Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Run the tls-toolkit in client mode to generate the truststore and keystore
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t <token> --dn "CN=$(hostname -f), OU=NIFI"
# Use jq to extract the passwords form the config.json generated by the tls-toolkit
KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json`
KEY_PASSWD=`jq -r '.keyPassword' ./config.json`
TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json`
mv ./keystore.jks conf/
mv ./truststore.jks conf/
prop_replace nifi.security.keystore ${NIFI_KEY_STORE} ${NIFI_PROPS}
prop_replace nifi.security.keystoreType ${NIFI_KEY_STORE_TYPE} ${NIFI_PROPS}
prop_replace nifi.security.keystorePasswd ${NIFI_KEY_STORE_PASSWORD} ${NIFI_PROPS}
prop_replace nifi.security.keyPasswd ${NIFI_KEY_PASSWORD} ${NIFI_PROPS}
prop_replace nifi.security.truststore ${NIFI_TRUST_STORE} ${NIFI_PROPS}
prop_replace nifi.security.truststoreType ${NIFI_TRUST_STORE_TYPE} ${NIFI_PROPS}
prop_replace nifi.security.truststorePasswd ${NIFI_TRUST_STORE_PASSWORD} ${NIFI_PROPS}
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE}
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE}
# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable)
sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>|' $${NIFI_AUTHZ_FILE}
for i in $(seq 2 ${instance_count}); do
sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
done
# Set Initial user identities for each node identity that is created.
for i in $(seq 1 ${instance_count}); do
sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment