Created
December 7, 2019 17:59
-
-
Save swazza/3c0d6729c12c022a0c97054149685268 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prop_replace () { | |
target_file=${3} | |
echo 'replacing target file ' ${target_file} | |
sed -i -e "s|^$1=.*$|$1=$2|" ${target_file} | |
} | |
# Install the jq tool. This tool is needed to query values from the config.json | |
# file created by the tls-toolkit running in the client mode | |
apt-get update && apt-get install jq -y | |
# Run the tls-toolkit in client mode to generate the truststore and keystore | |
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t {{ token }} --dn "CN=$(hostname -f), OU=NIFI" --subjectAlternativeNames localhost | |
# Use jq to extract the passwords form the config.json generated by the tls-toolkit | |
KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json` | |
KEY_PASSWD=`jq -r '.keyPassword' ./config.json` | |
TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json` | |
# Move the truststore and keystore in the conf directory | |
mv ./keystore.jks conf/ | |
mv ./truststore.jks conf/ | |
# Setup variables to point to files | |
NIFI_HOME=/opt/nifi/nifi-current | |
NIFI_PROPS=${NIFI_HOME}/conf/nifi.properties | |
NIFI_AUTHZ=${NIFI_HOME}/conf/authorizers.xml | |
instance_count=3 | |
NIFI_HOME=/opt/nifi/nifi-current | |
NIFI_AUTHZ_FILE=${NIFI_HOME}/conf/authorizers.xml | |
NIFI_IS_CLUSTER=true | |
NIFI_ZK_CONNECTION_STRING={{ ZK connection string }} | |
NIFI_HTTP_PORT="" | |
NIFI_HTTPS_PORT=8443 | |
NIFI_OIDC_DISCOVERY_URL={{ OIDC Discovery URL }} | |
NIFI_OIDC_CLIENT_ID={{client id}} | |
NIFI_OIDC_CLIENT_SECRET={{client secret}} | |
NIFI_PROXY_CONTEXT_PATH=/ | |
NIFI_PROXY_HOST={{<URL at which NiFi is accessible>,localhost:9443}} | |
NIFI_KEY_STORE=./conf/keystore.jks | |
NIFI_KEY_STORE_TYPE=jks | |
NIFI_KEY_STORE_PASSWORD=$KEY_STORE_PASSWD | |
NIFI_KEY_PASSWORD=$KEY_PASSWD | |
NIFI_TRUST_STORE=./conf/truststore.jks | |
NIFI_TRUST_STORE_TYPE=jks | |
NIFI_TRUST_STORE_PASSWORD=$TRUST_STORE_PASSWD | |
NIFI_INITIAL_ADMIN_IDENTITY={{admin email}} | |
NIFI_FLOW_CONFIGURATION_FILE=./flow_xml/flow.xml.gz | |
NIFI_FLOW_CONFIGURATION_ARCHIVE_DIR=./flow_xml/archive | |
# Configure nifi.properties | |
prop_replace nifi.cluster.node.address ${NIFI_CLUSTER_ADDRESS} ${NIFI_PROPS} | |
prop_replace nifi.cluster.is.node ${NIFI_IS_CLUSTER} ${NIFI_PROPS} | |
prop_replace nifi.zookeeper.connect.string ${NIFI_ZK_CONNECTION_STRING} ${NIFI_PROPS} | |
prop_replace nifi.cluster.protocol.is.secure true ${NIFI_PROPS} | |
prop_replace nifi.cluster.node.protocol.port 7474 ${NIFI_PROPS} | |
prop_replace nifi.web.http.port '' ${NIFI_PROPS} | |
prop_replace nifi.web.https.port ${NIFI_HTTPS_PORT} ${NIFI_PROPS} | |
prop_replace nifi.web.https.host ${NIFI_CLUSTER_ADDRESS} ${NIFI_PROPS} | |
prop_replace nifi.remote.input.secure true ${NIFI_PROPS} | |
prop_replace nifi.security.user.oidc.discovery.url ${NIFI_OIDC_DISCOVERY_URL} ${NIFI_PROPS} | |
prop_replace nifi.security.user.oidc.client.id ${NIFI_OIDC_CLIENT_ID} ${NIFI_PROPS} | |
prop_replace nifi.security.user.oidc.client.secret ${NIFI_OIDC_CLIENT_SECRET} ${NIFI_PROPS} | |
prop_replace nifi.web.proxy.context.path ${NIFI_PROXY_CONTEXT_PATH} ${NIFI_PROPS} | |
prop_replace nifi.web.proxy.host ${NIFI_PROXY_HOST} ${NIFI_PROPS} | |
prop_replace nifi.security.keystore ${NIFI_KEY_STORE} ${NIFI_PROPS} | |
prop_replace nifi.security.keystoreType ${NIFI_KEY_STORE_TYPE} ${NIFI_PROPS} | |
prop_replace nifi.security.keystorePasswd ${NIFI_KEY_STORE_PASSWORD} ${NIFI_PROPS} | |
prop_replace nifi.security.keyPasswd ${NIFI_KEY_PASSWORD} ${NIFI_PROPS} | |
prop_replace nifi.security.truststore ${NIFI_TRUST_STORE} ${NIFI_PROPS} | |
prop_replace nifi.security.truststoreType ${NIFI_TRUST_STORE_TYPE} ${NIFI_PROPS} | |
prop_replace nifi.security.truststorePasswd ${NIFI_TRUST_STORE_PASSWORD} ${NIFI_PROPS} | |
prop_replace nifi.flow.configuration.file ${NIFI_FLOW_CONFIGURATION_FILE} ${NIFI_PROPS} | |
prop_replace nifi.flow.configuration.archive.dir ${NIFI_FLOW_CONFIGURATION_ARCHIVE_DIR} ${NIFI_PROPS} | |
# Configure authorizers.xml | |
# Set initial admin identity | |
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE} | |
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE} | |
# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable) | |
sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>|' $${NIFI_AUTHZ_FILE} | |
for i in $(seq 2 ${instance_count}); do | |
sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE} | |
done | |
# Set Initial user identities for each node identity that is created. | |
for i in $(seq 1 ${instance_count}); do | |
sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE} | |
done | |
# Change location of authorizations.xml and users.xml to a persistent volume location | |
sed -i -e 's|<property name="Authorizations File">./conf/authorizations.xml</property>|<property name="Authorizations File">./auth-conf/authorizations.xml</property>|' $${NIFI_AUTHZ_FILE} | |
sed -i -e 's|<property name="Users File">./conf/users.xml</property>|<property name="Users File">./auth-conf/users.xml</property>|' $${NIFI_AUTHZ_FILE} | |
# Start nifi after tailing the logs so logs are pushed to stdout | |
tail -F /opt/nifi/nifi-current/logs/nifi-app.log & | |
/opt/nifi/nifi-current/bin/nifi.sh run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment