NiFi to Zookeeper SSL Connection

1
votes

I have a requirement to secure the connection between NiFi and a (non-embedded) Zookeeper cluster. From the documentation here it mentions that it is being worked on in Zookeeper version 3.5.x. However, we are now on version 3.6.1 and I have got SSL working between Zookeeper and Kafka so I know it works.

It seems that the issue was that, according to this post, the Zookeeper client code in NiFi was not built on a version supporting SSL.

However, the post is now over 2 years old and Zookeeper 3.5.x has been and gone. My question is; has the Zookeeper client code in NiFi been updated to a version that supports SSL and, if yes, how can I implement it?

Thank you in advance,

Harry

1
sslapache-zookeeperapache-nifi

1 Answers

0
votes

There are multiple Jiras related to this and some PRs open for this work.

  • NIFI-7203 - Add support for Zookeeper TLS
    • NIFI-7401 - Add Zookeeper client TLS to CuratorLeaderElectionManager
    • NIFI-7357 - Make Zookeeper TLS properties available via nifi.properties
    • NIFI-7356 - Enable TLS for embedded Zookeeper when NiFi has TLS enabled
  • NIFI-7124 - Improve experience configuring Zookeeper to support TLS
  • NIFI-7115 - Add Zookeeper TLS configuration to Administration Guide

I think the short answer to your question is that the complete functionality is not available in an integrated way out of the box right now, but through a combination of setting Java arguments, you should be able to achieve this on a recent version of NiFi (see PR 4092 for instructions via the rendered Admin Guide doc changes). You can follow the specific Jiras above to be kept apprised of new developments.