The investigation showed you were introducing a Data-Admin-Kafka rule which used SASL authentication, but while testing the connectivity a generic message was happening suggesting a timeout scenario or error while collecting the topics metadata, which indicated that either authentication was failing or some parameters that the external brokers were expecting was not being passed as part of the client properties on Pega side.
Pega GCS provided a standalone Kafka application that has maximum level of debugging enabled on all Apache Kafka classes. Using this approach we were able to identify that the connection was happening but it was failing at the very first stage of SASL authentication challenges (SEND_APIVERSIONS_REQUEST) and then it was getting immediately disconnected.
The issue was resolved by introducing additional Kafka client properties which were expected on external Kafka side (SSL encryption with truststore certificate) and modifying the security protocol (from SASL_PLAINTEXT to SASL_SSL).
You responded that the connect issue was resolved - solution was to use SASL_SSL security protocol and specify a truststore with valid certificate.
I will mark this issue with the above Accepted Solution.
Posted: 2 months ago
Posted: 6 Sep 2023 10:41 EDT
Alessandro Cattapan (AleMax225)