Hi Stevo,

That looks like a bug, can you please file a JIRA?

Ismael

On Mon, Feb 27, 2017 at 3:03 PM, Stevo Slavić <ssla...@gmail.com> wrote:

> Hello Apache Kafka community,
>
> There's nice documentation on enabling ZooKeeper security on an existing
> Apache Kafka  cluster at
> https://kafka.apache.org/documentation/#zk_authz_migration
>
> For your convenience here are the first two steps of migration:
>
>    1. Perform a rolling restart setting the JAAS login file, which enables
>    brokers to authenticate. At the end of the rolling restart, brokers are
>    able to manipulate znodes with strict ACLs, but they will not create
> znodes
>    with those ACLs
>    2. Perform a second rolling restart of brokers, this time setting the
>    configuration parameter zookeeper.set.acl to true, which enables the use
>    of secure ACLs when creating znodes
>
> Problem is that there seems to be code in Kafka broker like
> ZookeeperLeaderElector which on a broker with configured JAAS config file,
> is setting ACLs even when zookeeper.set.acl=false
>
> Is it a bug or did I misunderstand something?
>
> Kind regards,
> Stevo Slavic.
>

Reply via email to