![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/1-before.png\")
<\/p>\nYou have an IBM MQ queue manager. An application is putting messages to a command queue. Another application gets these messages from the queue and takes actions in response.<\/p>\n
<\/p>\n
You want multiple separate audit applications to be able to review the commands that go through the command queue.<\/p>\n
They should be able to replay a history of these command messages as many times as they want.<\/p>\n
This must not impact the application that is currently getting the messages from the queue.<\/p>\n
![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/2-objective.png\")
<\/p>\n
You can use Streaming Queues to make a duplicate of every message put to the command queue to a separate copy queue.<\/p>\n
This copy queue can be used to feed a connector that can produce every message to a Kafka topic. This Kafka topic can be used by audit applications<\/p>\n
![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/3-solution.png\")
<\/p>\n
The final solution works like this:<\/p>\n
![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/4-details.png\")
<\/p>\n
Putter<\/code> puts messages onto an IBM MQ queue called COMMANDS<\/code><\/li>\n- For the purposes of this demo, a development-instance of LDAP is used to authenticate access to IBM MQ<\/li>\n
- A JMS application called
Getter<\/code> gets messages from the COMMANDS<\/code> queue<\/li>\n- Copies of every message put to the COMMANDS queue will be made to the
COMMANDS.COPY<\/code> queue<\/li>\n- A Connector will get every message from the COMMANDS.COPY queue<\/li>\n
- The Connector transforms each JMS message into a string, and produces it to the
MQ.COMMANDS<\/code> Kafka topic<\/li>\n- A Java application called
Audit<\/code> can replay the history of all messages on the Kafka topic<\/li>\n<\/ol>\n<\/p>\n
\n\n\n- Summary\n
\n- Scenario<\/a><\/li>\n
- Objective<\/a><\/li>\n
- Solution<\/a><\/li>\n
- Details<\/a><\/li>\n<\/ul>\n<\/li>\n
- Instructions<\/a>\n
\n- Pre-requisites<\/a><\/li>\n
- Setup IBM MQ\n
\n- Setup LDAP<\/a><\/li>\n
- Generate certificates<\/a><\/li>\n
- Install the MQ Operator<\/a><\/li>\n
- Create the queue manager<\/a><\/li>\n<\/ul>\n<\/li>\n
- JMS applications\n
\n- Setup the JMS apps<\/a><\/li>\n
- Verify the initial scenario<\/a><\/li>\n<\/ul>\n<\/li>\n
- Setup IBM Event Streams\n
\n- Install the Event Streams Operator<\/a><\/li>\n
- Create the Kafka cluster<\/a><\/li>\n
- Setup the MQ\/Kafka Connector<\/a><\/li>\n<\/ul>\n<\/li>\n
- Audit applications\n
\n- Setup the Kafka Java app<\/a><\/li>\n
- Demo the whole solution<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n
Instructions<\/h1>\nPre-requisites<\/h2>\n
If you want to create the entire end-to-end demo solution as described above from scratch, you can simply follow the instructions below.<\/p>\n
You will need:<\/p>\n
\n- a Red Hat OpenShift cluster<\/li>\n
- on your local machine:\n
\n- the OpenShift
oc<\/code> CLI<\/a>, logged into your cluster<\/li>\ngsed<\/code><\/a><\/li>\ndocker<\/code> CLI<\/li>\nJava<\/code> for compiling and running the test applications<\/li>\nmvn<\/code> for building the test applications<\/li>\n- a copy of the mq-kafka-connect-tutorial<\/a> repository from Github<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
The instructions below are broken into sections, so if you instead want to use this tutorial as the basis for adding to an existing scenario (e.g. you already have an IBM MQ queue and want to add Kafka) you can just choose the relative sections to follow.<\/p>\n
Setup IBM MQ<\/h2>\nSetup LDAP<\/h3>\n
Install an development LDAP server that will manage user identities for the IBM MQ queue manager.<\/strong><\/p>\n.\/01-install-ldap\/setup.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-ldap.png\")
<\/p>\n
Two user identities are defined in config.yaml<\/a>:<\/p>\nmquser<\/code> that will be used by our JMS MQ applications<\/p>\ndn: uid=mquser,ou=people,dc=ibm,dc=com\nobjectClass: inetOrgPerson\nobjectClass: organizationalPerson\nobjectClass: person\nobjectClass: top\ncn: mquserCN\nsn: mquserSN\nuid: mquser\nuserPassword: mquserpassword<\/pre>\nkafkauser<\/code> that will be used later by the Kafka Connector<\/p>\ndn: uid=kafkauser,ou=people,dc=ibm,dc=com\nobjectClass: inetOrgPerson\nobjectClass: organizationalPerson\nobjectClass: person\nobjectClass: top\ncn: kafkauserCN\nsn: kafkauserSN\nuid: kafkauser\nuserPassword: kafkapassword<\/pre>\nGenerate certificates<\/h3>\n
Generate a new self-signed CA, and use it to create certificates for the MQ queue manager, the JMS MQ client apps, and the Kafka Connector.<\/strong><\/p>\n.\/02-generate-certs\/generate.sh<\/pre>\nThe JMS client and Kafka Connector certificates are added to the queue manager’s keystore so that it will accept connections from them.<\/p>\n
Ths certificate generation is all done in a Docker container to reduce the number of dependencies you need locally.<\/p>\n
Running this will create:<\/p>\n
\nstreamingdemo-ca<\/code> files – with the CA used to sign all certs in the tutorial demo<\/li>\nstreamingdemo-jms-client<\/code> files – used by the JMS applications<\/li>\nstreamingdemo-kafka-client<\/code> files – used by the Kafka Connect connector for connecting to IBM MQ<\/li>\nstreamingdemo-mq-server<\/code> files – used by the IBM MQ queue manager<\/li>\n<\/ul>\nInstall the MQ Operator<\/h3>\n
Install the MQ Operator that will manage your IBM MQ queue manager.<\/strong><\/p>\n.\/03-install-mq-operator\/setup.sh<\/pre>\nThe tutorial script uses a specific channel for the MQ Operator that is supported on OpenShift 4.8 and earlier. You may want to do this step manually<\/a> if you want to choose a different version.<\/p>\nCreate the queue manager<\/h3>\n
Create and configure the queue manager to prepare it for using with the JMS applications<\/strong><\/p>\nexport IBM_ENTITLEMENT_KEY=yourentitlementkey\n.\/04-create-queue-manager\/setup.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-mq.png\")
<\/p>\n
BEFORE<\/strong> running this, you will need to set an environment variable with an Entitled Registry key from myibm.ibm.com<\/a><\/p>\nThe queue manager config is contained in the qmgr-setup<\/a> ConfigMap which:<\/p>\nCreates the COMMANDS<\/code> queue that the JMS applications will use<\/p>\nDEFINE QLOCAL(COMMANDS) REPLACE<\/pre>\nCreates the APP.SVRCONN<\/code> channel that the JMS applications will use<\/p>\nDEFINE CHANNEL(APP.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP) SSLCAUTH(OPTIONAL) SSLCIPH('ANY_TLS12_OR_HIGHER') REPLACE<\/pre>\nSets up security so that the JMS applications have to use the mquser<\/code> username \/ password defined in LDAP previously<\/a><\/p>\nSET CHLAUTH(APP.SVRCONN) TYPE(BLOCKUSER) USERLIST(*MQUSER) WARN(YES) ACTION(REPLACE)\n\nREFRESH SECURITY\n\nSET AUTHREC OBJTYPE(QMGR) GROUP('mqusers') AUTHADD(ALL)\nSET AUTHREC OBJTYPE(QUEUE) PROFILE('**') GROUP('mqusers') AUTHADD(ALL)\nSET AUTHREC OBJTYPE(CHANNEL) PROFILE('**') GROUP('mqusers') AUTHADD(ALL)<\/pre>\nJMS applications<\/h2>\nSetup the JMS apps<\/h3>\n
Compile the JMS Putter and Getter applications<\/strong><\/p>\n.\/05-jms-apps\/build-apps.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-jms.png\")
<\/p>\n
The config for the apps is contained in Config.java<\/a>.<\/p>\nThe HOST<\/code> constant is modified by the build-apps.sh<\/code> script to match the hostname for your queue manager.<\/p>\npublic static final String HOST = \"PLACEHOLDERHOSTNAME\";\npublic static final String QMGRNAME = \"MYQMGR\";\npublic static final String CHANNEL = \"APP.SVRCONN\";\npublic static final String QUEUE = \"COMMANDS\";\npublic static final String CIPHER = \"ECDHE_RSA_AES_128_CBC_SHA256\";<\/pre>\nThe truststore and keystore values set in Java system properties are the files created previously<\/a>.<\/p>\nSystem.setProperty(\"javax.net.ssl.trustStore\", \"..\/02-generate-certs\/certs\/streamingdemo-ca.jks\" );\nSystem.setProperty(\"javax.net.ssl.keyStore\", \"..\/02-generate-certs\/certs\/streamingdemo-jms-client.jks\" );\nSystem.setProperty(\"javax.net.ssl.keyStorePassword\", \"passw0rd\" );\nSystem.setProperty(\"com.ibm.mq.cfg.useIBMCipherMappings\", \"false\");<\/pre>\nVerify the initial scenario<\/h3>\n
Send messages to the COMMANDS queue<\/strong><\/p>\n.\/05-jms-apps\/run-putter.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-put.png\")
<\/p>\n
The Putter<\/a> application puts five messages onto the COMMANDS queue and then terminates.<\/p>\nsendMessage(\"Perform the first action A\", session, producer);\nsendMessage(\"Perform a second action B\", session, producer);\nsendMessage(\"Perform the third action C\", session, producer);\nsendMessage(\"Perform some penultimate fourth action D\", session, producer);\nsendMessage(\"Perform a fifth and final action E\", session, producer);<\/pre>\nVerify the messages from the MQ web console<\/strong><\/p>\n.\/05-jms-apps\/access-mq-console.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/mq-console-messages.png\")
<\/p>\n
Click through to the COMMANDS<\/code> queue, and you should see the five messages that the Putter<\/code> app put.<\/p>\nGet messages from the COMMANDS queue<\/strong><\/p>\n.\/05-jms-apps\/run-getter.sh<\/pre>\nThis will get messages from the COMMANDS<\/code> queue, and write them to the console.<\/p>\n----------------------------------------\nGetting messages from the COMMANDS queue\n----------------------------------------\n\n JMSMessage class: jms_text\n JMSType: null\n JMSDeliveryMode: 2\n JMSDeliveryDelay: 0\n JMSDeliveryTime: 0\n JMSExpiration: 0\n JMSPriority: 4\n JMSMessageID: ID:414d51204d59514d47522020202020207abdc96201310040\n JMSTimestamp: 1657388750326\n JMSCorrelationID: null\n JMSDestination: queue:\/\/\/COMMANDS\n JMSReplyTo: null\n JMSRedelivered: false\n JMSXAppID: mq.samples.Putter\n JMSXDeliveryCount: 1\n JMSXUserID: mquser\n JMS_IBM_Character_Set: UTF-8\n JMS_IBM_Encoding: 273\n JMS_IBM_Format: MQSTR\n JMS_IBM_MsgType: 8\n JMS_IBM_PutApplType: 28\n JMS_IBM_PutDate: 20220709\n JMS_IBM_PutTime: 17455036\nPerform the first action A\n\n JMSMessage class: jms_text\n JMSType: null\n JMSDeliveryMode: 2\n JMSDeliveryDelay: 0\n JMSDeliveryTime: 0\n JMSExpiration: 0\n JMSPriority: 4\n JMSMessageID: ID:414d51204d59514d47522020202020207abdc96202310040\n JMSTimestamp: 1657388750351\n JMSCorrelationID: null\n JMSDestination: queue:\/\/\/COMMANDS\n JMSReplyTo: null\n JMSRedelivered: false\n JMSXAppID: mq.samples.Putter\n JMSXDeliveryCount: 1\n JMSXUserID: mquser\n JMS_IBM_Character_Set: UTF-8\n JMS_IBM_Encoding: 273\n JMS_IBM_Format: MQSTR\n JMS_IBM_MsgType: 8\n JMS_IBM_PutApplType: 28\n JMS_IBM_PutDate: 20220709\n JMS_IBM_PutTime: 17455038\nPerform a second action B\n\n JMSMessage class: jms_text\n JMSType: null\n JMSDeliveryMode: 2\n JMSDeliveryDelay: 0\n JMSDeliveryTime: 0\n JMSExpiration: 0\n JMSPriority: 4\n JMSMessageID: ID:414d51204d59514d47522020202020207abdc96203310040\n JMSTimestamp: 1657388750364\n JMSCorrelationID: null\n JMSDestination: queue:\/\/\/COMMANDS\n JMSReplyTo: null\n JMSRedelivered: false\n JMSXAppID: mq.samples.Putter\n JMSXDeliveryCount: 1\n JMSXUserID: mquser\n JMS_IBM_Character_Set: UTF-8\n JMS_IBM_Encoding: 273\n JMS_IBM_Format: MQSTR\n JMS_IBM_MsgType: 8\n JMS_IBM_PutApplType: 28\n JMS_IBM_PutDate: 20220709\n JMS_IBM_PutTime: 17455039\nPerform the third action C\n\n JMSMessage class: jms_text\n JMSType: null\n JMSDeliveryMode: 2\n JMSDeliveryDelay: 0\n JMSDeliveryTime: 0\n JMSExpiration: 0\n JMSPriority: 4\n JMSMessageID: ID:414d51204d59514d47522020202020207abdc96204310040\n JMSTimestamp: 1657388750380\n JMSCorrelationID: null\n JMSDestination: queue:\/\/\/COMMANDS\n JMSReplyTo: null\n JMSRedelivered: false\n JMSXAppID: mq.samples.Putter\n JMSXDeliveryCount: 1\n JMSXUserID: mquser\n JMS_IBM_Character_Set: UTF-8\n JMS_IBM_Encoding: 273\n JMS_IBM_Format: MQSTR\n JMS_IBM_MsgType: 8\n JMS_IBM_PutApplType: 28\n JMS_IBM_PutDate: 20220709\n JMS_IBM_PutTime: 17455040\nPerform some penultimate fourth action D\n\n JMSMessage class: jms_text\n JMSType: null\n JMSDeliveryMode: 2\n JMSDeliveryDelay: 0\n JMSDeliveryTime: 0\n JMSExpiration: 0\n JMSPriority: 4\n JMSMessageID: ID:414d51204d59514d47522020202020207abdc96205310040\n JMSTimestamp: 1657388750392\n JMSCorrelationID: null\n JMSDestination: queue:\/\/\/COMMANDS\n JMSReplyTo: null\n JMSRedelivered: false\n JMSXAppID: mq.samples.Putter\n JMSXDeliveryCount: 1\n JMSXUserID: mquser\n JMS_IBM_Character_Set: UTF-8\n JMS_IBM_Encoding: 273\n JMS_IBM_Format: MQSTR\n JMS_IBM_MsgType: 8\n JMS_IBM_PutApplType: 28\n JMS_IBM_PutDate: 20220709\n JMS_IBM_PutTime: 17455042\nPerform a fifth and final action E<\/pre>\nVerify again from the MQ web console<\/strong><\/p>\n.\/05-jms-apps\/access-mq-console.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/mq-console-emptyqueue.png\")
<\/p>\n
You should see that the COMMANDS<\/code> queue is empty, as the Getter<\/code> app has retrieved the messages.<\/p>\nSetup IBM Event Streams<\/h2>\nInstall the Event Streams Operator<\/h3>\n
Install the Event Streams Operator that will manage your Kafka cluster and Connector.<\/strong><\/p>\n.\/06-install-eventstreams-operator\/setup.sh<\/pre>\nThe tutorial script uses a specific channel for the Event Streams Operator. You may want to do this step manually<\/a> if you want to choose a different version.<\/p>\nCreate the Kafka cluster<\/h3>\n
Create and configure the Kafka cluster that will host the audit topic<\/strong><\/p>\nexport IBM_ENTITLEMENT_KEY=yourentitlementkey\n.\/07-create-kafka-cluster\/setup.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-kafka.png\")
<\/p>\n
BEFORE<\/strong> running this, you will need to set an environment variable with an Entitled Registry key from myibm.ibm.com<\/a><\/p>\nThe Kafka cluster config is contained in the EventStreams<\/a> spec:<\/p>\nCreates an internal bootstrap address that will be used by the Connector<\/p>\n
- authentication:\n type: scram-sha-512\n name: internal\n port: 9093\n tls: true\n type: internal<\/pre>\nCreates an external bootstrap address that will be used by the Audit<\/code> app you run from your local machine.<\/p>\n- authentication:\n type: scram-sha-512\n name: external\n port: 9094\n tls: true\n type: external<\/pre>\nSetup the MQ\/Kafka Connector<\/h2>\nSetup the Kafka Connector<\/h3>\n
Start a Kafka Connector that will get a copy of messages from the COMMANDS MQ queue, and produce them to the MQ.COMMANDS Kafka topic<\/strong><\/p>\n.\/08-setup-kafka-connect\/setup.sh<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-streaming.png\")
<\/p>\n
This starts by using the modify-qmgr<\/a> ConfigMap, adding a third 3-modifications.mqsc<\/code> entry to modify the MQ queue manager.<\/p>\nIt creates a new COMMANDS.COPY<\/code> queue for the Connector to use, and alters the COMMANDS queue used by the JMS apps, so that the queue manager streams a copy of all messages to it.<\/p>\nDEFINE QLOCAL(COMMANDS.COPY) REPLACE\nALTER QLOCAL(COMMANDS) STREAMQ('COMMANDS.COPY') STRMQOS(MUSTDUP)<\/pre>\nIt sets up a KAFKA.SVRCONN<\/code> channel for the Connector to use to connect to the queue manager.<\/p>\nDEFINE CHANNEL(KAFKA.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP) SSLCAUTH(OPTIONAL) SSLCIPH('ANY_TLS12_OR_HIGHER') REPLACE<\/pre>\nIt updates the queue manager security so that the Connector can access the queue using the kafkauser<\/code> username \/ password defined in LDAP previously<\/a><\/p>\nSET CHLAUTH(KAFKA.SVRCONN) TYPE(BLOCKUSER) USERLIST(*KAFKAUSER) WARN(YES) ACTION(REPLACE)\n\nREFRESH SECURITY\n\nSET AUTHREC OBJTYPE(QMGR) GROUP('kafkausers') AUTHADD(CONNECT, INQ)\nSET AUTHREC OBJTYPE(QUEUE) PROFILE(COMMANDS.COPY) GROUP('kafkausers') AUTHADD(ALLMQI)<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-kafkatopic.png\")
<\/p>\n
It creates a Kafka topic<\/a> that the Connector can produce to. The topic is configured to retain a copy of all commands that have been sent for the last 365 days.<\/p>\napiVersion: eventstreams.ibm.com\/v1beta2\nkind: KafkaTopic\nmetadata:\n labels:\n eventstreams.ibm.com\/cluster: eventstreams\n name: commands.topic\n namespace: kafka\nspec:\n config:\n min.insync.replicas: '1'\n retention.ms: '31536000000'\n partitions: 1\n replicas: 3\n topicName: MQ.COMMANDS<\/pre>\nIt generates credentials<\/a> that the Connector can use to connect to Kafka. These will be used to produce to the MQ.COMMANDS<\/code> topic, as well as to create and use topics that Kafka Connect uses to store state.<\/p>\napiVersion: eventstreams.ibm.com\/v1beta1\nkind: KafkaUser\nmetadata:\n name: kafka-connect-credentials\n namespace: kafka\n labels:\n eventstreams.ibm.com\/cluster: eventstreams\nspec:\n authentication:\n # generate username\/password for this user\n type: scram-sha-512\n authorization:\n acls:\n # ---------------------------------------\n # cluster permissions\n # ---------------------------------------\n # check existing cluster config\n - operation: DescribeConfigs\n resource:\n type: cluster\n # ---------------------------------------\n # topic permissions\n # ---------------------------------------\n # check existing topics\n - operation: DescribeConfigs\n resource:\n name: '*'\n patternType: literal\n type: topic\n # create topics (both to produce to, and to use for internal state)\n - operation: Create\n resource:\n name: '*'\n patternType: literal\n type: topic\n # consume from topics (needed to retrieve state from internal topics)\n - operation: Read\n resource:\n name: '*'\n patternType: literal\n type: topic\n # produce to topics (both writing to internal state topics and messages being produced by connectors)\n - operation: Write\n resource:\n name: '*'\n patternType: literal\n type: topic\n # ---------------------------------------\n # consumer group permissions\n # ---------------------------------------\n - operation: Read\n resource:\n name: '*'\n patternType: literal\n type: group\n # ---------------------------------------\n # transaction permissions\n # ---------------------------------------\n # create transactions\n - operation: Write\n resource:\n name: '*'\n patternType: literal\n type: transactionalId\n type: simple<\/pre>\nThe setup script<\/a> also creates secrets that store credentials and certificates that the Connector uses to connect to MQ.<\/p>\noc apply -f .\/resources\/mq-creds.yaml\n\noc create secret generic jms-client-truststore \\\n --from-file=ca.jks=..\/02-generate-certs\/certs\/streamingdemo-ca.jks \\\n --from-literal=password='passw0rd' \\\n -n kafka --dry-run=client -oyaml | oc apply -f -\n\noc create secret generic jms-client-keystore \\\n --from-file=client.jks=..\/02-generate-certs\/certs\/streamingdemo-kafka-client.jks \\\n --from-literal=password='passw0rd' \\\n -n kafka --dry-run=client -oyaml | oc apply -f -\n\noc create secret generic mq-ca-tls \\\n --from-file=ca.crt=..\/02-generate-certs\/certs\/streamingdemo-ca.crt \\\n -n kafka --dry-run=client -oyaml | oc apply -f -<\/pre>\n![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-connect.png\")
<\/p>\n
The setup script<\/a> builds a simple custom Docker image based on the Event Streams Kafka container, extended with the jar for the MQ source connector.<\/p>\nFROM cp.icr.io\/cp\/ibm-eventstreams-kafka:11.0.2\n\nUSER root\nRUN mkdir -p \/opt\/kafka\/plugins\/\nRUN curl -Lo \/opt\/kafka\/plugins\/kafka-connect-mq-source.jar https:\/\/github.com\/ibm-messaging\/kafka-connect-mq-source\/releases\/download\/v1.3.1\/kafka-connect-mq-source-1.3.1-jar-with-dependencies.jar\n\nUSER 1001<\/pre>\nThe Connect cluster definition<\/a> specifies the address for the Kafka cluster to connect to, the custom Docker image to use, and provides access to the Kafka and MQ credentials and certificates that the Connector will need.<\/p>\nimage: image-registry.openshift-image-registry.svc:5000\/kafka\/kafkaconnectwithmq:latest\n\nbootstrapServers: eventstreams-kafka-bootstrap.kafka.svc:9093\n\ntls:\n trustedCertificates:\n - secretName: eventstreams-cluster-ca-cert\n certificate: ca.crt\n - secretName: mq-ca-tls\n certificate: ca.crt\nauthentication:\n type: scram-sha-512\n username: kafka-connect-credentials\n passwordSecret:\n secretName: kafka-connect-credentials\n password: password\nexternalConfiguration:\n volumes:\n - name: mq-credentials\n secret:\n secretName: mq-credentials\n - name: jms-client-truststore\n secret:\n secretName: jms-client-truststore\n - name: jms-client-keystore\n secret:\n secretName: jms-client-keystore<\/pre>\nFinally, the setup script<\/a> starts the MQ\/Kafka connector using the mq-connector<\/a> spec.<\/p>\n# the Kafka topic to produce to\ntopic: MQ.COMMANDS\n\n# the MQ queue to get messages from\nmq.queue: COMMANDS.COPY\n\n# messages sent to the MQ queue are JMS TextMessages\nmq.message.body.jms: true\nkey.converter: org.apache.kafka.connect.storage.StringConverter\nvalue.converter: org.apache.kafka.connect.storage.StringConverter\nmq.record.builder: com.ibm.eventstreams.connect.mqsource.builders.DefaultRecordBuilder\n\n# connection details for the queue manager\nmq.queue.manager: MYQMGR\nmq.connection.name.list: queuemanager-ibm-mq.ibmmq(1414)\nmq.channel.name: KAFKA.SVRCONN\nmq.user.name: ${file:\/opt\/kafka\/external-configuration\/mq-credentials:username}\nmq.password: ${file:\/opt\/kafka\/external-configuration\/mq-credentials:password}\n\n# SSL config for connecting to MQ\nmq.ssl.use.ibm.cipher.mappings: false\nmq.ssl.cipher.suite: '*TLS12'\nmq.ssl.truststore.location: \/opt\/kafka\/external-configuration\/jms-client-truststore\/ca.jks\nmq.ssl.truststore.password: ${file:\/opt\/kafka\/external-configuration\/jms-client-truststore:password}\nmq.ssl.keystore.location: \/opt\/kafka\/external-configuration\/jms-client-keystore\/client.jks\nmq.ssl.keystore.password: ${file:\/opt\/kafka\/external-configuration\/jms-client-keystore:password}<\/pre>\nAudit applications<\/h2>\nSetup the Kafka Java app<\/h3>\n
![\"diagram\"](\"https:\/\/github.com\/dalelane\/mq-kafka-connect-tutorial\/raw\/master\/doc\/section-audit.png\")
<\/p>\n