We are using HDP 3.1 version to set a KAFKA cluster. We cannot use Zookeeper kerberos authentication. Have implemented Zookeeper authentication using the DIGEST-MD5 SASL mechanism with locally stored credentials. for client to server following the below link. https://access.redhat.com/documentation/en-us/red_hat_amq/7.2/html/using_amq_streams_on_red_hat_enterprise_linux_rhel/configuring_zookeeper#assembly-configuring-zookeeper-authentication-str Post setting up the client to server Zookeeper authentication have run the zookeeper-security-migration.sh from KAFKA bin directory to set the ACLs for kafka user. There is a znode called "ambari-metrics-cluster" under root (/) in Zookeeper which is created Ambari Metrics. These znodes have "world:anyone:ALL" ACL set for them. With that said wanted to check on two things: How to set up SASL based authentication for Metrics Collector with Zookeeper How to migrate the znodes created by Metrics Collector in an already existing cluster to have the ACLs set for the ams sasl user with Zookeeper. This ACLs migration for KAFKA znodes can be done by running zookeeper-security-migration.sh from KAFKA bin directory.
... View more