logstash-codec-avro 3.4.1-java → 3.5.0-java

data/spec/integration/avro_integration_spec.rb

@@ -0,0 +1,431 @@
+# encoding: utf-8
+require 'logstash/devutils/rspec/spec_helper'
+require 'logstash/codecs/avro'
+require 'logstash/event'
+require 'avro'
+require 'base64'
+require 'manticore'
+
+describe "Avro Codec Integration Tests", :integration => true do
+  INTEGRATION_DIR = File.expand_path('../', __FILE__)
+
+  let(:test_schema) do
+    {
+      "type" => "record",
+      "name" => "TestRecord",
+      "namespace" => "com.example",
+      "fields" => [
+        { "name" => "message", "type" => "string" },
+        { "name" => "timestamp", "type" => "long" }
+      ]
+    }
+  end
+  let(:test_schema_json) { test_schema.to_json }
+  let(:test_event_data) do
+    {
+      "message" => "test message",
+      "timestamp" => Time.now.to_i
+    }
+  end
+  let(:config) { {} }
+  let(:codec) { LogStash::Codecs::Avro.new(config).tap { |c| c.register } }
+
+  def run_integration_script(script_name)
+    Dir.chdir(INTEGRATION_DIR) do
+      result = system("./#{script_name}")
+      puts "Script #{script_name} #{result ? 'succeeded' : 'failed'}"
+      result
+    end
+  end
+
+  def encode_avro_data(schema_json, data)
+    schema = Avro::Schema.parse(schema_json)
+    dw = Avro::IO::DatumWriter.new(schema)
+    buffer = StringIO.new
+    encoder = Avro::IO::BinaryEncoder.new(buffer)
+    dw.write(data, encoder)
+    Base64.strict_encode64(buffer.string)
+  end
+
+  def decode_with_codec(codec, encoded_data)
+    events = []
+    codec.decode(encoded_data) do |event|
+      events << event
+    end
+    events
+  end
+
+  def expect_decoded_event_matches(events, expected_data)
+    expect(events.size).to eq(1)
+    expect(events.first.get("message")).to eq(expected_data["message"])
+    expect(events.first.get("timestamp")).to eq(expected_data["timestamp"])
+  end
+
+  def create_manticore_client(username: nil, password: nil, ssl_options: {})
+    client_options = {}
+    if username && password
+      client_options[:auth] = { user: username, password: password }
+    end
+    client_options[:ssl] = ssl_options unless ssl_options.empty?
+
+    Manticore::Client.new(client_options)
+  end
+
+  def wait_for_schema_registry(url, username: nil, password: nil, ssl_options: {})
+    puts "Waiting for Schema Registry at #{url}..."
+    client = create_manticore_client(username: username, password: password, ssl_options: ssl_options)
+
+    Stud.try(20.times, [Manticore::SocketException, StandardError, RSpec::Expectations::ExpectationNotMetError]) do
+      response = client.get(url).call
+      expect(response.code).to eq(200)
+    end
+    client.close
+  end
+
+  def register_schema(base_url, subject, schema_json, username: nil, password: nil, ssl_options: {})
+    client = create_manticore_client(username: username, password: password, ssl_options: ssl_options)
+    response = client.post("#{base_url}/subjects/#{subject}/versions",
+                           headers: { "Content-Type" => "application/vnd.schemaregistry.v1+json" },
+                           body: { schema: schema_json }.to_json
+    ).call
+    expect(response.code).to eq(200)
+    client.close
+  end
+
+  context "Schema Registry without authentication" do
+    let(:schema_registry_url) { "http://localhost:8081" }
+
+    before(:all) do
+      run_integration_script("start_schema_registry.sh")
+      wait_for_schema_registry("http://localhost:8081")
+    end
+
+    after(:all) do
+      run_integration_script("stop_schema_registry.sh")
+    end
+
+    context "fetching schema via HTTP" do
+      let(:schema_subject) { "test-no-auth-#{Time.now.to_i}" }
+      let(:full_schema_url) do
+        url = "#{schema_registry_url}/subjects/#{schema_subject}/versions/latest"
+        puts "Constructed schema URL: #{url}"
+        url
+      end
+
+      let(:config) { super().merge({ 'schema_uri' => full_schema_url }) }
+
+      before do
+        register_schema(schema_registry_url, schema_subject, test_schema_json)
+      end
+
+      it "fetches and decodes schema from Schema Registry" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+
+      it "encodes data using schema from schema registry" do
+        event = LogStash::Event.new(test_event_data)
+        encoded_data = nil
+
+        codec.on_event do |e, data|
+          encoded_data = data
+        end
+
+        codec.encode(event)
+
+        expect(encoded_data).not_to be_nil
+
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+    end
+  end
+
+  context "Schema Registry with authentication" do
+    let(:schema_registry_url) { "http://localhost:8081" }
+    let(:username) { "barney" }
+    let(:password) { "changeme" }
+
+    before(:all) do
+      run_integration_script("stop_schema_registry.sh")
+      run_integration_script("start_auth_schema_registry.sh")
+      wait_for_schema_registry("http://localhost:8081", username: "barney", password: "changeme")
+    end
+
+    after(:all) do
+      run_integration_script("stop_schema_registry.sh")
+    end
+
+    context "with valid credentials" do
+      let(:schema_subject) { "test-auth-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_url}/subjects/#{schema_subject}/versions/latest" }
+      let(:config) { super().merge({ 'schema_uri' => full_schema_url, 'username' => username, 'password' => password }) }
+
+      before do
+        register_schema(schema_registry_url, schema_subject, test_schema_json,
+                       username: username, password: password)
+      end
+
+      it "fetches schema with valid credentials" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+
+      it "encodes data with authentication" do
+        event = LogStash::Event.new(test_event_data)
+        encoded_data = nil
+
+        codec.on_event do |e, data|
+          encoded_data = data
+        end
+
+        codec.encode(event)
+        expect(encoded_data).not_to be_nil
+      end
+    end
+
+    context "with invalid credentials" do
+      let(:schema_subject) { "test-invalid-auth-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_url}/subjects/#{schema_subject}/versions/latest" }
+
+      before do
+        register_schema(schema_registry_url, schema_subject, test_schema_json,
+                       username: username, password: password)
+      end
+
+      it "fails with invalid credentials" do
+        expect {
+          invalid_config = { 'schema_uri' => full_schema_url, 'username' => 'invalid', 'password' => 'wrong' }
+          codec = LogStash::Codecs::Avro.new(invalid_config)
+          codec.register
+        }.to raise_error { |error|
+          expect(error.message).to include("Unauthorized")
+        }
+      end
+    end
+  end
+
+  context "Schema Registry with truststore configuration" do
+    let(:schema_registry_https_url) { "https://localhost:8083" }
+    let(:truststore_path) { File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks") }
+    let(:truststore_password) { "changeit" }
+    let(:ca_cert_path) { File.join(INTEGRATION_DIR, "tls_repository", "schema_reg_certificate.pem") }
+
+    before(:all) do
+      # Ensure non-auth registry is running (it includes HTTPS on 8083)
+      run_integration_script("stop_schema_registry.sh")
+      run_integration_script("start_schema_registry.sh")
+
+      ssl_options = {
+        truststore: File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks"),
+        truststore_password: "changeit",
+        truststore_type: "jks",
+        verify: :default
+      }
+      wait_for_schema_registry("https://localhost:8083", ssl_options: ssl_options)
+    end
+
+    after(:all) do
+      run_integration_script("stop_schema_registry.sh")
+    end
+
+    context "with truststore configuration" do
+      let(:schema_subject) { "test-ssl-truststore-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_https_url}/subjects/#{schema_subject}/versions/latest" }
+      let(:config) do
+        super().merge({
+                        'schema_uri' => full_schema_url,
+                        'ssl_enabled' => true,
+                        'ssl_truststore_path' => truststore_path,
+                        'ssl_truststore_password' => truststore_password,
+                        'ssl_truststore_type' => 'jks',
+                        'ssl_verification_mode' => 'full'
+                      })
+      end
+
+      before do
+        ssl_options = {
+          truststore: truststore_path,
+          truststore_password: truststore_password,
+          truststore_type: "jks",
+          verify: :default
+        }
+        register_schema(schema_registry_https_url, schema_subject, test_schema_json,
+                       ssl_options: ssl_options)
+      end
+
+      it "fetches schema using truststore" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+    end
+
+    context "with CA certificate configuration" do
+      let(:schema_subject) { "test-ssl-ca-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_https_url}/subjects/#{schema_subject}/versions/latest" }
+      let(:config) do
+        super().merge({
+                        'schema_uri' => full_schema_url,
+                        'ssl_enabled' => true,
+                        'ssl_certificate_authorities' => [ca_cert_path],
+                        'ssl_verification_mode' => 'full'
+                      })
+      end
+
+      before do
+        ssl_options = { ca_file: ca_cert_path, verify: :default }
+        register_schema(schema_registry_https_url, schema_subject, test_schema_json,
+                       ssl_options: ssl_options)
+      end
+
+      it "fetches schema using CA certificate" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+    end
+  end
+
+  context "Schema Registry with authentication and SSL" do
+    let(:schema_registry_https_url) { "https://localhost:8083" }
+    let(:username) { "barney" }
+    let(:password) { "changeme" }
+    let(:truststore_path) { File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks") }
+    let(:truststore_password) { "changeit" }
+
+    before(:all) do
+      # Start authenticated registry (includes HTTPS)
+      run_integration_script("stop_schema_registry.sh")
+      run_integration_script("start_auth_schema_registry.sh")
+
+      ssl_options = {
+        truststore: File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks"),
+        truststore_password: "changeit",
+        truststore_type: "jks",
+        verify: :default
+      }
+      wait_for_schema_registry("https://localhost:8083", username: "barney", password: "changeme", ssl_options: ssl_options)
+    end
+
+    after(:all) do
+      run_integration_script("stop_schema_registry.sh")
+    end
+
+    context "with valid credentials and truststore" do
+      let(:schema_subject) { "test-auth-ssl-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_https_url}/subjects/#{schema_subject}/versions/latest" }
+      let(:config) do
+        super().merge({
+                        'schema_uri' => full_schema_url,
+                        'username' => username,
+                        'password' => password,
+                        'ssl_enabled' => true,
+                        'ssl_truststore_path' => truststore_path,
+                        'ssl_truststore_password' => truststore_password,
+                        'ssl_truststore_type' => 'jks',
+                        'ssl_verification_mode' => 'full'
+                      })
+      end
+
+      before do
+        ssl_options = {
+          truststore: truststore_path,
+          truststore_password: truststore_password,
+          truststore_type: "jks",
+          verify: :default
+        }
+        register_schema(schema_registry_https_url, schema_subject, test_schema_json,
+                       username: username, password: password,
+                       ssl_options: ssl_options)
+      end
+
+      it "fetches schema with both authentication and SSL" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+
+      it "encodes data with authentication and SSL" do
+        event = LogStash::Event.new(test_event_data)
+        encoded_data = nil
+
+        codec.on_event do |e, data|
+          encoded_data = data
+        end
+
+        codec.encode(event)
+        expect(encoded_data).not_to be_nil
+      end
+    end
+  end
+
+  context "Schema Registry with keystore configuration (mutual TLS)" do
+    let(:schema_registry_https_url) { "https://localhost:8083" }
+
+    let(:truststore_path) { File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks") }
+    let(:truststore_password) { "changeit" }
+    let(:keystore_path) { File.join(INTEGRATION_DIR, "tls_repository", "schema_reg.jks") }
+    let(:keystore_password) { "changeit" }
+
+    before(:all) do
+      run_integration_script("stop_schema_registry.sh")
+      run_integration_script("start_schema_registry_mutual.sh")
+
+      ssl_options = {
+        keystore: File.join(INTEGRATION_DIR, "tls_repository", "schema_reg.jks"),
+        keystore_password: "changeit",
+        keystore_type: "jks",
+        truststore: File.join(INTEGRATION_DIR, "tls_repository", "clienttruststore.jks"),
+        truststore_password: "changeit",
+        truststore_type: "jks"
+      }
+      wait_for_schema_registry("https://localhost:8083", ssl_options: ssl_options)
+    end
+
+    after(:all) do
+      run_integration_script("stop_schema_registry.sh")
+    end
+
+    context "with keystore and truststore" do
+      let(:schema_subject) { "test-mutual-tls-#{Time.now.to_i}" }
+      let(:full_schema_url) { "#{schema_registry_https_url}/subjects/#{schema_subject}/versions/latest" }
+
+      let(:config) do
+        super().merge({
+                        'schema_uri' => full_schema_url,
+                        'ssl_enabled' => true,
+                        'ssl_keystore_path' => keystore_path,
+                        'ssl_keystore_password' => keystore_password,
+                        'ssl_keystore_type' => 'jks',
+                        'ssl_truststore_path' => truststore_path,
+                        'ssl_truststore_password' => truststore_password,
+                        'ssl_truststore_type' => 'jks',
+                        'ssl_verification_mode' => 'full'
+                      })
+      end
+
+      before do
+        ssl_options = {
+          keystore: keystore_path,
+          keystore_password: keystore_password,
+          keystore_type: "jks",
+          truststore: truststore_path,
+          truststore_password: truststore_password,
+          truststore_type: "jks",
+          verify: :default
+        }
+        register_schema(schema_registry_https_url, schema_subject, test_schema_json,
+                       ssl_options: ssl_options)
+      end
+
+      it "fetches schema" do
+        encoded_data = encode_avro_data(test_schema_json, test_event_data)
+        events = decode_with_codec(codec, encoded_data)
+        expect_decoded_event_matches(events, test_event_data)
+      end
+    end
+  end
+end

data/spec/integration/fixtures/jaas.config

@@ -0,0 +1,5 @@
+SchemaRegistry-Props {
+  org.eclipse.jetty.security.jaas.spi.PropertyFileLoginModule required
+  file="build/confluent_platform/etc/schema-registry/pwd"
+  debug="true";
+};

data/spec/integration/fixtures/pwd

@@ -0,0 +1,2 @@
+barney: changeme,user,developer
+admin:admin,admin

data/spec/integration/kafka_test_setup.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+# Setup Kafka and create test topics
+
+set -ex
+# check if KAFKA_VERSION env var is set
+if [ -n "${KAFKA_VERSION+1}" ]; then
+  echo "KAFKA_VERSION is $KAFKA_VERSION"
+else
+   KAFKA_VERSION=4.1.0
+fi
+
+KAFKA_MAJOR_VERSION="${KAFKA_VERSION%%.*}"
+
+export _JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"
+
+rm -rf build
+mkdir build
+
+echo "Setup Kafka version $KAFKA_VERSION"
+if [ ! -e "kafka_2.13-$KAFKA_VERSION.tgz" ]; then
+  echo "Kafka not present locally, downloading"
+  curl -s -o "kafka_2.13-$KAFKA_VERSION.tgz" "https://downloads.apache.org/kafka/$KAFKA_VERSION/kafka_2.13-$KAFKA_VERSION.tgz"
+fi
+cp "kafka_2.13-$KAFKA_VERSION.tgz" "build/kafka.tgz"
+mkdir "build/kafka" && tar xzf "build/kafka.tgz" -C "build/kafka" --strip-components 1
+
+echo "Use KRaft for Kafka version $KAFKA_VERSION"
+echo "log.dirs=${PWD}/build/kafka-logs" >> build/kafka/config/server.properties
+
+build/kafka/bin/kafka-storage.sh format \
+  --cluster-id $(build/kafka/bin/kafka-storage.sh random-uuid) \
+  --config build/kafka/config/server.properties \
+  --ignore-formatted \
+  --standalone
+
+echo "Starting Kafka broker"
+build/kafka/bin/kafka-server-start.sh -daemon "build/kafka/config/server.properties" --override advertised.host.name=127.0.0.1 --override log.dirs="${PWD}/build/kafka-logs"
+sleep 10
+
+echo "Setup Confluent Platform"
+# check if CONFLUENT_VERSION env var is set
+if [ -n "${CONFLUENT_VERSION+1}" ]; then
+  echo "CONFLUENT_VERSION is $CONFLUENT_VERSION"
+else
+   CONFLUENT_VERSION=8.0.0
+fi
+if [ ! -e "confluent-community-$CONFLUENT_VERSION.tar.gz" ]; then
+  echo "Confluent Platform not present locally, downloading"
+  CONFLUENT_MINOR=$(echo "$CONFLUENT_VERSION" | sed -n 's/^\([[:digit:]]*\.[[:digit:]]*\)\.[[:digit:]]*$/\1/p')
+  echo "CONFLUENT_MINOR is $CONFLUENT_MINOR"
+  curl -s -o "confluent-community-$CONFLUENT_VERSION.tar.gz" "http://packages.confluent.io/archive/$CONFLUENT_MINOR/confluent-community-$CONFLUENT_VERSION.tar.gz"
+fi
+echo "Extracting confluent-community-$CONFLUENT_VERSION.tar.gz to build"
+mkdir "build/confluent_platform" && tar xzf "confluent-community-$CONFLUENT_VERSION.tar.gz" -C "build/confluent_platform" --strip-components 1
+
+echo "Configuring TLS on Schema registry"
+rm -Rf tls_repository
+mkdir tls_repository
+./setup_keystore_and_truststore.sh
+# configure schema-registry to handle https on 8083 port
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  sed -i '' 's/http:\/\/0.0.0.0:8081/http:\/\/0.0.0.0:8081, https:\/\/0.0.0.0:8083/g' "build/confluent_platform/etc/schema-registry/schema-registry.properties"
+else
+  sed -i 's/http:\/\/0.0.0.0:8081/http:\/\/0.0.0.0:8081, https:\/\/0.0.0.0:8083/g' "build/confluent_platform/etc/schema-registry/schema-registry.properties"
+fi
+echo "ssl.keystore.location=`pwd`/tls_repository/schema_reg.jks" >> "build/confluent_platform/etc/schema-registry/schema-registry.properties"
+echo "ssl.keystore.password=changeit" >> "build/confluent_platform/etc/schema-registry/schema-registry.properties"
+echo "ssl.key.password=changeit" >> "build/confluent_platform/etc/schema-registry/schema-registry.properties"
+
+cp "build/confluent_platform/etc/schema-registry/schema-registry.properties" "build/confluent_platform/etc/schema-registry/schema-registry-mutual.properties"
+echo "ssl.truststore.location=`pwd`/tls_repository/clienttruststore.jks" >> "build/confluent_platform/etc/schema-registry/schema-registry-mutual.properties"
+echo "ssl.truststore.password=changeit" >> "build/confluent_platform/etc/schema-registry/schema-registry-mutual.properties"
+echo "confluent.http.server.ssl.client.authentication=REQUIRED" >> "build/confluent_platform/etc/schema-registry/schema-registry-mutual.properties"
+
+cp "build/confluent_platform/etc/schema-registry/schema-registry.properties" "build/confluent_platform/etc/schema-registry/authed-schema-registry.properties"
+echo "authentication.method=BASIC" >> "build/confluent_platform/etc/schema-registry/authed-schema-registry.properties"
+echo "authentication.roles=admin,developer,user" >> "build/confluent_platform/etc/schema-registry/authed-schema-registry.properties"
+echo "authentication.realm=SchemaRegistry-Props" >> "build/confluent_platform/etc/schema-registry/authed-schema-registry.properties"
+cp fixtures/jaas.config "build/confluent_platform/etc/schema-registry"
+
+echo "Setting up a test topic"
+build/kafka/bin/kafka-topics.sh --create --partitions 3 --replication-factor 1 --topic logstash_integration_topic_plain --bootstrap-server localhost:9092
+
+cp fixtures/pwd "build/confluent_platform/etc/schema-registry"
+echo "Setup complete, running specs"

data/spec/integration/kafka_test_teardown.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -ex
+
+echo "Unregistering test topics"
+#build/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9092 --delete --topic 'topic_avro.*' 2>&1
+
+echo "Stopping Kafka broker"
+build/kafka/bin/kafka-server-stop.sh
+
+if [ -f "build/kafka/bin/zookeeper-server-stop.sh" ]; then
+  echo "Stopping ZooKeeper"
+  build/kafka/bin/zookeeper-server-stop.sh
+fi
+
+echo "Clean TLS folder"
+rm -Rf tls_repository

data/spec/integration/setup_keystore_and_truststore.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Setup Schema Registry keystore and Kafka's schema registry client's truststore
+set -ex
+
+echo "Generating schema registry key store"
+keytool -genkey -alias schema_reg -keyalg RSA -keystore tls_repository/schema_reg.jks -keypass changeit -storepass changeit  -validity 365  -keysize 2048 -dname "CN=localhost, OU=John Doe, O=Acme Inc, L=Unknown, ST=Unknown, C=IT"
+
+echo "Exporting schema registry certificate"
+keytool -exportcert -rfc -keystore tls_repository/schema_reg.jks -storepass changeit -alias schema_reg -file tls_repository/schema_reg_certificate.pem
+
+echo "Creating client's truststore and importing schema registry's certificate"
+keytool -import -trustcacerts -file tls_repository/schema_reg_certificate.pem -keypass changeit -storepass changeit -keystore tls_repository/clienttruststore.jks -noprompt
+
+# make files read only
+chmod 444 tls_repository/schema_reg.jks
+chmod 444 tls_repository/schema_reg_certificate.pem
+chmod 444 tls_repository/clienttruststore.jks

data/spec/integration/start_auth_schema_registry.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -ex
+
+echo "Starting authed SchemaRegistry"
+SCHEMA_REGISTRY_OPTS="-Djava.security.auth.login.config=build/confluent_platform/etc/schema-registry/jaas.config" \
+  build/confluent_platform/bin/schema-registry-start \
+  build/confluent_platform/etc/schema-registry/authed-schema-registry.properties \
+  > /dev/null 2>&1 &

data/spec/integration/start_schema_registry.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -ex
+
+echo "Starting SchemaRegistry"
+build/confluent_platform/bin/schema-registry-start build/confluent_platform/etc/schema-registry/schema-registry.properties > /dev/null 2>&1 &

data/spec/integration/start_schema_registry_mutual.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -ex
+
+echo "Starting SchemaRegistry"
+build/confluent_platform/bin/schema-registry-start build/confluent_platform/etc/schema-registry/schema-registry-mutual.properties > /dev/null 2>&1 &

data/spec/integration/stop_schema_registry.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -ex
+
+echo "Stopping SchemaRegistry"
+build/confluent_platform/bin/schema-registry-stop
+sleep 2