From 454f7c530c78090811a6fd67611fc09beb73f1cc Mon Sep 17 00:00:00 2001 From: Said Sef Date: Tue, 31 Dec 2024 13:44:23 +0000 Subject: [PATCH] fix: trust store key type --- deployment/nifi/configmap-ssl.yml | 14 +++++++------- deployment/nifi/configmap.yml | 4 ++-- deployment/nifi/nifi.yml | 6 ++++-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/deployment/nifi/configmap-ssl.yml b/deployment/nifi/configmap-ssl.yml index b228875..391f85d 100644 --- a/deployment/nifi/configmap-ssl.yml +++ b/deployment/nifi/configmap-ssl.yml @@ -9,7 +9,7 @@ data: ORGANISATION_UNIT=${ORGANISATION_UNIT:-'Cloud Services Application'} ORGANISATION=${ORGANISATION:-'Cloud Services'} - PUBLIC_DNS=${POD_NAME:-'nifi.tld'} + PUBLIC_DNS=${NIFI_CLUSTER_NODE_ADDRESS:-'nifi.tld'} CITY=${CITY:-'London'} STATE=${STATE:-'London'} COUNTRY_CODE=${COUNTRY_CODE:-'GB'} @@ -17,20 +17,20 @@ data: KEYSTORE_PASS=${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY} KEYSTORE_PATH=${NIFI_HOME}/keytool/keystore.p12 - KEYSTORE_TYPE=jks + KEYSTORE_TYPE=pkcs12 TRUSTSTORE_PASS=${TRUSTSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY} - TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.jks + TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.p12 TRUSTSTORE_TYPE=pkcs12 if [[ ! -f "${NIFI_HOME}/keytool/keystore.p12" ]] then echo "Creating keystore" keytool -genkey -noprompt -alias nifi-keystore \ - -dname "CN=${PUBLIC_DNS},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ + -dname "CN=${NIFI_CLUSTER_NODE_ADDRESS},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ -keystore ${NIFI_HOME}/keytool/keystore.p12 \ -storepass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \ - -KeySize 2048 \ + -keysize 2048 \ -keypass "${KEY_PASS:-$NIFI_SENSITIVE_PROPS_KEY}" \ -keyalg RSA \ -storetype pkcs12 @@ -43,9 +43,9 @@ data: -rfc fi - if [[ ! -f "${NIFI_HOME}/keytool/truststore.jks" ]] + if [[ ! -f "${NIFI_HOME}/keytool/truststore.p12" ]] then - echo "Creating truststore" + echo "Import truststore" keytool -import -noprompt -alias nifi-truststore \ -file "${NIFI_HOME}/keytool/nifi-cert.cer" \ -keystore "${TRUSTSTORE_PATH}" \ diff --git a/deployment/nifi/configmap.yml b/deployment/nifi/configmap.yml index 2e4cbdb..0df4757 100644 --- a/deployment/nifi/configmap.yml +++ b/deployment/nifi/configmap.yml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: nifi-cm data: - JAVA_OPTS: "-XX:UseAVX=0 -Djavax.net.debug=ssl,handshake" + JAVA_OPTS: "-XX:UseAVX=0 -Djavax.net.debug=ssl,handshake,address=8000" KEYSTORE_PASSWORD: "th1s1s3up34e5r37" KEYSTORE_PATH: "${NIFI_HOME}/keytool/keystore.p12" KEYSTORE_TYPE: "PKCS12" @@ -34,5 +34,5 @@ data: NIFI_ZK_CONNECT_STRING: "zookeeper:2181" NIFI_ZOOKEEPER_CONNECT_STRING: "zookeeper:2181" TRUSTSTORE_PASSWORD: "th1s1s3up34e5r37" - TRUSTSTORE_PATH: "${NIFI_HOME}/keytool/truststore.jks" + TRUSTSTORE_PATH: "${NIFI_HOME}/keytool/truststore.p12" TRUSTSTORE_TYPE: "pkcs12" diff --git a/deployment/nifi/nifi.yml b/deployment/nifi/nifi.yml index 70edc75..f19c3ac 100644 --- a/deployment/nifi/nifi.yml +++ b/deployment/nifi/nifi.yml @@ -101,9 +101,11 @@ spec: - name: HOSTNAME value: $(POD_IP) # Use pod ip as hostname - name: NIFI_WEB_PROXY_HOST - value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as proxy host + value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address - name: NODE_IDENTITY value: $(POD_NAME) # Use pod name as identity + - name: NIFI_CLUSTER_NODE_PROTOCOL_ADDRESS + value: $(POD_IP) # Use pod ip as hostname envFrom: - configMapRef: name: nifi-cm @@ -139,7 +141,7 @@ spec: readinessProbe: tcpSocket: port: cluster - initialDelaySeconds: 60 + initialDelaySeconds: 90 periodSeconds: 30 timeoutSeconds: 20 failureThreshold: 3