jfrazee commented on a change in pull request #4216: NIFI-7356 Enable TLS for embedded Zookeeper when NiFi has TLS enabled URL: https://github.com/apache/nifi/pull/4216#discussion_r410271801
########## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ########## @@ -198,6 +216,64 @@ public static ZooKeeperStateServer create(final NiFiProperties properties) throw zkProperties.load(bis); } - return new ZooKeeperStateServer(zkProperties); + return new ZooKeeperStateServer(reconcileProperties(properties, zkProperties)); + } + + private static QuorumPeerConfig reconcileProperties(NiFiProperties niFiProperties, Properties zkProperties) throws IOException, ConfigException { + QuorumPeerConfig peerConfig = new QuorumPeerConfig(); + peerConfig.parseProperties(zkProperties); + + // If this is an insecure NiFi or if the ZooKeeper is distributed, no changes are needed: + if (!niFiProperties.isHTTPSConfigured() || peerConfig.isDistributed()) { Review comment: I'm trying to understand the RHS of this. AFAICT this means that this will only apply to standalone with the embedded server enabled. Is this because the leader election client changes are needed before it can be enabled for a cluster? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services