I’m building a flow that uses ExecuteSQL to query data from Phoenix on top of a Kerberized Ambari Metrics’ HBase (it hits the AMS Zookeeper). I ran into issues and the logs showed NiFi (also kerberized) was getting auth failed when connecting to ZNode.
To confirm I had all my proper AMS conf files and phoenix jars, I tried tweaking the DBCP and customizing the phoenix-client.jar for this specific Hbase (using many links online of people doing this same thing), but unfortunately didn’t resolve the Znode error. I realized that by default AMS does not create the Znode on Zookeeper secure with SASL, and by default NiFi has zookeeper.sasl.client=true causing NiFi to use SASL for zookeeper client connections. So I tested setting ‘java.arg.X=-Dzookeeper.sasl.client=false’ in my bootstrap.conf file and finally NiFi was able to successfully connect and query the data. I don’t have much experience with SASL and Znodes, so I wanted to know if there are any issues I can run into by setting it to false? Or even just going against security recommendations? Am I understanding it correctly that if zookeeper.sasl.client=true then NiFi can ONLY connect to Znodes that use SASL, and if zookeeper.sasl.client=false then NiFi can ONLY connect to Znodes that do not use SASL? Any help would be appreciated! Thanks, Chad
