admin
This script can be used to change configs for topics/clients dynamically
This tool is to be used when making access to ZooKeeper authenticated or the other way around, when removing authenticated access.
This tool is to be used when making access to ZooKeeper authenticated or the other way around, when removing authenticated access. The exact steps to migrate a Kafka cluster from unsecure to secure with respect to ZooKeeper access are the following:
1- Perform a rolling upgrade of Kafka servers, setting zookeeper.set.acl to false and passing a valid JAAS login file via the system property java.security.auth.login.config 2- Perform a second rolling upgrade keeping the system property for the login file and now setting zookeeper.set.acl to true 3- Finally run this tool. There is a script under ./bin. Run ./bin/zookeeper-security-migration --help to see the configuration parameters. An example of running it is the following: ./bin/zookeeper-security-migration --zookeeper.acl=secure --zookeeper.connection=localhost:2181
To convert a cluster from secure to unsecure, we need to perform the following steps: 1- Perform a rolling upgrade setting zookeeper.set.acl to false for each server 2- Run this migration tool, setting zookeeper.acl to unsecure 3- Perform another rolling upgrade to remove the system property setting the login file (java.security.auth.login.config).