If a cluster isn't secure and wants to migrate to secure, then it will need to execute the following steps with respect to ZK:
- Perform a rolling restart passing the appropriate JAAS file to enable the ZK client to authenticate against the server
- Run a ZkSecurityMigrationTool that will set the appropriate ACLs
- Perform a second rolling restart to set `zookeeper.enable.secure.acls`
This recipe assumes that the ZK ensemble has security on.