nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad Woodhead <>
Subject Setting zookeeper.sasl.client=false
Date Fri, 02 Aug 2019 19:07:42 GMT
I’m building a flow that uses ExecuteSQL to query data from Phoenix on top of a Kerberized
Ambari Metrics’ HBase (it hits the AMS Zookeeper). I ran into issues and the logs showed
NiFi (also kerberized) was getting auth failed when connecting to ZNode. 

To confirm I had all my proper AMS conf files and phoenix jars, I tried tweaking the DBCP
and customizing the phoenix-client.jar for this specific Hbase (using many links online of
people doing this same thing), but unfortunately didn’t resolve the Znode error. 

I realized that by default AMS does not create the Znode on Zookeeper secure with SASL, and
by default NiFi has zookeeper.sasl.client=true causing NiFi to use SASL for zookeeper client
connections. So I tested setting ‘java.arg.X=-Dzookeeper.sasl.client=false’ in my bootstrap.conf
file and finally NiFi was able to successfully connect and query the data.

I don’t have much experience with SASL and Znodes, so I wanted to know if there are any
issues I can run into by setting it to false? Or even just going against security recommendations?

Am I understanding it correctly that if zookeeper.sasl.client=true then NiFi can ONLY connect
to Znodes that use SASL, and if zookeeper.sasl.client=false then NiFi can ONLY connect to
Znodes that do not use SASL?

Any help would be appreciated!

View raw message