Backing up NiFi Registry keystore and truststore settings

If your CFM installation from which you are upgrading is TLS enabled, use the Encrypt Config tools to back up your NiFi Registry keystore and truststore settings. You will set these values in Cloudera Manager once you complete the upgrade.

If JAVA_HOME is not set, you should set it before proceeding. The default path is /usr/java/default.

Locate the encrypt-config.sh script from the NiFi Toolkit.
The default location is /opt/cloudera/parcels. You can find your location by running:
```
find /opt/cloudera/parcels -name 'encrypt-config.sh'
```
note

If you have installed more than one CFM parcel, you may have more than one script. In this case, ensure that you have the script from CFM 1.1.0.

Find the latest NiFi Registry process directory:


find /var/run/cloudera-scm-agent/process/ -name nifi-registry.properties | grep "NIFI_NODE"

Run encrypt-config.sh:


${ENCRYPT_CONFIG_PATH} 
--nifiRegistry 
--decrypt 
-r ${NIFIREG_PROC_DIR}/nifi-registry.properties 
-b ${NIFIREG_PROC_DIR}/bootstrap.conf

Back up the encrypt-config.sh output.

The encrypt-config.sh output will be similar to:


nifi.registry.security.keystore=/var/lib/nifiregistry/cert/keystore.jks
nifi.registry.security.keystorePasswd=5BNrrLRmcrsGi+qq1BNpEpoIzyOALo
nifi.registry.security.truststore=/var/lib/nifiregistry/cert/truststore.jks
nifi.registry.security.truststorePasswd=qKdbQ9Q0a0uX/XApHhLjR4d2zxRHQ3

Once you have completed this step for NiFi Registry, proceed with the upgrade to CFM 2.0.1.