Hi All, I've also posted this question to the Zookeeper Users DL, but thought I would also put the question out here as well since it is related to NiFi.
We currently have a centralized external Zookeeper cluster that is being used for multiple NiFi clusters. There wasn't any initial security set up (shame on us) and now want to add something in such that each NiFi cluster should only be able to see it's own ZK data (CreatorOnly). Can an ACL be put in place (either Kerberos or Username/Password) to an existing ZK tree that isn't currently under any kind of ACL? Example being, could I stop one of the NiFi clusters, add in Username/Password info and CreatorOnly to the state-management.xml file, restart the cluster, and then that ZK tree will then be only accessible by that cluster? Would this be a case where the migration tool would need to be used? I couldn't really find much in way of documentation for this specific case and just want to understand what options there are without breaking any of the clusters and get some security in there. Any info is always appreciated! Cheers, Ryan H
