Migrating a database from a third-party Apache Kafka® cluster
There are two ways to migrate topics from an Apache Kafka® source cluster to a Managed Service for Apache Kafka® target cluster:
-
Using the built-in Yandex Managed Service for Apache Kafka® MirrorMaker connector.
This method is easy to configure and does not require you to create an intermediate VM.
-
Using the MirrorMaker 2.0 utility.
To use this method, first install and configure the utility on an intermediate VM. Use this method only if it is not possible to migrate data using the built-in MirrorMaker connector for whatever reason.
Both methods are also suitable for migrating a Managed Service for Apache Kafka® cluster with one host to a different availability zone.
Data migration using Yandex Managed Service for Apache Kafka® Connector
Create a cluster and a connector
-
Prepare the target cluster:
- Create an admin user named
admin-cloud
. - Enable Auto create topics enable.
- Configure security groups if it is required for connection to the target cluster.
- Create an admin user named
-
Create a source cluster user named
admin-source
authorized to manage topics via the Admin API. -
Make sure that the network hosting the source cluster is configured to allow source cluster connections from the internet.
-
For the target cluster, create a connector of the
MirrorMaker
type, configured as follows:-
Topics: List of topics to migrate. You can also specify a regular expression for selecting topics. To migrate all topics, specify
.*
. -
Under Source cluster, specify the parameters for connecting to the source cluster:
-
Alias: Prefix for the source cluster in the connector settings. Defaults to
source
. Topics in the target cluster are created with the indicated prefix. -
Bootstrap servers: Comma-separated list of source cluster broker host FQDNs with port numbers, for example:
FQDN1:9091,FQDN2:9091,...,FQDN:9091
-
SASL username, SASL password: Username and password for the previously created
admin-source
user. -
SASL mechanism:
SCRAM-SHA-512
mechanism for username and password encryption. -
Security protocol: Select a protocol for connecting the connector:
SASL_PLAINTEXT
: For connecting to the source cluster without SSL.SASL_SSL
: For SSL connections to the source cluster.
-
-
Under Target cluster, select Use this cluster.
-
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the kafka-mirrormaker-connector.tf
configuration file to the same working directory.This file describes:
- Network.
- Subnet.
- Default security group and rules required to connect to the cluster from the internet.
- Managed Service for Apache Kafka® target cluster with the Auto create topics enable setting on.
admin-cloud
admin user for the target cluster.- MirrorMaker connector for the target cluster.
-
In
kafka-mirrormaker-connector.tf
, specify:- Source cluster username and passwords for the source and target cluster users.
- FQDNs of the source cluster broker hosts.
- Source and target cluster aliases.
- Filter template for the topics to be transferred.
- Apache Kafka® version.
-
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
Check the target cluster topic for data
- Connect to the target cluster topic using kafkacat. Add the
source
prefix to the source cluster topic name: for example, themytopic
topic is migrated to the target cluster assource.mytopic
. - Make sure the console displays messages from the source cluster topic.
Migrating data using MirrorMaker
If you no longer need the resources you created, delete them.
Getting started
Prepare the infrastructure
-
Create a Managed Service for Apache Kafka® target cluster:
- With the
admin-cloud
admin user. - With Auto create topics enable activated.
- With the
-
Create a new Linux VM for MirrorMaker on the same network the target cluster is on. To connect to the cluster from the user's local machine rather than doing so from the Yandex Cloud network, enable public access when creating it.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the kafka-mirror-maker.tf
configuration file to the same working directory.This file describes:
- Network.
- Subnet.
- Default security group and rules required to connect to the cluster and VM from the internet.
- Managed Service for Apache Kafka® cluster with the Auto create topics enable setting on.
admin-cloud
Apache Kafka® admin user.- Virtual machine with public internet access.
-
In
kafka-mirror-maker.tf
, specify:- Apache Kafka® version.
- Apache Kafka® admin user password.
- ID of the public image with Ubuntu and no GPU, e.g., for Ubuntu 20.04 LTS.
- Username and path to the public key file for accessing the virtual machine. By default, the specified username is ignored in the image used. A user with the
ubuntu
username is created instead. Use it to connect to the instance.
-
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
Configure additional settings
-
Create a source cluster user named
admin-source
authorized to manage topics via the Admin API. -
Connect to a virtual machine over SSH.
-
Install the JDK:
sudo apt update && sudo apt install --yes default-jdk
-
Download
and unpack the Apache Kafka® archive with the same version number as the version installed in the target cluster. For example, for version 2.8:wget https://archive.apache.org/dist/kafka/2.8.0/kafka_2.12-2.8.0.tgz && \ tar -xvf kafka_2.12-2.8.0.tgz
-
Install the kafkacat
utility:sudo apt update && sudo apt install --yes kafkacat
Make sure that you can use it to connect to the source and target clusters via SSL.
-
-
Configure a firewall and security groups if it is required to connect MirrorMaker to the target and the source clusters.
Configure MirrorMaker
-
Download an SSL certificate for connecting to the Managed Service for Apache Kafka® cluster.
-
In the home directory, create a subfolder called
mirror-maker
to store Java Keystore certificates and MirrorMaker configuration files.mkdir --parents /home/<home_directory>/mirror-maker
-
Choose a password at least 6 characters long for a certificate store, create a store, and add there an SSL certificate for connecting to the cluster:
sudo keytool --noprompt -importcert -alias YandexCA \ -file /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt \ -keystore /home/<home_directory>/mirror-maker/keystore \ -storepass <certificate_store_password>
-
In the
mirror-maker
folder, create a MirrorMaker configuration file calledmm2.properties
:# Kafka clusters clusters=cloud, source source.bootstrap.servers=<FQDN_of_source_cluster_broker>:9092 cloud.bootstrap.servers=<FQDN_of_target_cluster_broker_1>:9091, ..., <FQDN_of_target_cluster_broker_N>:9091 # Source and target cluster settings source->cloud.enabled=true cloud->source.enabled=false source.cluster.alias=source cloud.cluster.alias=cloud # Internal topics settings source.config.storage.replication.factor=<R> source.status.storage.replication.factor=<R> source.offset.storage.replication.factor=<R> source.offsets.topic.replication.factor=<R> source.errors.deadletterqueue.topic.replication.factor=<R> source.offset-syncs.topic.replication.factor=<R> source.heartbeats.topic.replication.factor=<R> source.checkpoints.topic.replication.factor=<R> source.transaction.state.log.replication.factor=<R> cloud.config.storage.replication.factor=<R> cloud.status.storage.replication.factor=<R> cloud.offset.storage.replication.factor=<R> cloud.offsets.topic.replication.factor=<R> cloud.errors.deadletterqueue.topic.replication.factor=<R> cloud.offset-syncs.topic.replication.factor=<R> cloud.heartbeats.topic.replication.factor=<R> cloud.checkpoints.topic.replication.factor=<R> cloud.transaction.state.log.replication.factor=<R> # Topics topics=.* groups=.* topics.blacklist=.*[\-\.]internal, .*\replica, __consumer_offsets groups.blacklist=console-consumer-.*, connect-.*, __.* replication.factor=<M> refresh.topics.enable=true sync.topic.configs.enabled=true refresh.topics.interval.seconds=10 # Tasks tasks.max=<T> # Source cluster authentication parameters. Comment out if no authentication required source.client.id=mm2_consumer_test source.group.id=mm2_consumer_group source.security.protocol=SASL_PLAINTEXT source.sasl.mechanism=SCRAM-SHA-512 source.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="admin-source" password="<password>"; # Target cluster authentication parameters cloud.client.id=mm2_producer_test cloud.group.id=mm2_producer_group cloud.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 cloud.ssl.truststore.location=/home/<home_directory>/mirror-maker/keystore cloud.ssl.truststore.password=<certificate_store_password> cloud.ssl.protocol=TLS cloud.security.protocol=SASL_SSL cloud.sasl.mechanism=SCRAM-SHA-512 cloud.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="admin-cloud" password="<password>"; # Enable heartbeats and checkpoints source->target.emit.heartbeats.enabled=true source->target.emit.checkpoints.enabled=true
Notes on MirrorMaker configuration:
- It performs one-way replication (
source->cloud.enabled = true
,cloud->source.enabled = false
). - In the
topics
parameter, list topics you want to migrate. You can also specify a regular expression for selecting topics. To migrate all topics, specify.*
. In this configuration, all the topics will be replicated. - Topic names in the target cluster are the same as in the source.
<R>
is the parameter that sets the replication factor for MirrorMaker service topics. The value of this parameter should not exceed the smaller of the number of brokers in the source cluster or the number of brokers in the target cluster.<M>
is the default replication factor defined for topics in the target cluster.<T>
is the number of concurrent MirrorMaker processes. We recommend a value of at least2
for even replication load distribution. For more information, see the Apache Kafka® documentation .
You can request Managed Service for Apache Kafka® broker FQDNs with a list of hosts in the cluster.
- It performs one-way replication (
Start replication
Launch MirrorMaker on the VM as follows:
<Apache_Kafka_install_path>/bin/connect-mirror-maker.sh /home/<home_directory>/mirror-maker/mm2.properties
Check the target cluster topic for data
- Connect to the target cluster topic using kafkacat. Add the
source
prefix to the source cluster topic name: for example, themytopic
topic is migrated to the target cluster assource.mytopic
. - Make sure the console displays messages from the source cluster topic.
To learn more about MirrorMaker 2.0, see the Apache Kafka® documentation
Delete the resources you created
Delete the resources you no longer need to avoid paying for them:
- Delete the Yandex Managed Service for Apache Kafka® cluster.
- Delete the virtual machine.
- If you reserved public static IP addresses, release and delete them.
To delete the infrastructure created with Terraform:
-
In the terminal window, go to the directory containing the infrastructure plan.
-
Delete the
kafka-mirror-maker.tf
or thekafka-mirrormaker-connector.tf
configuration file. -
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
This will delete all the resources described in the
kafka-mirror-maker.tf
or thekafka-mirrormaker-connector.tf
configuration file. -