Enabling Auto-TLS for CFM

Provides steps to enable Auto-TLS for CFM.

You should perform these steps if you are upgrading from a CFM 1.1.0 installation where:
  • TLS is enabled for CFM 1.1.0; AND
  • Auto-TLS is enabled on the CDH cluster.
  • You have turned off identity mapping.
  1. Launch the API Explorer from the Cloudera Manager Support menu at the bottom of the left navigation pane.
  2. Run the configureAutoTlsServices API call.
  3. Edit the users.xml, to remove the users associated with the NiFi nodes.
    Repeat these steps for NiFi Registry.
  4. Edit the authorizations.xml file.
    In the /proxy policy, remove the users corresponding to the NiFi nodes and replace them with:
    <group identifier="nifi"/>

    Repeat these steps for NiFi Registry/

  5. Review the other policies related to the NiFi nodes, to similarly edit any other references to the NiFi nodes.
Once you have enabled auto-TLS, create a Ranger user for the Initial Admin Identity.