Hello Team, We have two environments of Nifi ,one whihc is a standalone and the other whihc is a cluster.
I have upgraded the Nifi (standalone as well as cluster) in our non prod environment from 1.1.1 to 1.3.0 ,Implement TLS and also integrate with LDAP. I followed the process mentioned in the documentation and infact had a complete parallel set up for Nifi-1.3.0 with its own repositories and configuration. In other words, the high level steps followed were:- Installed Nifi-1.3.0 on a different path. Installed toolkit and generated all the certificates. Made all the necessary changes in the nifi.properties files on the Nifi-1.3.0 cluster for SSL. Stopped the old cluster and copied over the repositories and the authorizers.xml file.Added the Initial DN and the Initial Identity to the authorizers.xml file. Started the new Nifi-1.3.0 cluster and logged in using the Initial Admin and created the users specific to each of the node DN's Imported the client certificate onto the Browser and logged into the UI. Made the necessary confguration to include LDAP integration.Created all the users in LDAP within Nifi (since there is no way to sync Ldap and Nifi user list). Post this,I was able to login into the UI of Nifi using the username and password and get the authentication/authorization done through Nifi successfully. I tried doing a new site -to site deployment which worked successfully. Source :- GetFile ->(Using IP1 ) ->RPG Destination :- Input Port(IP1) -PutFile For this to work,I ensured that all the users were added to the policy "Retrieve Site-to-Site" on the destination node.Also, enabled "Receive Site-to-Site" policy on the Input Port on the destination IP1. However , when I take a look at the previously present Site-to-Site deployments that existed prior to TLS and LDAP ,I see that the input ports do not show up the policy "Receive Site-to-Site" as it is grayed out. We are in the process of performing this in production and have the below concerns:- 1)What will happen to the Site-to-Site deployments that existed prior to securing the cluster and integration with LDAP?We do not have any user authentication on the cluster in Prod right now.For site-to-site deployment to work, we need to enable the policy on the input port "Receive Site-to-Site".Will the pre-existing site-to-site deployment start failing? 2)How can we get the pre-existing site-to-site deployment to work as I can see that the policy "Receive Site-to-Site" deployment is grayed out? Appreciate any inputs! -- View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/Nifi-Site-to-Site-pre-existing-deployments-do-not-work-after-enabling-TLS-and-Ldap-tp16486.html Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
