Hi Ryan, I think this should be supported by NiFi, but I don't know that platform.
Username/password is very weak and it is hard to maintain. Apart from this I think you can write a simple program which scans your ZK tree and applies ACL, no need for a new cluster. Just my 2 cents Enrico Il sab 19 gen 2019, 16:35 Ryan H <ryan.howell.developm...@gmail.com> ha scritto: > Hi All, > > I am currently using an external 3 machine Zookeeper (3.4.10) to manage > multiple NiFi Clusters (NiFi 1.5). I would like to put in ACL for each of > the existing NiFi clusters with username/password that is unique to each of > the NiFi clusters as it is currently wide open. The docs say that Kerberos > is the recommended method for securing ZK, but for now going to go with > User/Password. > > I'm looking for the best way to do this. My initial thought was to spin up > a new ZK cluster, then use the migration tool to migrate each of the root > nodes to the new cluster, adding the username/password as each root is > migrated. Is there a better way to do this? I'm wondering if a new ZK > cluster is needed or not and whether the same thing can just be done on the > existing ZK cluster. Can the Username/Password ACL info just be applied to > the existing roots (just add the ACL info to the NiFi configuration) and > then that's it? > > Any direction or suggestions is appreciated!! > > > Cheers, > > Ryan H > -- -- Enrico Olivelli
