Behavioral changes

Learn about behavioral changes in Cloudera Flow Management (CFM) 2.1.7.

Secure communication between NiFi and ZooKeeper configured by default

If both ZooKeeper and NiFi services are secured, NiFi communication with ZooKeeper will be automatically configured as secured (TLS) using a new port, 2182. If you enforce TCP communication through a firewall and explicitly allow certain ports, you need to open them for port 2182.

If you do not want to use secure communication between ZooKeeper and NiFi, follow these steps to configure unsecured communication on port 2181:

1. Update the ZooKeeper connection string:

   1. In Cloudera Manager, navigate to NiFi > Configuration.
   2. Set nifi.zookeeper.connect.string by replacing ${ZK_QUORUM} with the unsecure ZK QUORUM string, which has port 2181.
   To find your ZooKeeper quorum string from a NiFi node, run the following command as root:

   NIFI_PROC=$(ls -td /var/run/cloudera-scm-agent/process/NIFI/ | head -1); grep "Connect String" $NIFI_PROC/state-management.xml | cut -d\> -f2 | cut -d\< -f1; unset NIFI_PROC

   This command will provide your connect string. For example:

   host1:2181,host2:2181,host3:2181

2. Add a safety valve for staging/state-management.xml in Cloudera Manager with the following property:

   • Name: xml.state-management.cluster-provider.zk-provider.property.Connect String
   • Value: <YOUR ZOOKEEPER CONNECT STRING>

3. After upgrading to version 2.1.7, uncheck the nifi.zookeeper.client.secure option in Cloudera Manager.