Installation

Kafka deployment

Deploying a single-node Kafka cluster with schema registry in Docker
(this procedure should work generaly on any Linux with some modifications)

Kafka can be deployed on a standalone VM

External Kafka
as well as on XorMon NG appliance.
Kafka on Xormon Appliance

Read before proceeding!

This procedure is intended for testing SANnav monitoring in XorMon NG.
The solution described in this guide comes without any guarantee or support.

Table of Contents

Prerequisites

Disable SELinux and reboot (as root)

RedHat/Rocky Linux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
reboot

Update OS and Install additional packages (as root)

Debian
apt clean; apt update
apt upgrade
apt install bash-completion wget bind9-utils tar jq curl ca-certificates
RedHat/Rocky Linux
dnf clean all; dnf update
dnf install bash-completion wget bind-utils tar jq curl nmap-ncat

Disable or configure firewall (as root)

Required ports
    XorMon NG - SANnav
    • API TCP/443
    SANnav - Kafka
    • Schema registry TCP/8081
    • Kafka broker TCP/9093
    XorMon NG - Kafka
    • Schema registry TCP/8081
    • Kafka broker TCP/9092 and TCP/9093

Debian
Disable UFW
ufw disable
Configure UFW
# Kafka NB
ufw allow 8081/tcp
ufw allow 9092/tcp
ufw allow 9093/tcp

# XorMon NG
ufw allow 8081/tcp
ufw allow 9092/tcp

RedHat/Rocky Linux
Disable firewalld
systemctl stop firewalld; systemctl disable firewalld
Configure firewalld
# Kafka NB
firewall-cmd --zone= --add-port=8081/tcp --permanent
firewall-cmd --zone= --add-port=9092/tcp --permanent
firewall-cmd --zone= --add-port=9093/tcp --permanent
firewall-cmd --reload

# XorMon NG
firewall-cmd --zone= --add-port=8081/tcp --permanent
firewall-cmd --zone= --add-port=9092/tcp --permanent
firewall-cmd --reload

Install Docker Engine (as root)

Debian
See https://docs.docker.com/engine/install/debian/ for current procedure. 
# remove old versions
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

# add Docker's official GPG key
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# add the repository to Apt sources
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update

# install latest version
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# enable and start Docker engine
systemctl enable --now docker

# verify installation
docker run hello-world
RedHat/Rocky Linux
See https://docs.docker.com/engine/install/rhel/ for current procedure. 
# remove old versions
dnf remove docker \
  docker-client \
  docker-client-latest \
  docker-common \
  docker-latest \
  docker-latest-logrotate \
  docker-logrotate \
  docker-engine \
  podman \
  runc

# setup repository
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

# install latest version
dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# enable and start Docker engine
systemctl enable --now docker

# verify installation
docker run hello-world

Create user kafkanb (as root)

Debian
adduser --group kafkanb
adduser --ingroup kafkanb kafkanb
usermod -a -G docker kafkanb
RedHat/Rocky Linux
groupadd kafkanb
useradd -m -g kafkanb -G docker kafkanb
passwd kafkanb

Kafka deployment

Perform following steps a user kafkanb

Login as kafkanb

su - kafkanb

Download and unpack depolyment scripts

cd /home/kafkanb
wget https://download.xormon.com/kafkanb.tgz
tar zxvf kafkanb.tgz
chown -R kafkanb:kafkanb kafkanb
rm -f kafkanb.tgz

Deploy and register Kafka NB (as kafkanb)

  • Create configuration
    Following script will create /home/kafkanb/kafkanb/etc/kafkanb direcotry and populate it with necessary configuration files.
    You will have to confirm or enter the local host's IP address. 
    cd /home/kafkanb/kafkanb/bin
./kafka_configure.sh
  • Deploy containers
    This script will create /home/kafkanb/kafkanb/kafkanb-run direcotry, pull required images from Docker Hub and start Kafka NB containers. 
    cd /home/kafkanb/kafkanb/bin
./kafka_deploy.sh
  • Check containers' status after a minute
    All three containers have to be up and running. 
    docker ps

CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS          PORTS                                        NAMES
92da81c54966   confluentinc/cp-schema-registry:latest   "/etc/confluent/dock…"   51 minutes ago   Up 50 minutes   0.0.0.0:8081->8081/tcp                       kafkanb_schema_registry
ce727dac41c8   confluentinc/cp-kafka:latest             "/etc/confluent/dock…"   51 minutes ago   Up 50 minutes   0.0.0.0:9092-9093->9092-9093/tcp             kafkanb_broker
7cd3f1437dd6   confluentinc/cp-zookeeper:latest         "/etc/confluent/dock…"   51 minutes ago   Up 51 minutes   2888/tcp, 0.0.0.0:2181->2181/tcp, 3888/tcp   kafkanb_zookeeper
  • Register Kafka NB in SANnav
    Following script will register Kafks NB server in SANnav.
    It requires SANnav IP addres and administrator credentials.
    It may also require confirmation of the local host's IP address. 
    cd /home/kafkanb/kafkanb/bin
./kafka_register.sh

Management Scripts

The /home/kafkanb/kafkanb/bin directory contains several useful scripts for administering the Kafka NB server.

  • kafka_deploy.sh

    Creates and starts docker containers with Kafka northbound server during initial installation.
    Creates /home/kafkanb/kafkanb/kafkanb-run directory.
    You can use this script to re-deploy Kafka NB server if necessary.

  • kafka_register.sh

    Registers Kafka NB server to SANnav.
    Requires SANnav IP addres and administrator credentials.
    It may also require confirmation of the local host's IP address.

  • kafka_listnb.sh

    Lists northbound servers registered to SANnav.

  • kafka_stop.sh

    Stops Kafka NB containers without removing them.

  • kafka_start.sh

    Starts previously stopped Kafka NB containers.

  • kafka_unregister.sh

    Removes previously registered Kafka NB server from SANnav.

  • kafka_delete.sh

    Force stops and deletes Kafka NB containers.
    Removes /home/kafkanb/kafkanb/kafkanb-run directory.

Basic Troubleshooting

  • Check log the file: /home/kafkanb/kafkanb/logs/kafkanb.log

  • Check Kafka NB containers' status

    All three containers must be Up 

    docker ps

CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS          PORTS                                        NAMES
92da81c54966   confluentinc/cp-schema-registry:latest   "/etc/confluent/dock…"   51 minutes ago   Up 50 minutes   0.0.0.0:8081->8081/tcp                       kafkanb_schema_registry
ce727dac41c8   confluentinc/cp-kafka:latest             "/etc/confluent/dock…"   51 minutes ago   Up 50 minutes   0.0.0.0:9092-9093->9092-9093/tcp             kafkanb_broker
7cd3f1437dd6   confluentinc/cp-zookeeper:latest         "/etc/confluent/dock…"   51 minutes ago   Up 51 minutes   2888/tcp, 0.0.0.0:2181->2181/tcp, 3888/tcp   kafkanb_zookeeper
  • List northbound servers registered in SANnav

    • kafkaClusterUrl and schemaRegistryUrl must match XorMon NG host's IP address

    • FC Port and Switch streams must be enabled: streamState: 1

    /home/kafkanb/kafkanb/bin/kafka_listnb.sh

# SANnav IP address, user and password
Make sure user SANnav user has a priviledge to register and manage Northbound servers
SANnav IP address [192.168.0.10]:
SANnav username [Administrator]:
SANnav password:
[
  {
    "name": "kafka4stor",
    "kafkaClusterUrl": "192.168.0.24:9093",
    "schemaRegistryUrl": "http://192.168.0.24:8081",
    "caPublicCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMVENDQWhXZ0F3SUJBZ0lVYmxJa0Z5R3pnWTRUelNJZTVvU2tTZTA3b1Rzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRU9NQXdHQTFVRUNnd0ZXRzl5ZFhneEZEQVNCZ05WQkFNTUMxaHZjblY0SUV0aFptdGhNQjRYRFRJeQpNRFl5TWpFME1EWTFORm9YRFRNeU1EWXhPVEUwTURZMU5Gb3dKakVPTUF3R0ExVUVDZ3dGV0c5eWRYZ3hGREFTCkJnTlZCQU1NQzFodmNuVjRJRXRoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQW96cHl1WmlCcjdFK3NMeDgxWkcvdXZ1V2M2eHlsbXY4WE1ZVlgvSnlkU2Y4TE82czlkSkd0WTBBVXZOYwpuK3V6VFZITnNZbDhwczN1eW1sVDF6MXJzY3JYQXlhRDBMTmtKZFRTVG02SEpCT2czSzE5Yk1hMXBFUVd1b0k1CkFBTHFtK1ZDWnRodXZGVkdLZWI0MncxR2NlNlhsVTdWWEpkcGx2eFdRUDFmdjN6QVF6ckRQS0RTcStQMUhablYKZ2l4T2V1S1FkMFFIS3NQb1lSeStoS1Iyc2NjUis3a0xYTXJtRFIvMnA3OWlZR2U4SzN1US9INmc3MTNGakdlSgpNWi9ocHZoWHFxL2J2cjhlQm92VUdRSjRJOXRGSHQyWG9SWVpHaWVjU25GdE1rOFNCZUV6am52SzRFTTlQcm1zClBHM0RRMTdtOUZQclpKMkYvYk1tcERpQ2h3SURBUUFCbzFNd1VUQWRCZ05WSFE0RUZnUVU2QmhYUXdqbGdjZ28KWmhGeHlSMnpoM3pLczlBd0h3WURWUjBqQkJnd0ZvQVU2QmhYUXdqbGdjZ29aaEZ4eVIyemgzektzOUF3RHdZRApWUjBUQVFIL0JBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW5UbkVuVk81RUljTWNlaitiMkhNCkFLVGxmd3c3bXBLc2N0QTN0SXNnOEFuZnVFSTZaaFBueTFKdGkwVC9abHY2clJnanBnaUF3TmV4bFdwK25vUVcKUjQybm92aDRNanZqTFBrU1d1OHdlR0w3SUM3aFhiTlYrYVhpWjZUNFAydGFDVk1UNyQ0R6djY4SUo4NkRGZApkMWJW42NUNRVGtEWFdiZW9PZTempXcUhVbnM0TDIrY2VJMDZDFndkdlMTRoWlMkR3OFdZemJpWHpxCm9TlYTmRMTTlFYkgwV2aXNCVllTUnc1M1RJMmZ0dOVlZBYmZxYnNFdnNE55b0daNldsaEx0ZraVgKQzRIMEhiVaZHFyNW13MzV6YUwxdFQld6TFlONWNQbkFQNEUDJ4ZUpyNmV2TmFaa3ZmVnVyRjJ5F2MworUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=",
    "id": 18,
    "connectionState": 0,
    "connectionStateReason": "SANnav successfully connected to Northbound Server.",
    "streamDetails": [
      {
        "streamType": 1,
        "streamName": "FC Port",
        "streamState": 1
      },
      {
        "streamType": 2,
        "streamName": "Eth/GigE Port",
        "streamState": 0
      },
      {
        "streamType": 3,
        "streamName": "Extension Tunnel/Circuit",
        "streamState": 0
      },
      {
        "streamType": 4,
        "streamName": "Switch",
        "streamState": 1
      },
      {
        "streamType": 5,
        "streamName": "Flow",
        "streamState": 0
      }
    ]
  }
]