Learn how to unlock access to Kafka metadata in Zookeeper
A secure Kafka cluster with Kerberos authentication enabled is required.
- Disable the use of secure ACLs by setting
zookeeper.set.acl
configuration parameter to false
:
- In Cloudera Manager select the Kafka service.
- Select Configuration and find the Kafka
Broker Advanced Configuration Snippet (Safety Valve) for
kafka.properties property.
- Add the following line to the Kafka Broker Advanced Configuration
Snippet (Safety Valve) for kafka.properties property:
- Perform a Rolling Restart:
- Return to the Home page by clicking the Cloudera Manager
logo.
- Go to the Kafka service and select .
- Check the Restart roles with stale configurations
only checkbox and click Rolling
restart.
- Click Close when the restart has
finished.
- Run the
zookeeper-security-migration
tool with the
zookeeper.acl
option set to unsecure
zookeeper-security-migration --zookeeper.connect hostname:port --zookeeper.acl unsecure
The tool traverses the corresponding sub-trees changing the ACLs of the znodes.
Access to Kafka metadata stored in Zookeeper becomes unrestricted.