Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-8843

Zookeeper migration tool support for TLS

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.5.0
    • None
    • None
    • Important

    Description

      Currently zookeeper-migration tool works based on SASL authentication. What means only digest and kerberos authentication is supported.

       

      With the introduction of ZK 3.5, TLS is added, including a new X509 authentication provider. 

       

      To support this great future and utilise the TLS principals, the zookeeper-migration-tool script should support the X509 authentication as well.

       

      In my newbie view, this should mean adding a new parameter to allow other ways of authentication around https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/admin/ZkSecurityMigrator.scala#L65. 

       

      If I understand the process correct, this will require a KIP, right?

       

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-9284 Add documentation and system tests for TLS-encrypted Zookeeper connections

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #8003

          mentioned in

          Page Loading...

          Activity

            People

              rndgstn Ron Dagostino
              purbon Pere Urbon-Bayes
              Manikumar Manikumar
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: