cavemandaveman.nifi_registry
Ansible Role: NiFi Registry
This Ansible Role installs NiFi Registry on Linux. It is set up to make upgrades easy by default.
Requirements
You need at least Java 8 to use this.
Role Variables
Check defaults/main.yml for all the variables you can use and how to set them. For more information, the NiFi Registry System Administrator’s Guide is very helpful.
The following settings show where to install NiFi Registry and where its home directory will be (this will link to the latest version), as well as a directory for configuration files that won't change during upgrades.
nifi_registry_config_dirs:
install: /opt/nifi-registry/releases
home: /opt/nifi-registry/releases/current
external_config: /opt/nifi-registry/config_resources
By default, this is the folder layout that will be created:
|--opt/
|--nifi-registry/
|--releases/
|--current -> nifi-registry-0.4.0/
|--nifi-registry-0.3.0/
|--nifi-registry-0.4.0/
|--config_resources/
|--authorizations.xml
|--database/
|--extension_bundles/
|--flow_storage/
|--users.xml
You can add any key/value pair from a config file to the following lists. The names of the lists match the config file names. You can find the options for these files here.
nifi_registry_properties:
bootstrap:
logback:
identity_providers:
authorizers:
providers:
Dependencies
There are no additional dependencies.
Example Playbooks
These examples assume you've set hash_behaviour=merge in your configuration. If not, make sure to include the default values from defaults/main.yml.
Basic setup for a single node NiFi Registry:
- hosts: nifi_registry_servers
become: yes
roles:
- role: cavemandaveman.nifi_registry
Setup for a secure single node NiFi Registry using LDAP:
- hosts: nifi_registry_servers
become: yes
roles:
- role: cavemandaveman.nifi_registry
nifi_registry_properties:
# Remove HTTP settings so HTTPS can work
nifi.registry.web.http.host: ""
nifi.registry.web.http.port: ""
nifi.registry.web.https.host: "{{ ansible_fqdn }}"
nifi.registry.web.https.port: 9443
nifi.registry.security.keystore: /path/to/keystore.jks
nifi.registry.security.keystoreType: JKS
nifi.registry.security.keystorePasswd: keystorePassword
nifi.registry.security.keyPasswd: keyPassword
nifi.registry.security.truststore: /path/to/truststore.jks
nifi.registry.security.truststoreType: JKS
nifi.registry.security.truststorePasswd: truststorePassword
nifi.registry.security.needClientAuth: false
identity_providers:
/loginIdentityProviders/provider/identifier: ldap-provider
/loginIdentityProviders/provider/property[@name="Authentication Strategy"]: SIMPLE
/loginIdentityProviders/provider/property[@name="Manager DN"]: cn=nifi-registry,ou=people,dc=example,dc=com
/loginIdentityProviders/provider/property[@name="Manager Password"]: password
/loginIdentityProviders/provider/property[@name="Url"]: ldap://hostname:port
/loginIdentityProviders/provider/property[@name="User Search Base"]: OU=people,DC=example,DC=com
/loginIdentityProviders/provider/property[@name="User Search Filter"]: sAMAccountName={0}
authorizers:
/authorizers/userGroupProvider/property[@name="Initial User Identity 1"]: cn=John Smith,ou=people,dc=example,dc=com
/authorizers/accessPolicyProvider/property[@name="Initial Admin Identity"]: cn=John Smith,ou=people,dc=example,dc=com
License
GPLv3
Author Information
This role was created in 2018 by cavemandaveman.
An Ansible Role that installs NiFi Registry on Linux. By default, it installs in a way that makes upgrading painless.
ansible-galaxy install cavemandaveman.nifi_registry