Hello I would like to ask you how to properly scale up a node automatically with nifi 1.5.0 and open-id. Here is my config: 3 nodes, with zookeeper embedded, all the 3 nodes have the same -new style- authorizers.xml as following: <authorizers> [[ content hidden ]] </authorizers> Then the nifi.properties for the zk nodes (only the interesting things): # Site to Site properties nifi.remote.input.host= nifi.remote.input.secure=true nifi.remote.input.socket.port=9997 nifi.remote.input.http.enabled=false # web properties nifi.web.http.host= nifi.web.http.port= nifi.web.https.host=nifi-test-zk-${id_of_the_node}.example.com nifi.web.https.port=8443 # security # keystorePasswd, keyPasswd, truststorePasswd, and keystore/truststore are # generated with tls-toolkit client connecting to tls-toolkit server nifi.security.keystore=/${somepath}/nifi/ssl/keystore.jks nifi.security.keystoreType=jks nifi.security.keystorePasswd=${keystorePasswd} nifi.security.keyPasswd=${keyPasswd} nifi.security.truststore=/${somepath}/nifi/ssl/truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=${truststorePasswd} nifi.security.needClientAuth=true nifi.security.user.authorizer=managed-authorizer # Cluster settings: nifi.cluster.is.node=true nifi.cluster.node.address=nifi-test-zk-${id_of_the_node}.example.com nifi.cluster.node.protocol.port=9998 # Open ID nifi.security.user.oidc.discovery.url=https://accounts.google.com/.well-known/openid-configuration nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.client.id=${my_google_oauth_id} nifi.security.user.oidc.client.secret=${my_google_oauth_key} nifi.security.user.oidc.preferred.jwsalgorithm= To access the UI I have nginx on the node 1, with a proxy to the UI port as follow server { listen 443 default; server_name nifi-test-zk-1.example.com; access_log /var/log/nginx/nifi-test-zk-1.example.com-access.log; include /etc/nginx/block.conf; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } ssl on; ssl_certificate /etc/nginx/ssl/wildcard.example.com.crt; ssl_certificate_key /etc/nginx/ssl/wildcard.example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 900; proxy_pass https://${ip_of_the_machine_or_localhost}:8443; } } The 3 nodes start correctly, I have the cluster running, I can login using google account. All is fine, the issue is when I add a non-zk node to the cluster. I am not sure how should look like the authorizers.xml file. I have read that it should be empty so it can inherit from the cluster while joining there we go: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizers> [[ content hidden ]] </authorizers> I am also not quite sure how should the following nifi.properies keys be set up: nifi.cluster.node.address=${ ? ip or hostname? } nifi.web.https.host=${ ? ip or hostname? } I tried both setting IP and hostname and I have the following error while accessing the UI from zk-node-1: javax.ws.rs.ProcessingException: java.net.UnknownHostException: nifi-test-i-0069cf32f0939dfb0.example.com I provision all the nodes with puppet, the 3 zk nodes have static hostname with DNS record and have the same authorizers.xml with the 3 nodes set in it. For the 4th and + nodes, they are also provisioned with puppet, so the hostname is automatically set with an id in it, meaning I don't have any DNS records for it. I access the UI only with the zk node 1 for now (it might be also good to know if we can have a load balancer for the UI? I tried but I have some problem with cert hostname mismatch - new in 1.5.0 I guess?). The question is, what am I doing wrong that my 4th node get blocked at some point preventing me to access the UI at all? I need to have it all automated, so adding the 4node identity to the authorizers.zml is really not an option. Thank you in advance. ... View more