smart Connect Task Details
- Deleting a Smart Connect Task
- Pausing a Smart Connect Task
- Restarting a Smart Connect Task
- Starting a Smart Connect Task or Restarting a Paused or Running Smart Connect Task
- Specification Modification Management
- Topic Management
-
Managing Consumer Groups
- Querying Consumer Group Details
- Querying All Consumer Groups
- Deleting Consumer Groups of a Kafka Instance in Batches
- Creating a Consumer Group
- Resetting Consumer Group Offset to the Specified Position
- Querying the Offset of a Consumer Group
- Modifying All Consumer Groups
- Querying a Specified Consumer Group
- Deleting a Specified Consumer Group
- Modifying a Specified Consumer Group
- Querying Topics of a Specified Consumer Group
- Querying Consumers in a Specified Consumer Group
- User Management
- Managing Messages
- Background Task Management
- Tag Management
- Diagnosis Management
- Other APIs
- Permissions and Supported Actions
- Out-of-Date APIs
- Appendix
- Change History
- SDK Reference
-
FAQs
-
Instances
- Why Can't I Select Two AZs?
- Why Can't I View the Subnet and Security Group Information When Creating a DMS Instance?
- How Do I Select Storage Space for a Kafka Instance?
- How Do I Choose Between High I/O and Ultra-high I/O?
- Which Capacity Threshold Policy Should I Use?
- Which Kafka Versions Are Supported?
- What Is the ZooKeeper Address of a Kafka Instance?
- Are Kafka Instances in Cluster Mode?
- Can I Modify the Port for Accessing a Kafka Instance?
- How Long Are Kafka SSL Certificates Valid for?
- How Do I Synchronize Data from One Kafka Instance to Another?
- How Do I Change the SASL_SSL Setting of a Kafka Instance?
- How Do I Modify the SASL Mechanism?
- How Do I Change the Security Protocol?
- Will a Kafka Instance Be Restarted After Its Enterprise Project Is Modified?
- Are Kafka Brokers and ZooKeeper Deployed on the Same VM or on Different VMs?
- Can I Delete a Kafka Instance Billed in Yearly/Monthly Mode?
- Which Cipher Suites Are Supported by Kafka?
- Can I Change Single-AZ Deployment to Multi-AZ Deployment for an Instance?
- Does DMS for Kafka Support Cross-AZ Disaster Recovery? Where Can I Check Whether an Existing Instance is Across-AZs?
- Do Kafka Instances Support Disk Encryption?
- Can I Change the VPC and Subnet After a Kafka Instance Is Created?
- Where Can I Find Kafka Streams Use Cases?
- Can I Upgrade Kafka Instances?
- How Do I Bind an EIP Again?
- Specification Modification
-
Connections
- How Do I Select and Configure a Security Group?
- Can I Access a Kafka Instance Over a Public Network?
- How Many Connection Addresses Does a Kafka Instance Have by Default?
- Do Kafka Instances Support Cross-Region Access?
- Do Kafka Instances Support Cross-VPC Access?
- Do Kafka Instances Support Cross-Subnet Access?
- Does DMS for Kafka Support Authentication with Kerberos?
- Does DMS for Kafka Support Password-Free Access?
- How Do I Obtain the Public Access Address After Public Access Is Enabled?
- Does DMS for Kafka Support Authentication on Clients by the Server?
- Can I Use PEM SSL Truststore When Connecting to a Kafka Instance with SASL_SSL Enabled?
- What Are the Differences Between JKS and CRT Certificates?
- Which TLS Version Does DMS for Kafka Support?
- Is There a Limit on the Number of Client Connections to a Kafka Instance?
- How Many Connections Are Allowed from Each IP Address?
- Can I Change the Private Network Addresses of a Kafka Instance?
- Is the Same SSL Certificate Used for Different Instances?
- Why Is It Not Recommended to Use a Sarama Client for Messaging?
-
Topics and Partitions
- Is There a Limit on the Number of Topics in a Kafka Instance?
- Why Is Partition Quantity Limited?
- Can I Reduce the Partition Quantity?
- Why Do I Fail to Create Topics?
- Do Kafka Instances Support Batch Importing Topics or Automatic Topic Creation?
- Why Do Deleted Topics Still Exist?
- Can I View the Disk Space Used by a Topic?
- Can I Add ACL Permissions for Topics?
- What Should I Do If Kafka Storage Space Is Used Up Because Retrieved Messages Are Not Deleted?
- How Do I Increase the Partition Quantity?
- Will a Kafka Instance Be Restarted After Its Automatic Topic Creation Setting Is Modified?
- What Can I Do If a Consumer Fails to Retrieve Messages from a Topic Due to Insufficient Permissions?
-
Consumer Groups
- Do I Need to Create Consumer Groups, Producers, and Consumers for Kafka Instances?
- Will a Consumer Group Without Active Consumers Be Automatically Deleted in 14 Days?
- Why Does a Deleted Consumer Group Still Exist?
- Why Can't I View Consumers When Instance Consumption Is Normal?
- Can I Delete Unnecessary Topics in a Consumer Group?
-
Messages
- What Is the Maximum Size of a Message that Can be Created?
- Why Does Message Poll Often Fail During Rebalancing?
- Why Can't I Query Messages on the Console?
- What Can I Do If Kafka Messages Are Accumulated?
- Why Do Messages Still Exist After the Retention Period Elapses?
- Do Kafka Instances Support Delayed Message Delivery?
- How Do I View the Number of Accumulated Messages?
- Why Is the Message Creation Time Displayed as Year 1970?
- How Do I Modify message.max.bytes?
- Why Are Offsets Not Continuous?
-
Kafka Manager
- Can I Configure a Kafka Manager Account to Be Read-Only?
- Why Can't I See Broker Information After Logging In to Kafka Manager?
- Yikes! Insufficient partition balance when creating topic : projectman_project_enterprise_project Try again.
- Can I Query the Body of a Message by Using Kafka Manager?
- Can I Change the Port of the Kafka Manager Web UI?
- Which Topic Configurations Can Be Modified on Kafka Manager?
- Why Is Information Displayed on Kafka Manager Inconsistent with Cloud Eye Monitoring Data?
- How Do I Change a Partition Leader for a Topic in Kafka Manager?
- Why Is the Version on the Console Different from That in Kafka Manager?
- Why Does an Instance Contain Default Topics __trace and __consumer_offsets?
- Why Do I See a Deleted Consumer Group on Kafka Manager?
-
Monitoring & Alarm
- Why Can't I View the Monitoring Data?
- Why Is the Monitored Number of Accumulated Messages Inconsistent with the Message Quantity Displayed on the Kafka Console?
- Why Is a Consumer Group Still on the Monitoring Page After Being Deleted?
- Why Do Metrics Fluctuate Significantly (Disk Read/Write Speed, Average Disk Read/Write Time, and CPU Usage)?
- Why Does JVM Heap Memory Usage of JVM Fluctuate Significantly?
- Why Is Production Rate Still 0 When There Are Produced Messages?
-
Instances
-
Troubleshooting
- Troubleshooting Kafka Connection Exceptions
- Troubleshooting 6-Min Latency Between Message Creation and Retrieval
- Troubleshooting Message Creation Failures
- Troubleshooting Topic Deletion Failures
- Troubleshooting Failure to Log In to Kafka Manager in Windows
- Troubleshooting Error "Topic {{topic_name}} not present in metadata after 60000 ms" During Message Production or Consumption
- Flink 1.15 Consumption Progress Submission Failure
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Permissions Management
- Preparing Required Resources
- Buying an Instance
- Accessing a Kafka Instance
- Managing Instances
- Managing Topics
- Managing Messages
- Managing Users
- Managing Consumer Groups
- Managing Kafka Quotas
- Modifying Kafka Parameters
- Quotas
- Monitoring
- Auditing
-
FAQs
-
Instances
- Why Can't I Select Two AZs?
- Why Can't I View the Subnet and Security Group Information When Creating a DMS Instance?
- How Do I Select Storage Space for a Kafka Instance?
- How Do I Choose Between High I/O and Ultra-high I/O?
- Which Capacity Threshold Policy Should I Use?
- Which Kafka Versions Are Supported?
- What Is the ZooKeeper Address of a Kafka Instance?
- Are Kafka Instances in Cluster Mode?
- Can I Modify the Port for Accessing a Kafka Instance?
- How Long Are Kafka SSL Certificates Valid for?
- How Do I Synchronize Data from One Kafka Instance to Another?
- How Do I Change the SASL_SSL Setting of a Kafka Instance?
- How Do I Modify the SASL Mechanism?
- Will a Kafka Instance Be Restarted After Its Enterprise Project Is Modified?
- Are Kafka Brokers and ZooKeeper Deployed on the Same VM or on Different VMs?
- Which Cipher Suites Are Supported by Kafka?
- Can I Change an Instance from Single-AZ Deployment to Multi-AZ Deployment?
- Does DMS for Kafka Support Cross-AZ Disaster Recovery? Where Can I View the AZs Configured for an Existing Instance?
- Do Kafka Instances Support Disk Encryption?
- Does Specification Modification Affect Services?
- Can I Change the VPC and Subnet After a Kafka Instance Is Created?
- Where Can I Find Kafka Streams Use Cases?
- Can I Upgrade Kafka Instances?
- Why Is the Version on the Console Different from That in Kafka Manager?
- How Do I Bind an EIP Again?
-
Connections
- How Do I Select and Configure a Security Group?
- Can I Access a Kafka Instance Over a Public Network?
- How Many Connection Addresses Does a Kafka Instance Have by Default?
- Do Kafka Instances Support Cross-Region Access?
- Do Kafka Instances Support Cross-VPC Access?
- Do Kafka Instances Support Cross-Subnet Access?
- Does DMS for Kafka Support Authentication with Kerberos?
- Does DMS for Kafka Support Password-Free Access?
- How Do I Obtain the Public Access Address After Public Access Is Enabled?
- Does DMS for Kafka Support Authentication on Clients by the Server?
- Can I Use PEM SSL Truststore When Connecting to a Kafka Instance with SASL_SSL Enabled?
- What Are the Differences Between JKS and CRT Certificates?
- Which TLS Version Does DMS for Kafka Support?
- Is There a Limit on the Number of Client Connections to a Kafka Instance?
- How Many Connections Are Allowed from Each IP Address?
- Can I Change the Private Network Addresses of a Kafka Instance?
- Is the Same SSL Certificate Used for Different Instances?
-
Topics and Partitions
- Is There a Limit on the Number of Topics in a Kafka Instance?
- Why Is Partition Quantity Limited?
- Can I Change the Partition Quantity?
- Why Do I Fail to Create Topics?
- Do Kafka Instances Support Batch Importing Topics or Automatic Topic Creation?
- Why Do Deleted Topics Still Exist?
- Can I View the Disk Space Used by a Topic?
- Can I Add ACL Permissions for Topics?
- What Should I Do If Kafka Storage Space Is Used Up Because Retrieved Messages Are Not Deleted?
- How Do I Increase the Partition Quantity?
- Will a Kafka Instance Be Restarted After Its Automatic Topic Creation Setting Is Modified?
- How Do I Disable Automatic Topic Creation?
- Can I Delete Unnecessary Topics in a Consumer Group?
- What Can I Do If a Consumer Fails to Retrieve Messages from a Topic Due to Insufficient Permissions?
- Why Does an Instance Contain Default Topics __trace and __consumer_offsets?
- Consumer Groups
-
Messages
- What Is the Maximum Size of a Message that Can be Created?
- Why Does Message Poll Often Fail During Rebalancing?
- Why Can't I Query Messages on the Console?
- What Can I Do If Kafka Messages Are Accumulated?
- Why Do Messages Still Exist After the Retention Period Elapses?
- Do Kafka Instances Support Delayed Message Delivery?
- How Do I View the Number of Accumulated Messages?
- Why Is the Message Creation Time Displayed as Year 1970?
-
Kafka Manager
- Can I Configure a Kafka Manager Account to Be Read-Only?
- Why Can't I See Broker Information After Logging In to Kafka Manager?
- Yikes! Insufficient partition balance when creating topic : projectman_project_enterprise_project Try again.
- Can I Query the Body of a Message by Using Kafka Manager?
- Can I Change the Port of the Kafka Manager Web UI?
- Which Topic Configurations Can Be Modified on Kafka Manager?
- Why Is Information Displayed on Kafka Manager Inconsistent with Cloud Eye Monitoring Data?
- How Do I Change a Partition Leader for a Topic in Kafka Manager?
- Monitoring & Alarm
-
Instances
-
Troubleshooting
- Troubleshooting Kafka Connection Exceptions
- Troubleshooting 6-Min Latency Between Message Creation and Retrieval
- Troubleshooting Message Creation Failures
- Troubleshooting Topic Deletion Failures
- Troubleshooting Failure to Log In to Kafka Manager in Windows
- Troubleshooting Error "Topic {{topic_name}} not present in metadata after 60000 ms" During Message Production or Consumption
- Change History
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris Region)
- Service Overview
- Getting Started
- Permissions Management
- Preparing Required Resources
- Creating an Instance
- Accessing a Kafka Instance
- Managing Instances
- Managing Topics
- Managing Messages
- Managing Users
- Managing Consumer Groups
- Managing Kafka Quotas
- Modifying Kafka Parameters
- Quotas
- Monitoring
- Auditing
-
FAQs
-
Instances
- Why Can't I Select Two AZs?
- Why Can't I View the Subnet and Security Group Information When Creating a DMS Instance?
- How Do I Select Storage Space for a Kafka Instance?
- How Do I Choose Between High I/O and Ultra-high I/O?
- Which Capacity Threshold Policy Should I Use?
- Which Kafka Versions Are Supported?
- What Is the ZooKeeper Address of a Kafka Instance?
- Are Kafka Instances in Cluster Mode?
- Can I Modify the Port for Accessing a Kafka Instance?
- How Long Are Kafka SSL Certificates Valid for?
- How Do I Synchronize Data from One Kafka Instance to Another?
- How Do I Change the SASL_SSL Setting of a Kafka Instance?
- How Do I Modify the SASL Mechanism?
- Will a Kafka Instance Be Restarted After Its Enterprise Project Is Modified?
- Are Kafka Brokers and ZooKeeper Deployed on the Same VM or on Different VMs?
- Which Cipher Suites Are Supported by Kafka?
- Can I Change an Instance from Single-AZ Deployment to Multi-AZ Deployment?
- Does DMS for Kafka Support Cross-AZ Disaster Recovery? Where Can I View the AZs Configured for an Existing Instance?
- Do Kafka Instances Support Disk Encryption?
- Can I Change the VPC and Subnet After a Kafka Instance Is Created?
- Where Can I Find Kafka Streams Use Cases?
- Can I Upgrade Kafka Instances?
- Why Is the Version on the Console Different from That in Kafka Manager?
- How Do I Bind an EIP Again?
- Specification Modification
-
Connections
- How Do I Select and Configure a Security Group?
- Can I Access a Kafka Instance Over a Public Network?
- How Many Connection Addresses Does a Kafka Instance Have by Default?
- Do Kafka Instances Support Cross-Region Access?
- Do Kafka Instances Support Cross-VPC Access?
- Do Kafka Instances Support Cross-Subnet Access?
- Does DMS for Kafka Support Authentication with Kerberos?
- Does DMS for Kafka Support Password-Free Access?
- How Do I Obtain the Public Access Address After Public Access Is Enabled?
- Does DMS for Kafka Support Authentication on Clients by the Server?
- Can I Use PEM SSL Truststore When Connecting to a Kafka Instance with SASL_SSL Enabled?
- What Are the Differences Between JKS and CRT Certificates?
- Which TLS Version Does DMS for Kafka Support?
- Is There a Limit on the Number of Client Connections to a Kafka Instance?
- How Many Connections Are Allowed from Each IP Address?
- Can I Change the Private Network Addresses of a Kafka Instance?
- Is the Same SSL Certificate Used for Different Instances?
- Why Is It Not Recommended to Use a Sarama Client for Messaging?
-
Topics and Partitions
- Is There a Limit on the Number of Topics in a Kafka Instance?
- Why Is Partition Quantity Limited?
- Can I Reduce the Partition Quantity?
- Why Do I Fail to Create Topics?
- Do Kafka Instances Support Batch Importing Topics or Automatic Topic Creation?
- Why Do Deleted Topics Still Exist?
- Can I View the Disk Space Used by a Topic?
- Can I Add ACL Permissions for Topics?
- What Should I Do If Kafka Storage Space Is Used Up Because Retrieved Messages Are Not Deleted?
- How Do I Increase the Partition Quantity?
- Will a Kafka Instance Be Restarted After Its Automatic Topic Creation Setting Is Modified?
- How Do I Disable Automatic Topic Creation?
- Can I Delete Unnecessary Topics in a Consumer Group?
- What Can I Do If a Consumer Fails to Retrieve Messages from a Topic Due to Insufficient Permissions?
- Why Does an Instance Contain Default Topics __trace and __consumer_offsets?
- Consumer Groups
-
Messages
- What Is the Maximum Size of a Message that Can be Created?
- Why Does Message Poll Often Fail During Rebalancing?
- Why Can't I Query Messages on the Console?
- What Can I Do If Kafka Messages Are Accumulated?
- Why Do Messages Still Exist After the Retention Period Elapses?
- Do Kafka Instances Support Delayed Message Delivery?
- How Do I View the Number of Accumulated Messages?
- Why Is the Message Creation Time Displayed as Year 1970?
-
Kafka Manager
- Can I Configure a Kafka Manager Account to Be Read-Only?
- Why Can't I See Broker Information After Logging In to Kafka Manager?
- Yikes! Insufficient partition balance when creating topic : projectman_project_enterprise_project Try again.
- Can I Query the Body of a Message by Using Kafka Manager?
- Can I Change the Port of the Kafka Manager Web UI?
- Which Topic Configurations Can Be Modified on Kafka Manager?
- How Do I Change a Partition Leader for a Topic in Kafka Manager?
- Monitoring & Alarm
-
Instances
-
Troubleshooting
- Troubleshooting Kafka Connection Exceptions
- Troubleshooting 6-Min Latency Between Message Creation and Retrieval
- Troubleshooting Message Creation Failures
- Troubleshooting Topic Deletion Failures
- Troubleshooting Failure to Log In to Kafka Manager in Windows
- Troubleshooting Error "Topic {{topic_name}} not present in metadata after 60000 ms" During Message Production or Consumption
- Change History
-
API Reference (Paris Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs V2 (Recommended)
- Lifecycle Management
-
Instance Management
- Resetting the Password
- Resetting Kafka Manager Password
- Configuring Automatic Topic Creation
- Modifying the Private IP Address for Cross-VPC Access
- Querying Kafka Cluster Metadata
- Querying Consumer Group Details
- Resetting Consumer Group Offset to the Specified Position
- Querying Coordinator Details of a Kafka Instance
- Adding Partitions to a Topic for a Kafka Instance
- Reassigning Replicas of a Topic for a Kafka Instance
- Querying the Disk Usage Status of Topics
- Querying All Consumer Groups
- Querying a Specific Consumer Group
- Deleting a Consumer Group from a Kafka Instance
- Batch Deleting Consumer Groups of a Kafka Instance
- Initiating Partition Reassigning for a Kafka Instance
- Specification Modification Management
- Topic Management
- User Management
- Message Query
- Background Task Management
- Tag Management
- Other APIs
- Permissions and Supported Actions
- Out-of-Date APIs
- Appendix
- Change History
- Developer Guide (Paris Region)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Process of Using Kafka
- Permissions Management
- Buying a Kafka Instance
- Configuring Topics
- Connecting to an Instance
- Managing Messages
- Managing Consumer Groups
- Managing Quotas
-
Managing Instances
- Viewing and Modifying Basic Information of a Kafka Instance
- Viewing Kafka Disk Usage
- Viewing Kafka Background Tasks
- Viewing Sample Code of Kafka Production and Consumption
- Modifying Kafka Instance Configuration Parameters
- Configuring Kafka Instance Tags
- Exporting the Kafka Instance List
- Restarting a Kafka Instance
- Deleting Kafka Instances
- Using Kafka Manager
- Modifying Kafka Instance Specifications
- Migrating Data
- Applying for Increasing Kafka Quotas
- Monitoring and Alarms
- Viewing Kafka Audit Logs
-
FAQs
-
Instances
- Why Can't I Select Two AZs?
- Why Can't I View the Subnet and Security Group Information When Creating a DMS Instance?
- How Do I Select Storage Space for a Kafka Instance?
- How Do I Choose Between High I/O and Ultra-high I/O?
- Which Capacity Threshold Policy Should I Use?
- Which Kafka Versions Are Supported?
- What Is the ZooKeeper Address of a Kafka Instance?
- Are Kafka Instances in Cluster Mode?
- Can I Modify the Port for Accessing a Kafka Instance?
- How Long Are Kafka SSL Certificates Valid for?
- How Do I Synchronize Data from One Kafka Instance to Another?
- How Do I Change the SASL_SSL Setting of a Kafka Instance?
- How Do I Modify the SASL Mechanism?
- Will a Kafka Instance Be Restarted After Its Enterprise Project Is Modified?
- Are Kafka Brokers and ZooKeeper Deployed on the Same VM or on Different VMs?
- Which Cipher Suites Are Supported by Kafka?
- Can I Change an Instance from Single-AZ Deployment to Multi-AZ Deployment?
- Does DMS for Kafka Support Cross-AZ Disaster Recovery? Where Can I View the AZs Configured for an Existing Instance?
- Do Kafka Instances Support Disk Encryption?
- Can I Change the VPC and Subnet After a Kafka Instance Is Created?
- Where Can I Find Kafka Streams Use Cases?
- Can I Upgrade Kafka Instances?
- Why Is the Version on the Console Different from That in Kafka Manager?
- Specification Modification
-
Connections
- How Do I Select and Configure a Security Group?
- Can I Access a Kafka Instance Over a Public Network?
- How Many Connection Addresses Does a Kafka Instance Have by Default?
- Do Kafka Instances Support Cross-Region Access?
- Do Kafka Instances Support Cross-VPC Access?
- Do Kafka Instances Support Cross-Subnet Access?
- Does DMS for Kafka Support Authentication with Kerberos?
- Does DMS for Kafka Support Password-Free Access?
- Does DMS for Kafka Support Authentication on Clients by the Server?
- Can I Use PEM SSL Truststore When Connecting to a Kafka Instance with SASL_SSL Enabled?
- What Are the Differences Between JKS and CRT Certificates?
- Which TLS Version Does DMS for Kafka Support?
- Is There a Limit on the Number of Client Connections to a Kafka Instance?
- How Many Connections Are Allowed from Each IP Address?
- Can I Change the Private Network Addresses of a Kafka Instance?
- Is the Same SSL Certificate Used for Different Instances?
- Why Is It Not Recommended to Use a Sarama Client for Messaging?
-
Topics and Partitions
- Is There a Limit on the Number of Topics in a Kafka Instance?
- Why Is Partition Quantity Limited?
- Can I Reduce the Partition Quantity?
- Why Do I Fail to Create Topics?
- Do Kafka Instances Support Batch Importing Topics or Automatic Topic Creation?
- Why Do Deleted Topics Still Exist?
- Can I View the Disk Space Used by a Topic?
- Can I Add ACL Permissions for Topics?
- What Should I Do If Kafka Storage Space Is Used Up Because Retrieved Messages Are Not Deleted?
- How Do I Increase the Partition Quantity?
- Will a Kafka Instance Be Restarted After Its Automatic Topic Creation Setting Is Modified?
- Can I Delete Unnecessary Topics in a Consumer Group?
- What Can I Do If a Consumer Fails to Retrieve Messages from a Topic Due to Insufficient Permissions?
- Why Does an Instance Contain Default Topics __trace and __consumer_offsets?
- Consumer Groups
-
Messages
- What Is the Maximum Size of a Message that Can be Created?
- Why Does Message Poll Often Fail During Rebalancing?
- Why Can't I Query Messages on the Console?
- What Can I Do If Kafka Messages Are Accumulated?
- Why Do Messages Still Exist After the Retention Period Elapses?
- Do Kafka Instances Support Delayed Message Delivery?
- How Do I View the Number of Accumulated Messages?
- Why Is the Message Creation Time Displayed as Year 1970?
-
Kafka Manager
- Can I Configure a Kafka Manager Account to Be Read-Only?
- Why Can't I See Broker Information After Logging In to Kafka Manager?
- Yikes! Insufficient partition balance when creating topic : projectman_project_enterprise_project Try again.
- Can I Query the Body of a Message by Using Kafka Manager?
- Can I Change the Port of the Kafka Manager Web UI?
- Which Topic Configurations Can Be Modified on Kafka Manager?
- Why Is Information Displayed on Kafka Manager Inconsistent with Cloud Eye Monitoring Data?
- How Do I Change a Partition Leader for a Topic in Kafka Manager?
- Monitoring & Alarm
-
Instances
-
Troubleshooting
- Troubleshooting Kafka Connection Exceptions
- Troubleshooting 6-Min Latency Between Message Creation and Retrieval
- Troubleshooting Message Creation Failures
- Troubleshooting Topic Deletion Failures
- Troubleshooting Failure to Log In to Kafka Manager in Windows
- Troubleshooting Error "Topic {{topic_name}} not present in metadata after 60000 ms" During Message Production or Consumption
- Change History
- API Reference (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Generating and Replacing an SSL Kafka Certificate in JKS Format
The SSL certificate secures data transmission through encryption between a client and an instance.
When connecting a Kafka client to a Kafka instance that has ciphertext access enabled and SASL_SSL as the security protocol, use either the certificate provided by DMS for Kafka or your own certificate. This section describes how to generate your own certificate and use it to replace the one provided by DMS for Kafka.
To generate and replace certificates, contact background support personnel to enable the function for you. This function is available on a whitelist basis in all regions.
Notes and Constraints
Replacing the certificate will restart the instance. Exercise caution.
Prerequisites
- A Linux server is available. The server must install Java Development Kit 1.8.111 or later and JAVA_HOME and PATH environment variables are configured.
- Kafka SASL_SSL has been enabled for the instance.
Step 1: Generating a Certificate
- Log in to the Linux server and run the following command to generate a keystore for the server.keystore.jks certificate:
keytool -genkey -keystore server.keystore.jks -alias localhost -validity 3650 -keyalg RSA
Enter the keystore password as prompted and record the password for later use.
The password must meet the following requirements:
- Contains 8 to 32 characters.
- Contains at least three of the following character types: letters, digits, spaces, and special characters `-!@#$ %^&*()-_=+\|[{}]:'",<.>/? and does not start with a hyphen (-).
- Cannot be a weak password. To check whether a password is weak, enter it in 7.
Enter the information about the certificate owner as prompted, such as the name, company, organization, city, and country or region.
[root@ecs-kafka ~]# keytool -genkey -keystore server.keystore.jks -alias localhost -validity 3650 -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Tom What is the name of your organizational unit? [Unknown]: test What is the name of your organization? [Unknown]: test01 What is the name of your City or Locality? [Unknown]: nj What is the name of your State or Province? [Unknown]: js What is the two-letter country code for this unit? [Unknown]: xx Is CN=Tom, OU=test, O=test01, L=nj, ST=js, C=xx correct? [no]: y
- Run the following command to generate a CA:
openssl req -new -x509 -keyout ca-key -out ca-cert -days 3650
Enter the PEM password as prompted and record the password for later use.
The password must meet the following requirements: 4 to 1024 characters.
Enter the information about the certificate owner as prompted, such as the country or region, city, organization, company, name, and email.
[root@ecs-kafka ~]# openssl req -new -x509 -keyout ca-key -out ca-cert -days 3650 Generating a RSA private key ............................................................................................................................................+++++ ..........+++++ writing new private key to 'ca-key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:xx State or Province Name (full name) []:js Locality Name (eg, city) [Default City]:nj Organization Name (eg, company) [Default Company Ltd]:test01 Organizational Unit Name (eg, section) []:test Common Name (eg, your name or your server's hostname) []:Tom Email Address []:xx [root@ecs-kafka ~]#
- The certificate validity can be checked only after a truststore certificate is created. Run the following command to create a server truststore certificate with the generated CA:
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
Enter the truststore password of the server certificate as prompted and record the password for later use.
The password must meet the following requirements:
- Contains 8 to 32 characters.
- Contains at least three of the following character types: letters, digits, spaces, and special characters `-!@#$ %^&*()-_=+\|[{}]:'",<.>/? and does not start with a hyphen (-).
- Cannot be a weak password. To check whether a password is weak, enter it in 7.
Enter y when the following information is displayed:Trust this certificate?
- Run the following command to create a client truststore certificate with the CA:
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
Enter the client truststore password as prompted and record the password. This password is the value of ssl.truststore.password in the configuration file used by the client to connect to the Kafka instance.
The password must meet the following requirements:
- Contains 8 to 32 characters.
- Contains at least three of the following character types: letters, digits, spaces, and special characters `-!@#$ %^&*()-_=+\|[{}]:'",<.>/? and does not start with a hyphen (-).
- Cannot be a weak password. To check whether a password is weak, enter it in 7.
Enter y when the following information is displayed:Trust this certificate?
- Sign the server certificate.
- Export the server certificate server.cert-file.
keytool -keystore server.keystore.jks -alias localhost -certreq -file server.cert-file
Enter the keystore password set in 1 as prompted.
- Sign the server certificate with the CA.
openssl x509 -req -CA ca-cert -CAkey ca-key -in server.cert-file -out server.cert-signed -days 3650 -CAcreateserial
Enter the PEM password set in 2 as prompted.
- Import the CA certificate to the server keystore.
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
Enter the keystore password set in 1 as prompted.
Enter y when the following information is displayed:Trust this certificate?
- Import the signed server certificate to the server keystore.
keytool -keystore server.keystore.jks -alias localhost -import -file server.cert-signed
Enter the keystore password set in 1 as prompted.
- Export the server certificate server.cert-file.
- Export the server.keystore.jks, server.truststore.jks, and client.truststore.jks certificates to the local PC.
The server.keystore.jks and server.truststore.jks files are used to replace the keystore and truststore files in subsequent step Replacing a Certificate. client.truststore.jks is required to be stored on the client. Record the storage path and it is the value of ssl.truststore.location in the configuration file used by the client to connect to the Kafka instance.Figure 1 Certificate directory
Step 2: Replacing a Certificate
- Log in to the console.
- Click
in the upper left corner to select the region where your instance is located.
- Click
and choose Middleware > Distributed Message Service for Kafka to open the console of DMS for Kafka.
- In the navigation pane, choose Kafka Instances.
- Click the desired instance to view its details.
- In the Connection area, click Re-upload next to SSL Certificate.
Figure 2 Connection information
- Set the parameters for replacing the SSL certificate by referring to Table 1.
Figure 3 Replacing the SSL certificate
Table 1 Parameters for replacing the SSL certificate Parameter
Description
Key Password
Enter the keystore password set in 1.
Keystore Password
Enter the keystore password set in 1.
Keystore File
Import the server.keystore.jks certificate.
Truststore Password
Enter the server truststore password set in 3.
Truststore File
Import the server.truststore.jks certificate.
- Click OK.
- Click OK.
On the Background Tasks page, if the certificate replacement task is Successful, the certificate is successfully replaced.
After the original certificate is successfully replaced, you will download the certificate provided by DMS for Kafka rather than your own certificate by clicking Download on the Basic Information tab page.
Step 3: Modifying Client Configuration Files
After a certificate is replaced, modify the ssl.truststore.location and ssl.truststore.password parameters in the consumer.properties and producer.properties files on the client, respectively.
security.protocol=SASL_SSL ssl.truststore.location=/opt/kafka_2.12-2.7.2/config/client.truststore.jks ssl.truststore.password=dms@kafka ssl.endpoint.identification.algorithm=
- ssl.truststore.location: path for storing the client.truststore.jks certificate.
- ssl.truststore.password: truststore password of the client certificate
- ssl.endpoint.identification.algorithm: whether to verify the certificate domain name. This parameter must be left blank, which indicates disabling domain name verification.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot