chilcano.apache-nifi
Ansible 角色: apache-nifi
一个 Ansible 角色,用于安装、配置和运行 Apache NiFi。此角色提供以下功能:
- 安装 Apache NiFi。
- 以三种模式配置 Apache NiFi:
http:NiFi 标准配置,无身份验证,使用 HTTP 运行。https:通过 SSL/TLS 配置并运行 NiFi,基于客户端证书进行身份验证。tls_toolkit:使用 Apache NiFi 生成的密钥对、数字证书、Java 密钥库和配置文件,以安全地配置和运行 NiFi。
- 将 Apache NiFi 作为
systemd服务运行。
需求
- Java。
角色变量
默认变量位于 defaults/main.yml。
依赖
此 Ansible 角色没有其他依赖,不过 Apache NiFi 需要 Java。
我将使用 (geerlingguy.java)[https://github.com/geerlingguy/ansible-role-java] 角色来安装 Java,但会进行一些更改以在 Debian 上安装 Oracle Java 8。你可以从我 fork 的 (chilcano.java / branch oracle-java-debian)[https://github.com/chilcano/ansible-role-java/tree/oracle-java-debian] 获取这些更改。只需克隆该分支即可。
但如果你打算在 Ubuntu 或 CentOS 上使用 Apache NiFi,则不需要上述更改。只需按照以下步骤下载 geerlingguy.java,或手动在你的机器上安装 Java 7 或 8:
$ sudo ansible-galaxy install geerlingguy.java
示例 Playbook
- hosts: nf1
become: yes
vars_files:
- vars.yml
roles:
- role: ../../playbooks/roles/ansible-role-java
java_packages:
- oracle-java8-installer
- ca-certificates
- oracle-java8-set-default
java_cleanup: false
java_home: "/usr/lib/jvm/java-8-oracle"
- role: chilcano.apache-nifi
nifi:
version: "1.2.0"
packaging_bin: "tar.gz"
packaging_src: "zip"
action:
clean:
installer: false
installation: false
dependencies: false
install: true
run: true
deployment:
mode: "http"
tls_toolkit:
shared_dir_local: "/Users/Chilcano/1github-repo/binaries"
hostname: ""
dir_repo: ""
download:
http_uri: "http://mirror.ox.ac.uk/sites/rsync.apache.org"
nifi_conf_authorizers:
initial_admin_identity: ""
nf_hostname_pattern: ""
nf_domain: ""
nf_dn_suffix: ""
nifi_properties_j2:
nifi.remote.input.host: ""
nifi.remote.input.secure: false
nifi.remote.input.socket.port:
nifi.web.http.host: ""
nifi.web.http.port: 8080
nifi.web.https.host: ""
nifi.web.https.port:
nifi.security.keystore: ""
nifi.security.keystoreType: ""
nifi.security.keystorePasswd: ""
nifi.security.keyPasswd: ""
nifi.security.truststore: ""
nifi.security.truststoreType: ""
nifi.security.truststorePasswd: ""
nifi.security.user.authorizer: ""
nifi.security.user.login.identity.provider: ""
nifi.cluster.protocol.is.secure: false
nifi.cluster.node.address: ""
nifi.cluster.node.protocol.port:
nifi_sync_dir_local: "/Users/Chilcano/1github-repo/binaries"
- hosts: nf2
become: yes
vars_files:
- vars.yml
roles:
- role: ../../playbooks/roles/ansible-role-java
java_packages:
- oracle-java8-installer
- ca-certificates
- oracle-java8-set-default
java_cleanup: false
java_home: "/usr/lib/jvm/java-8-oracle"
- role: chilcano.apache-nifi
nifi:
action:
clean:
installer: false
installation: false
dependencies: false
install: true
run: true
deployment:
mode: "https"
tls_toolkit:
shared_dir_local: "/Users/Chilcano/1github-repo/binaries"
hostname: "nftk1"
dir_repo: "nifi-toolkit_repo"
download:
http_uri: "http://mirror.ox.ac.uk/sites/rsync.apache.org"
nifi_conf_authorizers:
initial_admin_identity: "{{ _nftk_client_cert_dn }}"
nf_hostname_pattern: "{{ _nftk_hostname }}"
nf_domain: "{{ _nftk_domain }}"
nf_dn_suffix: "{{ _nftk_dn_suffix }}"
nifi_properties_j2:
nifi.remote.input.host: ""
nifi.remote.input.secure: true
nifi.remote.input.socket.port: 10443
nifi.web.http.host: ""
nifi.web.http.port:
nifi.web.https.host: ""
nifi.web.https.port: 9443
nifi.security.keystore: ./conf/keystore.jks
nifi.security.keystoreType: jks
nifi.security.keystorePasswd: "{{ _nftk_run_keystorepasswd }}"
nifi.security.keyPasswd: "{{ _nftk_run_keypasswd }}"
nifi.security.truststore: ./conf/truststore.jks
nifi.security.truststoreType: jks
nifi.security.truststorePasswd: "{{ _nftk_run_truststorepasswd }}"
nifi.security.user.authorizer: "file-provider"
nifi.security.user.login.identity.provider: ""
nifi.cluster.protocol.is.secure: true
nifi.cluster.node.address: ""
nifi.cluster.node.protocol.port: 11443
nifi_sync_dir_local: "/Users/Chilcano/1github-repo/binaries"
- hosts: nf3
become: yes
vars_files:
- vars.yml
roles:
- role: ../../playbooks/roles/ansible-role-java
java_packages:
- oracle-java8-installer
- ca-certificates
- oracle-java8-set-default
java_cleanup: false
java_home: "/usr/lib/jvm/java-8-oracle"
- role: chilcano.apache-nifi
nifi:
action:
clean:
installer: false
installation: false
dependencies: false
install: true
run: true
deployment:
mode: "tls_toolkit"
tls_toolkit:
shared_dir_local: "/Users/Chilcano/1github-repo/binaries"
hostname: "nftk1"
dir_repo: "nifi-toolkit_repo"
download:
http_uri: "http://mirror.ox.ac.uk/sites/rsync.apache.org"
nifi_conf_authorizers:
initial_admin_identity: "{{ _nftk_client_cert_dn }}"
nf_hostname_pattern: "{{ _nftk_hostname }}"
nf_domain: "{{ _nftk_domain }}"
nf_dn_suffix: "{{ _nftk_dn_suffix }}"
nifi_properties_j2:
nifi.remote.input.host: ""
nifi.remote.input.secure: true
nifi.remote.input.socket.port: 10443
nifi.web.http.host: ""
nifi.web.http.port:
nifi.web.https.host: ""
nifi.web.https.port: 9443
nifi.security.keystore: ./conf/keystore.jks
nifi.security.keystoreType: jks
nifi.security.keystorePasswd: "{{ _nftk_run_keystorepasswd }}"
nifi.security.keyPasswd: "{{ _nftk_run_keypasswd }}"
nifi.security.truststore: ./conf/truststore.jks
nifi.security.truststoreType: jks
nifi.security.truststorePasswd: "{{ _nftk_run_truststorepasswd }}"
nifi.security.user.authorizer: "file-provider"
nifi.security.user.login.identity.provider: ""
nifi.cluster.protocol.is.secure: true
nifi.cluster.node.address: ""
nifi.cluster.node.protocol.port: 11443
nifi_sync_dir_local: "/Users/Chilcano/1github-repo/binaries"
vars.yml 文件内容为:
_nftk_domain: "intix.info"
_nftk_hostname: "nf[1-3]"
_nftk_dn_suffix: "OU=INTIX"
_nftk_client_cert_dn: "CN=chilcano, {{ _nftk_dn_suffix }}"
_nftk_run_clientpasswd: demo00a
_nftk_run_keypasswd: demo00b
_nftk_run_truststorepasswd: demo00c
_nftk_run_keystorepasswd: demo00d
inventory 文件内容为:
[nifis]
nf1
nf2
nf3
nf1 ansible_host=192.168.77.5
nf2 ansible_host=192.168.77.6
nf3 ansible_host=192.168.77.7
[nifis:vars]
ansible_user=vagrant
ansible_ssh_private_key_file="/Users/Chilcano/.vagrant.d/insecure_private_key"
更新
- 现在如果本地文件系统中没有二进制文件/安装程序,角色会从本地复制。如果仍然不存在,则尝试从 URL 下载。最终下载的二进制文件将被复制到本地文件系统以供重复使用。
- 必须通过添加
ansible_ssh_private_key_file更新inventory文件,以便使用synchronizeAnsible 模块(用于同步较大文件),而不是fetchAnsible 模块。 - 在此 Ansible 角色中添加了变量
nifi_sync_dir_local。这是 Ansible 角色将二进制文件/安装程序复制到远程的本地目录。
许可证
MIT / BSD
作者信息
此角色由 Roger Carhuatocto 于 2017 年创建,作者为 HolisticSecurity.io 博客。
关于项目
An Ansible Role that installs and runs Apache NiFi.
安装
ansible-galaxy install chilcano.apache-nifi许可证
Unknown
下载
385
拥有者
Crypto, PKI, DevSecOps, Cloud & Cyber Security, SOA, API & Service Mesh.