Merge branch '6.0.x'

Author: ybyzek

clients/docs/c.rst

@@ -20,6 +20,7 @@ Client
    your machine. See the `librdkafka installation
    instructions <https://github.com/edenhill/librdkafka/blob/master/README.md#instructions>`__.
 
+.. include:: includes/certs-truststore.rst
 
 Kafka Cluster
 ~~~~~~~~~~~~~

clients/docs/csharp.rst

@@ -18,12 +18,13 @@ Client
 
 - On Windows, default trusted root CA certificates are stored in the Windows Registry. These are required for secure access to Confluent Cloud. The .NET library does not currently have the capability to access these certificates, so you must obtain them from somewhere else, for example use the ``cacert.pem`` file distributed with curl (`download cacert.pm <https://curl.haxx.se/ca/cacert.pem>`__).
 
+.. include:: includes/certs-truststore.rst
+
 Kafka Cluster
 ~~~~~~~~~~~~~
 
 .. include:: includes/client-example-prerequisites.rst
 
-
 Setup
 -----
 

clients/docs/go.rst

@@ -18,6 +18,7 @@ Client
    for Apache Kafka <https://github.com/confluentinc/confluent-kafka-go>`__
    installed.
 
+.. include:: includes/certs-truststore.rst
 
 Kafka Cluster
 ~~~~~~~~~~~~~

clients/docs/includes/certs-truststore.rst

@@ -0,0 +1,67 @@
+Configure SSL trust store
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Depending on your operating system or Linux distribution you may need to take extra
+steps to set up the SSL CA root certificates. If your system doesn't have the
+SSL CA root certificates properly set up, you may receive a ``SSL handshake failed``
+error message similar to the following:
+
+.. code-block:: bash
+
+   %3|1605776788.619|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://...confluent.cloud:9092/bootstr]: sasl_ssl://...confluent.cloud:9092/bootstrap: SSL handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (brew install openssl) (after 258ms in state CONNECT)
+
+In this case, you need to manually install a bundle of validated CA root certificates and potentially modify the client code to set the ``ssl.ca.location`` configuration property.
+(For more information, see the documentation for `librdkafka <https://github.com/edenhill/librdkafka/blob/master/INTRODUCTION.md#ssl>`__ on which this client is built)
+
+macOS
+"""""
+
+On newer versions of macOS (for example, 10.15), you may need to add an
+additional dependency.
+
+For the Python client:
+
+.. code-block:: bash
+
+   pip install certifi
+
+For other clients:
+
+.. code-block:: bash
+
+   brew install openssl
+
+Once you install the CA root certificates, set the ``ssl.ca.location`` property in the client code.
+Edit both the producer and consumer code files, and add the ``ssl.ca.location`` configuration parameter into the producer and consumer properties.
+The value should correspond to the location of the appropriate CA root certificates file on your host.
+
+For the Python client, use ``certifi.where()`` to determine the location of the certificate files:
+
+.. code-block:: text
+
+   ssl.ca.location: certifi.where()
+
+For other clients, check the install path and provide it in the code:
+
+.. code-block:: text
+
+   ssl.ca.location: '/usr/local/etc/openssl@1.1/cert.pem'
+
+
+CentOS
+""""""
+
+You may need to install CA root certificates in the following way:
+
+.. code-block:: bash
+
+   sudo yum reinstall ca-certificates
+
+This should be sufficient for the Kafka clients to find the certificates.
+However, if you still get the same error, you can set the ``ssl.ca.location`` property in the client code.
+Edit both the producer and consumer code files, and add the ``ssl.ca.location`` configuration parameter into the producer and consumer properties.
+The value should correspond to the location of the appropriate CA root certificates file on your host, for example:
+
+.. code-block:: text
+
+   ssl.ca.location: '/etc/ssl/certs/ca-bundle.crt'

clients/docs/python.rst

@@ -34,57 +34,8 @@ Client
   library manually or globally, the same version requirements apply.
 
 
-Configure SSL trust store
-^^^^^^^^^^^^^^^^^^^^^^^^^
+.. include:: includes/certs-truststore.rst
 
-Depending on your operating system or Linux distro you may need to take extra
-steps to set up the SSL CA root certificates. If your system doesn't have the
-SSL CA root certificates properly set up, you may receive an error message
-similar to the following:
-
-.. code-block:: bash
-
-   %3|1554125834.196|FAIL|rdkafka#producer-2| [thrd:sasl_ssl://pkc-epgnk.us-central1.gcp.confluent.cloud\:9092/boot]: sasl_ssl://pkc-epgnk.us-central1.gcp.confluent.cloud\:9092/bootstrap: Failed to verify broker certificate: unable to get issuer certificate (after 626ms in state CONNECT)
-   %3|1554125834.197|ERROR|rdkafka#producer-2| [thrd:sasl_ssl://pkc-epgnk.us-central1.gcp.confluent.cloud\:9092/boot]: sasl_ssl://pkc-epgnk.us-central1.gcp.confluent.cloud\:9092/bootstrap: Failed to verify broker certificate: unable to get issuer certificate (after 626ms in state CONNECT)
-   %3|1554125834.197|ERROR|rdkafka#producer-2| [thrd:sasl_ssl://pkc-epgnk.us-central1.gcp.confluent.cloud\:9092/boot]: 1/1 brokers are down
-
-macOS
-"""""
-
-On newer versions of macOS (for example, 10.15), you may need to add an
-additional dependency:
-
-.. code-block:: bash
-
-   pip install certifi
-
-Add the ``ssl.ca.location`` property to the config dict object in
-``producer.py`` and ``consumer.py``, and its value should correspond to
-the location of the appropriate CA certificates file on your host:
-
-.. code-block:: text
-
-   ssl.ca.location: '/Library/Python/3.7/site-packages/certifi/cacert.pem'
-
-CentOS
-""""""
-
-.. code-block:: bash
-
-   sudo yum reinstall ca-certificates
-
-Add the ``ssl.ca.location`` property to the config dict object in
-``producer.py`` and ``consumer.py``, and its value should correspond to
-the location of the appropriate CA certificates file on your host:
-
-
-.. code-block:: text
-
-   ssl.ca.location: '/etc/ssl/certs/ca-bundle.crt'
-
-For more information, see the `librdkafka
-<https://github.com/edenhill/librdkafka/wiki/Using-SSL-with-librdkafka>`__
-documentation on which this Python producer is built.
 
 Kafka Cluster
 ~~~~~~~~~~~~~

microservices-orders/docker-compose-ccloud.yml

@@ -59,9 +59,9 @@ services:
       CONNECT_SASL_JAAS_CONFIG: $SASL_JAAS_CONFIG
       CONNECT_SASL_MECHANISM: PLAIN
 
-      CONNECT_CONFIG_STORAGE_TOPIC: connect-configs
-      CONNECT_OFFSET_STORAGE_TOPIC: connect-offsets
-      CONNECT_STATUS_STORAGE_TOPIC: connect-statuses
+      CONNECT_CONFIG_STORAGE_TOPIC: connect-demo-configs
+      CONNECT_OFFSET_STORAGE_TOPIC: connect-demo-offsets
+      CONNECT_STATUS_STORAGE_TOPIC: connect-demo-statuses
 
       CONNECT_REPLICATION_FACTOR: 3
       CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 3

microservices-orders/scripts/create-topics-ccloud.sh

@@ -16,7 +16,6 @@ while IFS= read -r TOPIC;
       else
         printf "\nCreating topic $TOPIC on Confluent Cloud\n"
         ccloud kafka topic create $TOPIC
-        printf "\n"
       fi
     }
   done <$TOPICS_FILE

microservices-orders/start-ccloud.sh

@@ -6,7 +6,7 @@ source ../utils/helper.sh
 
 MAX_WAIT=${MAX_WAIT:-60}
 
-ccloud::validate_version_ccloud_cli 1.10.0 \
+ccloud::validate_version_ccloud_cli 1.20.1 \
   && print_pass "ccloud version ok"
 
 ccloud::validate_logged_in_ccloud_cli \
@@ -37,6 +37,10 @@ docker-compose -f docker-compose-ccloud.yml up -d --build
 
 printf "\n====== Giving services $WARMUP_TIME seconds to startup\n"
 sleep $WARMUP_TIME 
+MAX_WAIT=240
+echo "Waiting up to $MAX_WAIT seconds for connect to start"
+retry $MAX_WAIT check_connect_up connect || exit 1
+printf "\n\n"
 
 printf "\n====== Configuring Elasticsearch mappings\n"
 ./dashboard/set_elasticsearch_mapping.sh