[
https://issues.apache.org/jira/browse/NIFI-2476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406838#comment-15406838
]
Andy LoPresto edited comment on NIFI-2476 at 8/3/16 11:48 PM:
--------------------------------------------------------------
Standalone tool does not configure NiFi to run with HTTPS enabled by default.
{code}
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 9s @ 16:41:08 $ ./bin/tls-toolkit.sh standalone -n host1,host2
16/08/03 16:43:39 INFO standalone.TlsToolkitStandalone: Running standalone
certificate generation with output directory . and hostnames [host1, host2]
16/08/03 16:43:39 INFO standalone.TlsToolkitStandalone: Successfully generated
TLS configuration
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 151s @ 16:43:40 $ tl
.
...
├── [ 170] host1
│  ├── [3.0K] keystore.jks
│  ├── [8.2K] nifi.properties
│  └── [ 907] truststore.jks
├── [ 170] host2
│  ├── [3.0K] keystore.jks
│  ├── [8.2K] nifi.properties
│  └── [ 907] truststore.jks
...
6 directories, 38 files
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 7s @ 16:43:48 $ more host1/nifi.properties
...
# Site to Site properties
nifi.remote.input.host=
nifi.remote.input.secure=false
nifi.remote.input.socket.port=
nifi.remote.input.http.enabled=true
nifi.remote.input.http.transaction.ttl=30 sec
# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=8080
nifi.web.https.host=
nifi.web.https.port=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.security.keystore=keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=AKDDN7R+dOawssR9VhwI/BcTpDyUIF/90cE2GygxyC6f
nifi.security.keyPasswd=FSid1nbtYvSYcsSn6QWod4lvhEM1ffOEapPJz2FEdhk
nifi.security.truststore=truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=AK5o4UzDW8bV2b+IU3bUBW1rGz4Ka0L1B2IsIY8pj+fk
nifi.security.needClientAuth=
...
{code}
*Update*: I think this is because the HTTPS port is empty by default. With a
port provided, the HTTPS configuration is populated.
was (Author: alopresto):
Standalone tool does not configure NiFi to run with HTTPS enabled by default.
{code}
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 9s @ 16:41:08 $ ./bin/tls-toolkit.sh standalone -n host1,host2
16/08/03 16:43:39 INFO standalone.TlsToolkitStandalone: Running standalone
certificate generation with output directory . and hostnames [host1, host2]
16/08/03 16:43:39 INFO standalone.TlsToolkitStandalone: Successfully generated
TLS configuration
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 151s @ 16:43:40 $ tl
.
...
├── [ 170] host1
│  ├── [3.0K] keystore.jks
│  ├── [8.2K] nifi.properties
│  └── [ 907] truststore.jks
├── [ 170] host2
│  ├── [3.0K] keystore.jks
│  ├── [8.2K] nifi.properties
│  └── [ 907] truststore.jks
...
6 directories, 38 files
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
🔓 7s @ 16:43:48 $ more host1/nifi.properties
...
# Site to Site properties
nifi.remote.input.host=
nifi.remote.input.secure=false
nifi.remote.input.socket.port=
nifi.remote.input.http.enabled=true
nifi.remote.input.http.transaction.ttl=30 sec
# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=8080
nifi.web.https.host=
nifi.web.https.port=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.security.keystore=keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=AKDDN7R+dOawssR9VhwI/BcTpDyUIF/90cE2GygxyC6f
nifi.security.keyPasswd=FSid1nbtYvSYcsSn6QWod4lvhEM1ffOEapPJz2FEdhk
nifi.security.truststore=truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=AK5o4UzDW8bV2b+IU3bUBW1rGz4Ka0L1B2IsIY8pj+fk
nifi.security.needClientAuth=
...
{code}
> Further refine tls-toolkit based on feedback gathered during beta
> -----------------------------------------------------------------
>
> Key: NIFI-2476
> URL: https://issues.apache.org/jira/browse/NIFI-2476
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Bryan Rosander
>
> The basic functionality of generating keystores, truststores,
> nifi.properties, and a configuration json is implemented.
> As people start using this tool to ease the tls setup process in NiFi,
> shortcomings in the initial implementation will need to be addressed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
