Are you setting AUTH=tls as an environment variable? The script (/opt/nifi/scripts/secure.sh) that updates the nifi properties file with the props you have listed gets called from the entrypoint script (/opt/nifi/scripts/start.sh) based on the value of AUTH. There also looks to be a typo in your security properties section. I imagine you want TRUSTSTORE_PATH: /opt/nifi/nifi-current/truststore/truststore.jks. -Paul
On Wed, Dec 29, 2021 at 5:42 AM Stefan Kok <[email protected]> wrote: > Hi Everyone > > I am attempting to setup a Nifi Cluster using docker compose. However I > have noticed the following settings in the docker-compose.yml is not > being honered. > > > Below the extract from the docker-compose file: > > # security properties # > > NIFI_SENSITIVE_PROPS_KEY: xxxxxxxxxxxxxx > KEYSTORE_PATH: /opt/nifi/nifi-current/keystore/keystore.jks > KEYSTORE_TYPE: jks > KEYSTORE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxxxxxx > TRUSTSTORE_PATH: /opt/nifi/nifi-current/keystore/keystore.jks > TRUSTSTORE_TYPE: jks > TRUSTSTORE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxxxxxx > > volumes: > - /opt/nifi/node102/truststore:/opt/nifi/nifi-current/truststore > - /opt/nifi/node102/keystore:/opt/nifi/nifi-current/keystore > > Below exctract from the nifi.properties file from one of the docker > nodes in the three node cluster: > > nifi.sensitive.props.key=PSd3KqQZYMcigEM2B37nD8gY > nifi.sensitive.props.key.protected= > nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 > nifi.sensitive.props.additional.keys= > > nifi.security.autoreload.enabled=false > nifi.security.autoreload.interval=10 secs > nifi.security.keystore=./conf/keystore.p12 > nifi.security.keystoreType=PKCS12 > nifi.security.keystorePasswd=5a8e4de35cfdcf92cc2f0fa34d5cde17 > nifi.security.keyPasswd=5a8e4de35cfdcf92cc2f0fa34d5cde17 > nifi.security.truststore=./conf/truststore.p12 > nifi.security.truststoreType=PKCS12 > nifi.security.truststorePasswd=db3b70b60e8df344941b1f31719fb919 > nifi.security.user.authorizer=single-user-authorizer > nifi.security.allow.anonymous.authentication=false > nifi.security.user.login.identity.provider=single-user-provider > nifi.security.user.jws.key.rotation.period=PT1H > nifi.security.ocsp.responder.url= > nifi.security.ocsp.responder.certificate= > > As we see the truststore and keystore values passed in the docker- > compose file was ignored. > > > Regards > Stefan > > > > > > -- Paul Daggett Cloud Engineer AnaVation, LLC
