Add optins to configure producing events to a kerberized kafka

krisgeus · krisgeus · commit 42f0471597cd · 2017-10-02T23:48:44.000+02:00
diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -522,6 +522,38 @@ Property: ``divolte.global.kafka.producer``
       retries = 5
     }
 
+  It is also possible to configure divolte to work with a kerberized Kafka cluster the following configuration snippet shows how.
+
+
+  .. code-block:: none
+
+    divolte.global.kafka.producer = {
+      bootstrap.servers = ["server1:9092", "server2:9092", "server3:9092"]
+      client.id = divolte.collector
+
+      acks = 0
+      retries = 5
+
+      sasl.jaas.config = ""
+      sasl.jaas.config = ${?KAFKA_SASL_JAAS_CONFIG}
+
+      security.protocol = PLAINTEXT
+      security.protocol = ${?KAFKA_SECURITY_PROTOCOL}
+      sasl.mechanism = GSSAPI
+      sasl.kerberos.service.name = kafka
+    }
+
+  The :envvar:`KAFKA_SECURITY_PROTOCOL` can then be set to `SASL_PLAINTEXT` and the :envvar:`KAFKA_SASL_JAAS_CONFIG` can be set to something like:
+
+  .. code-block:: none
+
+    com.sun.security.auth.module.Krb5LoginModule required
+    useKeyTab=true
+    storeKey=true
+    keyTab="/etc/security/keytabs/divolte.keytab"
+    principal="divolte/hostname.divolte.io";
+
+
 Sources (``divolte.sources``)
 -----------------------------
 
@@ -534,6 +566,7 @@ Each source has a type configured via a mandatory ``type`` property. Two types o
 
 For example:
 
+
 .. code-block:: none
 
   divolte.sources {
