Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
In the standalone tool:
- In order to facilitate local secure clustering, we should be able to generate multiple certificates for the same hostname.
- We should also be able to update ports in nifi.properties to increment in that scenario.
- The keystore entries in nifi.properties should start with ./conf/ so that the files in each host folder can just be copied to a NiFi instance.
- Specifying a range of hosts should be easier.
To that end, I've added range expansion. [] denote a range to include in the hostname, () denote instance numbers for that hostname.
This can be used as follows:
nifi[01-3].domain expands to nifi01.domain, nifi02.domain, nifi03.domain
nifi(2) will create 2 instances of nifi with corresponding certificates and nifi.properties with incremented port numbers.
These can be combined to something like:
nifi[1-10].subdomain[1-4].domain(2) for 2 instances of nifi running on each host in the expanded set of ranges
If you need distinct ports for all nifi instances (not just those with the same hostname), that can be achieved by specifying a global order with -G.
ex: bin/tls-toolkit.sh standalone -n nifi[3-5].domain -G nifi[1-100].domain
This would generate nifi3.domain, nifi4.domain, nifi5.domain and allot them distinct ports derteministically mapped from the range of nifi[1-100].domain so that later updates specifying the same global order won't have conflicting port assignments.
Attachments
Issue Links
- links to