Author: tkurc
Date: Sat Feb 27 03:24:12 2016
New Revision: 1732598
URL: http://svn.apache.org/viewvc?rev=1732598&view=rev
Log:
NIFI-1556: updating nifi-docs for 0.5.1
Modified:
nifi/site/trunk/docs/nifi-docs/html/administration-guide.html
nifi/site/trunk/docs/nifi-docs/html/developer-guide.html
nifi/site/trunk/docs/nifi-docs/html/expression-language-guide.html
nifi/site/trunk/docs/nifi-docs/html/getting-started.html
nifi/site/trunk/docs/nifi-docs/html/overview.html
nifi/site/trunk/docs/nifi-docs/html/user-guide.html
Modified: nifi/site/trunk/docs/nifi-docs/html/administration-guide.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/administration-guide.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/administration-guide.html (original)
+++ nifi/site/trunk/docs/nifi-docs/html/administration-guide.html Sat Feb 27
03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -1796,30 +1780,51 @@ in the cluster. This allows one node to
<div class="paragraph">
<p>When a component decides to store or retrieve state, it does so by
providing a "Scope" - either Node-local or Cluster-wide. The
mechanism that is used to store and retrieve this state is then determined
based on this Scope, as well as the configured State
-Providers. The <em>nifi.properties</em> file contains three different
properties that are relevant to configuring these State Providers.
-The first is the <code>nifi.state.management.configuration.file</code>
property specifies an external XML file that is used for configuring
-the local and cluster-wide State Providers. This XML file may contain
configurations for multiple providers, so the
-<code>nifi.state.management.provider.local</code> property provides the
identifier of the local State Provider configured in this XML file.
-Similarly, the <code>nifi.state.management.provider.cluster</code> property
provides the identifier of the cluster-wide State Provider
-configured in this XML file.</p>
-</div>
-<div class="paragraph">
-<p>This XML file consists of a top-level <code>state-management</code>
element, which has one or more <code>local-provider</code> and zero or more
-<code>cluster-provider</code> elements. Each of these elements then contains
an <code>id</code> element that is used to specify the identifier that can
-be referenced in the <em>nifi.properties</em> file, as well as a
<code>class</code> element that specifies the fully-qualified class name to use
-in order to instantiate the State Provider. Finally, each of these elements
may have zero or more <code>property</code> elements. Each
-<code>property</code> element has an attribute, <code>name</code> that is the
name of the property that the State Provider supports. The textual content
-of the <code>property</code> element is the value of the property.</p>
-</div>
-<div class="paragraph">
-<p>Once these State Providers have been configured in the
<em>state-management.xml</em> file (or whatever file is configured), those
Providers
-may be referenced by their identifiers. By default, the Local State Provider
is configured to be a <code>WriteAheadLocalStateProvider</code> that
-persists the data to the <em>$NIFI_HOME/state</em> directory. The default
Cluster State Provider is configured to be a
<code>ZooKeeperStateProvider</code>.
-The default ZooKeeper-based provider must have its <code>Connect String</code>
property populated before it can be used. It is also advisable,
-if multiple NiFi instances will use the same ZooKeeper instance, that the
value of the <code>Root Node</code> property be changed. For instance,
-one might set the value to <code>/nifi/<team name>/production</code>. A
<code>Connect String</code> takes the form of comma separated
<host>:<port> tuples,
-such as my-zk-server1:2181,my-zk-server2:2181,my-zk-server3:2181. In the event
a port is not specified for any of the hosts, the ZooKeeper
-default of 2181 is assumed.</p>
+Providers. The <em>nifi.properties</em> file contains three different
properties that are relevant to configuring these State Providers.</p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 50%;">
+<col style="width: 50%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Property</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Description</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">nifi.state.management.configuration.file</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The first
is the property that specifies an external XML file that is used for
configuring the local and/or cluster-wide State Providers. This XML file may
contain configurations for multiple providers</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">nifi.state.management.provider.local</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The
property that provides the identifier of the local State Provider configured in
this XML file</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">nifi.state.management.provider.cluster</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Similarly,
the property provides the identifier of the cluster-wide State Provider
configured in this XML file.</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>This XML file consists of a top-level <code>state-management</code>
element, which has one or more <code>local-provider</code> and zero or more
<code>cluster-provider</code>
+elements. Each of these elements then contains an <code>id</code> element that
is used to specify the identifier that can be referenced in the
+<em>nifi.properties</em> file, as well as a <code>class</code> element that
specifies the fully-qualified class name to use in order to instantiate the
State
+Provider. Finally, each of these elements may have zero or more
<code>property</code> elements. Each <code>property</code> element has an
attribute, <code>name</code> that is the name
+of the <code>property</code> that the State Provider supports. The textual
content of the property element is the value of the property.</p>
+</div>
+<div class="paragraph">
+<p>Once these State Providers have been configured in the
<em>state-management.xml</em> file (or whatever file is configured), those
Providers may be
+referenced by their identifiers.</p>
+</div>
+<div class="paragraph">
+<p>By default, the Local State Provider is configured to be a
<code>WriteAheadLocalStateProvider</code> that persists the data to the
+<em>$NIFI_HOME/state/local</em> directory. The default Cluster State Provider
is configured to be a <code>ZooKeeperStateProvider</code>. The default
+ZooKeeper-based provider must have its <code>Connect String</code> property
populated before it can be used. It is also advisable, if multiple NiFi
instances
+will use the same ZooKeeper instance, that the value of the <code>Root
Node</code> property be changed. For instance, one might set the value to
+<code>/nifi/<team name>/production</code>. A <code>Connect String</code>
takes the form of comma separated <host>:<port> tuples, such as
+my-zk-server1:2181,my-zk-server2:2181,my-zk-server3:2181. In the event a port
is not specified for any of the hosts, the ZooKeeper default of
+2181 is assumed.</p>
</div>
<div class="paragraph">
<p>When adding data to ZooKeeper, there are two options for Access Control:
<code>Open</code> and <code>CreatorOnly</code>. If the <code>Access
Control</code> property is
@@ -1856,12 +1861,33 @@ behave as a cluster. However, there are
In order to avoid the burden of forcing administrators to also maintain a
separate ZooKeeper instance, NiFi provides the option of starting an
embedded ZooKeeper server.</p>
</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 50%;">
+<col style="width: 50%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Property</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Description</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">nifi.state.management.embedded.zookeeper.start</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies
whether or not this instance of NiFi should run an embedded ZooKeeper
server</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">nifi.state.management.embedded.zookeeper.properties</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Properties
file that provides the ZooKeeper properties to use if
<nifi.state.management.embedded.zookeeper.start> is set to true</p></td>
+</tr>
+</tbody>
+</table>
<div class="paragraph">
<p>This can be accomplished by setting the
<code>nifi.state.management.embedded.zookeeper.start</code> property in
<em>nifi.properties</em> to <code>true</code> on those nodes
that should run the embedded ZooKeeper server. Generally, it is advisable to
run ZooKeeper on either 3 or 5 nodes. Running on fewer than 3 nodes
provides less durability in the face of failure. Running on more than 5 nodes
generally produces more network traffic than is necessary. Additionally,
running ZooKeeper on 4 nodes provides no more benefit than running on 3 nodes,
ZooKeeper requires a majority of nodes be active in order to function.
-However, it is up to the administrator to determine the number of nodes most
appropriate to the particular deployment of NiFi.</p>
+However, it is up to the administrator to determine the number of nodes most
appropriate to the particular deployment of NiFi. An embedded ZooKeeper
+server cannot be run on the NCM.</p>
</div>
<div class="paragraph">
<p>If the <code>nifi.state.management.embedded.zookeeper.start</code> property
is set to <code>true</code>, the
<code>nifi.state.management.embedded.zookeeper.properties</code> property
@@ -1874,9 +1900,9 @@ listen on for client connections must be
in the <em>zookeeper.properties</em> file.</p>
</div>
<div class="paragraph">
-<p>When using an embedded ZooKeeper, the <em>conf/zookeeper.properties</em>
file has a property named <code>dataDir</code>. By default, this value is set
to <code>./state/zookeeper</code>.
+<p>When using an embedded ZooKeeper, the ./<em>conf/zookeeper.properties</em>
file has a property named <code>dataDir</code>. By default, this value is set
to <code>./state/zookeeper</code>.
If more than one NiFi node is running an embedded ZooKeeper, it is important
to tell the server which one it is. This is accomplished by creating a file
named
-<em>myid</em> and placing it in ZooKeeper’s data directory. The contents
of this file should be the index of the server as specific by the
<code>server.<number></code>. So for
+<em>myid</em> and placing it in ZooKeeperâs data directory. The contents of
this file should be the index of the server as specific by the
<code>server.<number></code>. So for
one of the ZooKeeper servers, we will accomplish this by performing the
following commands:</p>
</div>
<div class="listingblock">
@@ -1940,57 +1966,84 @@ support for encryption via SSL. Support
<p>In order to secure the communications, we need to ensure that both the
client and the server support the same configuration. Instructions for
configuring the
NiFi ZooKeeper client and embedded ZooKeeper server to use Kerberos are
provided below.</p>
</div>
+<div class="paragraph">
+<p>If Kerberos is not already setup in your environment, you can find
information on installing and setting up a Kerberos Server at
+<a
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html";><em>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html</em></a>
+. This guide assumes that Kerberos already has been installed in the
environment in which NiFi is running.</p>
+</div>
+<div class="paragraph">
+<p>Note, the following procedures for kerberizing an Embedded Zookeeper server
in your NiFI Node and kerberizing a zookeeper NiFI client will require that
+Kerberos client libraries be installed. This is accomplished in Fedora-based
Linux distributions via:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code>yum install krb5-workstation</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Once this is complete, the /etc/krb5.conf will need to be configured
appropriately for your organizationâs Kerberos environment.</p>
+</div>
<div class="sect3">
-<h4 id="zk_kerberos_client"><a class="anchor"
href="#zk_kerberos_client"></a>Kerberizing NiFi’s ZooKeeper Client</h4>
+<h4 id="zk_kerberos_server"><a class="anchor"
href="#zk_kerberos_server"></a>Kerberizing Embedded ZooKeeper Server</h4>
<div class="paragraph">
-<p>The preferred mechanism for authenticating users with ZooKeeper is to use
Kerberos. In order to use Kerberos to authenticate, we must configure a few
-system properties, so that the ZooKeeper client knows who the user is and
where the KeyTab file is. All nodes configured to store cluster-wide state
-using <code>ZooKeeperStateProvider</code> and using Kerberos should follow
these steps.</p>
+<p>The krb5.conf file on the systems with the embedded zookeeper servers
should be identical to the one on the system where the krb5kdc service is
running.
+When using the embedded ZooKeeper server, we may choose to secure the server
by using Kerberos. All nodes configured to launch an embedded ZooKeeper and
+using Kerberos should follow these steps. When using the embedded ZooKeeper
server, we may choose to secure the server by using Kerberos. All nodes
+configured to launch an embedded ZooKeeper and using Kerberos should follow
these steps.</p>
</div>
<div class="paragraph">
-<p>First, we must create the Principal that we will use when communicating
with ZooKeeper. This is generally done via the <code>kadmin</code> tool:</p>
+<p>In order to use Kerberos, we first need to generate a Kerberos Principal
for our ZooKeeper servers. The following command is run on the server where the
+krb5kdc service is running. This is accomplished via the kadmin tool:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>kadmin: addprinc "[email protected]"</code></pre>
+<pre class="highlight"><code>kadmin: addprinc
"zookeeper/[email protected]"</code></pre>
</div>
</div>
<div class="paragraph">
-<p>A Kerberos Principal is made up of three parts: the primary, the instance,
and the realm. Here, we are creating a Principal with the primary
<code>nifi</code>,
-no instance, and the realm <code>EXAMPLE.COM</code>. The primary
(<code>nifi</code>, in this case) is the identifier that will be used to
identify the user when authenticating
-via Kerberos.</p>
+<p>Here, we are creating a Principal with the primary
<code>zookeeper/myHost.example.com</code>, using the realm
<code>EXAMPLE.COM</code>. We need to use a Principal whose
+name is <code><service name>/<instance name></code>. In this case,
the service is <code>zookeeper</code> and the instance name is
<code>myHost.example.com</code> (the fully qualified name of our host).</p>
</div>
<div class="paragraph">
-<p>After we have created our Principal, we will need to create a KeyTab for
the Principal:</p>
+<p>Next, we will need to create a KeyTab for this Principal, this command is
run on the server with the NiFi instance with an embedded zookeeper server:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>kadmin: xst -k nifi.keytab
[email protected]</code></pre>
+<pre class="highlight"><code>kadmin: xst -k zookeeper-server.keytab
zookeeper/[email protected]</code></pre>
</div>
</div>
<div class="paragraph">
-<p>This will create a file in the current directory named
<code>nifi.keytab</code>. We can now copy that file into the
<em>$NIFI_HOME/conf/</em> directory. We should ensure
+<p>This will create a file in the current directory named
<code>zookeeper-server.keytab</code>. We can now copy that file into the
<code>$NIFI_HOME/conf/</code> directory. We should ensure
that only the user that will be running NiFi is allowed to read this file.</p>
</div>
<div class="paragraph">
-<p>Next, we need to configure NiFi to use this KeyTab for authentication.
Since ZooKeeper uses the Java Authentication and Authorization Service (JAAS),
we need to
-create a JAAS-compatible file. In the <code>$NIFI_HOME/conf/</code> directory,
create a file named <code>zookeeper-jaas.conf</code> and add to it the
following snippet:</p>
+<p>We will need to repeat the above steps for each of the instances of NiFi
that will be running the embedded ZooKeeper server, being sure to replace
<em>myHost.example.com</em> with
+<em>myHost2.example.com</em>, or whatever fully qualified hostname the
ZooKeeper server will be run on.</p>
+</div>
+<div class="paragraph">
+<p>Now that we have our KeyTab for each of the servers that will be running
NiFi, we will need to configure NiFiâs embedded ZooKeeper server to use this
configuration.
+ZooKeeper uses the Java Authentication and Authorization Service (JAAS), so we
need to create a JAAS-compatible file In the <code>$NIFI_HOME/conf/</code>
directory, create a file
+named <code>zookeeper-jaas.conf</code> (this file will already exist if the
Client has already been configured to authenticate via Kerberos. Thatâs okay,
just add to the file).
+We will add to this file, the following snippet:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>Client {
+<pre class="highlight"><code>Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
- keyTab="./conf/nifi.keytab"
+ keyTab="./conf/zookeeper-server.keytab"
storeKey=true
useTicketCache=false
- principal="[email protected]";
+ principal="zookeeper/[email protected]";
};</code></pre>
</div>
</div>
<div class="paragraph">
-<p>Finally, we need to tell NiFi to use this as our JAAS configuration. This
is done by setting a JVM System Property, so we will edit the
<em>conf/bootstrap.conf</em> file.
-We add the following line anywhere in this file in order to tell the NiFi JVM
to use this configuration:</p>
+<p>Be sure to replace the value of <em>principal</em> above with the
appropriate Principal, including the fully qualified domain name of the
server.</p>
+</div>
+<div class="paragraph">
+<p>Next, we need to tell NiFi to use this as our JAAS configuration. This is
done by setting a JVM System Property, so we will edit the
<code>conf/bootstrap.conf</code> file.
+If the Client has already been configured to use Kerberos, this is not
necessary, as it was done above. Otherwise, we will add the following line to
our <em>bootstrap.conf</em> file:</p>
</div>
<div class="listingblock">
<div class="content">
@@ -1998,91 +2051,95 @@ We add the following line anywhere in th
</div>
</div>
<div class="paragraph">
-<p>We can initialize our Kerberos ticket by running the following command:</p>
+<p>Note: this additional line in the file doesnât have to be number 15, it
just has to be added to the bootstrap.conf file, use whatever number is
appropriate for your configuration.</p>
+</div>
+<div class="paragraph">
+<p>We will want to initialize our Kerberos ticket by running the following
command:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>kinit nifi</code></pre>
+<pre class="highlight"><code>kinit âkt zookeeper-server.keytab
"zookeeper/[email protected]"</code></pre>
</div>
</div>
<div class="paragraph">
-<p>Note, the above <code>kinit</code> command requires that Kerberos client
libraries be installed. This is accomplished in Fedora-based Linux
distributions via:</p>
+<p>Again, be sure to replace the Principal with the appropriate value,
including your realm and your fully qualified hostname.</p>
+</div>
+<div class="paragraph">
+<p>Finally, we need to tell the Kerberos server to use the SASL Authentication
Provider. To do this, we edit the
<code>$NIFI_HOME/conf/zookeeper.properties</code> file and add the following
+lines:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>yum install krb5-workstation krb5-libs
krb5-auth-dialog</code></pre>
+<pre
class="highlight"><code>authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+jaasLoginRenew=3600000
+requireClientAuthScheme=sasl</code></pre>
</div>
</div>
<div class="paragraph">
-<p>Once this is complete, the /etc/krb5.conf will need to be configured
appropriately for your organization’s Kerberos envrionment.</p>
+<p>The last line is optional but specifies that clients MUST use Kerberos to
communicate with our ZooKeeper instance.</p>
</div>
<div class="paragraph">
-<p>Now, when we start NiFi, it will use Kerberos to authentication as the
<code>nifi</code> user when communicating with ZooKeeper.</p>
+<p>Now, we can start NiFi, and the embedded ZooKeeper server will use Kerberos
as the authentication mechanism.</p>
</div>
</div>
<div class="sect3">
-<h4 id="zk_kerberos_server"><a class="anchor"
href="#zk_kerberos_server"></a>Kerberizing Embedded ZooKeeper Server</h4>
+<h4 id="zk_kerberos_client"><a class="anchor"
href="#zk_kerberos_client"></a>Kerberizing NiFi’s ZooKeeper Client</h4>
<div class="paragraph">
-<p>When using the embedded ZooKeeper server, we may choose to secure the
server by using Kerberos. All nodes configured to launch an embedded ZooKeeper
-and using Kerberos should follow these steps.</p>
+<p>Note: The NiFi nodes running the embedded zookeeper server will also need
to follow the below procedure since they will also be acting as a client at
+the same time.</p>
</div>
<div class="paragraph">
-<p>If Kerberos is not already setup in your environment, you can find
information on installing and setting up a Kerberos Server at
-<a
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html";>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html</a>
-. This guide assumes that Kerberos already has been installed in the
environment in which NiFi is running.</p>
+<p>The preferred mechanism for authenticating users with ZooKeeper is to use
Kerberos. In order to use Kerberos to authenticate, we must configure a few
+system properties, so that the ZooKeeper client knows who the user is and
where the KeyTab file is. All nodes configured to store cluster-wide state
+using <code>ZooKeeperStateProvider</code> and using Kerberos should follow
these steps.</p>
</div>
<div class="paragraph">
-<p>In order to use Kerberos, we first need to generate a Kerberos Principal
for our ZooKeeper server. This is accomplished via the <code>kadmin</code>
tool:</p>
+<p>First, we must create the Principal that we will use when communicating
with ZooKeeper. This is generally done via the <code>kadmin</code> tool:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>kadmin: addprinc
"zookeeper/[email protected]"</code></pre>
+<pre class="highlight"><code>kadmin: addprinc "[email protected]"</code></pre>
</div>
</div>
<div class="paragraph">
-<p>Here, we are creating a Principal with the primary
<code>zookeeper/myHost.example.com</code>, using the realm
<code>EXAMPLE.COM</code>. We need to use a Principal whose
-name is <code><service name>/<instance name></code>. In this case,
the service is <code>zookeeper</code> and the instance name is
<code>myHost.example.com</code> (the fully qualified name of our host).</p>
+<p>A Kerberos Principal is made up of three parts: the primary, the instance,
and the realm. Here, we are creating a Principal with the primary
<code>nifi</code>,
+no instance, and the realm <code>EXAMPLE.COM</code>. The primary
(<code>nifi</code>, in this case) is the identifier that will be used to
identify the user when authenticating
+via Kerberos.</p>
</div>
<div class="paragraph">
-<p>Next, we will need to create a KeyTab for this Principal:</p>
+<p>After we have created our Principal, we will need to create a KeyTab for
the Principal:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>kadmin: xst -k zookeeper-server.keytab
zookeeper/[email protected]</code></pre>
+<pre class="highlight"><code>kadmin: xst -k nifi.keytab
[email protected]</code></pre>
</div>
</div>
<div class="paragraph">
-<p>This will create a file in the current directory named
<code>zookeeper-server.keytab</code>. We can now copy that file into the
<code>$NIFI_HOME/conf/</code> directory. We should ensure
-that only the user that will be running NiFi is allowed to read this file.</p>
+<p>This keytab file can be copied to the other NiFi nodes with embedded
zookeeper servers.</p>
</div>
<div class="paragraph">
-<p>We will need to repeat the above steps for each of the instances of NiFi
that will be running the embedded ZooKeeper server, being sure to replace
<em>myHost.example.com</em> with
-<em>myHost2.example.com</em>, or whatever fully qualified hostname the
ZooKeeper server will be run on.</p>
+<p>This will create a file in the current directory named
<code>nifi.keytab</code>. We can now copy that file into the
<em>$NIFI_HOME/conf/</em> directory. We should ensure
+that only the user that will be running NiFi is allowed to read this file.</p>
</div>
<div class="paragraph">
-<p>Now that we have our KeyTab for each of the servers that will be running
NiFi, we will need to configure NiFi’s embedded ZooKeeper server to use
this configuration.
-ZooKeeper uses the Java Authentication and Authorization Service (JAAS), so we
need to create a JAAS-compatible file In the <code>$NIFI_HOME/conf/</code>
directory, create a file
-named <code>zookeeper-jaas.conf</code> (this file will already exist if the
Client has already been configured to authenticate via Kerberos. That’s
okay, just add to the file).
-We will add to this file, the following snippet:</p>
+<p>Next, we need to configure NiFi to use this KeyTab for authentication.
Since ZooKeeper uses the Java Authentication and Authorization Service (JAAS),
we need to
+create a JAAS-compatible file. In the <code>$NIFI_HOME/conf/</code> directory,
create a file named <code>zookeeper-jaas.conf</code> and add to it the
following snippet:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre class="highlight"><code>Server {
+<pre class="highlight"><code>Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
- keyTab="./conf/zookeeper-server.keytab"
+ keyTab="./conf/nifi.keytab"
storeKey=true
useTicketCache=false
- principal="zookeeper/[email protected]";
+ principal="[email protected]";
};</code></pre>
</div>
</div>
<div class="paragraph">
-<p>Be sure to replace the value of <em>principal</em> above with the
appropriate Principal, including the fully qualified domain name of the
server.</p>
-</div>
-<div class="paragraph">
-<p>Next, we need to tell NiFi to use this as our JAAS configuration. This is
done by setting a JVM System Property, so we will edit the
<code>conf/bootstrap.conf</code> file.
-If the Client has already been configured to use Kerberos, this is not
necessary, as it was done above. Otherwise, we will add the following line to
our <em>bootstrap.conf</em> file:</p>
+<p>Finally, we need to tell NiFi to use this as our JAAS configuration. This
is done by setting a JVM System Property, so we will edit the
<em>conf/bootstrap.conf</em> file.
+We add the following line anywhere in this file in order to tell the NiFi JVM
to use this configuration:</p>
</div>
<div class="listingblock">
<div class="content">
@@ -2090,32 +2147,15 @@ If the Client has already been configure
</div>
</div>
<div class="paragraph">
-<p>We will want to initialize our Kerberos ticket by running the following
command:</p>
-</div>
-<div class="listingblock">
-<div class="content">
-<pre class="highlight"><code>kinit
"zookeeper/[email protected]"</code></pre>
-</div>
-</div>
-<div class="paragraph">
-<p>Again, be sure to replace the Principal with the appropriate value,
including your realm and your fully qualified hostname.</p>
-</div>
-<div class="paragraph">
-<p>Finally, we need to tell the Kerberos server to use the SASL Authentication
Provider. To do this, we edit the
<code>$NIFI_HOME/conf/zookeeper.properties</code> file and add the following
-lines:</p>
+<p>We can initialize our Kerberos ticket by running the following command:</p>
</div>
<div class="listingblock">
<div class="content">
-<pre
class="highlight"><code>authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-jaasLoginRenew=3600000
-requireClientAuthScheme=sasl</code></pre>
+<pre class="highlight"><code>kinit -kt nifi.keytab
[email protected]</code></pre>
</div>
</div>
<div class="paragraph">
-<p>The last line is optional but specifies that clients MUST use Kerberos to
communicate with our ZooKeeper instance.</p>
-</div>
-<div class="paragraph">
-<p>Now, we can start NiFi, and the embedded ZooKeeper server will use Kerberos
as the authentication mechanism.</p>
+<p>Now, when we start NiFi, it will use Kerberos to authentication as the
<code>nifi</code> user when communicating with ZooKeeper.</p>
</div>
</div>
<div class="sect3">
@@ -3290,7 +3330,7 @@ If multicast is used, the following nifi
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-docs/html/developer-guide.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/developer-guide.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/developer-guide.html (original)
+++ nifi/site/trunk/docs/nifi-docs/html/developer-guide.html Sat Feb 27
03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -3183,7 +3167,7 @@ worry about bothering us. Just ping the
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-docs/html/expression-language-guide.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/expression-language-guide.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/expression-language-guide.html
(original)
+++ nifi/site/trunk/docs/nifi-docs/html/expression-language-guide.html Sat Feb
27 03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -3191,7 +3175,7 @@ an embedded Expression, though it does n
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-docs/html/getting-started.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/getting-started.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/getting-started.html (original)
+++ nifi/site/trunk/docs/nifi-docs/html/getting-started.html Sat Feb 27
03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -1592,7 +1576,7 @@ work back to the Apache NiFi community s
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-docs/html/overview.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/overview.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/overview.html (original)
+++ nifi/site/trunk/docs/nifi-docs/html/overview.html Sat Feb 27 03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -891,7 +875,7 @@ about loading, and to exchange data on s
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-docs/html/user-guide.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/user-guide.html?rev=1732598&r1=1732597&r2=1732598&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-docs/html/user-guide.html (original)
+++ nifi/site/trunk/docs/nifi-docs/html/user-guide.html Sat Feb 27 03:24:12 2016
@@ -1,20 +1,4 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under
one or more
- contributor license agreements. See the NOTICE file
distributed with
- this work for additional information regarding
copyright ownership.
- The ASF licenses this file to You under the Apache
License, Version 2.0
- (the "License"); you may not use this file except in
compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in
writing, software
- distributed under the License is distributed on an "AS
IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
- See the License for the specific language governing
permissions and
- limitations under the License.
- -->
- <!DOCTYPE html>
+<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
@@ -2770,7 +2754,7 @@ lineage graph and select "Find parents"
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2016-02-16 10:19:45 EST
+Last updated 2016-02-23 18:48:07 EST
</div>
</div>
</body>
