Manually added content, that was only linked from the markup

diff --git a/hugo/static/wp-uploads/selfsigned+san/create-ca.sh b/hugo/static/wp-uploads/selfsigned+san/create-ca.sh
new file mode 100755 (executable)
index 0000000..8f2eaaf
--- /dev/null
+++ b/hugo/static/wp-uploads/selfsigned+san/create-ca.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Example-script to show, how to set up a self-signed CA
+#
+# Usage:
+# ./create-ca.sh PASSWORD VALIDITY
+
+. settings.conf
+
+if [ -z "$1" ]
+then
+  PASSWORD=$DEFAULT_PASSWORD
+else
+  PASSWORD="$1"
+fi
+
+if [ -z "$2" ]
+then
+  VALIDITY=$DEFAULT_VALIDITY
+else
+  VALIDITY="$2"
+fi
+
+if [ -a ca-cert ]
+then
+  echo "The root-certificate for the CA already exists..."
+else
+  echo "Creating a x509-certificate for the CA..."
+  openssl req -new -x509 -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=Root-CA" -keyout ca-key -out ca-cert -days $VALIDITY -passout pass:$PASSWORD
+fi
+#
+
+if [ -a truststore.p12 ]
+then
+  echo "The keystore truststore.jks already exists!"
+else
+  echo "Importing the root-certificate of the CA into truststore.jks..."
+  keytool -keystore truststore.p12 -storetype pkcs12 -storepass $PASSWORD -alias CARoot -import -file ca-cert -noprompt
+fi

diff --git a/hugo/static/wp-uploads/selfsigned+san/gencert.sh b/hugo/static/wp-uploads/selfsigned+san/gencert.sh
new file mode 100755 (executable)
index 0000000..a62a6d9
--- /dev/null
+++ b/hugo/static/wp-uploads/selfsigned+san/gencert.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+#
+# Example-script to show, how to create and sign a selfsigned certificate, that
+# contains multiple DNS-entries (SAN-extension)
+#
+# Usage:
+# ./gencert.sh CN [CA_PASSWORD [KEYSTORE_PASSWORD [VALIDITY]]]
+
+
+. settings.conf
+
+if [ -z "$1" ];
+then
+  echo "CN must not be empty!"
+  echo "$0 CN [CA_PASSWORD [KEYSTORE_PASSWORD [VALIDITY]]]"
+  exit;
+fi
+
+if [ -a $1.p12 ];
+then
+  echo "The keystore $1.jks already exists";
+  exit;
+fi
+
+
+if [ -z "$2" ]
+then
+  CA_PASSWORD=$DEFAULT_PASSWORD
+else
+  CA_PASSWORD="$2"
+fi
+
+if [ -z "$3" ]
+then
+  KEYSTORE_PASSWORD=$DEFAULT_PASSWORD
+else
+  KEYSTORE_PASSWORD="$3"
+fi
+
+if [ -z "$4" ]
+then
+  VALIDITY=365
+else
+  VALIDITY="$4"
+fi
+
+
+echo "Creating keystore $1.jks with a certificate and a key-pair for CN $1"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -validity $VALIDITY -genkey -storepass $KEYSTORE_PASSWORD -dname "CN=$1,OU=$OU,O=$O,L=$L,ST=$ST,C=$C"
+
+echo "Creating a Certificate-Signing-Request for the generated certificate"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -certreq -file cert-file -storepass $KEYSTORE_PASSWORD
+
+echo "Signing the Certificate-Signing-Request and adding an additional DNS-entry for localhost"
+openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out $1.pem -days $VALIDITY -CAcreateserial -passin pass:$CA_PASSWORD -extensions SAN -extfile <(printf "\n[SAN]\nsubjectAltName=DNS:$1,DNS:localhost")
+
+echo "Importing the root-certificate for the CA into the keystore $1.jks"
+keytool -keystore $1.p12 -storetype pkcs12 -alias ca-root -import -file ca-cert -storepass $KEYSTORE_PASSWORD -noprompt
+
+echo "Importing the signed certificate for CN $1 into the keystore $1.jks"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -import -file $1.pem -storepass $KEYSTORE_PASSWORD
+
+echo "Removing obsolet files..."
+rm -v cert-file

diff --git a/hugo/static/wp-uploads/selfsigned+san/jks.txt b/hugo/static/wp-uploads/selfsigned+san/jks.txt
new file mode 100644 (file)
index 0000000..e6aa425
--- /dev/null
+++ b/hugo/static/wp-uploads/selfsigned+san/jks.txt
@@ -0,0 +1,120 @@
+Keystore-Typ: jks
+Keystore-Provider: SUN
+
+Keystore enthält 2 Einträge
+
+Aliasname: ca-root
+Erstellungsdatum: 26.06.2019
+Eintragstyp: trustedCertEntry
+
+Eigentümer: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: 8c62092a6d59c829
+Gültig von: Wed Jun 26 10:26:50 CEST 2019 bis: Thu Jun 25 10:26:50 CEST 2020
+Zertifikatfingerprints:
+        MD5: EE:55:36:1F:19:7A:01:58:3F:54:C3:8B:BF:D9:3C:36
+        SHA1: 3B:D6:01:F1:A1:9D:B1:6E:CA:4D:E7:FA:A6:C1:A1:3A:D8:CA:FD:0C
+        SHA256: 38:5F:6E:2A:E4:25:8A:54:31:57:91:5C:34:FA:E6:9A:E0:1A:2A:27:8C:D7:E5:B0:FB:8B:D7:1A:F6:79:CC:5E
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-RSA-Schlüssel
+Version: 3
+
+Erweiterungen: 
+
+#1: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98   26 E4 47 3E 27 6A DE AC  .).c....&.G>'j..
+0010: ED 8A 75 2F                                        ..u/
+]
+]
+
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+  CA:true
+  PathLen:2147483647
+]
+
+#3: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98   26 E4 47 3E 27 6A DE AC  .).c....&.G>'j..
+0010: ED 8A 75 2F                                        ..u/
+]
+]
+
+
+
+*******************************************
+*******************************************
+
+
+Aliasname: test
+Erstellungsdatum: 26.06.2019
+Eintragstyp: PrivateKeyEntry
+Zertifikatskettenlänge: 2
+Zertifikat[1]:
+Eigentümer: CN=test, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: b75834de7e0b9b26
+Gültig von: Wed Jun 26 10:27:23 CEST 2019 bis: Thu Jun 25 10:27:23 CEST 2020
+Zertifikatfingerprints:
+        MD5: 3F:3E:46:A4:45:28:18:3C:E4:C3:11:6B:6A:AC:88:94
+        SHA1: 24:27:02:2F:6A:68:32:EA:5F:9D:53:C5:28:65:F7:FC:6D:5D:BC:B7
+        SHA256: 7C:2B:D4:36:06:0C:69:4E:93:75:0F:F9:9C:D8:9D:DD:02:50:14:72:49:95:E3:AC:4C:B4:7A:E6:CE:9D:05:D5
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-DSA-Schlüssel
+Version: 3
+
+Erweiterungen: 
+
+#1: ObjectId: 2.5.29.17 Criticality=false
+SubjectAlternativeName [
+  DNSName: test
+  DNSName: localhost
+  IPAddress: 127.0.0.1
+]
+
+Zertifikat[2]:
+Eigentümer: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: 8c62092a6d59c829
+Gültig von: Wed Jun 26 10:26:50 CEST 2019 bis: Thu Jun 25 10:26:50 CEST 2020
+Zertifikatfingerprints:
+        MD5: EE:55:36:1F:19:7A:01:58:3F:54:C3:8B:BF:D9:3C:36
+        SHA1: 3B:D6:01:F1:A1:9D:B1:6E:CA:4D:E7:FA:A6:C1:A1:3A:D8:CA:FD:0C
+        SHA256: 38:5F:6E:2A:E4:25:8A:54:31:57:91:5C:34:FA:E6:9A:E0:1A:2A:27:8C:D7:E5:B0:FB:8B:D7:1A:F6:79:CC:5E
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-RSA-Schlüssel
+Version: 3
+
+Erweiterungen: 
+
+#1: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98   26 E4 47 3E 27 6A DE AC  .).c....&.G>'j..
+0010: ED 8A 75 2F                                        ..u/
+]
+]
+
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+  CA:true
+  PathLen:2147483647
+]
+
+#3: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98   26 E4 47 3E 27 6A DE AC  .).c....&.G>'j..
+0010: ED 8A 75 2F                                        ..u/
+]
+]
+
+
+
+*******************************************
+*******************************************
+
+

diff --git a/hugo/static/wp-uploads/selfsigned+san/pem.txt b/hugo/static/wp-uploads/selfsigned+san/pem.txt
new file mode 100644 (file)
index 0000000..b5ac413
--- /dev/null
+++ b/hugo/static/wp-uploads/selfsigned+san/pem.txt
@@ -0,0 +1,123 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13211367637093423910 (0xb75834de7e0b9b26)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Niedersachsen, L=Juist, O=juplo, OU=security, CN=Root-CA
+        Validity
+            Not Before: Jun 26 08:27:23 2019 GMT
+            Not After : Jun 25 08:27:23 2020 GMT
+        Subject: C=DE, ST=Niedersachsen, L=Juist, O=juplo, OU=security, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+                pub: 
+                    00:8d:f8:cc:68:da:ab:56:e0:30:b1:cf:68:49:6f:
+                    ff:30:ba:fe:b6:63:c7:7f:70:e4:db:f4:c1:b5:7d:
+                    90:34:58:a1:93:2a:90:cc:19:2f:eb:e8:f9:81:1d:
+                    19:a4:ad:18:23:b1:5e:94:27:a3:1d:87:60:6a:d6:
+                    44:b1:40:d2:86:e7:53:3e:95:86:ec:c6:3f:2a:f5:
+                    6a:2a:79:40:08:d9:a9:c9:04:83:3f:65:6b:81:75:
+                    5d:ec:78:3d:df:a5:0f:49:98:9a:ef:98:b3:c9:8e:
+                    61:ee:b2:c1:e5:08:4a:13:20:d6:5b:33:0e:bd:38:
+                    e5:cb:f7:dc:7c:43:bb:fc:33:a4:b0:81:8b:3c:24:
+                    10:0f:8f:d6:fe:8c:52:05:1d:07:8f:f7:06:86:e8:
+                    77:20:32:b6:ec:26:cf:19:e1:aa:48:66:ba:d4:be:
+                    8b:7d:e3:a9:3b:45:ca:fc:18:04:19:ec:53:f1:86:
+                    9b:b3:0b:c0:86:8a:ca:47:01:02:8e:ba:91:54:89:
+                    9e:43:d5:0a:73:47:31:36:39:2e:26:07:92:a7:5d:
+                    26:cd:2c:2a:b3:aa:97:d1:65:34:8f:2a:fc:1a:19:
+                    7f:03:b7:ca:88:0f:73:31:bf:0c:d1:8d:9a:3c:d7:
+                    a1:56:76:ee:f0:ad:f3:77:2f:0b:2a:d6:c9:8b:70:
+                    27:cd
+                P:   
+                    00:8f:79:35:d9:b9:aa:e9:bf:ab:ed:88:7a:cf:49:
+                    51:b6:f3:2e:c5:9e:3b:af:37:18:e8:ea:c4:96:1f:
+                    3e:fd:36:06:e7:43:51:a9:c4:18:33:39:b8:09:e7:
+                    c2:ae:1c:53:9b:a7:47:5b:85:d0:11:ad:b8:b4:79:
+                    87:75:49:84:69:5c:ac:0e:8f:14:b3:36:08:28:a2:
+                    2f:fa:27:11:0a:3d:62:a9:93:45:34:09:a0:fe:69:
+                    6c:46:58:f8:4b:dd:20:81:9c:37:09:a0:10:57:b1:
+                    95:ad:cd:00:23:3d:ba:54:84:b6:29:1f:9d:64:8e:
+                    f8:83:44:86:77:97:9c:ec:04:b4:34:a6:ac:2e:75:
+                    e9:98:5d:e2:3d:b0:29:2f:c1:11:8c:9f:fa:9d:81:
+                    81:e7:33:8d:b7:92:b7:30:d7:b9:e3:49:59:2f:68:
+                    09:98:72:15:39:15:ea:3d:6b:8b:46:53:c6:33:45:
+                    8f:80:3b:32:a4:c2:e0:f2:72:90:25:6e:4e:3f:8a:
+                    3b:08:38:a1:c4:50:e4:e1:8c:1a:29:a3:7d:df:5e:
+                    a1:43:de:4b:66:ff:04:90:3e:d5:cf:16:23:e1:58:
+                    d4:87:c6:08:e9:7f:21:1c:d8:1d:ca:23:cb:6e:38:
+                    07:65:f8:22:e3:42:be:48:4c:05:76:39:39:60:1c:
+                    d6:67
+                Q:   
+                    00:ba:f6:96:a6:85:78:f7:df:de:e7:fa:67:c9:77:
+                    c7:85:ef:32:b2:33:ba:e5:80:c0:bc:d5:69:5d
+                G:   
+                    16:a6:5c:58:20:48:50:70:4e:75:02:a3:97:57:04:
+                    0d:34:da:3a:34:78:c1:54:d4:e4:a5:c0:2d:24:2e:
+                    e0:4f:96:e6:1e:4b:d0:90:4a:bd:ac:8f:37:ee:b1:
+                    e0:9f:31:82:d2:3c:90:43:cb:64:2f:88:00:41:60:
+                    ed:f9:ca:09:b3:20:76:a7:9c:32:a6:27:f2:47:3e:
+                    91:87:9b:a2:c4:e7:44:bd:20:81:54:4c:b5:5b:80:
+                    2c:36:8d:1f:a8:3e:d4:89:e9:4e:0f:a0:68:8e:32:
+                    42:8a:5c:78:c4:78:c6:8d:05:27:b7:1c:9a:3a:bb:
+                    0b:0b:e1:2c:44:68:96:39:e7:d3:ce:74:db:10:1a:
+                    65:aa:2b:87:f6:4c:68:26:db:3e:c7:2f:4b:55:99:
+                    83:4b:b4:ed:b0:2f:7c:90:e9:a4:96:d3:a5:5d:53:
+                    5b:eb:fc:45:d4:f6:19:f6:3f:3d:ed:bb:87:39:25:
+                    c2:f2:24:e0:77:31:29:6d:a8:87:ec:1e:47:48:f8:
+                    7e:fb:5f:de:b7:54:84:31:6b:22:32:de:e5:53:dd:
+                    af:02:11:2b:0d:1f:02:da:30:97:32:24:fe:27:ae:
+                    da:8b:9d:4b:29:22:d9:ba:8b:e3:9e:d9:e1:03:a6:
+                    3c:52:81:0b:c6:88:b7:e2:ed:43:16:e1:ef:17:db:
+                    de
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:test, DNS:localhost, IP Address:127.0.0.1
+    Signature Algorithm: sha256WithRSAEncryption
+         60:80:c4:5e:7d:c6:cf:88:94:14:69:8d:c2:d7:ce:af:b4:97:
+         1c:08:9b:ff:65:db:77:24:c5:8a:87:1e:6f:30:70:71:a1:c5:
+         ac:af:67:49:ce:b0:91:b9:5a:55:27:12:49:72:be:7d:f5:45:
+         12:ff:32:1a:ee:b1:f9:44:cd:62:1f:20:48:ac:0f:5a:f4:c7:
+         b0:1b:05:b0:84:20:fe:da:6d:73:92:da:32:f6:77:3c:df:07:
+         5b:da:fd:c3:f3:6f:08:e8:4d:3e:ba:35:b2:a8:cc:a5:b3:9c:
+         5c:61:c0:cb:35:ea:fe:c8:d2:e7:d3:ea:e0:0e:3b:7d:fb:22:
+         60:e6:96:34:af:a4:bc:cb:70:e0:60:75:f9:93:0d:31:f1:60:
+         aa:50:34:8a:87:50:13:d1:8a:db:ee:d9:59:17:25:d9:b2:ad:
+         55:14:09:92:9a:80:54:70:01:9f:65:ed:bf:e5:10:65:f5:8b:
+         b8:7c:72:48:65:72:60:56:d8:de:b3:9f:90:9a:58:a4:ed:eb:
+         27:b2:a1:ae:90:52:0f:a4:d6:52:bd:36:b1:bb:d1:49:54:d1:
+         df:d9:1a:92:55:4a:56:e1:47:e7:f2:7e:52:c6:64:68:db:70:
+         87:cc:a5:ed:e7:fe:93:5b:bc:21:57:c9:02:06:0c:2b:c5:5d:
+         29:57:95:76
+-----BEGIN CERTIFICATE-----
+MIIFmTCCBIGgAwIBAgIJALdYNN5+C5smMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
+BAYTAkRFMRYwFAYDVQQIDA1OaWVkZXJzYWNoc2VuMQ4wDAYDVQQHDAVKdWlzdDEO
+MAwGA1UECgwFanVwbG8xETAPBgNVBAsMCHNlY3VyaXR5MRAwDgYDVQQDDAdSb290
+LUNBMB4XDTE5MDYyNjA4MjcyM1oXDTIwMDYyNTA4MjcyM1owZzELMAkGA1UEBhMC
+REUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xDjAMBgNVBAcTBUp1aXN0MQ4wDAYD
+VQQKEwVqdXBsbzERMA8GA1UECxMIc2VjdXJpdHkxDTALBgNVBAMTBHRlc3QwggND
+MIICNQYHKoZIzjgEATCCAigCggEBAI95Ndm5qum/q+2Ies9JUbbzLsWeO683GOjq
+xJYfPv02BudDUanEGDM5uAnnwq4cU5unR1uF0BGtuLR5h3VJhGlcrA6PFLM2CCii
+L/onEQo9YqmTRTQJoP5pbEZY+EvdIIGcNwmgEFexla3NACM9ulSEtikfnWSO+INE
+hneXnOwEtDSmrC516Zhd4j2wKS/BEYyf+p2BgeczjbeStzDXueNJWS9oCZhyFTkV
+6j1ri0ZTxjNFj4A7MqTC4PJykCVuTj+KOwg4ocRQ5OGMGimjfd9eoUPeS2b/BJA+
+1c8WI+FY1IfGCOl/IRzYHcojy244B2X4IuNCvkhMBXY5OWAc1mcCHQC69pamhXj3
+397n+mfJd8eF7zKyM7rlgMC81WldAoIBABamXFggSFBwTnUCo5dXBA002jo0eMFU
+1OSlwC0kLuBPluYeS9CQSr2sjzfuseCfMYLSPJBDy2QviABBYO35ygmzIHannDKm
+J/JHPpGHm6LE50S9IIFUTLVbgCw2jR+oPtSJ6U4PoGiOMkKKXHjEeMaNBSe3HJo6
+uwsL4SxEaJY559POdNsQGmWqK4f2TGgm2z7HL0tVmYNLtO2wL3yQ6aSW06VdU1vr
+/EXU9hn2Pz3tu4c5JcLyJOB3MSltqIfsHkdI+H77X963VIQxayIy3uVT3a8CESsN
+HwLaMJcyJP4nrtqLnUspItm6i+Oe2eEDpjxSgQvGiLfi7UMW4e8X294DggEGAAKC
+AQEAjfjMaNqrVuAwsc9oSW//MLr+tmPHf3Dk2/TBtX2QNFihkyqQzBkv6+j5gR0Z
+pK0YI7FelCejHYdgatZEsUDShudTPpWG7MY/KvVqKnlACNmpyQSDP2VrgXVd7Hg9
+36UPSZia75izyY5h7rLB5QhKEyDWWzMOvTjly/fcfEO7/DOksIGLPCQQD4/W/oxS
+BR0Hj/cGhuh3IDK27CbPGeGqSGa61L6LfeOpO0XK/BgEGexT8YabswvAhorKRwEC
+jrqRVImeQ9UKc0cxNjkuJgeSp10mzSwqs6qX0WU0jyr8Ghl/A7fKiA9zMb8M0Y2a
+PNehVnbu8K3zdy8LKtbJi3AnzaMkMCIwIAYDVR0RBBkwF4IEdGVzdIIJbG9jYWxo
+b3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBggMRefcbPiJQUaY3C186vtJcc
+CJv/Zdt3JMWKhx5vMHBxocWsr2dJzrCRuVpVJxJJcr599UUS/zIa7rH5RM1iHyBI
+rA9a9MewGwWwhCD+2m1zktoy9nc83wdb2v3D828I6E0+ujWyqMyls5xcYcDLNer+
+yNLn0+rgDjt9+yJg5pY0r6S8y3DgYHX5kw0x8WCqUDSKh1AT0Yrb7tlZFyXZsq1V
+FAmSmoBUcAGfZe2/5RBl9Yu4fHJIZXJgVtjes5+Qmlik7esnsqGukFIPpNZSvTax
+u9FJVNHf2RqSVUpW4Ufn8n5SxmRo23CHzKXt5/6TW7whV8kCBgwrxV0pV5V2
+-----END CERTIFICATE-----

diff --git a/hugo/static/wp-uploads/selfsigned+san/settings.conf b/hugo/static/wp-uploads/selfsigned+san/settings.conf
new file mode 100644 (file)
index 0000000..5715d82
--- /dev/null
+++ b/hugo/static/wp-uploads/selfsigned+san/settings.conf
@@ -0,0 +1,8 @@
+DEFAULT_PASSWORD=confidential
+DEFAULT_VALIDITY=365
+
+OU=security
+O=juplo
+L=Juist
+ST=Niedersachsen
+C=DE

diff --git a/hugo/static/wp-uploads/zookeeper+tls/README.sh b/hugo/static/wp-uploads/zookeeper+tls/README.sh
new file mode 100755 (executable)
index 0000000..efe60ab
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/README.sh
@@ -0,0 +1,217 @@
+#!/bin/bash
+#
+# Example-script to show, how to encrypt the communication between two
+# Kafka-brokers and a standalone ZooKeeper
+#
+# Usage:
+# ./README.sh         -- Download Kafka/ZooKeeper, create the needed
+#                        certificates and start a ZooKeeper and two brokers
+#                        --------
+#                        Will not shut down the services, so that one can
+#                        experiment with single commands from this example.
+#                        Can be run multiple times: certificates are only
+#                        recreated and services are only restart, if they were
+#                        removed / stopped
+# ./README.sh stop    -- Stop the standalone ZooKeeper and the two brokers
+# ./README.sh cleanup -- Stop the standalone ZooKeeper and the two brokers,
+#                        then remove all data, the created certificates and
+#                        the written logs (does not remove dowloaded data)
+
+
+ZOOKEEPER_DOWNLOAD=http://ftp.fau.de/apache/zookeeper/zookeeper-3.5.5/apache-zookeeper-3.5.5-bin.tar.gz
+ZOOKEEPER_DIR=apache-zookeeper-3.5.5-bin
+KAFKA_DOWNLOAD=http://ftp.fau.de/apache/kafka/2.3.0/kafka_2.12-2.3.0.tgz
+KAFKA_DIR=kafka_2.12-2.3.0
+
+PASSWORD=confidential
+
+
+# Stops all services (Kafka and ZooKeeper)
+#
+function stop
+{
+  if [ -a ZOOKEEPER ]
+  then
+    ZOOPIDFILE=ZOOKEEPER $ZOOKEEPER_DIR/bin/zkServer.sh --config . stop
+  fi
+  if [ -a KAFKA-1 ]
+  then
+    kill $(cat KAFKA-1)
+    rm -f KAFKA-1
+  fi
+  if [ -a KAFKA-2 ]
+  then
+    kill $(cat KAFKA-2)
+    rm -f KAFKA-2
+  fi
+
+  if [ -a CONSUMER ]
+  then
+    kill $(cat CONSUMER)
+    rm -f CONSUMER
+  fi
+  if [ -a PRODUCER ]
+  then
+    kill $(cat PRODUCER)
+    rm -f PRODUCER
+  fi
+}
+
+
+# Stops all services (Kafka/ZooKeeper)
+#
+if [ "$1" = "stop" ]
+then
+  stop
+  exit
+fi
+
+# Removes data, certificates and logs (does not remove the downloads)
+#
+if [ "$1" = "cleanup" ]
+then
+
+  stop
+
+  rm -rvf /tmp/zookeeper
+  rm -rvf /tmp/kafka-1-logs
+  rm -rvf /tmp/kafka-2-logs
+
+  rm -rfv *.log *.out ca-cert* ca-key *.jks
+
+  exit
+
+fi
+
+
+if [ -x "$ZOOKEEPER_DIR" ];
+then
+  echo "Version 3.5.5 of Apache ZooKeeper already downloaded";
+else
+  echo "Downloading version 3.5.5 of Apache ZooKeeper...";
+  curl -sc - $ZOOKEEPER_DOWNLOAD | tar -xzv
+  cp -av $ZOOKEEPER_DIR/conf/log4j.properties ./
+fi
+
+if [ -x "$KAFKA_DIR" ];
+then
+  echo "Version 2.3.0 of Apache Kafka already downloaded";
+else
+  echo "Downloading version 2.3.0 of Apache Kafka...";
+  curl -sc - $KAFKA_DOWNLOAD | tar -xzv
+  echo "Replacing ZooKeeper-libs in Kafka with versions from 3.5.5..."
+  rm -v $KAFKA_DIR/libs/zookeeper-3.4.14.jar
+  cp -av $ZOOKEEPER_DIR/lib/zookeeper-3.5.5.jar $KAFKA_DIR/libs/
+  cp -av $ZOOKEEPER_DIR/lib/zookeeper-jute-3.5.5.jar $KAFKA_DIR/libs/
+  cp -av $ZOOKEEPER_DIR/lib/netty-all-4.1.29.Final.jar $KAFKA_DIR/libs/
+  echo "Only needed for ZooKeeper-CLI-clients (for example zookeeper-shell.sh):"
+  cp -av $ZOOKEEPER_DIR/lib/commons-cli-1.2.jar $KAFKA_DIR/libs/
+fi
+
+
+./create-certs.sh
+
+
+if [ -a ZOOKEEPER ]
+then
+  echo "zookeeper is already running!"
+else
+  echo "Starting zookeeper on port 2128..."
+  (
+    ZOOPIDFILE=ZOOKEEPER $ZOOKEEPER_DIR/bin/zkServer.sh --config . start
+  )
+fi
+
+if [ -a KAFKA-1 ]
+then
+  echo "kafka-1 is already running!"
+else
+  echo "Starting kafka-1 on port 9193/9194..."
+  (
+    export KAFKA_OPTS="
+      -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+      -Dzookeeper.client.secure=true
+      -Dzookeeper.ssl.keyStore.location=kafka-1.jks
+      -Dzookeeper.ssl.keyStore.password=$PASSWORD
+      -Dzookeeper.ssl.trustStore.location=truststore.jks
+      -Dzookeeper.ssl.trustStore.password=$PASSWORD
+    "
+    $KAFKA_DIR/bin/kafka-server-start.sh kafka-1.properties & echo $! > KAFKA-1
+  ) > kafka-1.log &
+fi
+if [ -a KAFKA-2 ]
+then
+  echo "kafka-2 is already running!"
+else
+  echo "Starting kafka-2 on port 9293/9294..."
+  (
+    export KAFKA_OPTS="
+      -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+      -Dzookeeper.client.secure=true
+      -Dzookeeper.ssl.keyStore.location=kafka-2.jks
+      -Dzookeeper.ssl.keyStore.password=$PASSWORD
+      -Dzookeeper.ssl.trustStore.location=truststore.jks
+      -Dzookeeper.ssl.trustStore.password=$PASSWORD
+    "
+    $KAFKA_DIR/bin/kafka-server-start.sh kafka-2.properties & echo $! > KAFKA-2
+  ) > kafka-2.log &
+fi
+
+
+while ! nc -w1 kafka-1 9193; do echo "Waiting for kafka-1..."; sleep 1; done
+while ! nc -w1 kafka-1 9293; do echo "Waiting for kafka-2..."; sleep 1; done
+
+# Creates topic "test", if it does not exist already
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+  export KAFKA_OPTS="
+    -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+    -Dzookeeper.client.secure=true
+    -Dzookeeper.ssl.keyStore.location=client.jks
+    -Dzookeeper.ssl.keyStore.password=$PASSWORD
+    -Dzookeeper.ssl.trustStore.location=truststore.jks
+    -Dzookeeper.ssl.trustStore.password=$PASSWORD
+  "
+  $KAFKA_DIR/bin/kafka-topics.sh --zookeeper zookeeper:2182 --if-not-exists --create --topic test --partitions 1 --replication-factor 2
+)
+# Prints information about topic "test"
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+  export KAFKA_OPTS="
+    -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+    -Dzookeeper.client.secure=true
+    -Dzookeeper.ssl.keyStore.location=client.jks
+    -Dzookeeper.ssl.keyStore.password=$PASSWORD
+    -Dzookeeper.ssl.trustStore.location=truststore.jks
+    -Dzookeeper.ssl.trustStore.password=$PASSWORD
+  "
+  $KAFKA_DIR/bin/kafka-topics.sh --zookeeper zookeeper:2182 --describe --topic test
+)
+
+# Starts a console-consumer, that reads 3 messages from the topic "test"
+# See consumer.config for the configuration of the SSL-encryption
+{ $KAFKA_DIR/bin/kafka-console-consumer.sh --bootstrap-server kafka-1:9194 --consumer.config consumer.config --topic test --from-beginning --max-messages 3 & echo $! > CONSUMER ; } |& tee consumer.log &
+echo "Started consumer with PID $(cat CONSUMER)"
+
+# Starts a console-consumer, that writes some messages to the topic "test"
+# See producer.config for the configuration of the SSL-encryption
+{ echo -e "Foo\nBar\nFooBar\n" | $KAFKA_DIR/bin/kafka-console-producer.sh --broker-list kafka-1:9194 --producer.config producer.config --topic test & echo $! > PRODUCER ; } |& tee producer.log &
+echo "Started producer with PID $(cat PRODUCER)"
+
+echo "Waiting for consumer/producer..."
+wait
+rm -f PRODUCER CONSUMER
+
+# Connect to ZooKeeper and get some informations about the broker 1
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+  export KAFKA_OPTS="
+    -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+    -Dzookeeper.client.secure=true
+    -Dzookeeper.ssl.keyStore.location=client.jks
+    -Dzookeeper.ssl.keyStore.password=$PASSWORD
+    -Dzookeeper.ssl.trustStore.location=truststore.jks
+    -Dzookeeper.ssl.trustStore.password=$PASSWORD
+  "
+  $KAFKA_DIR/bin/zookeeper-shell.sh  zookeeper:2182 get /brokers/ids/1
+)

diff --git a/hugo/static/wp-uploads/zookeeper+tls/consumer.config b/hugo/static/wp-uploads/zookeeper+tls/consumer.config
new file mode 100644 (file)
index 0000000..960ae66
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/consumer.config
@@ -0,0 +1,5 @@
+security.protocol=SASL_SSL
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="pw4consumer";
+sasl.mechanism=PLAIN
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential

diff --git a/hugo/static/wp-uploads/zookeeper+tls/create-certs.sh b/hugo/static/wp-uploads/zookeeper+tls/create-certs.sh
new file mode 100755 (executable)
index 0000000..a989bf7
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/create-certs.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Example-script to show, how to set up a self-signed CA
+#
+# Usage:
+# ./create-certs.sh
+
+VALIDITY=365
+PASSWORD=confidential
+if [ -a ca-cert ];
+then
+  echo "The root-certificate for the CA already exists...";
+else
+  echo "Creating a x509-certificate for the CA...";
+  openssl req -new -x509 -subj "/C=DE/ST=NRW/L=MS/O=trion/OU=kafka/CN=Root-CA" -keyout ca-key -out ca-cert -days $VALIDITY -passout pass:$PASSWORD
+fi
+#
+
+if [ -a truststore.jks ];
+then
+  echo "The keystore truststore.jks already exists!";
+else
+  echo "Importing the root-certificate of the CA into truststore.jks..."
+  keytool -keystore truststore.jks -storepass $PASSWORD -alias CARoot -import -file ca-cert -noprompt
+fi
+
+
+# Generating certificates for the standalone ZooKeeper, an example CLI-client
+# and the two Kafka-Brokers
+./gencert.sh zookeeper
+./gencert.sh client
+./gencert.sh kafka-1
+./gencert.sh kafka-2

diff --git a/hugo/static/wp-uploads/zookeeper+tls/gencert.sh b/hugo/static/wp-uploads/zookeeper+tls/gencert.sh
new file mode 100755 (executable)
index 0000000..dbdd032
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/gencert.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Example-script to show, how to create and sign a selfsigned certificate, that
+# contains multiple DNS-entries (SAN-extension)
+#
+# Usage:
+# ./gencert.sh NAME
+
+VALIDITY=365
+PASSWORD=confidential
+
+if [ -a $1.jks ];
+then
+  echo "The keystore $1.jks already exists";
+  exit;
+fi
+
+echo "Creating keystore $1.jks with a certificate and a key-pair for CN $1"
+keytool -keystore $1.jks -alias $1 -validity $VALIDITY -genkey -storepass $PASSWORD -keypass $PASSWORD -dname "CN=$1,OU=kafka,O=trion,L=MS,ST=NRW,C=DE"
+echo "Creating a Certificate-Signing-Request for the generated certificate"
+keytool -keystore $1.jks -alias $1 -certreq -file cert-file -storepass $PASSWORD
+echo "Signing the Certificate-Signing-Request and adding an additional DNS-entry for localhost"
+openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASSWORD -extensions SAN -extfile <(printf "\n[SAN]\nsubjectAltName=DNS:$1,DNS:localhost")
+echo "Importing the root-certificate for the CA into the keystore $1.jks"
+keytool -keystore $1.jks -alias CARoot -import -file ca-cert -storepass $PASSWORD -noprompt
+echo "Importing the signed certificate for CN $1 into the keystore $1.jks"
+keytool -keystore $1.jks -alias $1 -import -file cert-signed -storepass $PASSWORD
+echo "Removing obsolet files..."
+rm -v cert-file cert-signed
+
+

diff --git a/hugo/static/wp-uploads/zookeeper+tls/java.env b/hugo/static/wp-uploads/zookeeper+tls/java.env
new file mode 100644 (file)
index 0000000..e3ebca6
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/java.env
@@ -0,0 +1,2 @@
+SERVER_JVMFLAGS="-Xms512m -Xmx512m -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory"
+ZOO_LOG_DIR=.

diff --git a/hugo/static/wp-uploads/zookeeper+tls/kafka-1.properties b/hugo/static/wp-uploads/zookeeper+tls/kafka-1.properties
new file mode 100644 (file)
index 0000000..1e7c305
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/kafka-1.properties
@@ -0,0 +1,17 @@
+broker.id=1
+zookeeper.connect=zookeeper:2182
+listeners=SSL://kafka-1:9193,SASL_SSL://kafka-1:9194
+security.inter.broker.protocol=SSL
+ssl.client.auth=required
+ssl.keystore.location=kafka-1.jks
+ssl.keystore.password=confidential
+ssl.key.password=confidential
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
+listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_consumer="pw4consumer" user_producer="pw4producer";
+sasl.enabled.mechanisms=PLAIN
+
+log.dirs=/tmp/kafka-1-logs
+offsets.topic.replication.factor=2
+transaction.state.log.replication.factor=2
+transaction.state.log.min.isr=2

diff --git a/hugo/static/wp-uploads/zookeeper+tls/kafka-2.properties b/hugo/static/wp-uploads/zookeeper+tls/kafka-2.properties
new file mode 100644 (file)
index 0000000..ec53f9b
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/kafka-2.properties
@@ -0,0 +1,17 @@
+broker.id=2
+zookeeper.connect=zookeeper:2182
+listeners=SSL://kafka-2:9293,SASL_SSL://kafka-2:9294
+security.inter.broker.protocol=SSL
+ssl.client.auth=required
+ssl.keystore.location=kafka-2.jks
+ssl.keystore.password=confidential
+ssl.key.password=confidential
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
+listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_consumer="pw4consumer" user_producer="pw4producer";
+sasl.enabled.mechanisms=PLAIN
+
+log.dirs=/tmp/kafka-2-logs
+offsets.topic.replication.factor=2
+transaction.state.log.replication.factor=2
+transaction.state.log.min.isr=2

diff --git a/hugo/static/wp-uploads/zookeeper+tls/producer.config b/hugo/static/wp-uploads/zookeeper+tls/producer.config
new file mode 100644 (file)
index 0000000..5809edf
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/producer.config
@@ -0,0 +1,5 @@
+security.protocol=SASL_SSL
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="producer" password="pw4producer";
+sasl.mechanism=PLAIN
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential

diff --git a/hugo/static/wp-uploads/zookeeper+tls/zoo.cfg b/hugo/static/wp-uploads/zookeeper+tls/zoo.cfg
new file mode 100644 (file)
index 0000000..ad80add
--- /dev/null
+++ b/hugo/static/wp-uploads/zookeeper+tls/zoo.cfg
@@ -0,0 +1,8 @@
+dataDir=/tmp/zookeeper
+secureClientPort=2182
+maxClientCnxns=0
+authProvider.1=org.apache.zookeeper.server.auth.X509AuthenticationProvider
+ssl.keyStore.location=zookeeper.jks
+ssl.keyStore.password=confidential
+ssl.trustStore.location=truststore.jks
+ssl.trustStore.password=confidential