From f89b4fe2826634a2953366c5f89d5cff1ebb30ea Mon Sep 17 00:00:00 2001 From: Sergey Antropoff Date: Wed, 10 Sep 2025 18:47:58 +0300 Subject: [PATCH] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B0=20=D0=BF=D1=80=D0=BE=D0=B1=D0=BB=D0=B5=D0=BC?= =?UTF-8?q?=D0=B0=20=D1=81=20Kafka=20SSL=20=D1=81=D0=B5=D1=80=D1=82=D0=B8?= =?UTF-8?q?=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D0=B0=D0=BC=D0=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Создан Dockerfile для генерации SSL сертификатов через Docker - Обновлен скрипт generate-ssl.sh для работы в Docker-контейнере - Исправлены пути монтирования SSL сертификатов в docker-compose.yml - Временно отключен SSL для Kafka (работает в PLAINTEXT режиме) - Kafka успешно запускается и создает топики - Добавлены SSL сертификаты для PostgreSQL --- Makefile | 5 +++-- ca-cert | 22 ++++++++++++++++++++++ ca-key | 30 ++++++++++++++++++++++++++++++ docker-compose.yml | 23 +++++------------------ kafka-ssl/Dockerfile | 28 ++++++++++++++++++++++++++++ kafka-ssl/generate-ssl.sh | 20 ++++++++++++-------- kafka.client.keystore.jks | Bin 0 -> 4894 bytes kafka.client.truststore.jks | Bin 0 -> 1318 bytes kafka.server.keystore.jks | Bin 0 -> 4894 bytes kafka.server.truststore.jks | Bin 0 -> 1318 bytes postgres-ssl/ca.srl | 1 + 11 files changed, 101 insertions(+), 28 deletions(-) create mode 100644 ca-cert create mode 100644 ca-key create mode 100644 kafka-ssl/Dockerfile create mode 100644 kafka.client.keystore.jks create mode 100644 kafka.client.truststore.jks create mode 100644 kafka.server.keystore.jks create mode 100644 kafka.server.truststore.jks create mode 100644 postgres-ssl/ca.srl diff --git a/Makefile b/Makefile index c0c24b6..239dcd7 100644 --- a/Makefile +++ b/Makefile @@ -163,11 +163,12 @@ restore: ## Восстановить данные из резервной коп ssl-generate: ## Генерация SSL сертификатов для Kafka и PostgreSQL @echo "🔐 Генерация SSL сертификатов для Kafka..." @mkdir -p ./kafka-ssl - @docker run --rm -v $$PWD:/workspace -w /workspace \ + @docker build -t sensus-kafka-ssl ./kafka-ssl/ + @docker run --rm -v $$PWD:/workspace \ -e KAFKA_SSL_KEYSTORE_PASSWORD=$${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123} \ -e KAFKA_SSL_TRUSTSTORE_PASSWORD=$${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123} \ -e KAFKA_SSL_KEY_PASSWORD=$${KAFKA_SSL_KEY_PASSWORD:-kafka123} \ - openjdk:11-jre-slim bash -c "apt-get update && apt-get install -y openssl && chmod +x /workspace/kafka-ssl/generate-ssl.sh && /workspace/kafka-ssl/generate-ssl.sh" + sensus-kafka-ssl @echo "✅ SSL сертификаты Kafka созданы в ./kafka-ssl/" @echo "🔐 Генерация SSL сертификатов для PostgreSQL..." @mkdir -p ./postgres-ssl diff --git a/ca-cert b/ca-cert new file mode 100644 index 0000000..c67a426 --- /dev/null +++ b/ca-cert @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIUSjePknvzx9A0iWmw4kymBR8xqVkwDQYJKoZIhvcNAQEL +BQAwZzELMAkGA1UEBhMCUlUxDzANBgNVBAgMBk1vc2NvdzEPMA0GA1UEBwwGTW9z +Y293MQ8wDQYDVQQKDAZTZW5zdXMxCzAJBgNVBAsMAklUMRgwFgYDVQQDDA9jYS5z +ZW5zdXMubG9jYWwwHhcNMjUwOTEwMTU0MTE3WhcNMjYwOTEwMTU0MTE3WjBnMQsw +CQYDVQQGEwJSVTEPMA0GA1UECAwGTW9zY293MQ8wDQYDVQQHDAZNb3Njb3cxDzAN +BgNVBAoMBlNlbnN1czELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2NhLnNlbnN1cy5s +b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzwlx/OqUcg1DdL +dCwuopkWPVHx1eZTaEWb5WM9Z1WkOJYkhlNeqzIqeH/EdvS0KvFJpsP4KJGj7HF0 +PG93aiNN7MMd64sIwf67cy1s1BTsm5WdRlf9NYf4NBZcjykQq9y5Y7SvrGBLqgfY +mTciMRLT6w3BGW8IiU5Cijwv2FBzhhSQSXJilRP1urW+TmctEfFoOLveFaDKz2nP +2jGgQMf2MTLslW3GY0TdtDlmkLaJ9gcy1Z+DVgpID8Y0sgIMpBIUN7s6HT3Uh/qT +qS5BczJW06zm7mwS99yCN+h8SFKbyGffx5omCK4kBtyezcev28nsfFlDUyyxzQ6N +PdbHIIUCAwEAAaNTMFEwHQYDVR0OBBYEFP2VgVDe9fNtpcUKQuv+p01msdYkMB8G +A1UdIwQYMBaAFP2VgVDe9fNtpcUKQuv+p01msdYkMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAE8Ue2K7OIuzWZ9PSdRvK5ubMLWK2P+YKo+85pvn +k0/0EjaQDBbVR9OytzR8Viwl3ME9hgP4QEhWLHcNgQqtQ+VWRZtLjteJ0MYYzfwO +Ue1NNB0Pa2lA6xLIekMbLVCo+wEQ64VCKwI0gjcJdSkx38lQ9DTbU6OepAa+w9Bo +wM1TfTM/yMrXkGWbbjTMGCuQjxZJS2ScOcZIyWwLfv2GDLEG1I4Z+YwVVv5orf5X +4RcXyuFK3AJuF4/eM3wLvizEfmcTKtEFaghWin8dhWg1RIV+u8QsuHEasuhB1JCc +puvKzb9czXEmJso+aDyy1SOwCrbb7ZOX97OxTzGfXdcbwVY= +-----END CERTIFICATE----- diff --git a/ca-key b/ca-key new file mode 100644 index 0000000..8ca360b --- /dev/null +++ b/ca-key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIAiw9VEuLcnICAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJt1Fkh/2mpHBIIEyFJwP3wCJOvu +05kplp9aFOXlFKdTjHhUbpWkqlG/9N85565eSZtHrp8AonScVxEbUZVHM3lERM/w +R6UZ8IiLLmuwcPLDosOrZUQDFJhVTswcA2asRCAoFaQC4XEFxkMl8Sj85a+5Hr2L +v9nejAHzrmryRwVh32KRa/Vcrv1aIn21rFFoKzYefCEDAdL+WcTZ+wpdbP9GV1NF +SZGYToIOWFTiSxIw+bgxyy62QaXiAjJw+M4O0sDbKcTwAnrBOQ1S/HoW78BB/IeC +fJDQRIm1CDPLhE5iWF9rnxVz3E4X8fGtzPJBHmQfMb27QKPoexS9ND1YxrsAVnAK +Judmc9CP4qoBERfnxXx41iofo1NQkYRVIkCuTB7yRuFJCkJPsMUqKcv9/N7rLCom +P1qyN8dJ4NL2TV7K987zUspHilAbiD4NWdsd+Ti5L2zTTOCjnbGWHwgxZ3klFPFr +wauOa2W7OaYJa40NSk2j3ynY7eBauEDJ4F8y+R7bLJJjSux8RcpCzFfAGfsATQxq +EOjbpB5TiRYrTQlvnaxoZow/+qOfImfQ3jvasY/rPEkZx6rBiJ9jzLa+TBHhnEgv +hulD691x/dJNgfIbd155ACSAWHoJg8igWNNYW9wGKh5CbvxjOK5EJO/nOyVOkPzf +PdbtG3xw+lXqW0aZAGILWGB9Sntph6S2V5iYaWUIjiLuvJHWW7PZQxmYGpEgG3Ve +1amtQgRgM72erq3wp+C2cZmx337G0vR5r2P+OqL3apcjmvQTEzjIWmceCEnFSdk0 +llhNLayVzzbr81qjPhOhIFd14eoi1g2Yqsu1Wq4Rl7UxG9GfROtTGzp5eom9VxwX +BMZuGWDxp/7KvmG/C3V3gKgYtWYalfCMAfgLnEKtnLWu03TDSwv7VcxNK6PAHL2c +X3DKwNPjNuf+FFKciZeQTmJV91kEHK7N2k6Co9eioYUuvRJsBcF04O99jXvBBOJw +pv9SyiLPAN9VFHw9gsLgpvJJhENb1QCU71KSSEOkqAkUxXKkbilzqxqpHrpfvrSL +pCemSG3mRloFLi1AjkyUTFnR1dS7iMCeXto2hSvNVRSpqki6q2Jp37LUnmq3GRTp +9ciOC8BHhrLz/v5u2AgDlPEICeItdRBlTIAZ0ViiJK9Mm9NWoSExtlN+K3KHgVMd +SVfjCOhZoIQxG1RRrpXazBCDKeoiA6SXHrE+qiyjrIq9RB7e4Dj5UePEAFixYMII +HWs7O24M+zlXPLbdhh0ipgDBwAHmVZD0ie/qthWJc0iaEO65U4RI75wzWSL32bTM +h/jUAfwoNIgblL0Mi1Qnj9P9lCLprN3a++PyR1vTun/F1+Ok1rxEOkXGaHYsYvqN +M3NYxH8pM8F6aBh17l5PUlPcErdhWYHNtOUIWtbfJw8XFQbYUo5W7a+khWuxW4DO +uo2lwxEAUUBpSMAdIcaGa3o2cvj2pQ3tobQxA5n9Ak7kK53+yUMtGkWL3EoBDtl4 +M/auLQYAt+g7U9nCfClXh8P3wyfTuBNjel49nfbjbBG2EZTmPh5/ZS5ODIOGFbp6 +S0Y0IdN6Ocj+42DW9stpjPH3EHA/pQHT07cS6OmLh0EYEZJsdDzkVJ9SPplODujt +OHkZKuOPw37gLXaPvNO15w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml index aa3486b..1e1235a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,6 @@ # Назначение: Инфраструктура для SensusAgent и SensusWorker # Включает: Kafka, KafkaUI, PostgreSQL, ClickHouse (2 реплики) -version: "3.9" - services: # Zookeeper для Kafka zookeeper: @@ -34,9 +32,9 @@ services: environment: KAFKA_BROKER_ID: 1 KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,SSL:SSL - KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092,SSL://0.0.0.0:9093 - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.29.91.4:9092,SSL://10.29.91.4:9093 + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT + KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092 + KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.29.91.4:9092 KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 @@ -47,19 +45,8 @@ services: KAFKA_LOG_RETENTION_HOURS: ${KAFKA_LOG_RETENTION_HOURS:-168} KAFKA_LOG_SEGMENT_BYTES: ${KAFKA_LOG_SEGMENT_BYTES:-1073741824} KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: ${KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS:-300000} - # SSL настройки - KAFKA_SSL_KEYSTORE_LOCATION: /var/ssl/private/kafka.server.keystore.jks - KAFKA_SSL_KEYSTORE_FILENAME: kafka.server.keystore.jks - KAFKA_SSL_KEYSTORE_PASSWORD: ${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123} - KAFKA_SSL_KEY_PASSWORD: ${KAFKA_SSL_KEY_PASSWORD:-kafka123} - KAFKA_SSL_TRUSTSTORE_LOCATION: /var/ssl/private/kafka.server.truststore.jks - KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.server.truststore.jks - KAFKA_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123} - KAFKA_SSL_CLIENT_AUTH: ${KAFKA_SSL_CLIENT_AUTH:-none} - KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ${KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:-https} volumes: - kafka-data:/var/lib/kafka/data - - ./kafka-ssl:/var/ssl/private:ro ports: - "${KAFKA_EXTERNAL_PORT:-9092}:9092" - "${KAFKA_SSL_PORT:-9093}:9093" @@ -84,7 +71,7 @@ services: KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: ${KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS:-kafka:29092} KAFKA_CLUSTERS_0_ZOOKEEPER: ${KAFKA_CLUSTERS_0_ZOOKEEPER:-zookeeper:2181} KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: ${KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL:-PLAINTEXT} - KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/var/ssl/private/kafka.server.truststore.jks} + KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/etc/kafka/secrets/kafka.server.truststore.jks} KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD:-kafka123} DYNAMIC_CONFIG_ENABLED: ${DYNAMIC_CONFIG_ENABLED:-true} # Авторизация Kafka UI @@ -93,7 +80,7 @@ services: SPRING_SECURITY_USER_PASSWORD: ${KAFKA_UI_PASSWORD:-admin} SPRING_SECURITY_USER_ROLES: ${KAFKA_UI_USER_ROLES:-ADMIN} volumes: - - ./kafka-ssl:/var/ssl/private:ro + - ./kafka-ssl:/etc/kafka/secrets:ro ports: - "${KAFKA_UI_PORT:-8080}:8080" networks: diff --git a/kafka-ssl/Dockerfile b/kafka-ssl/Dockerfile new file mode 100644 index 0000000..c171f0a --- /dev/null +++ b/kafka-ssl/Dockerfile @@ -0,0 +1,28 @@ +# Автор: Сергей Антропов, сайт: https://devops.org.ru +# Назначение: Docker-контейнер для генерации SSL сертификатов Kafka + +FROM openjdk:17-jdk-slim + +# Установка необходимых пакетов +RUN apt-get update && apt-get install -y \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# Создание рабочей директории +WORKDIR /workspace + +# Копирование скрипта генерации +COPY generate-ssl.sh /workspace/kafka-ssl/generate-ssl.sh +RUN chmod +x /workspace/kafka-ssl/generate-ssl.sh + +# Создание директории для сертификатов +RUN mkdir -p /workspace/kafka-ssl + +# Установка переменных окружения +ENV KAFKA_SSL_KEYSTORE_PASSWORD=kafka123 +ENV KAFKA_SSL_TRUSTSTORE_PASSWORD=kafka123 +ENV KAFKA_SSL_KEY_PASSWORD=kafka123 +ENV CERT_VALIDITY_DAYS=365 + +# Команда по умолчанию +CMD ["/workspace/kafka-ssl/generate-ssl.sh"] diff --git a/kafka-ssl/generate-ssl.sh b/kafka-ssl/generate-ssl.sh index d537ff2..4878c4f 100755 --- a/kafka-ssl/generate-ssl.sh +++ b/kafka-ssl/generate-ssl.sh @@ -72,16 +72,20 @@ keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cer # 14. Копирование файлов в целевую директорию echo "📁 Копирование сертификатов..." -cp kafka.server.keystore.jks /workspace/kafka-ssl/ -cp kafka.server.truststore.jks /workspace/kafka-ssl/ -cp kafka.client.keystore.jks /workspace/kafka-ssl/ -cp kafka.client.truststore.jks /workspace/kafka-ssl/ -cp ca-cert /workspace/kafka-ssl/ -cp ca-key /workspace/kafka-ssl/ +cp kafka.server.keystore.jks /workspace/ +cp kafka.server.truststore.jks /workspace/ +cp kafka.client.keystore.jks /workspace/ +cp kafka.client.truststore.jks /workspace/ +cp ca-cert /workspace/ +cp ca-key /workspace/ # 15. Установка правильных прав доступа -chmod 600 /workspace/kafka-ssl/*.jks -chmod 600 /workspace/kafka-ssl/ca-* +chmod 600 /workspace/*.jks +chmod 600 /workspace/ca-* + +# 16. Проверка созданных файлов +echo "🔍 Проверка созданных файлов..." +ls -la /workspace/ echo "✅ SSL сертификаты успешно созданы!" echo "📋 Созданные файлы:" diff --git a/kafka.client.keystore.jks b/kafka.client.keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..ed4b4e3371801c10edf7e7fea07dd82a7ac0b574 GIT binary patch literal 4894 zcma)AWmFUlvu2T6U=fy-lm-FWr6rdJ=@b+slx$q*uB-q*iHRmyi$;1ZkvM zxZZQ`dB1yqecz8c&&>18%+KeX83>%578~#Y0tXM`0iQ&uL|lLX_<%w~Oj<;B}C$BM~@VrXn^PEu^ZV+b)G!T)T;2I68t81R7R5h?(y2RMKyIHbRd z)ebw$BIev}s4}N$WX^ElI8*r`0h%;jnir4Oy&2{|4{T}}mjySwc`Yrp zi0N^K!UYB?YpbO}$?`Ec7~E5sdcjSo^Mu@P!-ysL$QNp5?ASs}%975E@($eb``CC? zfV7V6*1p5bX&lTWGS)1ae}*5g?P;uL=rJb8MC&-KBQ~jVrd@En;^eoN%io1f^ ziGFA|nffseR8nO>6A?BbXq^-0$W%{|v4Uq?o@nIT3R}2YVwaow_+0k7;;ByfEw^mD z+k8EDnkyMd(MoKkO6JBbHvEpVyTEy9P(##MB;Yw7ag8f1hCCKQ8j4d@+{@&Tv;CH7 zd+rA&^u+Rh@3O-!em14iQZDyrzo@mL)yJA%uT=-PSr(1dfN?7nmpc%ktWJea_4oqM=n{Yp3w#M*a4rR*X|uX<4J{*(en2RP>B0EzY*6VuOSV1|_k3r&%8Dn>DYsp$4n$lnC6;P?W8-Ul2 z*axU)lDnaVX%>6Z)*zT`ovG0j$4>}5`-GR&YW=yTvrh2&fWZvX08v>|8Hd2?;uF`v zW@UCcn+z*S^<&T4e#`14;+B{B&GqnphMyO0JtXvqnQfFH<^X8IJZ>%3-WK`QqalTg zPV;njT$E8hopX~we6Er&)I+1pkd8Sd1>gk49m;tz@mpChxhP}tsnQsoSZrz>Z8T$E zV+Q%bhN#aZ^N50=asQ}wyQGPq9t(bNs3gX~8}RIgXSOO~F682-dt(VD9PH^(k>7!b z#OArK2ee*w5+3UcWToPDyC&Oo_8zRhw)Vm|!S#7=Y^<;ON}NUE5b+CI!R25_K-YJN zCB#NhF}*KyuJJqHH-bMeb@|Q{^^x%DHavlpWG3|O{?J|yX`qpm^kmNSGmEo9Ed6`| zus*?Qh>>n-V@>+2A|s@1Qpy=aq;pR{bT`D0RiO2B@k5lo>NuhAkLbn-h7r>E0)JS< z)D&c}H;7>BT;x~%N}7;V%D|H@OzrKfO945*SqUo4J^|+evg@ zNMOmhA*NuXPp4Dwn`B}XuNb`II!47?#zV_i--6;&)}|yNL4Nh&7goOX_$vZ82Z2Tr zi2^#P5`_65y981|DHy?6j#w^OZ?G)>qV3F_8JsCQY-{cY~E*od)eEcPa{k76CF%?+nCR{MmxD9XI(c#kp+`1 z%MK(jV{MfG@cJuW09I*#(yXhrIbrU3gmV9rbT=cqsES<;j8#dtc|xE>^(vtEOH_P~ zFf+!2^ubT=qGK4!%7ia0twYptV-}%f#06<8hD663l9vE(Jrw zj^EpFqs`h!9q+_BBTZ7P7s?G==QR~QYo*RAN}Cv|*qs7w-XFFV63|UXbdJ=`Of()Oz9jd1ze$KoWtlxyO32AK zBZqEO{&l?T2O3V3XsEU|di@uzgH26rJc{wmV>11W@jt$ZYun=IxNs90#*pw9d_P? ze~>0rYrP233N`D^OL&`j$3$d7TrGA7V-X~V-(?v?Zz_F!-v?n$9F06s{ly>mMC2o> z?X`|16=uTeihYN!9Dhx^JR8v|KR>N~&Gmf7@Ul+6ZBV4UE7({qOpu*@Iaon_efPyS zR|Y^<_#OwWCEVw(?~5D=#Iw5cl;-Q9e*3#3|Bh0hgD=S!L|u#rc=@Jy&M%dQEQrPO zb&V_;anpGy3N+oetCY;3rsa2Ib$xt(?CZY8&5zirpBv4rT-t0sI9|%+AaoeAFu7Ii z)@2&eBRf+awvbmXks3z*rVRF}a=C6xv0&9~@#k6`4nyw^o>!iDVD!=a4h}ph+0Yro z2AhgxS6&Tn@cRIttKH^zbGq&zNneg690Ht2%Vy#!2&<8Dsme0D+;DO(nhwYdlwpk) zI$q8f{^;us)kE@PB@?LLV~y~yB;lN&-P}nuKHN(f;~G#J8uR_OqI*a2DS8mGh86R2 zP2^xkvAuH6%gNl+SvGy3d9Q;D!owZKZ__Qd{27jTgK{dK8e>1C_mo@QJU!%ZzkfdF z)4;mjp~e8sjjc}BynDU0pCr`0R{5Tprmfstnv!Nk)LqbAc>M`RzhKeV>SOl(=9ikN zoYfVEn}&xV|AD*5`A7}HND zcJ{mMn{|D0>ycikNOdc*HA1rqZ9Jz6CLo~kdSdqh|HP+htY6eJbZ=%Vx+?9HyC%pT zlRd$?=qrF<(Pe5m6F6It_#H0;WO#D2=+0j+G!T=uLr*^iek*-EKcYarLp_M&6 zj!9|LBjO035Zj#=)#nRx;5>ME-?&km_lK{GQCADGtc&c9s2!-bL9V)T^4LBA&lL5+>Y za-m4NX1>EJIdGt*r^!V(EzcJlTiEWal$*L+^Y12?F5P|m$bFe#qOCDxyX&3U@9BBI;j>c&d z)#G7cF;R$)CJ=MqJ-=k>;SQUg=y%wY6L&u4SZGe&EViWeX&kFrSV7V+FBfvM)jC`6 zpOZgVz&8AbL_tK2&nbn0vH^Oj03=A-|5tNb4|Tlyr}ZQ09NCDo=6DOD5P${)P< z`@_cto`zewRCUdSE^Xx4a9YyL+Wn$g24W;@O0!iCYgmWTgUMB9i=q>39YiS~`Xc^p zGhXrjXfI@6D7Hffjm0;fJmTle=Am(2)znH+lHK?o`811ScT_c*rZr%u!Wc*A0xkVR zHPc{bXO!@QRjSwHUVgC8nO@dUUWAYL8k}*_BF)dt?`5b?J+*Z;9(1#}Xoh!<;;H+R z0Eh-@Cw86O2p2(E9$o#!0i1YrtA_PeiYc9V+1E7w#URpbWjgAAPVr9xRNQS8&Ul7^u0MowGBUfDJAIj_k=*i^)9e+ZdnRB^K` z6O2)UdzUS9y_OI3R*#`iW|*pD_lQ!QmhI>^n?wkmQC-=jwH+}h@vND0tbc;&VI}qI zAB@S4i5<2c-RRJpT8$288!0$xKY0El+O8o`+R>3Kk6!8Ww$Gcw!7Y`OJ)@x z|FuV;=BSr=Xre)w8>M3}W=VtLs{O1!h?*4mr|YbE4pNpjMtP@pFCvebJgdAft#>oZpdpE< zSnQej?3eVg*tXu>;YjUBgj)AT6$1gmFXWUo*cC0v7sySd$ib*yx3)F9LlfTViH3+2 z`DT5CZlELbPh6vPXW*y!=!S}LH8TXbuIm;?xLgPeHyIzC@P1g(Sq(fEJ%0A&RDXVO z1&f+4C|)IwX}WEmrM;Evi=mc`qN2o3bPdnmss4Zpf>c9Gd(2cD_RcDhw2bFdtGQ#y z*l&VWC-%HX(zq1POPm(pDJ5U?gsG#SW9OThUIuS%6vzT>ee&foTbyW9`_y1~zMc(wlw%vI>z{`$XIzawYW& zsx9ryXVxqk+bt2r;Oe$gmQ#+g@WvLYb)3NNyIBlmEn4+fghk4sdbLi^O-cNRX^AA1 z&*;sQ#lA;1=;#Af(0T10Ru3C1k45rDuzgg_YDCD0ic2ey##^;xiEqRwJ?GNu?7h$hDe6@ z4FLxRpn?RVFoFc00s#Opf&`Za2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q0IX8!&J|dglBqA+CY!ZXSSw1R%xzv|Lk}lDFbNMtB}U3k&B%=4&aakt2hT){7s5sie<>S*q;+9-i9ycKU+qWbAhB9a zp0tMG9Z)cOu{Krq3YNJKUwg&txw9h#;iWGqfcY$(w ziws2aqcFse5u$60s$;rUYLKB8w$qOks#FV*?qk-|5of({DNBd#D`HB(Ob|!{-+ahv zC?wcGN}sfzi05m7W_wH@Mc9$>x(i_<6ad)T6Nk2^UX5Ys%N1)PlWen5S z-*yPU?7#O=qqY%m`AsB(7{h23AHv&rooRsQc`r9UWcNXLO}Mrd`RIGz46qJQgMdl( zs=7jw18lIzH;@n!$sP<8H-{~qWS9c!i5{tiJi{6Ml!xG8MCkq%<6ZI;ME%sW=Bn~= zkPlb2JThrRgK`ATkzf#+V+TKk^N1JEZkKvCM~sTkUl{*{cQV>%12&gIc_OTJlX z{Mm6s$3(ag*yf@{x@yI5&$CV=^gdF0ef2&z4<+*+c8^jLtXU!iyveu=hMYb*dzwnLw$Odt8J$uI{ z8~>Zr?2Jo$O%bh*{YQ`6HaZOolBk-S$E;p8_4<7L?brDRt|!-dT@U|kDBRAt=Vp0T z*Gw}%?6nS^H-ESWziE#A#$K?IR`e?2|I9Rbu&F=ihvt7X8HF#PDbv8Eg5qAuL0)+a z=I=9OE%ug%cv_f~l=X~MDdb~t6--9Six#0elLkRu0Ww? z?ltu5sR1r`)4qu{N)yS2h^(zu_9w&fFTN3%%k`M-*;#C&y7KYs2HJ91yD%5iC9U>7 zK>8zr#ju7cxp&5pfoMabI*K=aYUw{7rP2Toh)=Oz;u9IC3!2?S?wPq}xVR*<#Naws zjK*1nIt(x>Fdlu&&k9JUX(87mNC9O71OfpC00ba9u{*u4>X}l#aV{5p?Nt%OJ!dMl+O&%4^NW&r&a@H) c6a^1+n#nPz?6;37EfuxX$Y2v#5CQ@x5Dm>=Qvd(} literal 0 HcmV?d00001 diff --git a/kafka.server.keystore.jks b/kafka.server.keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..f2b3fcae7dac0590c3d6ee5051685c05cf4ab4b6 GIT binary patch literal 4894 zcma)AWmFUlvt}1qa>)fGr354wSOf$C73uDdW$6y-T)G?SlrE*DQ@~(pq)VivK^m6p zJ@=mXyZ6`k{g^W|&&)Hw<~--jK#}A$KmaBbN%k3p#~C3PaR~ zC=$Er|CO*yv5?qBf8o5pmIWgCUlt)g09c5`mih~dL#_T{V1uFhP?3M7gitOl2;YZ1 zhvO)dIK^2QduQgcaLjUp4G_pq0t7HZ2|>93GZBb~jRBYXjif^Sq!>$K4)Jk`^%+FBLddh?r7c zyNQ(tUU%E_Dlb=G;Zl~u0PD+f>dm5n0W-0_?qG;q=Tq4eOM$`tx4h%VOg$N-?!gPL zaq(b*mXm8+q2Q8X>kW(SJnK~c$Di`_TfHgDDW4MjzF%I~3~E>fwcc6O$q4|8b;1nX zqK&R6u4@yG`2 zf2`Ld!anFsScW>^Wr}%ymabVhuvvB2L@QOB+~4#c3kn5NUKp>#D~C%Y*FqO(VmI~)xeBm@gAc|$LR zc)20Q46{bdkEG8vAhSVSA>rCHOywVPoLoiWkPG2Q?Fa2f#ZBcZpH$vlGsD6_zY)2YwU z(pQj?y6~dMKJ8KduBL!TCc8)q!ILI7xj%_t2T1M`Q{VmQBy3~*xQ)9#U^7s{Bq>ep zn08|KF1<(zYcQmuH2ExJCMl#1=vJ+rk@4w;L%eSKFS5tw?nhZ)C~kQ4cv}4bD5%Du zKCf(&WG1K_k0FHZV>0kkh_s?$3>)z1Gn<<)3ao3~!y<45hnt@@P`=i}?!#s%C1?L@ zkFllRUiKX@Baj7y>2%{Dg(lsS8BkJm`G3+7^>Vt?_BD;hSoSbVt?vVOfBq{PlLW$X&SEz+|uAlj{zDKX^@? z4U_^cr(@6)#(r2=@Idvt3s}zFIBC^-Q?fgZi{{@)J^xv81J)W*3-SE215{TimS9B| zcXtBiD%qaiOx4uBk4cO-UVh;dqq>^2PMde_cggEQo`t_R^T$tlmEB$6zPKpGE9h0S zho*%ouEy`=3qw>PzNw8zh)MAA46kojcG-cxT!!s&F+Edoa)0X^!BG>)H2Ou^x8nGYr6mE%8m;{oE zPAcL!1p8xF$nhh4|(PCY)3e~K#Ms+>Jfu{Nvzf9WvUT=7XBBlONcOCsF zVl6yH;S!N!2#Y1%(X@u1@&+Rb%`mv66i@Um8W&Q8PEHmwRu8&lGR0(>VhNO0&3<{? zSRi}#C9Aj1^;83Kk0~t6_&O@13V{llzCj~c9&@Ig-Y%t8vlqDuk3)~xU^Uq3lPei9 z?bO)Rir0G0oTMB_>0-tK_Dc`o?#p{hYrFRYC%+)y9tZ)ShN=X3%C z_?FUgE>gH2_#lw#$=JtRUr1V01hq_)uvf-AI=cHcH3bdoQT8udhTYj@6L>U+UQNu> zR=N9T{xsd$d>}A5BeYwC(xaq9u={z150oU_f|sH&&|~tHX|=_5Kh4EfHjUM~7F!Q# z4ePjpCh6!vygd>}|Fn6ssB|0UXaiVcoxN$%ANBiEEO0o;$vUr_+5qpOQ(M5e?e3M^3tgx?r9 zRoJ6E>updT#|Dg`tBNkX=}G<$%ix1kVlj%hoOs^vkb*4oVd83s4W{N~iW16vCa`q@ zHd;-3Vnch(xRE&H;0eT)Z;rG^9Y$;xgnx!c9JyDD%a1C zOe&F3Z#9YH>tq_(=pB`C2X)EGYP-+KPc)^5LRA=ON|dB7Rxb%2jT80QnB%<+VVfCEgk0Z^xXSu%`3sey%WuMR$PcNB>p&`cfg#( z6xQYx16D#5w8G}k$$3z>#@^M8y{}Y;2cNNp5&Vo_AdKcG?$jsp0EB*vobn8UiUU)k+jNFh^{+RN%694gCf$sJbi zj=x4c;bhIh*ywFl2+mCq+GvlKv!-%z*C6kmosL3WDwZEKVs|+lNWl1>AQs3iZfEk~ z9cH426j1VY_{Kqa*s{j!;0j6EKB#2vEI|Y>34Pc`NcKP2oQN*awzu9*$3=x^xMbALx~SHHBtv`NEHReJF?6k zB`yycB@gIFwWNNbRMx&JSi3fqHy`xgIYXKoF>VG#RW2wNqaMMXJ`}r?3kU!*P(=$z zRga|3+A#lw>F{rOu6(Zb4eqG=u{F%@xD`NrHE|A~o=);U-O%c?eOMAq{88qvJI(#} zmBCBC@AHB7Dy=Y5`og8!D!eGq>r77K$)sm(8#a78%{T-!@#wf_{JOAHzF|!D0{o{m z)`}BzG6$U*o;rM9b-Gg9y1=`qtNl+y48Hr z%Qw!GA2QZ$`pZWYj+}An-m?MC_ITQGRO=`cyhtXRuAb0qOFU~4o{{u(Az96AC6Rd#a)v$3L@=T2ZIPo;SG>_4qPJs*5@8B?-th-i_fO@b~3RXA2~p$+S*Gz@!wg*sf4cF*baGf`iijL!Z^%HUchAkf zMNTE7UZ)%2ogVn$m_TiyGnW&wlY^F-nKN77oX~!nM|!O?o}_(h+)Mq|6>Ft%MhK&4$M}Y3wjUtEZc?1Fv^w~?uV!B^p{Uz2fA0pDAI+jM-RQb`;767RfbL5|jVx|8=Z_0PbbWMzt^4)&qxLt5X%c z<&cXQjor%vd4|an%#Jhp_(iH*EmS zANgF;zbfI~8(i2GbgPr)$(yUOl!iv=bqCQ37=D6qX+Gjm*hIHZ!&HL+r#MkL|xDODy z_cG{TAaEE2N2k*x!@WwqsLZnOm^v#ua7A>vhcmDuaNqbe9nKCLGV)#^E%WrGNUP4J zKc%bK_8;nB1vkXMq-)W*ia#^HO2m1ZWl2crF=r*gIDu5%NZd>vYQH$%ZLYP6kH}Si zI2g&ojchv_U2=0MrBJh4YUG1_kL+ivHD)%fjkQ;U8@rcuj!5PT^SzN5fM28q0oS%Y zbdSYI6Lhce>k~k@+!a)h|ejFiu2=^SGOI#O1MPFc>pLB|B z5%ydt0htdD2dmHI{t%}+$Ko`#9~?4I1XfdHTGWd{1itG^+$Y?Vu}~SDqJp%{$f-27 zCwCIOUF)WWKY5@6V~WtTt(}fo*!=Yu0Tf{&xZf;zzA&_~vw+y-8XO!&Y2vpwBeQ+A z?UpM;)rulvVXOKHGuv2Chy&-2jkf2z$2%gB2v>IbF3_b6F={cjGV{5btJI``rQPWuUWc44jF+({ zov_Z(ldmUY_Ab>!NsmbrE>?x~-s?MU&;e)}nx%JmLPT|-B_tyoX5RC;tubWg{LBFf z+e5UCr`&Vp8|@-4*oW(wuMZ4&)ddz1Qqq(Sc^ry%$cdPn756VRM4*>|qASb9)1bDW zScwX*9|mN#e}{nDO}BLyn>+GYO795#>=U#L%v#78bYBU$(bNaeG{YWZ<2aDI`5%j$ z5vsDuRXQi>Z;J{`ez+`7F+h(jQ|-b>0P6h2`0Iu#n7>8sOKGzMRTv8Qmd}rBe(j%Y zy+U3897&{m^G$i%am_SoHmq_wNDW2;IAintX12&|1=;#Af(0T10Ru3C1k45rDuzgg_YDCD0ic2ey##^;xiEqRwJ?GNu?7h$hDe6@ z4FLxRpn?RVFoFc00s#Opf&`Za2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q3+CgqlgujZ}K=zh!z)iN}C~1Rx;PBV%nyaJ3!#s+|^STVE_Y z$nlf4F*cz$wZ^UN;J#GV7ffvX-8kVh!8meBM5I>2?wNymE_F{v*;p)u&m3ILc(N4T z&VW*DGC^c!G!$#G#TyG|+c!8ok1iSqW6{G-+Z$a4aouAfcGveGchU5SqCM6DD)k`8 zQ1JjZ8(Q4;z6nTA0Ft4+K2CMWr=Y`-v$}cI{L|dQTqM~1vsNLZ?yh=YZ>XP%+? z+2WD9f$86U;$pTX8DNq4z7XxsE&|I(qKmv(!^ISY-+(%tJ$O`~khEEFh4u|e$!SZ( z*g?HXDjVXLIT)&Y5%k&ii5Wju?QRhA2)DE8>zua~QXB8*26l^x)Zc$+5E{)e9SR;T zRf0+&g9e;&XZ`{7nxI1SX`JuztQNN>F1e{xV+P2;)HmLA%@Kvo_XtK4T|!9j9l`ty#;x7xw5I)II2Eu@Y4n5 zXwy#Iy`jbqerf>HX@-R0!Rmk=JxZoD{#F5*nbx>=A&@g-tte(<)^6{(;1wCy>0dFf zw$1M4)c$;Zq~0jJ?3menvn(|3EXosb9;?k&jZIk+lN|+xNyKKOu@ykdNloxALg2hh zA5o>xEU^nzS}uCS(Rk=>Jy|Cn7FHQ45J)d+#4fOjC%AwBjp%{hW2#$lb-V;C`L$5V zFN|XzALA#L9=~DeOdPA}oj6gw(OX)wiw!|67Z&SfGa|y(3Egl67WHa!2m$EJ54T`3 zWtNhY*}_ZO`xn@$t(QvY;^nHb3#Q?7sg1I`pQ)At7(`|W-irn+G^Amzf0+FlB*&oO z-y3vZjM?h2RBIO0{e07YhI5tpGC}x7AuOls_(qgnMez`aar%bBwWGKJe}o!hc&mL8 z{PhRN`=eBjmWkx{K2Zq#lj!_!+WV;h%=U#Tq?a+w{*m5V;#JNOC6XJwW77M2!WX)So_^EbMxccVVz}hh*1lutJnFS`EM2gMj84AIj zyb0N#oK0qFG5UQ!Mk9i<-T%)wg+np(~M`#h|Z zXfF+!O+3yZFM+_0MP+H>(4C;j`R01vC4?V!u81!|G!B?Y0n$_`GYYK2ZNG`cI@T~v zFflL<1_@w>NC9O71OfpC00bbiXF!r>spJQPN*Me#=qJ)S9 c6ew!cH7KSyg`J~O^>|{&Sj2h}cme_^5aEGky#N3J literal 0 HcmV?d00001 diff --git a/postgres-ssl/ca.srl b/postgres-ssl/ca.srl new file mode 100644 index 0000000..d434f6f --- /dev/null +++ b/postgres-ssl/ca.srl @@ -0,0 +1 @@ +43086F753CECE73B2BD20B70FEB9968991CC7FBF