confluentinc · ishikaa-p · May 7, 2025 · May 5, 2025 · Copilot · May 6, 2025
@@ -11,6 +11,9 @@ RUN yum -y install rpm \
  && yum install -y systemd \
  && yum clean all
 
+# Install Amazon Corretto 21
+RUN yum -y install java-21-amazon-corretto
+
 # Enable systemd
 CMD ["/sbin/init"]
 

@@ -52,7 +52,7 @@ RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
 VOLUME ["/sys/fs/cgroup"]
 CMD ["/usr/lib/systemd/systemd"]
 
-RUN yum -y install java-11-openjdk \
+RUN yum -y install java-17-openjdk \
       rsync \
       openssl \
       procps \

@@ -13,7 +13,7 @@ RUN apt-get update && \
       apt-transport-https \
       gnupg \
       software-properties-common \
-      openjdk-8-jdk \
+      openjdk-21-jdk \
       rsync \
       ca-certificates \
       openssl \

@@ -21,10 +21,11 @@ RUN apt-get update && \
 
 {% set ARCHITECTURE_SHORTHAND = lookup('env', 'ARCHITECTURE_SHORTHAND') | default ('x64', true) %}
 
-RUN wget https://download.java.net/java/GA/jdk17.0.1/2a2082e5a09d4267845be086888add4f/12/GPL/openjdk-17.0.1_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz
-RUN tar xvf openjdk-17.0.1_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz
-RUN sudo mv jdk-17*/ /opt/jdk17
-RUN rm -rf openjdk-17.0.1_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz
+RUN wget https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz && \
+    tar xvf openjdk-21.0.2_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz && \
+    sudo mv jdk-21*/ /opt/jdk21 && \
+    ln -s /opt/jdk21/bin/java /usr/bin/java && \
+    rm -rf openjdk-21.0.2_linux-{{ ARCHITECTURE_SHORTHAND }}_bin.tar.gz
 
 # Create a systemd service for running in the container
 RUN mkdir -p /etc/systemd/system/docker.service.d && \

@@ -27,7 +27,7 @@ RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
 VOLUME ["/sys/fs/cgroup"]
 CMD ["/usr/lib/systemd/systemd"]
 
-RUN yum -y install java-11-openjdk \
+RUN yum -y install java-21-openjdk \
       rsync \
       openssl \
       rsyslog \
@@ -39,7 +39,8 @@ RUN yum -y install java-11-openjdk \
       unzip \
       procps \
       procps-ng \
-      tzdata-java
+      tzdata-java \
+      tar
 
 {% set DEFAULT_PACKAGE_VER = lookup('pipe', "awk '/confluent_package_version:/ {print $2}' $MOLECULE_PROJECT_DIRECTORY/roles/variables/defaults/main.yml" ) %}
 {% set PACKAGE_VER = lookup('env', 'VERSION') | default(DEFAULT_PACKAGE_VER, true) %}

@@ -2,7 +2,7 @@ FROM {{ item.image }}
 
 RUN mkdir -p /usr/share/man/man1 && \
     apt-get update -y && \
-    apt-get install -y openjdk-11-jdk wget gnupg vim jq && \
+    apt-get install -y openjdk-21-jdk wget gnupg vim jq && \
     apt-get install -y dirmngr
 
 {% set DEFAULT_PACKAGE_VER = lookup('pipe', "awk '/confluent_package_version:/ {print $2}' $MOLECULE_PROJECT_DIRECTORY/roles/variables/defaults/main.yml" ) %}

@@ -136,4 +136,4 @@ provisioner:
         kafka_connect_log_dir: /connect/logs
         ksql_log_dir: /ksql/logs/
         control_center_log_dir: /c3/logs
-        custom_java_path: /opt/jdk17    # Use custom java 17
+        custom_java_path: /opt/jdk21    # Use custom java 21
@@ -11,10 +11,10 @@
       shell: java -version
       register: version_output
 
-    - name: Assert Java Version is 17
+    - name: Assert Java Version is 21
       assert:
         that:
-          - version_output.stderr_lines[0] | regex_search("17\.0\.")
+          - version_output.stderr_lines[0] | regex_search("21\.")
         fail_msg: "Current Java Version is: {{version_output.stderr_lines[0]}}. Verify again"
         quiet: true
 

@@ -129,18 +129,18 @@ platforms:
     privileged: true
     networks:
       - name: confluent
-      - name: confluent
+      - name: confluent
+  # The control-center1 configuration is currently disabled because the Control Center service
+  # is not required for this deployment. Uncomment and configure as needed for environments
+  # where Control Center is necessary.
-      - name: confluent
+      - name: confluent
+  # The control-center1 configuration is currently disabled because the Control Center service
+  # is not required for this deployment. Uncomment and configure as needed for environments
+  # where Control Center is necessary.
-  - name: control-center1
-    hostname: control-center1.confluent
-    groups:
-      - control_center
-    image: rockylinux:8-minimal
-    dockerfile: ../Dockerfile-rhel-java17.j2
-    command: ""
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    privileged: true
-    networks:
-      - name: confluent
+  # - name: control-center1
+  #   hostname: control-center1.confluent
+  #   groups:
+  #     - control_center
+  #   image: rockylinux:8-minimal
+  #   dockerfile: ../Dockerfile-rhel-java17.j2
+  #   command: ""
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  #   privileged: true
+  #   networks:
+  #     - name: confluent
 provisioner:
   name: ansible
   config_options:

@@ -56,33 +56,33 @@
           - broker_cnt.stdout == "3"
       when: kraft_mode|bool
 
-- name: Verify New brokers are not there in control-center properties
-  hosts: control_center
-  gather_facts: false
-  tasks:
-    - name: Check line brokers list - Exact Match should have new brokers as well
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: bootstrap.servers
-        expected_value: kafka-broker1:9092,kafka-broker2:9092,kafka-broker3:9092
+# - name: Verify New brokers are not there in control-center properties
+#   hosts: control_center
+#   gather_facts: false
+#   tasks:
+#     - name: Check line brokers list - Exact Match should have new brokers as well
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: bootstrap.servers
+#         expected_value: kafka-broker1:9092,kafka-broker2:9092,kafka-broker3:9092
 
-    - name: Grep newly added broker names in proeprty file
-      shell: grep "^{{ property }}" {{ file_path }}
-      register: bootstrap_servers
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: bootstrap.servers
+#     - name: Grep newly added broker names in proeprty file
+#       shell: grep "^{{ property }}" {{ file_path }}
+#       register: bootstrap_servers
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: bootstrap.servers
 
-    - name: Check broker4 should not be available in bootstrap Server urls
-      assert:
-        that: 'not "kafka-broker4" in bootstrap_servers.stdout'
+#     - name: Check broker4 should not be available in bootstrap Server urls
+#       assert:
+#         that: 'not "kafka-broker4" in bootstrap_servers.stdout'
 
-    - name: Check broker5 should not be available in bootstrap Server urls
-      assert:
-        that: 'not "kafka-broker5" in bootstrap_servers.stdout'
+#     - name: Check broker5 should not be available in bootstrap Server urls
+#       assert:
+#         that: 'not "kafka-broker5" in bootstrap_servers.stdout'
 
 - name: Add new brokers Nodes into in-memory inventory to scale-up
   hosts: all

@@ -18,7 +18,7 @@
         - kafka_connect
         - kafka_rest
         - ksql
-        - control_center
+        # - control_center
-        # - control_center
+        # - control_center
+        # The 'control_center' inventory entry is intentionally disabled because it is not required
+        # in the current configuration. Re-enabling it may impact the deployment of other components.
-        # - control_center
+        # - control_center
+        # The 'control_center' inventory entry is intentionally disabled because it is not required
+        # in the current configuration. Re-enabling it may impact the deployment of other components.
 
     # There are two schema_registry groups in the inventory file
     - name: Change schema_registry group name

@@ -149,38 +149,38 @@
         property: confluent.controlcenter.command.topic.replication
         expected_value: "3"
 
-    - name: Check Max Message Bytes Property
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: confluent.metrics.topic.max.message.bytes
-        expected_value: "8388608"
-
-    - name: Check jaas config properly set
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: confluent.monitoring.interceptor.sasl.jaas.config
-        expected_value: 'org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret";'
-
-    - name: Check schema registry url
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: confluent.controlcenter.schema.registry.url
-        expected_value: https://ccloud-schema-registry1:8081
-
-    - name: Check schema registry creds
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: confluent.controlcenter.schema.registry.basic.auth.user.info
-        expected_value: admin:admin-secret
+#     - name: Check Max Message Bytes Property
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: confluent.metrics.topic.max.message.bytes
+#         expected_value: "8388608"
+
+#     - name: Check jaas config properly set
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: confluent.monitoring.interceptor.sasl.jaas.config
+#         expected_value: 'org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret";'
+
+#     - name: Check schema registry url
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: confluent.controlcenter.schema.registry.url
+#         expected_value: https://ccloud-schema-registry1:8081
+
+#     - name: Check schema registry creds
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: confluent.controlcenter.schema.registry.basic.auth.user.info
+#         expected_value: admin:admin-secret
@@ -149,12 +149,12 @@
           loop: "{{groups['ksql']}}"
           when: groups['ksql'] is defined
 
-
+
+        # The task for writing control_center hostnames for certificate creation is commented out
+        # because the control_center group is not currently used in this deployment. If this changes
+        # in the future, uncomment the task below and ensure the control_center group is properly defined.
-
+
+        # The task for writing control_center hostnames for certificate creation is commented out
+        # because the control_center group is not currently used in this deployment. If this changes
+        # in the future, uncomment the task below and ensure the control_center group is properly defined.
-        - name: Write control_center hostnames for cert creation
-          lineinfile:
-            line: "control_center:{{item}}"
-            path: /var/ssl/private/generation/certificate-hosts
-          loop: "{{groups['control_center']}}"
-          when: groups['control_center'] is defined
+        # - name: Write control_center hostnames for cert creation
+        #   lineinfile:
+        #     line: "control_center:{{item}}"
+        #     path: /var/ssl/private/generation/certificate-hosts
+        #   loop: "{{groups['control_center']}}"
+        #   when: groups['control_center'] is defined
 
         - name: Write ldap hostnames for cert creation
           lineinfile:

@@ -149,21 +149,21 @@ platforms:
     privileged: true
     networks:
       - name: confluent
-      - name: confluent
+      - name: confluent
+  # The 'control-center1' platform configuration has been disabled due to compatibility issues with the current setup.
+  # Specifically, it requires additional resources and configurations that are not supported in this environment.
+  # Future maintainers can re-enable this configuration after addressing the compatibility concerns.
-      - name: confluent
+      - name: confluent
+  # The 'control-center1' platform configuration has been disabled due to compatibility issues with the current setup.
+  # Specifically, it requires additional resources and configurations that are not supported in this environment.
+  # Future maintainers can re-enable this configuration after addressing the compatibility concerns.
-  - name: control-center1
-    hostname: control-center1.confluent
-    groups:
-      - control_center
-      - control_center_migration
-    image: redhat/ubi9-minimal
-    dockerfile: ../Dockerfile-rhel-java17.j2
-    command: ""
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    privileged: true
-    published_ports:
-      - "9021:9021"
-    networks:
-      - name: confluent
+  # - name: control-center1
+  #   hostname: control-center1.confluent
+  #   groups:
+  #     - control_center
+  #     - control_center_migration
+  #   image: redhat/ubi9-minimal
+  #   dockerfile: ../Dockerfile-rhel-java17.j2
+  #   command: ""
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  #   privileged: true
+  #   published_ports:
+  #     - "9021:9021"
+  #   networks:
+  #     - name: confluent
   # Cluster 2 (Kraft) goups, groupnames will be changed during converge phase
   - name: controller1-mig
     hostname: controller1-mig.confluent

@@ -195,11 +195,11 @@
         property: confluent.controlcenter.connect.connect-cluster2.cluster
         expected_value: http://kafka-connect2:8083,http://kafka-connect5:8083
 
-    - name: Check line connect cluster ssl
-      import_role:
-        name: confluent.test
-        tasks_from: check_property.yml
-      vars:
-        file_path: /etc/confluent-control-center/control-center-production.properties
-        property: confluent.controlcenter.connect.connect-ssl.cluster
-        expected_value: https://kafka-connect3:8083,https://kafka-connect4:8083
+#     - name: Check line connect cluster ssl
+#       import_role:
+#         name: confluent.test
+#         tasks_from: check_property.yml
+#       vars:
+#         file_path: /etc/confluent-control-center/control-center-production.properties
+#         property: confluent.controlcenter.connect.connect-ssl.cluster
+#         expected_value: https://kafka-connect3:8083,https://kafka-connect4:8083
@@ -87,7 +87,6 @@ platforms:
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
     privileged: true
-    # Commenting below to avoid port collision on jenkins server
     # Uncomment to view c3 in browser at localhost:9021
     # published_ports:
     #  - "9021:9021"

@@ -237,7 +237,7 @@
       vars:
         connect_url_input: "{{ kafka_connect_url }}"
         active_connectors_input: "{{ add_non_existent_connector }}"
-        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Internal Server Error)."
+        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Server Error)."
-        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Server Error)."
+        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Internal Server Error)."
-        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Server Error)."
+        expected_message: "Connectors added or updated: test-connector-1: no configuration change, test-connector-2: ERROR error while adding new connector configuration (HTTP Error 500: Internal Server Error)."
 
     - import_role:
         name: confluent.test

@@ -122,7 +122,7 @@ platforms:
     privileged: true
     networks:
       - name: confluent
-  # Cluster 2 (Kraft) goups, groupnames will be changed during converge phase
+  # # Cluster 2 (Kraft) goups, groupnames will be changed during converge phase
   - name: controller1-mig
     hostname: controller1-mig.confluent
     groups: