Re: Migrate ZK to ACL ZK
Thanks Enrico, Agreed on Username/Password. Maybe to rephrase my question: if I have an existing ZK tree that doesn't currently have any kind of Access Control, can a Username/Password ACL be applied to that existing tree? If so, how would one go about doing that? -Ryan H On Sat, Jan 19, 2019 at 2:25 PM Enrico Olivelli wrote: > Hi Ryan, > I think this should be supported by NiFi, but I don't know that platform. > > Username/password is very weak and it is hard to maintain. > > Apart from this I think you can write a simple program which scans your ZK > tree and applies ACL, no need for a new cluster. > > Just my 2 cents > > Enrico > > Il sab 19 gen 2019, 16:35 Ryan H ha > scritto: > > > Hi All, > > > > I am currently using an external 3 machine Zookeeper (3.4.10) to manage > > multiple NiFi Clusters (NiFi 1.5). I would like to put in ACL for each of > > the existing NiFi clusters with username/password that is unique to each > of > > the NiFi clusters as it is currently wide open. The docs say that > Kerberos > > is the recommended method for securing ZK, but for now going to go with > > User/Password. > > > > I'm looking for the best way to do this. My initial thought was to spin > up > > a new ZK cluster, then use the migration tool to migrate each of the root > > nodes to the new cluster, adding the username/password as each root is > > migrated. Is there a better way to do this? I'm wondering if a new ZK > > cluster is needed or not and whether the same thing can just be done on > the > > existing ZK cluster. Can the Username/Password ACL info just be applied > to > > the existing roots (just add the ACL info to the NiFi configuration) and > > then that's it? > > > > Any direction or suggestions is appreciated!! > > > > > > Cheers, > > > > Ryan H > > > -- > > > -- Enrico Olivelli >
Re: Migrate ZK to ACL ZK
Hi Ryan, I think this should be supported by NiFi, but I don't know that platform. Username/password is very weak and it is hard to maintain. Apart from this I think you can write a simple program which scans your ZK tree and applies ACL, no need for a new cluster. Just my 2 cents Enrico Il sab 19 gen 2019, 16:35 Ryan H ha scritto: > Hi All, > > I am currently using an external 3 machine Zookeeper (3.4.10) to manage > multiple NiFi Clusters (NiFi 1.5). I would like to put in ACL for each of > the existing NiFi clusters with username/password that is unique to each of > the NiFi clusters as it is currently wide open. The docs say that Kerberos > is the recommended method for securing ZK, but for now going to go with > User/Password. > > I'm looking for the best way to do this. My initial thought was to spin up > a new ZK cluster, then use the migration tool to migrate each of the root > nodes to the new cluster, adding the username/password as each root is > migrated. Is there a better way to do this? I'm wondering if a new ZK > cluster is needed or not and whether the same thing can just be done on the > existing ZK cluster. Can the Username/Password ACL info just be applied to > the existing roots (just add the ACL info to the NiFi configuration) and > then that's it? > > Any direction or suggestions is appreciated!! > > > Cheers, > > Ryan H > -- -- Enrico Olivelli
Migrate ZK to ACL ZK
Hi All, I am currently using an external 3 machine Zookeeper (3.4.10) to manage multiple NiFi Clusters (NiFi 1.5). I would like to put in ACL for each of the existing NiFi clusters with username/password that is unique to each of the NiFi clusters as it is currently wide open. The docs say that Kerberos is the recommended method for securing ZK, but for now going to go with User/Password. I'm looking for the best way to do this. My initial thought was to spin up a new ZK cluster, then use the migration tool to migrate each of the root nodes to the new cluster, adding the username/password as each root is migrated. Is there a better way to do this? I'm wondering if a new ZK cluster is needed or not and whether the same thing can just be done on the existing ZK cluster. Can the Username/Password ACL info just be applied to the existing roots (just add the ACL info to the NiFi configuration) and then that's it? Any direction or suggestions is appreciated!! Cheers, Ryan H
