Hi Paul Thank you for the help. AUTH=tls did resolve the problem. ( Correcting the typo also helped :-) )
Regards Stefan On Wed, 2021-12-29 at 09:51 -0500, Paul Daggett wrote: > Are you setting AUTH=tls as an environment variable? The script > (/opt/nifi/scripts/secure.sh) that updates the nifi properties file > with the props you have listed gets called from the entrypoint script > (/opt/nifi/scripts/start.sh) based on the value of AUTH. > There also looks to be a typo in your security properties section. I > imagine you want TRUSTSTORE_PATH: /opt/nifi/nifi- > current/truststore/truststore.jks. > -Paul > > On Wed, Dec 29, 2021 at 5:42 AM Stefan Kok > <[email protected]> wrote: > > Hi Everyone > > > > I am attempting to setup a Nifi Cluster using docker compose. > > However I > > have noticed the following settings in the docker-compose.yml is > > not > > being honered. > > > > > > Below the extract from the docker-compose file: > > > > # security properties # > > > > NIFI_SENSITIVE_PROPS_KEY: xxxxxxxxxxxxxx > > KEYSTORE_PATH: /opt/nifi/nifi-current/keystore/keystore.jks > > KEYSTORE_TYPE: jks > > KEYSTORE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxxxxxx > > TRUSTSTORE_PATH: /opt/nifi/nifi-current/keystore/keystore.jks > > TRUSTSTORE_TYPE: jks > > TRUSTSTORE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > volumes: > > - /opt/nifi/node102/truststore:/opt/nifi/nifi- > > current/truststore > > - /opt/nifi/node102/keystore:/opt/nifi/nifi-current/keystore > > > > Below exctract from the nifi.properties file from one of the docker > > nodes in the three node cluster: > > > > nifi.sensitive.props.key=PSd3KqQZYMcigEM2B37nD8gY > > nifi.sensitive.props.key.protected= > > nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 > > nifi.sensitive.props.additional.keys= > > > > nifi.security.autoreload.enabled=false > > nifi.security.autoreload.interval=10 secs > > nifi.security.keystore=./conf/keystore.p12 > > nifi.security.keystoreType=PKCS12 > > nifi.security.keystorePasswd=5a8e4de35cfdcf92cc2f0fa34d5cde17 > > nifi.security.keyPasswd=5a8e4de35cfdcf92cc2f0fa34d5cde17 > > nifi.security.truststore=./conf/truststore.p12 > > nifi.security.truststoreType=PKCS12 > > nifi.security.truststorePasswd=db3b70b60e8df344941b1f31719fb919 > > nifi.security.user.authorizer=single-user-authorizer > > nifi.security.allow.anonymous.authentication=false > > nifi.security.user.login.identity.provider=single-user-provider > > nifi.security.user.jws.key.rotation.period=PT1H > > nifi.security.ocsp.responder.url= > > nifi.security.ocsp.responder.certificate= > > > > As we see the truststore and keystore values passed in the docker- > > compose file was ignored. > > > > > > Regards > > Stefan > > > > > > > > > > > >
