Hi Mark, Just adding to what Andy said below. Currently there is support for Kerberos/SASL authentication with Zookeeper. The admin guide provides details on that configuration and setup for embedded zookeeper and links for guidance on external Zookeeper installations.
https://nifi.apache.org/docs/nifi-docs/html/administration- guide.html#securing_zookeeper -yolanda On Tue, Oct 31, 2017 at 3:07 PM, Andy LoPresto <alopre...@apache.org> wrote: > Hi Mark, > > I believe SSL ZK connections are only supported in 3.5.0+ [1] and > currently NiFi uses ZK 3.4.6 [2]. I don’t know the details on making a TLS > connection to ZK, but my first thoughts would be to update the host/port > combination in your NiFi configs to reference the ZK HTTPS port, and ensure > that the certificate(s) used to identify ZK are in your NiFi truststore. > > This warrants raising a Jira to request the feature. Thanks. > > [1] http://zookeeper-user.578899.n2.nabble.com/SSL-between- > java-client-and-zookeeper-td7582421.html > [2] https://github.com/apache/nifi/blob/master/pom.xml#L748 > > Andy LoPresto > alopre...@apache.org > *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Oct 31, 2017, at 11:37 AM, Mark Bean <mark.o.b...@gmail.com> wrote: > > Has anyone setup zookeeper connections for a NiFi Cluster over SSL? We have > ZK itself running over SSL. How do we get the NiFi to ZK connections > secure? Is this possible? Advice, suggestions and/or documentation greatly > appreciated. > > Thanks, > Mark > > > -- -- yolanda.m.da...@gmail.com @YolandaMDavis
