Schema-Registry configuration parameters

Olga Semme

To configure the service, use the following configuration parameters in ADCM.

NOTE

  • Some of the parameters become visible in the ADCM UI after the Advanced flag has been set.

  • The parameters that are set in the Custom group will overwrite the existing parameters even if they are read-only.
Main

 

Parameter Description Default value

listener port

Schema-Registry listener port. Specified as listeners in the schema-registry.properties file

8081
schema-registry-env.sh

 

Parameter Description Default value

LOG_DIR

Directory for storing logs

/var/log/schema-registry

JMX_PORT

Port on which Schema-Registry sends JMX metrics

9997

SCHEMA_REGISTRY_HEAP_OPTS

Heap size allocated to the Schema-Registry process

-Xmx1024M

SCHEMA_REGISTRY_JVM_PERFORMANCE_OPTS

JVM options in terms of PERFORMANCE options

-server

-XX:+UseG1G

-XX:MaxGCPauseMillis=20

-XX:InitiatingHeapOccupancyPercent=35

-XX:+ExplicitGCInvokesConcurrent

-Djava.awt.headless=true

SCHEMA_REGISTRY_OPTS

JAVA environment variables for Schema-Registry

-Djava.security.auth.login.config=/etc/schema-registry/jaas_config.conf
Basic Auth properties

 

Parameter Description Default value

authentication.method

Authentication method

BASIC

authentication.roles

Defines a comma-separated list of user roles. To be authorized on the Schema-Registry server, the authenticated user must belong to at least one of these roles. For more information, see Basic authentication

admin

authentication.realm

Corresponds to a section in the jaas_config.file that defines how the server authenticates users and must be passed as a parameter to the JVM during server startup

SchemaRegistry-Props

ADSControl_user

ADS Control user for connecting to Schema-Registry

admin
schema-registry.properties

 

Parameter Description Default value

kafkastore.topic

Durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy

_schemas

debug

Boolean indicating whether extra debugging information is generated in some error response entities

false

inter.instance.protocol

Protocol used while making calls between the instances of Schema Registry

http

ssl.keystore.location

Used for HTTPS. Location of the keystore file to use for SSL

 — 

ssl.keystore.password

Used for HTTPS. The store password for the keystore file

 — 

ssl.key.password

Password of the key contained in the keystore

 — 

ssl.truststore.location

Used for HTTPS. Location of the truststore. Required only to authenticate HTTPS clients

 — 

ssl.truststore.password

Password to access the truststore

 — 

kafkastore.ssl.keystore.location

Location of the SSL keystore file

 — 

kafkastore.ssl.keystore.password

Password to access the keystore

 — 

kafkastore.ssl.key.password

Password of the key contained in the keystore

 — 

kafkastore.ssl.keystore.type

File format of the keystore

 — 

kafkastore.ssl.truststore.location

Location of the SSL truststore file

 — 

kafkastore.ssl.truststore.password

Password to access the truststore

 — 

kafkastore.ssl.truststore.type

File format of the truststore

 — 

kafkastore.ssl.endpoint.identification.algorithm

Endpoint identification algorithm to validate the server hostname using the server certificate

 — 

Add key, value

Parameters and their values ​​entered in this field override the parameters specified in the ADCM user interface. This field also allows you to set values ​​for all user parameters that are not displayed in the interface, but are allowed in the configuration file schema-registry.properties

 — 
JAAS template file

 

    The user file template jaas.conf is intended for specifying user data for connecting clients of other services to the current service (paths to keytab files, the useTicketCache parameter, and others). For more information, see Configure a custom jaas.conf.

    Default value:

{% if cluster.config.basic_auth_default_config is not none %}
{{ services.schema_registry.config.basic_auth_properties_content['authentication.realm'] }} {
  org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
  file="{{ schema_registry_home_path }}/config/password.properties"
  debug="false";
};
{% endif %}
{% if cluster.config.kerberos_client and cluster.config.kerberos_client.enable_kerberos %}
Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    useTicketCache=false
    serviceName="kafka"
    keyTab="{{ cluster.config.kerberos_client.keytab_dir }}/schema-registry.service.keytab"
    principal="schema-registry/{{ ansible_fqdn }}@{{ cluster.config.kerberos_client.realm }}";
};
KafkaClient {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    useTicketCache=false
    serviceName="kafka"
    keyTab="{{ cluster.config.kerberos_client.keytab_dir }}/schema-registry.service.keytab"
    principal="schema-registry/{{ ansible_fqdn }}@{{ cluster.config.kerberos_client.realm }}";
};
{%- elif cluster.config.sasl_plain_auth_default_config is not none %}
    {%- set credential = cluster.config.sasl_plain_auth_default_config.sasl_plain_users_data %}
KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="schema-registry"
  password="{{ credential['schema-registry'] }}";
};
{% endif %}

 
Schema-Registry component configuration parameters:

log4j properties configuration

 

Parameter Description Default value

log4j.rootLogger

Logging level

INFO

log4j.logger.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.org.apache.kafka

ERROR

log4j.logger.org.apache.zookeeper

Change to adjust ZooKeeper client logging

ERROR

log4j.logger.org.apache.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.kafka

ERROR

log4j.logger.org.I0Itec.zkclient

Change to adjust ZooKeeper client logging level

ERROR
Found a mistake? Seleсt text and press Ctrl+Enter to report it