Cloudera Community
nimrodavni7
user rank
Explorer

Re: nifi security configuration

by Explorer in Support Questions
‎01-02-2019 10:31 PM
‎01-02-2019 10:31 PM
If i understand correctly, I can supply the server with configJson file with the keystore passwords/types etc and whenever i request a new certificate with the client, the server will use the properties from the configJson file. My question is what is exactly this configJson file?, is it a common format that Certificate authorities store their configuration, or just some format decided by the developers of the nifi toolkit? ... View more

Re: nifi security configuration

by Explorer in Support Questions
‎01-02-2019 09:21 PM
‎01-02-2019 09:21 PM
Thank you for your answer, it is very helpful, but does bring up some follow up questions. If the client/server mode is designed for the setup of secured clusters, why should the certificate be created in the same server where the CA (tls-toolkit server mode) is running and not in the server that i plan to run my node. Further more, it is very strange that the output of the tls-toolkit (client) requesting for a certificate comes out as a config.json file (containing all the properties that should be configured in the nifi.properties) and it is not possible to configure nifi to read those properties from the config.json file. it seems like its not really built for automatic scaling of nodes, and most times will require the intervention of a person or a 3rd party script to automate that scaling. If all the certificates should created on the same server when running in a client/server architecture, isn't it more beneficial to have one server dedicated for creating certificates, running in standalone mode, so all the certificates are signed by the same CA, while outputting the nifi.propeties file ready to be used for the deployment of the node? Thank You once again, Nimrod ... View more

nifi security configuration

by Explorer in Support Questions
‎01-02-2019 07:51 PM
‎01-02-2019 07:51 PM
Hello I've been setting up my secured nifi cluster with the help of the nifi-tls-toolkit in standalone mode. which outputs the nifi.properties file along with keystores and the certificate. I tried to use the tls-toolkit in client/server mode, which outputs the same keystores and certificate. but instead of outputting the nifi.properties file it outputs a config.json containing the keystore passwords,types etc. in a json file. In the nifi docs (https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#client-server) nothing is really mentioned about the config.json file, accept configuration of the tls-toolkit where to output it (client) /read it from (server). and if i choose to use this method (client/server) the only valid solution for configuration of the nifi security properties is to copy the json fields into the nifi.properties of the node the certificate was created for (manually or via script). The main question i'm interested in is what is this config.json file?, is it documented anywhere?, can i count that the structure of this file remaining the same in the future?. or better, can i configure nifi security properties to be read from the config.json file instead of them being read from the nifi.properties file?. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎06-08-2019 08:36 AM
Community Statistics
Member Since ‎01-02-2019 07:23 PM
Last Visited ‎06-08-2019 08:36 AM
Posts 6