jfrazee commented on a change in pull request #4216: NIFI-7356 Enable TLS for
embedded Zookeeper when NiFi has TLS enabled
URL: https://github.com/apache/nifi/pull/4216#discussion_r410271801
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java
##########
@@ -198,6 +216,64 @@ public static ZooKeeperStateServer create(final
NiFiProperties properties) throw
zkProperties.load(bis);
}
- return new ZooKeeperStateServer(zkProperties);
+ return new ZooKeeperStateServer(reconcileProperties(properties,
zkProperties));
+ }
+
+ private static QuorumPeerConfig reconcileProperties(NiFiProperties
niFiProperties, Properties zkProperties) throws IOException, ConfigException {
+ QuorumPeerConfig peerConfig = new QuorumPeerConfig();
+ peerConfig.parseProperties(zkProperties);
+
+ // If this is an insecure NiFi or if the ZooKeeper is distributed, no
changes are needed:
+ if (!niFiProperties.isHTTPSConfigured() || peerConfig.isDistributed())
{
Review comment:
I'm trying to understand the RHS of this. AFAICT this means that this will
only apply to standalone with the embedded server enabled. Is this because the
leader election client changes are needed before it can be enabled for a
cluster?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
