Backing up NiFi Registry keystore and truststore settings

If your CFM installation from which you are upgrading is TLS enabled, use the Encrypt Config tools to back up your NiFi Registry keystore and truststore settings. You will set these values in Cloudera Manager once you complete the upgrade.

If JAVA_HOME is not set, you should set it before proceeding. The default path is /usr/java/default.

  1. Locate the encrypt-config.sh script from the NiFi Toolkit.
    The default location is /opt/cloudera/parcels. You can find your location by running:
    find /opt/cloudera/parcels -name 'encrypt-config.sh'
  2. Find the latest NiFi Registry process directory:
    
    find /var/run/cloudera-scm-agent/process/ -name nifi-registry.properties | grep "NIFI_NODE"
    
  3. Run encrypt-config.sh:
    
    ${ENCRYPT_CONFIG_PATH} 
    --nifiRegistry 
    --decrypt 
    -r ${NIFIREG_PROC_DIR}/nifi-registry.properties 
    -b ${NIFIREG_PROC_DIR}/bootstrap.conf
  4. Back up the encrypt-config.sh output.

The encrypt-config.sh output will be similar to:


nifi.registry.security.keystore=/var/lib/nifiregistry/cert/keystore.jks
nifi.registry.security.keystorePasswd=5BNrrLRmcrsGi+qq1BNpEpoIzyOALo
nifi.registry.security.truststore=/var/lib/nifiregistry/cert/truststore.jks
nifi.registry.security.truststorePasswd=qKdbQ9Q0a0uX/XApHhLjR4d2zxRHQ3

Once you have completed this step for NiFi Registry, proceed with the upgrade to CFM 2.0.1.