THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Users need to setup a JAAS login configuration file and specify it as a system property named {{java.security.auth.login.config}}. With this property set, Kafka brokers turn security features on and use more strict ACLs rather than the open unsafe one. Specifically, it uses CREATOR_ALL_ACL and READ_ACL_UNSAFE when the security feature is on, which enable the creator (or anyone with the credentials of the creator) to manipulate the znode while everyone else can read it. That's the only bit that changes to users, everything else happens under the hood.
ZooKeeper currently offers two mechanisms of authentication: Kerberos and DIGEST-MD5. For more information on the options, check the following online docs:
...
- Perform a rolling restart setting the JAAS login file, which enables brokers to authenticate. At the end of the rolling restart, brokers are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs.
- Execute a tool called called
ZkSecurityMigrator(thre there is a script under ./bin and the code is underkafka.admin. This tool traverses the corresponding sub-trees changing the ACLs of the znodes. - Perform a second rolling restart of brokers, this time setting the configuration parameter zookeeper.set.acl to true, which enables ZkUtils to use secure ACLs when creating znodes.
...