Learn how to unlock access to Kafka metadata in Zookeeper
A secure Kafka cluster with Kerberos authentication enabled is required.
- Disable the use of secure ACLs:
This can be achieved by setting the
zookeeper.set.acl
configuration parameter to false.
- In Cloudera Manager select the Kafka service.
- Select Configuration.
- Find the Enable Zookeeper ACL
property.
- Set the property to false by unchecking the checkbox next to the name of the
role group.
- Perform a Rolling Restart:
- Return to the Home page by clicking the Cloudera Manager
logo.
- Go to the Kafka service and select .
- Check the Restart roles with stale configurations
only checkbox and click Rolling
restart.
- Click Close when the restart has
finished.
- Run the
zookeeper-security-migration
tool with the
zookeeper.acl
option set to unsecure
zookeeper-security-migration --zookeeper.connect hostname:port --zookeeper.acl unsecure
The tool traverses the corresponding sub-trees changing the ACLs of the znodes.
Access to Kafka metadata stored in Zookeeper becomes unrestricted.