This tool is to be used when making access to ZooKeeper authenticated or
the other way around, when removing authenticated access. The exact steps
to migrate a Kafka cluster from unsecure to secure with respect to ZooKeeper
access are the following:
1- Perform a rolling upgrade of Kafka servers, setting zookeeper.set.acl to false
and passing a valid JAAS login file via the system property
java.security.auth.login.config
2- Perform a second rolling upgrade keeping the system property for the login file
and now setting zookeeper.set.acl to true
3- Finally run this tool. There is a script under ./bin. Run
./bin/zookeeper-security-migration --help
to see the configuration parameters. An example of running it is the following:
./bin/zookeeper-security-migration --zookeeper.acl=secure --zookeeper.connection=localhost:2181
To convert a cluster from secure to unsecure, we need to perform the following
steps:
1- Perform a rolling upgrade setting zookeeper.set.acl to false for each server
2- Run this migration tool, setting zookeeper.acl to unsecure
3- Perform another rolling upgrade to remove the system property setting the
login file (java.security.auth.login.config).
This tool is to be used when making access to ZooKeeper authenticated or the other way around, when removing authenticated access. The exact steps to migrate a Kafka cluster from unsecure to secure with respect to ZooKeeper access are the following:
1- Perform a rolling upgrade of Kafka servers, setting zookeeper.set.acl to false and passing a valid JAAS login file via the system property java.security.auth.login.config 2- Perform a second rolling upgrade keeping the system property for the login file and now setting zookeeper.set.acl to true 3- Finally run this tool. There is a script under ./bin. Run ./bin/zookeeper-security-migration --help to see the configuration parameters. An example of running it is the following: ./bin/zookeeper-security-migration --zookeeper.acl=secure --zookeeper.connection=localhost:2181
To convert a cluster from secure to unsecure, we need to perform the following steps: 1- Perform a rolling upgrade setting zookeeper.set.acl to false for each server 2- Run this migration tool, setting zookeeper.acl to unsecure 3- Perform another rolling upgrade to remove the system property setting the login file (java.security.auth.login.config).