├── README.md └── nifi-docker-compose ├── nginx.conf ├── README.adoc └── docker-compose.yml /README.md: -------------------------------------------------------------------------------- 1 | # nifi-stuff 2 | -------------------------------------------------------------------------------- /nifi-docker-compose/nginx.conf: -------------------------------------------------------------------------------- 1 | events { worker_connections 1024; } 2 | 3 | stream { 4 | upstream nifi_nodes { 5 | hash $remote_addr consistent; 6 | server nifi0:8443; 7 | server nifi1:8443; 8 | } 9 | 10 | server { 11 | listen [::]:8443; 12 | listen 8443; 13 | proxy_pass nifi_nodes; 14 | } 15 | } -------------------------------------------------------------------------------- /nifi-docker-compose/README.adoc: -------------------------------------------------------------------------------- 1 | = nifi-docker-compose 2 | 3 | _Based on an original idea from link:https://community.cloudera.com/t5/user/viewprofilepage/user-id/98373[@Arqui] in this link:https://community.cloudera.com/t5/Support-Questions/NiFi-single-user-Certificate-and-Token-not-found/m-p/345007/highlight/true#M234326[community forum post]._ 4 | 5 | The link:https://hub.docker.com/r/apache/nifi[Apache NiFi Docker image] is a pretty handy way to quickly launch a single-node NiFi cluster. 6 | 7 | This docker-compose configuration file uses the NiFi docker image to launch a 2-node NiFi cluster. 8 | The NiFi configuration and repositories are persisted in Docker volumes, so they survive cluster restarts. 9 | 10 | The cluster is configured to use the `single-user` provider and authorizer. The default credentials are `admin/supersecret1`. You can change this in the configuration file if needed. 11 | 12 | A `nginx` service is also part of the deployment to distribute connections to both NiFi nodes. To connect to the cluster, point your browser to `https://localhost:8443/nifi`. 13 | 14 | == Starting the cluster 15 | 16 | Execute the following command on this directory: 17 | 18 | [source,shell] 19 | ---- 20 | docker compose up -d 21 | ---- 22 | 23 | == Stopping the cluster 24 | 25 | Execute the following command on this directory: 26 | 27 | [source,shell] 28 | ---- 29 | docker compose down 30 | ---- 31 | 32 | == Resetting the cluster content 33 | 34 | If you want to clear/discard the content of your NiFi cluster so that you can start a fresh one, execute the following commands on this directory: 35 | 36 | [source,shell] 37 | ---- 38 | docker compose down 39 | docker volume rm $(docker volume ls -q --filter "name=nifi-docker-compose") 40 | ---- 41 | -------------------------------------------------------------------------------- /nifi-docker-compose/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.9' 2 | 3 | x-user: &user admin 4 | x-pwd: &pwd supersecret1 5 | 6 | x-nifi-base: &nifi-base 7 | image: apache/nifi:1.16.2 8 | networks: 9 | - nifi 10 | 11 | x-nifi-toolkit-base: &nifi-toolkit-base 12 | image: apache/nifi-toolkit:1.16.2 13 | networks: 14 | - nifi 15 | 16 | x-nifi-environment: &nifi-environment 17 | NIFI_WEB_HTTPS_PORT: 8443 18 | NIFI_CLUSTER_IS_NODE: "true" 19 | NIFI_ZK_CONNECT_STRING: "zookeeper:2181" 20 | NIFI_ELECTION_MAX_WAIT: "30 sec" 21 | NIFI_ELECTION_MAX_CANDIDATES: 1 22 | NIFI_SENSITIVE_PROPS_KEY: "my-random-string" 23 | NIFI_CLUSTER_NODE_PROTOCOL_PORT: 8082 24 | NIFI_WEB_PROXY_HOST: "nifi0:8443,nifi0,nifi1:8443,nifi1,localhost:8080" 25 | SINGLE_USER_CREDENTIALS_USERNAME: *user 26 | SINGLE_USER_CREDENTIALS_PASSWORD: *pwd 27 | NIFI_SECURITY_USER_AUTHORIZER: "single-user-authorizer" 28 | NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER: "single-user-provider" 29 | INITIAL_ADMIN_IDENTITY: *user 30 | AUTH: "tls" 31 | KEYSTORE_TYPE: "JKS" 32 | KEYSTORE_PASSWORD: supersecretkeystore 33 | TRUSTSTORE_TYPE: "JKS" 34 | TRUSTSTORE_PASSWORD: supersecrettruststore 35 | 36 | x-nifi0-environment: &nifi0-environment 37 | NIFI_CLUSTER_ADDRESS: "nifi0" 38 | NIFI_WEB_HTTPS_HOST: "nifi0" 39 | KEYSTORE_PATH: "/opt/certs/nifi0/keystore.jks" 40 | TRUSTSTORE_PATH: "/opt/certs/nifi0/truststore.jks" 41 | 42 | x-nifi1-environment: &nifi1-environment 43 | NIFI_CLUSTER_ADDRESS: "nifi1" 44 | NIFI_WEB_HTTPS_HOST: "nifi1" 45 | KEYSTORE_PATH: "/opt/certs/nifi1/keystore.jks" 46 | TRUSTSTORE_PATH: "/opt/certs/nifi1/truststore.jks" 47 | 48 | services: 49 | zookeeper: 50 | container_name: zookeeper 51 | image: bitnami/zookeeper:3.8.0 52 | environment: 53 | - ALLOW_ANONYMOUS_LOGIN=yes 54 | networks: 55 | - nifi 56 | 57 | nifi-toolkit: 58 | <<: *nifi-toolkit-base 59 | container_name: nifi-toolkit 60 | volumes: 61 | - nifi_certs:/opt/certs 62 | user: root 63 | entrypoint: ["bash", "-c", "/opt/nifi-toolkit/*/bin/tls-toolkit.sh standalone -o /opt/certs -n nifi[0-1] -P supersecrettruststore -K supersecretkeystore -S supersecretkeystore; chown -R nifi:nifi /opt/certs"] 64 | 65 | proxy: 66 | image: nginx:latest 67 | container_name: proxy 68 | volumes: 69 | - ./nginx.conf:/etc/nginx/nginx.conf:ro 70 | ports: 71 | - "8443:8443" 72 | networks: 73 | - nifi 74 | depends_on: 75 | - nifi0 76 | - nifi1 77 | 78 | nifi0: 79 | <<: *nifi-base 80 | container_name: nifi0 81 | depends_on: 82 | nifi-toolkit: 83 | condition: service_completed_successfully 84 | volumes: 85 | - nifi_certs:/opt/certs 86 | - nifi0_conf:/opt/nifi/nifi-current/conf 87 | - nifi0_extensions:/opt/nifi/nifi-current/extensions 88 | - nifi0_database_repository:/opt/nifi/nifi-current/database_repository 89 | - nifi0_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository 90 | - nifi0_content_repository:/opt/nifi/nifi-current/content_repository 91 | - nifi0_provenance_repository:/opt/nifi/nifi-current/provenance_repository 92 | - nifi0_state:/opt/nifi/nifi-current/state 93 | - nifi0_logs:/opt/nifi/nifi-current/logs 94 | environment: 95 | <<: *nifi-environment 96 | <<: *nifi0-environment 97 | networks: 98 | - nifi 99 | entrypoint: 100 | - "/bin/bash" 101 | - "-c" 102 | - "sed -i 's/nifi.ui.banner.text=.*/nifi.ui.banner.text=nifi0 (v1.16.2)/' conf/nifi.properties; ../scripts/start.sh" 103 | 104 | nifi1: 105 | <<: *nifi-base 106 | container_name: nifi1 107 | depends_on: 108 | nifi-toolkit: 109 | condition: service_completed_successfully 110 | volumes: 111 | - nifi_certs:/opt/certs 112 | - nifi1_conf:/opt/nifi/nifi-current/conf 113 | - nifi1_extensions:/opt/nifi/nifi-current/extensions 114 | - nifi1_database_repository:/opt/nifi/nifi-current/database_repository 115 | - nifi1_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository 116 | - nifi1_content_repository:/opt/nifi/nifi-current/content_repository 117 | - nifi1_provenance_repository:/opt/nifi/nifi-current/provenance_repository 118 | - nifi1_state:/opt/nifi/nifi-current/state 119 | - nifi1_logs:/opt/nifi/nifi-current/logs 120 | environment: 121 | <<: *nifi-environment 122 | <<: *nifi1-environment 123 | networks: 124 | - nifi 125 | entrypoint: 126 | - "/bin/bash" 127 | - "-c" 128 | - "sed -i 's/nifi.ui.banner.text=.*/nifi.ui.banner.text=nifi1 (v1.16.2)/' conf/nifi.properties; ../scripts/start.sh" 129 | 130 | networks: 131 | nifi: 132 | driver: bridge 133 | 134 | volumes: 135 | nifi_certs: 136 | # nifi 0 137 | nifi0_conf: 138 | nifi0_extensions: 139 | nifi0_database_repository: 140 | nifi0_flowfile_repository: 141 | nifi0_content_repository: 142 | nifi0_provenance_repository: 143 | nifi0_state: 144 | nifi0_logs: 145 | # nifi 1 146 | nifi1_conf: 147 | nifi1_extensions: 148 | nifi1_database_repository: 149 | nifi1_flowfile_repository: 150 | nifi1_content_repository: 151 | nifi1_provenance_repository: 152 | nifi1_state: 153 | nifi1_logs: 154 | --------------------------------------------------------------------------------