nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Villard <pierre.villard...@gmail.com>
Subject Re: Keystores / truststores configuration for NiFi S2S reporting service
Date Thu, 14 Nov 2019 09:52:19 GMT
Hi Sajid,

The flow definition (which includes reporting tasks) is the same across the
nodes and that is why it is required to have the same keystore/truststore
path and passwords across the nodes. Having the same passwords across the
nodes for the keystores/truststores is quite common for distributed
softwares AFAICT (keystore password and truststore password can (and
should) be different though). If you want to have separate
keystores/truststores for the NiFi nodes nevertheless, you could have a
dedicated keystore/truststore with the same passwords that you can
reference in your flows (reporting tasks, controller services, processors,
etc).

Hope this helps,
Pierre

Le jeu. 14 nov. 2019 à 10:42, Meer <sajid.meer@gmail.com> a écrit :

> Hello,
> I am trying to configure q SiteToSiteBulletinReportingTask to report
> bulletin events to a remote (secure) standalone instance, and since we want
> it to be secure I am trying to use StandardRestrictedSSLContextService
> instance
> as part of it. But it appears as though the
> StandardRestrictedSSLContextService expects a single, common cluster-wide
> keystore/truststore. Whereas in our case I have separate keystores and
> truststores for each node and they all have different passwords.
>
> Is it even possible to have keystores/truststores configured individually
> per node in a nifi cluster like this? or do we necessarily have to have one
> common setup for the entire cluster? If so, is this the standard approach
> (maybe just make it clear in teh documentations) or else a bug?
> Thanks in advance
> Regards
> Sajid
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message