Backing up NiFi keystore and truststore settings

If your CFM installation from which you are upgrading is TLS enabled, use the Encrypt Config tools to back up your NiFi keystore and truststore settings. You will set these values in Cloudera Manager once you complete the upgrade.

  • You have turned of TLS regeneration.
  • If JAVA_HOME is not set, you should set it before proceeding. The default path is /usr/java/default.
  1. Locate the encrypt-config.sh script from the NiFi Toolkit.
    The default location is /opt/cloudera/parcels. You can find your location by running:
    find /opt/cloudera/parcels -name 'encrypt-config.sh'
  2. Find the latest NiFi process directory:
    
    find /var/run/cloudera-scm-agent/process/ -name nifi.properties | grep "NIFI_NODE"
    
  3. Run encrypt-config.sh:
    
    <path_to_encrypt-config.sh> 
    -c 
    -b <path_to_nifi_proc_dir>/bootstrap.conf 
    -n <path_to_nifi_proc_dir>/nifi.properties

    For example:

    
    /opt/cloudera/parcels/CFM-1.1.0.0/encrypt-config.sh 
    -c 
    -b /run/cloudera-scm-agent/182-NIFI_NODE.../bootstrap.conf 
    -n /run/cloudera-scm-agent/182-NIFI_NODE.../nifi.properties
  4. Back up the encrypt-config.sh output.

The encrypt-config.sh output will be similar to:


keystore=/var/lib/nifi/cert/keystore.jks
keystorePasswd=/TLVwnnFESyIwn2YrBGiVWrANNhiSk
keyPasswd=/TLVwnnFESyIwn2YrBGiVWrANNhiSk
truststore=/var/lib/nifi/cert/truststore.jks
truststorePasswd=4wIWsNhpkVa5MR8P353s3ruMDGj1UL

Once you have completed this step for NiFi, do the same for NiFi Registry.