Cluster Node Identities
If you are running NiFi in a clustered environment, you must specify the identities for each node. The authorization policies required for the nodes to communicate are created during startup.
For example, if you are setting up a 2 node cluster with the following DNs for each node:
cn=nifi-1,ou=people,dc=example,dc=com cn=nifi-2,ou=people,dc=example,dc=com
<authorizer> <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Users File">./conf/users.xml</property> <property name="Initial Admin Identity">johnsmith@NIFI.APACHE.ORG</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">cn=nifi-1,ou=people,dc=example,dc=com</property> <property name="Node Identity 2">cn=nifi-2,ou=people,dc=example,dc=com</property> </authorizer> </authorizers>
In a cluster, all nodes must have the same authorizations.xml and users.xml. The only exception is if a node has empty authorizations.xml and user.xml files prior to joining the cluster. In this scenario, the node inherits them from the cluster during startup.
Now that initial authorizations have been created, additional users, groups and authorizations can be created and managed in the NiFi UI.