Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Won't Do
-
1.11.4
-
None
Description
Refer NIFI-7673 for problems addressed.
- Cluster TLS configuration verification
- Priority 1
- Addresses A, B, C, D, J, K
- Description: Verifies all nodes in the cluster have the ability to verify and communicate with each other (TLS only)
- Steps
- Run on each node
- Start simple Jetty server using keystore & truststore from nifi.properties on each node (using API port)
- Possible to run listening on multiple ports (API, CC, S2S, LB)
- Connect to embedded or external ZK and retrieve all cluster node hostnames
- Attempt to ping NiFi hostnames to resolve DNS/validate firewall
- Make simple request from each node to each other node and verify mTLS
- PKIX path building
- Cipher suite availability
- TLS protocol version availability
- Ports open