Unlock Kafka metadata in Zookeeper

Learn how to unlock access to Kafka metadata in Zookeeper

A secure Kafka cluster with Kerberos authentication enabled is required.

  1. Disable the use of secure ACLs by setting zookeeper.set.acl configuration parameter to false:
    1. In Cloudera Manager select the Kafka service.
    2. Select Configuration and find the Kafka Broker Advanced Configuration Snippet (Safety Valve) for kafka.properties property.
    3. Add the following line to the Kafka Broker Advanced Configuration Snippet (Safety Valve) for kafka.properties property:
      zookeeper.set.acl=false
  2. Perform a Rolling Restart:
    1. Return to the Home page by clicking the Cloudera Manager logo.
    2. Go to the Kafka service and select Actions Rolling Restart.
    3. Check the Restart roles with stale configurations only checkbox and click Rolling restart.
    4. Click Close when the restart has finished.
  3. Run the zookeeper-security-migration tool with the zookeeper.acl option set to unsecure
    zookeeper-security-migration --zookeeper.connect hostname:port --zookeeper.acl unsecure
The tool traverses the corresponding sub-trees changing the ACLs of the znodes. Access to Kafka metadata stored in Zookeeper becomes unrestricted.