[GitHub] [nifi] thenatog commented on pull request #4613: NiFi-7819 - Add Zookeeper client TLS (external zookeeper) for cluster state management
thenatog commented on pull request #4613: URL: https://github.com/apache/nifi/pull/4613#issuecomment-720756920 I believe I have resolved all the requests made so far. Let me know if any further changes are required before we merge this one in. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] thenatog commented on pull request #4613: NiFi-7819 - Add Zookeeper client TLS (external zookeeper) for cluster state management
thenatog commented on pull request #4613: URL: https://github.com/apache/nifi/pull/4613#issuecomment-713261888 This PR now allows the user to configure the TLS properties for ZooKeeper state provider using the nifi.properties file instead of the state-management.xml as in the previous PR. ``` To test you can download/clone Zookeeper 3.5.5+ and export the key and trust stores as environment variables: export SERVER_JVMFLAGS=" -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.keyStore.location=conf/security/keystore.jks -Dzookeeper.ssl.keyStore.password=keystorePassword -Dzookeeper.ssl.trustStore.location=conf/security/truststore.jks -Dzookeeper.ssl.trustStore.password=truststorePassword" Set the zoo.cfg as follows: tickTime=2000 initLimit=10 syncLimit=5 dataDir=/tmp/zookeeper secureClientPort=2281 Then run ./bin/zkServer.sh. You can then set the nifi.properties TLS configuration using the 2281 client port for Zookeeper: nifi.zookeeper.connect.string=localhost:2281 nifi.zookeeper.connect.timeout=10 secs nifi.zookeeper.session.timeout=10 secs nifi.zookeeper.root.node=/nifi nifi.zookeeper.client.secure=true nifi.zookeeper.security.keystore=./conf/keystore.jks nifi.zookeeper.security.keystoreType=JKS nifi.zookeeper.security.keystorePasswd=keystorePassword nifi.zookeeper.security.truststore=./conf/truststore.jks nifi.zookeeper.security.truststoreType=JKS nifi.zookeeper.security.truststorePasswd=truststorePassword ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org