You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/01/21 18:51:04 UTC

[jira] [Commented] (NIFI-7356) Enable TLS for embedded Zookeeper when NiFi has TLS enabled

    [ https://issues.apache.org/jira/browse/NIFI-7356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269536#comment-17269536 ] 

ASF subversion and git services commented on NIFI-7356:
-------------------------------------------------------

Commit 76648bdc0b2a077bed6073d30345e9d1af876920 in nifi's branch refs/heads/main from Troy Melhase
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=76648bd ]

NIFI-7356 - Config TLS for embedded ZooKeeper when NiFi TLS enabled.

NIFI-7356 - Addresses PR feedback.

NIFI-7356 - Additional changes from PR feedback.

NIFI-7356 - Adding integration tests for ZooKeeperStateServer for TLS.

NIFI-7356 - TLS + Zookeeper now working with single and quorum. Needs code cleanup, need to fix IT tests and docs.

NIFI-7356 - Fixed up tests and removed some irrelevant ones. Refactored some of ZooKeeperStateServer. Tested successfully with a secure and insecure 3 node NiFi + Quorum.

NIFI-7356 - Checkstyle fixes.

NIFI-7356 - Updated administration guide with embedded ZooKeeper TLS configuration.

NIFI-7356 - Updated the way ZooKeeper TLS properties are set/mapped from NiFi properties.

NIFI-7356 - Updated per review, using NiFiProperties keystore strings, classname for ocnnection factory, adjusted TLS configuration checks in NiFiProperties.

NIFI-7356 - Updated configuration validation logic and added tests.

NIFI-7356 - Codestyle check fixes.

NIFI-7356 - Updated some of the log messages.

NIFI-7356 - Updated as per code review.

NIFI-7356 - Fixed max port number.

NIFI-7356 - Updated admin guide and updated small code issues as per code review.

Signed-off-by: Nathan Gough <th...@gmail.com>

This closes #4753.


> Enable TLS for embedded Zookeeper when NiFi has TLS enabled
> -----------------------------------------------------------
>
>                 Key: NIFI-7356
>                 URL: https://issues.apache.org/jira/browse/NIFI-7356
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Configuration, Configuration Management, Security
>            Reporter: Troy Melhase
>            Assignee: Nathan Gough
>            Priority: Major
>             Fix For: 1.13.0
>
>          Time Spent: 9h 20m
>  Remaining Estimate: 0h
>
> If embedded ZK has TLS properties in the {{zookeeper.properties}} file, these will be used. If however, this file does not populate those properties, and NiFi does have TLS properties configured ({{nifi.security.keyStore}}, etc.), these values will be used to override the ZK plaintext connection listener to create a TLS connection listener. 
> If the {{zookeeper.properties}} file has an incomplete configuration (i.e. keystore password set but no keystore path), startup should fail with a clear error message indicating the missing properties and how to resolve. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)