Ambari Managed HDF Upgrade
Also available as:
PDF

Review credentials

If you are using the NiFi Certificate Authority (CA), you must perform as series of activities to ensure that your certificate credentials are correctly propagated after upgrade.

Important
Important
Performing these steps requires regeneration of keystores and truststores. If you have added additional keystore or truststore certificates, you must manually re-add these certificates after you force regenerate certificates.
.
  1. Ensure that your admin token is greater than or equal to 16 characters. If it is less, you can reset it with a value of 16 or more characters.
    1. In the Ambari UI, select the NiFi configs tab and search for the nifi.toolkit.tls.token in the Advanced nifi-ambari-ssl-config section.
    2. Enter a new token value with 16 or more characters.
    3. Enable NiFi CA Force Regeneration to enforce creating a new certificate.
    4. Save your configuration.
  2. If you are using key, keystore, and truststore passwords that are auto-generated rather than stored in Ambari, you must provide a 16 character password in the Ambari UI to ensure credentials are not lost during upgrade. From the NiFi configs tab, specify values for the following fields and save your configuration.
    • Set the Keystore password in nifi.security.keystorePasswd.
    • Set the Key password in nifi.security.keyPasswd.
      Note
      Note
      This value must match the Keystore password.
    • Set the Truststore password in nifi.security.truststorePasswd.
  3. If you are using a secured NiFi Registry with the NiFi CA and auto-generated key, keystore, and truststore passwords, you must provide a 16 character in the Ambari UI. From the NiFi Registry configs tab, specify values for the following fields and save your configuration.
    • Set the Keystore password in nifi.security.keystorePasswd.
    • Set the Key password in nifi.security.keyPasswd.
      Note
      Note
      This value must match the Keystore password.
    • Set the Truststore password in nifi.security.truststorePasswd.
  4. Regenerate your certificates by restarting NiFi and NiFi Registry.
  5. Deselect NiFi CA Force Regeneration and save this configuration.