Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

SASL Zookeeper Authentication for Ambari Metrics without kerberos

SASL Zookeeper Authentication for Ambari Metrics without kerberos

New Contributor

We are using HDP 3.1 version to set a KAFKA cluster. We cannot use Zookeeper kerberos authentication.

Have implemented Zookeeper authentication using the DIGEST-MD5 SASL mechanism with locally stored credentials. for client to server following the below link.

https://access.redhat.com/documentation/en-us/red_hat_amq/7.2/html/using_amq_streams_on_red_hat_ente...

Post setting up the client to server Zookeeper authentication have run the zookeeper-security-migration.sh from KAFKA bin directory to set the ACLs for kafka user.


There is a znode called "ambari-metrics-cluster" under root (/) in Zookeeper which is created Ambari Metrics. These znodes have "world:anyone:ALL" ACL set for them. With that said wanted to check on two things:

  1. How to set up SASL based authentication for Metrics Collector with Zookeeper
  2. How to migrate the znodes created by Metrics Collector in an already existing cluster to have the ACLs set for the ams sasl user with Zookeeper. This ACLs migration for KAFKA znodes can be done by running zookeeper-security-migration.sh from KAFKA bin directory.


Don't have an account?
Coming from Hortonworks? Activate your account here