When using the nifi toolkit to setup my secured cluster, I noticed there is a big difference from when using it in server/client mode then using it in standalone mode. The client mode does not have the option to output a nifi.properties file like the standalone mode offers.
The standalone mode offers an easy deployment after generating the certificate, while the client mode requires tedious copying of the security properties from the config.json file into the nifi.properties
My suggestions are:
- Have better documentation on the config.json file, how to use it, it's structure and so one
- Have a flag when using the tls toolkit in client mode to generate a nifi.properties file from a base nifi.properties file or a brand new one (same as standalone mode)
- Or, alternatively, have the option to configure nifi to read security properties from the config.json file instead of the nifi.properties file, allowing for easier deployment
It would be great if these features will be added to the nifi toolkit.
This discussion on the hortonworks forum (https://community.hortonworks.com/questions/231221/nifi-security-configuration.html) can be used for reference of the problem