Thanks Ismael, I've created https://issues.apache.org/jira/browse/KAFKA-4814
Kind regards, Stevo Slavic. On Tue, Feb 28, 2017 at 5:26 PM, Ismael Juma <ism...@juma.me.uk> wrote: > Hi Stevo, > > That looks like a bug, can you please file a JIRA? > > Ismael > > On Mon, Feb 27, 2017 at 3:03 PM, Stevo Slavić <ssla...@gmail.com> wrote: > > > Hello Apache Kafka community, > > > > There's nice documentation on enabling ZooKeeper security on an existing > > Apache Kafka cluster at > > https://kafka.apache.org/documentation/#zk_authz_migration > > > > For your convenience here are the first two steps of migration: > > > > 1. Perform a rolling restart setting the JAAS login file, which > enables > > brokers to authenticate. At the end of the rolling restart, brokers > are > > able to manipulate znodes with strict ACLs, but they will not create > > znodes > > with those ACLs > > 2. Perform a second rolling restart of brokers, this time setting the > > configuration parameter zookeeper.set.acl to true, which enables the > use > > of secure ACLs when creating znodes > > > > Problem is that there seems to be code in Kafka broker like > > ZookeeperLeaderElector which on a broker with configured JAAS config > file, > > is setting ACLs even when zookeeper.set.acl=false > > > > Is it a bug or did I misunderstand something? > > > > Kind regards, > > Stevo Slavic. > > >
