Thanks Enrico, Agreed on Username/Password. Maybe to rephrase my question: if I have an existing ZK tree that doesn't currently have any kind of Access Control, can a Username/Password ACL be applied to that existing tree? If so, how would one go about doing that?
-Ryan H On Sat, Jan 19, 2019 at 2:25 PM Enrico Olivelli <eolive...@gmail.com> wrote: > Hi Ryan, > I think this should be supported by NiFi, but I don't know that platform. > > Username/password is very weak and it is hard to maintain. > > Apart from this I think you can write a simple program which scans your ZK > tree and applies ACL, no need for a new cluster. > > Just my 2 cents > > Enrico > > Il sab 19 gen 2019, 16:35 Ryan H <ryan.howell.developm...@gmail.com> ha > scritto: > > > Hi All, > > > > I am currently using an external 3 machine Zookeeper (3.4.10) to manage > > multiple NiFi Clusters (NiFi 1.5). I would like to put in ACL for each of > > the existing NiFi clusters with username/password that is unique to each > of > > the NiFi clusters as it is currently wide open. The docs say that > Kerberos > > is the recommended method for securing ZK, but for now going to go with > > User/Password. > > > > I'm looking for the best way to do this. My initial thought was to spin > up > > a new ZK cluster, then use the migration tool to migrate each of the root > > nodes to the new cluster, adding the username/password as each root is > > migrated. Is there a better way to do this? I'm wondering if a new ZK > > cluster is needed or not and whether the same thing can just be done on > the > > existing ZK cluster. Can the Username/Password ACL info just be applied > to > > the existing roots (just add the ACL info to the NiFi configuration) and > > then that's it? > > > > Any direction or suggestions is appreciated!! > > > > > > Cheers, > > > > Ryan H > > > -- > > > -- Enrico Olivelli >