Paul Bastide

Question: How do I configure fhir-notification Kafka so I don’t have to use a keystore?

The IBM FHIR Server provides an eventing service that notifies about persistence events – CUD (Create-Update-Delete). The notification service can trigger specific actions in a downstream application. You can configure these events to flow to Apache Kafka.

If you want to configure the IBM FHIR Server without a keystore, you can configure SASL_SSL like the below (notice there is no keystore specified).

{
    "fhirServer":{
        "notifications":{
            "kafka": {
                "enabled": true,
                "topicName": "FHIR_NOTIFICATIONS",
                "connectionProperties": {
                    "bootstrap.servers": "broker-1.mybroker.com:9093,broker-2.mybroker.com:9093,broker-0.mybroker.com:9093,broker-5.mybroker.com:9093,broker-4.mybroker.com:9093,broker-3.mybroker.com:9093",
                    "security.protocol": "SASL_SSL",
                    "sasl.mechanism": "PLAIN",
                    "ssl.protocol": "TLSv1.2",
                    "ssl.enabled.protocols": "TLSv1.2",
                    "ssl.endpoint.identification.algorithm": "HTTPS",
                    "security.inter.broker.protocol": "SSL",
                    "sasl.jaas.config": "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"token\" password=\"MYPASSWORD\";",
                    "acks": "all",
                    "retries": "60",
                    "request.timeout.ms": "10000",
                    "max.block.ms": "60000",
                    "max.in.flight.requests.per.connection": "5",
                    "client.dns.lookup": "use_all_dns_ips"
                }
            }
        }
    }
}

If you run a workload against IBM FHIR Server, it’ll generate a set of notifications…

  1. Download Kafka from https://kafka.apache.org

  2. Create a client-ssl.properties

cat << EOF > client-ssl.properties
bootstrap.servers=broker-2.mybroker.com:9093,broker-5.mybroker.com:9093,broker-0.mybroker.com:9093,broker-3.mybroker.com:9093,broker-4.mybroker.com:9093,broker-1.mybroker.com:9093
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="MYPASSWORD";
sasl.mechanism=PLAIN
security.protocol=SASL_SSL
ssl.protocol=TLSv1.2
EOF

  1. Unzip the kafka archive

  2. Check the Kafka Console Consumer

bash bin/kafka-console-consumer.sh --bootstrap-server broker-4.mybroker.com:9093,broker-5.mybroker.com:9093,broker-3.mybroker.com:9093,broker-2.mybroker.com:9093,broker-1.mybroker.com:9093,broker-0.mybroker.com:9093 --topic FHIR_NOTIFICATION --max-messages 25 --property print.timestamp=true --consumer.config client-ssl.properties

Posted

in

by

Paul

Tags:

, ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.