AMW-162 Add support for KRaft

Author: RanabirChakraborty

.github/workflows/ci.yml

@@ -3,7 +3,7 @@ name: CI
 on:
   push:
     branches:
-      - main
+      - AMW-162
   pull_request:
   schedule:
     - cron: '0 6 * * *'
@@ -16,4 +16,4 @@ jobs:
       fqcn: 'middleware_automation/amq_streams'
       root_permission_varname: 'amq_streams_install_requires_become'
       molecule_tests: >-
-        [ "default" ]
+        [ "default", "amq_streams_kraft" ]

molecule/amq_streams_kraft/converge.yml

@@ -0,0 +1,69 @@
+---
+- name: "Automate AMQ Streams KRaft install"
+  hosts: all
+  vars_files:
+    - vars.yml
+  roles:
+    - role: amq_streams_common
+    - role: amq_streams_kraft
+  tasks:
+    - name: "Ensure AMQ Streams Broker is running and available."
+      ansible.builtin.include_role:
+        name: amq_streams_broker
+      vars:
+        amq_streams_common_skip_download: true
+
+    - name: "Ensure AMQ Streams Connect is running and available."
+      ansible.builtin.include_role:
+        name: amq_streams_connect
+      vars:
+        connectors:
+          - { name: "file", path: "connectors/file.yml" }
+
+    - name: "Validate that KRaft deployment is functional."
+      ansible.builtin.include_role:
+        name: amq_streams_kraft
+        tasks_from: validate.yml
+
+    - name: "Validate that Broker deployment is functional."
+      ansible.builtin.include_role:
+        name: amq_streams_broker
+        tasks_from: validate.yml
+
+    - name: "Validate that Connect deployment is functional."
+      ansible.builtin.include_role:
+        name: amq_streams_connect
+        tasks_from: validate.yml
+
+  post_tasks:
+    - name: "Ensures topics exist."
+      ansible.builtin.include_role:
+        name: amq_streams_broker
+        tasks_from: topic/create.yml
+      loop: "{{ amq_streams_broker_topics }}"
+      loop_control:
+        loop_var: topic
+      vars:
+        topic_name: "{{ topic.name }}"
+        topic_partitions: "{{ topic.partitions }}"
+        topic_replication_factor: "{{ topic.replication_factor }}"
+
+    - name: "Describe created topics."
+      ansible.builtin.include_role:
+        name: amq_streams_broker
+        tasks_from: topic/describe.yml
+      loop: "{{ amq_streams_broker_topics }}"
+      loop_control:
+        loop_var: topic
+      vars:
+        topic_name: "{{ topic.name }}"
+
+    - name: "Delete topics"
+      ansible.builtin.include_role:
+        name: amq_streams_broker
+        tasks_from: topic/delete.yml
+      loop: "{{ amq_streams_broker_topics }}"
+      loop_control:
+        loop_var: topic
+      vars:
+        topic_name: "{{ topic.name }}"

molecule/amq_streams_kraft/molecule.yml

@@ -0,0 +1,43 @@
+---
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: registry.access.redhat.com/ubi9/ubi-init:latest
+    command: "/usr/sbin/init"
+    pre_build_image: true
+    privileged: true
+    groups:
+     - brokers
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+    ssh_connection:
+      pipelining: false
+  playbooks:
+    prepare: ../prepare.yml
+    converge: converge.yml
+    verify: verify.yml
+  inventory:
+    host_vars:
+      localhost:
+        ansible_python_interpreter: "{{ ansible_playbook_python }}"
+  env:
+    ANSIBLE_FORCE_COLOR: "true"
+verifier:
+  name: ansible
+scenario:
+  test_sequence:
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy

molecule/amq_streams_kraft/roles

@@ -0,0 +1 @@
+../../roles

molecule/amq_streams_kraft/vars.yml

@@ -0,0 +1,22 @@
+---
+amq_streams_common_escalade_privilege_group_create: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_common_escalade_privilege_user_create: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_common_archive_extraction_requires_privilege_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_common_dependencies_require_priv: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_zookeeper_data_require_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_zookeeper_restart_requires_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_broker_tls_truststore_client_require_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_broker_config_files_requires_privilege_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_cruise_control_path_to_capacity_file_require_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_cruise_control_logfiles_requires_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_connect_source_file_require_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_kraft_priv_escalation: "{{ amq_streams_install_requires_become | default(true) }}"
+amq_streams_common_product_version: 4.1.1
+amq_streams_force_clean: true
+# 1. Run the Systemd Service as root
+amq_streams_broker_user: root
+amq_streams_broker_group: root
+
+# 2. Run KRaft tasks as root
+amq_streams_kraft_user: root
+amq_streams_kraft_group: root

molecule/amq_streams_kraft/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+
+    - name: Populate service facts
+      ansible.builtin.service_facts:
+
+    - name: Check broker service
+      assert:
+        that:
+          - ansible_facts.services["amq_streams_broker.service"]["state"] == "running"
+          - ansible_facts.services["amq_streams_broker.service"]["status"] == "enabled"
+
+    - name: Check controller service
+      assert:
+        that:
+          - ansible_facts.services["amq_streams_controller.service"]["state"] == "running"
+          - ansible_facts.services["amq_streams_controller.service"]["status"] == "enabled"

roles/amq_streams_broker/templates/server.properties.j2

@@ -20,10 +20,35 @@
 # See kafka.server.KafkaConfig for additional details and defaults
 #
 
+# -----------------------------------------------------------------------------
+# MODE DETERMINATION (Added for Kafka 4.0+ KRaft Support)
+# -----------------------------------------------------------------------------
+{% set enable_kraft = amq_streams_enable_kraft | default(amq_streams_common_product_version is version('4.0.0', '>=')) | bool %}
+
 ############################# Server Basics #############################
 
 # The id of the broker. This must be set to a unique integer for each broker.
+{% if enable_kraft %}
+# KRaft uses node.id instead of broker.id
+node.id={{ amq_streams_kraft_node_id | default(1) }}
+{% else %}
 broker.id={{ amq_streams_broker_broker_id | default(amq_streams_broker_inventory_group.index(inventory_hostname)) }}
+{% endif %}
+
+############################# KRaft Settings (Kafka 4.0+) #############################
+{% if enable_kraft %}
+# The roles of this process. broker, controller, or both.
+process.roles={{ amq_streams_kraft_process_roles | default('broker,controller') }}
+
+# The connect string for the controller quorum
+controller.quorum.voters={{ amq_streams_kraft_controller_quorum_voters }}
+
+# Listener name used for the controller
+controller.listener.names={{ amq_streams_kraft_controller_listener_names | default('CONTROLLER') }}
+
+# Listener name used for inter-broker communication
+inter.broker.listener.name={{ amq_streams_kraft_inter_broker_listener_name | default('PLAINTEXT') }}
+{% endif %}
 
 ############################# Socket Server Settings #############################
 
@@ -33,40 +58,57 @@ broker.id={{ amq_streams_broker_broker_id | default(amq_streams_broker_inventory
 #     listeners = listener_name://host_name:port
 #   EXAMPLE:
 #     listeners = PLAINTEXT://your.host.name:9092
-{% if amq_streams_broker_listeners is defined %}
+{% if enable_kraft %}
+# KRaft Mode Listeners (Requires Broker + Controller ports)
+listeners={{ amq_streams_kraft_listeners | join(",") }}
+{% else %}
+# Legacy ZK Mode Listeners
+    {% if amq_streams_broker_listeners is defined %}
 listeners={{ amq_streams_broker_listeners | join(",") }}
-{% elif amq_streams_broker_listener_port is defined %}
+    {% elif amq_streams_broker_listener_port is defined %}
 listeners=PLAINTEXT://:{{ amq_streams_broker_listener_port }}
-{% else %}
+    {% else %}
 #listeners=PLAINTEXT://:9092
+    {% endif %}
 {% endif %}
 
-{% if amq_streams_broker_inter_broker_listener is defined %}
-# Name of listener used for communication between brokers
+{% if amq_streams_broker_inter_broker_listener is defined and not enable_kraft %}
+# Name of listener used for communication between brokers (Legacy ZK only)
 inter.broker.listener.name={{ amq_streams_broker_inter_broker_listener }}
 {% endif %}
 
 # Listener name, hostname and port the broker will advertise to clients.
 # If not set, it uses the value for "listeners".
-{% if amq_streams_broker_advertised_listeners is defined %}
-advertised.listeners={{ amq_streams_broker_advertised_listeners | join(",") }}
+{% if enable_kraft %}
+# KRaft Mode Advertised Listeners (Broker port only)
+advertised.listeners={{ amq_streams_kraft_advertised_listeners | join(",") }}
 {% else %}
+# Legacy ZK Mode Advertised Listeners
+    {% if amq_streams_broker_advertised_listeners is defined %}
+advertised.listeners={{ amq_streams_broker_advertised_listeners | join(",") }}
+    {% else %}
 #advertised.listeners=PLAINTEXT://your.host.name:9092
+    {% endif %}
 {% endif %}
 
-{% if amq_streams_broker_auth_enabled and amq_streams_broker_auth_listeners is defined %}
+{% if enable_kraft %}
+# KRaft Mode Security Map (Must include Controller)
+listener.security.protocol.map=PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
+{% else %}
+    {% if amq_streams_broker_auth_enabled and amq_streams_broker_auth_listeners is defined %}
 # Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
 listener.security.protocol.map={{ amq_streams_broker_auth_listeners | join(",") }}
 
 # The list of SASL mechanisms enabled in the Kafka server
 sasl.enabled.mechanisms={{ amq_streams_broker_auth_sasl_mechanisms | join(",") }}
-{% if amq_streams_broker_inter_broker_auth_sasl_mechanisms is defined %}
+        {% if amq_streams_broker_inter_broker_auth_sasl_mechanisms is defined %}
 # SASL mechanism used for inter-broker communication
 sasl.mechanism.inter.broker.protocol={{ amq_streams_broker_inter_broker_auth_sasl_mechanisms }}
-{% endif %}
-{% else %}
+        {% endif %}
+    {% else %}
 # Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
 #listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
+    {% endif %}
 {% endif %}
 
 {% if amq_streams_broker_inter_broker_listener_auth is defined %}
@@ -105,7 +147,11 @@ socket.request.max.bytes={{ amq_streams_broker_socket_request_max_bytes }}
 ############################# Log Basics #############################
 
 # A comma separated list of directories under which to store log files
+{% if enable_kraft %}
+log.dirs={{ amq_streams_kraft_log_dirs }}
+{% else %}
 log.dirs={{ amq_streams_broker_data_dir }}
+{% endif %}
 
 # The default number of log partitions per topic. More partitions allow greater
 # parallelism for consumption, but this will also result in more files across
@@ -162,7 +208,7 @@ log.retention.hours={{ amq_streams_broker_log_retention_hours }}
 log.retention.check.interval.ms={{ amq_streams_broker_log_retention_check_interval_ms }}
 
 ############################# Zookeeper #############################
-
+{% if not enable_kraft %}
 # Zookeeper connection string (see zookeeper docs for details).
 # This is a comma separated host:port pairs, each corresponding to a zk
 # server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002".
@@ -173,6 +219,7 @@ zookeeper.connect={{ amq_streams_broker_zookeeper_host }}:{{ amq_streams_broker_
 # Timeout in ms for connecting to zookeeper
 zookeeper.connection.timeout.ms={{ amq_streams_broker_zookeeper_connection_timeout_ms }}
 zookeeper.session.timeout.ms={{ amq_streams_broker_zookeeper_session_timeout_ms }}
+{% endif %}
 
 ############################# Group Coordinator Settings #############################
 

roles/amq_streams_common/tasks/systemd.yml

@@ -69,10 +69,30 @@
         enabled: yes
         state: started
 
-    - name: "Wait for service port {{ server_port }} to be available - (if provided)"
-      ansible.builtin.wait_for:
-        port: "{{ server_port }}"
-        delay: "{{ delay_before_server_port_check | default(omit) }}"
-      when:
-        - skip_wait_for_server_port is defined and not skip_wait_for_server_port
-        - server_port is defined and server_port != ''
+    - block:
+        - name: "Wait for service port {{ server_port }} to be available - (if provided)"
+          ansible.builtin.wait_for:
+            port: "{{ server_port }}"
+            # Explicitly check the correct host. If Kafka binds to 0.0.0.0, 127.0.0.1 is fine.
+            # If Kafka binds strictly to a private IP, change this to {{ ansible_host }}
+            host: "{{ '127.0.0.1' if '0.0.0.0' in (amq_streams_kraft_listeners | default([])) else inventory_hostname }}"
+            delay: "{{ delay_before_server_port_check | default(10) }}"
+            timeout: 60 # Fail faster (1 min) instead of waiting 5 mins during debugging
+          when:
+            - skip_wait_for_server_port is defined and not skip_wait_for_server_port
+            - server_port is defined and server_port != ''
+
+      rescue:
+        - name: "FATAL: Service failed to start. Fetching logs..."
+          ansible.builtin.shell: "journalctl -u {{ server_name }} -xe --no-pager | tail -n 50"
+          register: kafka_crash_log
+          changed_when: false
+          ignore_errors: true
+
+        - name: "PRINT KAFKA CRASH LOGS"
+          ansible.builtin.debug:
+            msg: "{{ kafka_crash_log.stdout_lines }}"
+        
+        - name: "Fail the playbook explicitly"
+          ansible.builtin.fail:
+            msg: "The Kafka service crashed immediately. See the logs printed above for the Java exception."

roles/amq_streams_kraft/README.md

@@ -0,0 +1,39 @@
+# amq_streams_kraft
+
+Ansible role to deploy **Apache Kafka in KRaft mode** (Kafka 4.x and Red Hat Streams for Apache Kafka 3.x).
+
+## Features
+
+- Installs Kafka binaries
+- Configures KRaft metadata quorum
+- Supports roles: broker, controller, **combined**
+- Formats metadata storage
+- Deploys `server.properties` and `controller.properties`
+- Deploys a `systemd` Kafka service
+- Validates active listener ports
+
+## Role Variables
+
+| Variable | Description | Default |
+|:---------|:------------|:--------|
+| `amq_streams_process_role` | Defines the KRaft node type | `"broker,controller"` |
+| `amq_streams_cluster_id` | Unique Kafka KRaft metadata cluster ID | `""` |
+| `amq_streams_controller_quorum_voters` | Comma-separated controller voter list in the format `<nodeId>@<host>:<port>` | `"1@localhost:9093"` |
+| `amq_streams_kraft_log_dirs` | Directory where Kafka stores data logs | `"/var/lib/kafka/kraft"` |
+| `amq_streams_kraft_metadata_log_dir` | Directory for KRaft metadata logs | `"/var/lib/kafka/kraft"` |
+
+## Example Playbook
+
+```yaml
+- hosts: kafka_nodes
+  roles:
+    - amq_streams_kraft
+```
+
+## License
+
+Apache License v2.0 or later
+
+## Author Information
+
+* [Ranabir Chakraborty](https://github.com/RanabirChakraborty)