Created
December 7, 2019 16:18
-
-
Save swazza/9df3235e4721a02a57afeedb6764e1f5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run the tls-toolkit in client mode to generate the truststore and keystore | |
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t <token> --dn "CN=$(hostname -f), OU=NIFI" | |
# Use jq to extract the passwords form the config.json generated by the tls-toolkit | |
KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json` | |
KEY_PASSWD=`jq -r '.keyPassword' ./config.json` | |
TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json` | |
mv ./keystore.jks conf/ | |
mv ./truststore.jks conf/ | |
prop_replace nifi.security.keystore ${NIFI_KEY_STORE} ${NIFI_PROPS} | |
prop_replace nifi.security.keystoreType ${NIFI_KEY_STORE_TYPE} ${NIFI_PROPS} | |
prop_replace nifi.security.keystorePasswd ${NIFI_KEY_STORE_PASSWORD} ${NIFI_PROPS} | |
prop_replace nifi.security.keyPasswd ${NIFI_KEY_PASSWORD} ${NIFI_PROPS} | |
prop_replace nifi.security.truststore ${NIFI_TRUST_STORE} ${NIFI_PROPS} | |
prop_replace nifi.security.truststoreType ${NIFI_TRUST_STORE_TYPE} ${NIFI_PROPS} | |
prop_replace nifi.security.truststorePasswd ${NIFI_TRUST_STORE_PASSWORD} ${NIFI_PROPS} | |
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE} | |
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE} | |
# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable) | |
sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>|' $${NIFI_AUTHZ_FILE} | |
for i in $(seq 2 ${instance_count}); do | |
sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE} | |
done | |
# Set Initial user identities for each node identity that is created. | |
for i in $(seq 1 ${instance_count}); do | |
sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE} | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment