Skip to content

Instantly share code, notes, and snippets.

@swazza

swazza/nifi-init.sh

Created December 7, 2019 17:59
Show Gist options
  • Save swazza/3c0d6729c12c022a0c97054149685268 to your computer and use it in GitHub Desktop.
Save swazza/3c0d6729c12c022a0c97054149685268 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nifi-init.sh
prop_replace () {
target_file=${3}
echo 'replacing target file ' ${target_file}
sed -i -e "s|^$1=.*$|$1=$2|" ${target_file}
}
# Install the jq tool. This tool is needed to query values from the config.json
# file created by the tls-toolkit running in the client mode
apt-get update && apt-get install jq -y
# Run the tls-toolkit in client mode to generate the truststore and keystore
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t {{ token }} --dn "CN=$(hostname -f), OU=NIFI" --subjectAlternativeNames localhost
# Use jq to extract the passwords form the config.json generated by the tls-toolkit
KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json`
KEY_PASSWD=`jq -r '.keyPassword' ./config.json`
TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json`
# Move the truststore and keystore in the conf directory
mv ./keystore.jks conf/
mv ./truststore.jks conf/
# Setup variables to point to files
NIFI_HOME=/opt/nifi/nifi-current
NIFI_PROPS=${NIFI_HOME}/conf/nifi.properties
NIFI_AUTHZ=${NIFI_HOME}/conf/authorizers.xml
instance_count=3
NIFI_HOME=/opt/nifi/nifi-current
NIFI_AUTHZ_FILE=${NIFI_HOME}/conf/authorizers.xml
NIFI_IS_CLUSTER=true
NIFI_ZK_CONNECTION_STRING={{ ZK connection string }}
NIFI_HTTP_PORT=""
NIFI_HTTPS_PORT=8443
NIFI_OIDC_DISCOVERY_URL={{ OIDC Discovery URL }}
NIFI_OIDC_CLIENT_ID={{client id}}
NIFI_OIDC_CLIENT_SECRET={{client secret}}
NIFI_PROXY_CONTEXT_PATH=/
NIFI_PROXY_HOST={{<URL at which NiFi is accessible>,localhost:9443}}
NIFI_KEY_STORE=./conf/keystore.jks
NIFI_KEY_STORE_TYPE=jks
NIFI_KEY_STORE_PASSWORD=$KEY_STORE_PASSWD
NIFI_KEY_PASSWORD=$KEY_PASSWD
NIFI_TRUST_STORE=./conf/truststore.jks
NIFI_TRUST_STORE_TYPE=jks
NIFI_TRUST_STORE_PASSWORD=$TRUST_STORE_PASSWD
NIFI_INITIAL_ADMIN_IDENTITY={{admin email}}
NIFI_FLOW_CONFIGURATION_FILE=./flow_xml/flow.xml.gz
NIFI_FLOW_CONFIGURATION_ARCHIVE_DIR=./flow_xml/archive
# Configure nifi.properties
prop_replace nifi.cluster.node.address ${NIFI_CLUSTER_ADDRESS} ${NIFI_PROPS}
prop_replace nifi.cluster.is.node ${NIFI_IS_CLUSTER} ${NIFI_PROPS}
prop_replace nifi.zookeeper.connect.string ${NIFI_ZK_CONNECTION_STRING} ${NIFI_PROPS}
prop_replace nifi.cluster.protocol.is.secure true ${NIFI_PROPS}
prop_replace nifi.cluster.node.protocol.port 7474 ${NIFI_PROPS}
prop_replace nifi.web.http.port '' ${NIFI_PROPS}
prop_replace nifi.web.https.port ${NIFI_HTTPS_PORT} ${NIFI_PROPS}
prop_replace nifi.web.https.host ${NIFI_CLUSTER_ADDRESS} ${NIFI_PROPS}
prop_replace nifi.remote.input.secure true ${NIFI_PROPS}
prop_replace nifi.security.user.oidc.discovery.url ${NIFI_OIDC_DISCOVERY_URL} ${NIFI_PROPS}
prop_replace nifi.security.user.oidc.client.id ${NIFI_OIDC_CLIENT_ID} ${NIFI_PROPS}
prop_replace nifi.security.user.oidc.client.secret ${NIFI_OIDC_CLIENT_SECRET} ${NIFI_PROPS}
prop_replace nifi.web.proxy.context.path ${NIFI_PROXY_CONTEXT_PATH} ${NIFI_PROPS}
prop_replace nifi.web.proxy.host ${NIFI_PROXY_HOST} ${NIFI_PROPS}
prop_replace nifi.security.keystore ${NIFI_KEY_STORE} ${NIFI_PROPS}
prop_replace nifi.security.keystoreType ${NIFI_KEY_STORE_TYPE} ${NIFI_PROPS}
prop_replace nifi.security.keystorePasswd ${NIFI_KEY_STORE_PASSWORD} ${NIFI_PROPS}
prop_replace nifi.security.keyPasswd ${NIFI_KEY_PASSWORD} ${NIFI_PROPS}
prop_replace nifi.security.truststore ${NIFI_TRUST_STORE} ${NIFI_PROPS}
prop_replace nifi.security.truststoreType ${NIFI_TRUST_STORE_TYPE} ${NIFI_PROPS}
prop_replace nifi.security.truststorePasswd ${NIFI_TRUST_STORE_PASSWORD} ${NIFI_PROPS}
prop_replace nifi.flow.configuration.file ${NIFI_FLOW_CONFIGURATION_FILE} ${NIFI_PROPS}
prop_replace nifi.flow.configuration.archive.dir ${NIFI_FLOW_CONFIGURATION_ARCHIVE_DIR} ${NIFI_PROPS}
# Configure authorizers.xml
# Set initial admin identity
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE}
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|' $${NIFI_AUTHZ_FILE}
# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable)
sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>|' $${NIFI_AUTHZ_FILE}
for i in $(seq 2 ${instance_count}); do
sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
done
# Set Initial user identities for each node identity that is created.
for i in $(seq 1 ${instance_count}); do
sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
done
# Change location of authorizations.xml and users.xml to a persistent volume location
sed -i -e 's|<property name="Authorizations File">./conf/authorizations.xml</property>|<property name="Authorizations File">./auth-conf/authorizations.xml</property>|' $${NIFI_AUTHZ_FILE}
sed -i -e 's|<property name="Users File">./conf/users.xml</property>|<property name="Users File">./auth-conf/users.xml</property>|' $${NIFI_AUTHZ_FILE}
# Start nifi after tailing the logs so logs are pushed to stdout
tail -F /opt/nifi/nifi-current/logs/nifi-app.log &
/opt/nifi/nifi-current/bin/nifi.sh run
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment