Hi Stevo, That looks like a bug, can you please file a JIRA?
Ismael On Mon, Feb 27, 2017 at 3:03 PM, Stevo Slavić <ssla...@gmail.com> wrote: > Hello Apache Kafka community, > > There's nice documentation on enabling ZooKeeper security on an existing > Apache Kafka cluster at > https://kafka.apache.org/documentation/#zk_authz_migration > > For your convenience here are the first two steps of migration: > > 1. Perform a rolling restart setting the JAAS login file, which enables > brokers to authenticate. At the end of the rolling restart, brokers are > able to manipulate znodes with strict ACLs, but they will not create > znodes > with those ACLs > 2. Perform a second rolling restart of brokers, this time setting the > configuration parameter zookeeper.set.acl to true, which enables the use > of secure ACLs when creating znodes > > Problem is that there seems to be code in Kafka broker like > ZookeeperLeaderElector which on a broker with configured JAAS config file, > is setting ACLs even when zookeeper.set.acl=false > > Is it a bug or did I misunderstand something? > > Kind regards, > Stevo Slavic. >
