Learn how to unlock access to Kafka metadata in Zookeeper
A secure Kafka cluster with Kerberos authentication enabled is required.
- Disable the use of secure ACLs:
This can be achieved by setting the
zookeeper.set.acl configuration parameter to false.
- In Cloudera Manager select the Kafka service.
- Select Configuration.
- Find the Enable Zookeeper ACL
property.
- Set the property to false by unchecking the checkbox next to the name of the
role group.
- Perform a Rolling Restart:
- Return to the Home page by clicking the Cloudera Manager
logo.
- Go to the Kafka service and select .
- Check the Restart roles with stale configurations
only checkbox and click Rolling
restart.
- Click Close when the restart has
finished.
- Run the
zookeeper-security-migration tool with the
zookeeper.acl option set to unsecure
zookeeper-security-migration --zookeeper.connect [HOSTNAME]:[PORT]/[ZOOKEEPER_KAFKA_CHROOT] --zookeeper.acl unsecure
Replace [ZOOKEEPER_KAFKA_CHROOT] with the value of the
zookeeper.chroot property. To view the value of the property, in
Cloudera Manager go to and search for zookeeper.chroot.
The tool traverses the corresponding sub-trees changing the ACLs of the znodes.
Access to Kafka metadata stored in Zookeeper becomes unrestricted.
