Author: bbende
Date: Tue May 21 16:47:35 2019
New Revision: 1859662
URL: http://svn.apache.org/viewvc?rev=1859662&view=rev
Log:
NIFIREG-272
Added:
nifi/site/trunk/docs/nifi-registry-docs/html/rest-api.html
nifi/site/trunk/docs/nifi-registry-docs/images/registry-favicon.png (with
props)
nifi/site/trunk/docs/nifi-registry-docs/rest-api/rest-api.html
Modified:
nifi/site/trunk/docs/nifi-registry-docs/css/component-usage.css
nifi/site/trunk/docs/nifi-registry-docs/html/administration-guide.html
nifi/site/trunk/docs/nifi-registry-docs/html/getting-started.html
nifi/site/trunk/docs/nifi-registry-docs/html/user-guide.html
nifi/site/trunk/docs/nifi-registry-docs/index.html
Modified: nifi/site/trunk/docs/nifi-registry-docs/css/component-usage.css
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-registry-docs/css/component-usage.css?rev=1859662&r1=1859661&r2=1859662&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-registry-docs/css/component-usage.css (original)
+++ nifi/site/trunk/docs/nifi-registry-docs/css/component-usage.css Tue May 21
16:47:35 2019
@@ -26,6 +26,7 @@ body {
margin: 0 auto;
display: block;
font-family: "Open Sans","DejaVu Sans",sans-serif;
+ padding-left: 20px;
}
.title {
@@ -113,14 +114,22 @@ table tr:last-child td:last-child {
border-bottom-right-radius:3px;
}
-td#allowable-values, td#default-value, td#name, td#value {
+td#default-value, td#name, td#value {
max-width: 200px;
}
+td#allowable-values {
+ max-width: 300px;
+}
+
td#description {
vertical-align: middle;
}
+td#bundle-info {
+ max-width: 50px;
+}
+
/* links */
a, a:link, a:visited {
@@ -180,4 +189,4 @@ pre {
color: #555;
margin-bottom: 10px;
padding: 5px 8px;
-}
\ No newline at end of file
+}
Modified: nifi/site/trunk/docs/nifi-registry-docs/html/administration-guide.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-registry-docs/html/administration-guide.html?rev=1859662&r1=1859661&r2=1859662&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-registry-docs/html/administration-guide.html
(original)
+++ nifi/site/trunk/docs/nifi-registry-docs/html/administration-guide.html Tue
May 21 16:47:35 2019
@@ -468,6 +468,7 @@ body.book #toc,body.book #preamble,body.
<ul class="sectlevel2">
<li><a href="administration-guide.html#authorizer-configuration">Authorizer
Configuration</a></li>
<li><a href="administration-guide.html#authorizers-setup">Authorizers.xml
Setup</a></li>
+<li><a href="administration-guide.html#access-policies">Access
Policies</a></li>
</ul>
</li>
<li><a
href="administration-guide.html#encrypted-passwords-in-configuration-files">Encrypted
Passwords in Configuration Files</a>
@@ -487,18 +488,23 @@ body.book #toc,body.book #preamble,body.
<ul class="sectlevel2">
<li><a href="administration-guide.html#web-properties">Web Properties</a></li>
<li><a href="administration-guide.html#security-properties">Security
Properties</a></li>
+<li><a href="administration-guide.html#identity-mapping-properties">Identity
Mapping Properties</a></li>
<li><a href="administration-guide.html#providers-properties">Providers
Properties</a></li>
+<li><a href="administration-guide.html#alias-properties">Alias
Properties</a></li>
<li><a href="administration-guide.html#database-properties">Database
Properties</a></li>
<li><a href="administration-guide.html#extension-directories">Extension
Directories</a></li>
<li><a href="administration-guide.html#kerberos_properties">Kerberos
Properties</a></li>
</ul>
</li>
+<li><a href="administration-guide.html#metadata-database">Metadata
Database</a></li>
+<li><a href="administration-guide.html#h2">H2</a></li>
+<li><a href="administration-guide.html#postgres">Postgres</a></li>
+<li><a href="administration-guide.html#mysql">MySQL</a></li>
+<li><a href="administration-guide.html#schema-differences-limitations">Schema
Differences & Limitations</a></li>
<li><a href="administration-guide.html#persistence-providers">Persistence
Providers</a>
<ul class="sectlevel2">
-<li><a
href="administration-guide.html#filesystemflowpersistenceprovider">FileSystemFlowPersistenceProvider</a></li>
-<li><a
href="administration-guide.html#gitflowpersistenceprovider">GitFlowPersistenceProvider</a></li>
-<li><a
href="administration-guide.html#switching-from-other-persistence-provider">Switching
from other Persistence Provider</a></li>
-<li><a
href="administration-guide.html#data-model-version-of-serialized-flow-snapshots">Data
model version of serialized Flow snapshots</a></li>
+<li><a href="administration-guide.html#flow-persistence-providers">Flow
Persistence Providers</a></li>
+<li><a href="administration-guide.html#bundle-persistence-providers">Bundle
Persistence Providers</a></li>
</ul>
</li>
<li><a href="administration-guide.html#event-hooks">Event Hooks</a>
@@ -508,6 +514,15 @@ body.book #toc,body.book #preamble,body.
<li><a
href="administration-guide.html#loggingeventhookprovider">LoggingEventHookProvider</a></li>
</ul>
</li>
+<li><a href="administration-guide.html#url-aliasing">URL Aliasing</a></li>
+<li><a href="administration-guide.html#backup-recovery">Backup &
Recovery</a>
+<ul class="sectlevel2">
+<li><a href="administration-guide.html#metadata-database-2">Metadata
Database</a></li>
+<li><a href="administration-guide.html#persistence-providers-2">Persistence
Providers</a></li>
+<li><a href="administration-guide.html#bundle-persistence">Bundle
Persistence</a></li>
+<li><a href="administration-guide.html#configuration-files">Configuration
Files</a></li>
+</ul>
+</li>
</ul>
</div>
</div>
@@ -1665,6 +1680,131 @@ from an attribute in a LDAP entry based
</div>
</div>
</div>
+<div class="sect2">
+<h3 id="access-policies"><a class="anchor"
href="administration-guide.html#access-policies"></a>Access Policies</h3>
+<div class="paragraph">
+<p>You can manage the ability for users and groups to view or modify NiFi
Registry resources using 'access policies'. Access policies can be created to
control access to buckets, as well as to grant special privileges to users for
managing a NiFi Registry instance.</p>
+</div>
+<div class="sect3">
+<h4 id="bucket-policies"><a class="anchor"
href="administration-guide.html#bucket-policies"></a>Bucket Policies</h4>
+<div class="paragraph">
+<p>Bucket policies govern the following bucket level authorizations:</p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 33%;">
+<col style="width: 33%;">
+<col style="width: 33%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Policy</th>
+<th class="tableblock halign-left valign-top">Privilege</th>
+<th class="tableblock halign-left valign-top">Resource Descriptor</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Read
Bucket</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to read items in the bucket</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets/<bucket-UUID>"
action="R"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Write
Bucket</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to write items to the bucket</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets/<bucket-UUID>"
action="W"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Delete
Bucket</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to delete the bucket</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets/<bucket-UUID>"
action="D"</code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="sect3">
+<h4 id="special-privilege-policies"><a class="anchor"
href="administration-guide.html#special-privilege-policies"></a>Special
Privilege Policies</h4>
+<div class="paragraph">
+<p>Special privilege policies govern the following system level
authorizations:</p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 33%;">
+<col style="width: 33%;">
+<col style="width: 33%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Policy</th>
+<th class="tableblock halign-left valign-top">Privilege</th>
+<th class="tableblock halign-left valign-top">Resource Descriptor</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Buckets (Read)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to read from all buckets</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets" action="R"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Buckets (Write)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to write to all buckets</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets" action="W"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Buckets (Delete)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to delete all buckets</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/buckets" action="D"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Users (Read)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to view users</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/tenants" action="R"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Users (Write)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to create and modify users</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/tenants" action="W"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Users (Delete)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to delete users</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/tenants" action="D"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Policies (Read)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to view policies</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/policies" action="R"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Policies (Write)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to create and modify policies</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/policies" action="W"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Manage
Policies (Delete)</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to delete policies</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/policies" action="D"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Can Proxy
Requests</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to proxy requests</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/proxy" action="W"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">View
Swagger</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to access the self-hosted Swagger UI</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/swagger" action="R"</code></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">View
Actuator</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Allows
users to access the Spring Boot Actuator end-points</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>resource="/actuator" action="R"</code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
</div>
</div>
<div class="sect1">
@@ -2180,6 +2320,65 @@ Values for periods of time and data size
</table>
</div>
<div class="sect2">
+<h3 id="identity-mapping-properties"><a class="anchor"
href="administration-guide.html#identity-mapping-properties"></a>Identity
Mapping Properties</h3>
+<div class="paragraph">
+<p>These properties can be utilized to normalize user identities. When
implemented, identities authenticated by different identity providers
(certificates, LDAP, Kerberos) are treated the same internally in NiFi
Registry. As a result, duplicate users are avoided and user-specific
configurations such as authorizations only need to be setup once per user.</p>
+</div>
+<div class="paragraph">
+<p>The following examples demonstrate normalizing DNs from certificates and
principals from Kerberos:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?),
O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
+nifi.registry.security.identity.mapping.value.dn=$1@$2
+nifi.registry.security.identity.mapping.transform.dn=NONE
+nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
+nifi.registry.security.identity.mapping.value.kerb=$1@$2
+nifi.registry.security.identity.mapping.transform.kerb=NONE</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>The last segment of each property is an identifier used to associate the
pattern with the replacement value. When a user makes a request to NiFi
Registry, their identity is checked to see if it matches each of those patterns
in lexicographical order. For the first one that matches, the replacement
specified in the
<code>nifi.registry.security.identity.mapping.value.xxxx</code> property is
used. So a login with <code>CN=localhost, OU=Apache NiFi, O=Apache, L=Santa
Monica, ST=CA, C=US</code> matches the DN mapping pattern above and the DN
mapping value <code>$1@$2</code> is applied. The user is normalized to
<code>localhost@Apache NiFi</code>.</p>
+</div>
+<div class="paragraph">
+<p>In addition to mapping, a transform may be applied. The supported versions
are <code>NONE</code> (no transform applied), <code>LOWER</code> (identity
lowercased), and <code>UPPER</code> (identity uppercased). If not specified,
the default value is <code>NONE</code>.</p>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+These mappings are also applied to the "Initial Admin Identity" in the
<em>authorizers.xml</em> file, as well as users imported from LDAP (See <a
href="administration-guide.html#authorizers-setup">Authorizers.xml Setup</a>).
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>Group names can also be mapped. The following example will accept the
existing group name but will lowercase it. This may be helpful when used in
conjunction with an external authorizer.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
+nifi.registry.security.group.mapping.value.anygroup=$1
+nifi.registry.security.group.mapping.transform.anygroup=LOWER</pre>
+</div>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+These mappings are applied to groups imported from LDAP.
+</td>
+</tr>
+</table>
+</div>
+</div>
+<div class="sect2">
<h3 id="providers-properties"><a class="anchor"
href="administration-guide.html#providers-properties"></a>Providers
Properties</h3>
<div class="paragraph">
<p>These properties pertain to flow persistence providers. NiFi Registry uses
a pluggable flow persistence provider to store the
@@ -2203,6 +2402,28 @@ content of the flows saved to the regist
</table>
</div>
<div class="sect2">
+<h3 id="alias-properties"><a class="anchor"
href="administration-guide.html#alias-properties"></a>Alias Properties</h3>
+<div class="paragraph">
+<p>These properties pertain to the support for URL aliasing. For further
details, refer to <a href="administration-guide.html#url-aliasing">URL
Aliasing</a>.</p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 50%;">
+<col style="width: 50%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Property</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Description</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.registry.alias.configuration.file</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">This is
the location of the file where URL aliases are configured. The default value is
<code>./conf/registry-aliases.xml</code>.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="sect2">
<h3 id="database-properties"><a class="anchor"
href="administration-guide.html#database-properties"></a>Database
Properties</h3>
<div class="paragraph">
<p>These properties define the settings for the Registry database, which keeps
track of metadata about buckets and all items stored in buckets.</p>
@@ -2257,15 +2478,15 @@ is configured via the following properti
<td class="tableblock halign-left valign-top"><p class="tableblock">An
optional directory containing one or more JARs to add to the classpath. If not
specified, it is assumed that the driver JAR is already on the classpath by
copying it to the <code>lib</code> directory. The H2 driver is bundled with
Registry so it is not necessary to do anything for the default case.</p></td>
</tr>
<tr>
-<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.driver.username</code></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.username</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The
username for the database. The default value is <code>nifireg</code>.</p></td>
</tr>
<tr>
-<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.driver.password</code></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.password</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The
password for the database. The default value is <code>nifireg</code>.</p></td>
</tr>
<tr>
-<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.driver.maxConnections</code></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>nifi.registry.db.maxConnections</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The max
number of connections for the connection pool. The default value is
<code>5</code>.</p></td>
</tr>
<tr>
@@ -2364,35 +2585,283 @@ providing 2 total locations, including <
</div>
</div>
<div class="sect1">
+<h2 id="metadata-database"><a class="anchor"
href="administration-guide.html#metadata-database"></a>Metadata Database</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>The metadata database maintains the knowledge of which buckets exist, which
versioned items belong to which buckets, as well as the version history for
each item.</p>
+</div>
+<div class="paragraph">
+<p>Currently, NiFi Registry supports using H2, Postgres 9.x, and MySQL (5.6,
5.7, 8.0) for the relational database engine.</p>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+NiFi Registry 0.1.0 only supports H2.
+</td>
+</tr>
+</table>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="h2"><a class="anchor" href="administration-guide.html#h2"></a>H2</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>H2 is an embedded database that is pre-configured in the default
<em>nifi-registry.properties</em> file. The contents of the H2 database are
stored in a file on the local filesystem.</p>
+</div>
+<div class="paragraph">
+<p>For NiFi Registry 0.1.0, the location of the H2 database is specified by
the property:</p>
+</div>
+<div class="paragraph">
+<p><code>nifi.registry.db.directory=./database</code></p>
+</div>
+<div class="paragraph">
+<p>For NiFi Registry 0.2.0 and forward, the location of the H2 database is
specified as part of the JDBC URL property:</p>
+</div>
+<div class="paragraph">
+<p><code>nifi.registry.db.url=jdbc:h2:./database/nifi-registry-primary;</code></p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="postgres"><a class="anchor"
href="administration-guide.html#postgres"></a>Postgres</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Postgres provides the option to use an externally located database that
also supports high availability.</p>
+</div>
+<div class="paragraph">
+<p>The following steps are required to use Postgres:</p>
+</div>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>Download the Postgres JDBC driver and place it somewhere accessible to NiFi
Registry</p>
+<div class="literalblock">
+<div class="content">
+<pre>/path/to/drivers/postgresql-42.2.2.jar</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Create a database inside Postgres</p>
+<div class="literalblock">
+<div class="content">
+<pre>createdb nifireg</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Create a database user and grant privileges</p>
+<div class="literalblock">
+<div class="content">
+<pre>psql nifireg
+CREATE USER nifireg WITH PASSWORD 'changeme';
+GRANT ALL PRIVILEGES ON DATABASE nifireg to nifireg;
+\q</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Configure the database properties in <em>nifi-registry.properties</em></p>
+<div class="literalblock">
+<div class="content">
+<pre>nifi.registry.db.url=jdbc:postgresql://<POSTGRES-HOSTNAME>/nifireg
+nifi.registry.db.driver.class=org.postgresql.Driver
+nifi.registry.db.driver.directory=/path/to/drivers
+nifi.registry.db.username=nifireg
+nifi.registry.db.password=changeme</pre>
+</div>
+</div>
+</li>
+</ol>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="mysql"><a class="anchor"
href="administration-guide.html#mysql"></a>MySQL</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>MySQL also provides the option to use an externally located database that
also supports high availability.</p>
+</div>
+<div class="paragraph">
+<p>The following steps are required to use MySQL:</p>
+</div>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>Download the MySQL JDBC driver and place it somewhere accessible to NiFi
Registry</p>
+<div class="literalblock">
+<div class="content">
+<pre>/path/to/drivers/mysql-connector-java-8.0.16.jar</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Create a database inside MySQL (enter mysql shell using <code>mysql -u root
-p</code></p>
+<div class="literalblock">
+<div class="content">
+<pre>CREATE DATABASE nifi_registry;</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Create a database user and grant privileges (for remote users, use
<code>nifireg'@'<IP-ADDRESS></code>, or <code>nifireg'@'%</code> for any
remote host)</p>
+<div class="literalblock">
+<div class="content">
+<pre>GRANT ALL PRIVILEGES ON nifi_registry.* TO 'nifireg'@'localhost'
IDENTIFIED BY 'changeme';</pre>
+</div>
+</div>
+</li>
+<li>
+<p>Configure the database properties in <em>nifi-registry.properties</em></p>
+<div class="literalblock">
+<div class="content">
+<pre>nifi.registry.db.url=jdbc:mysql://<MYSQL-HOSTNAME>/nifi_registry
+nifi.registry.db.driver.class=com.mysql.cj.jdbc.Driver
+nifi.registry.db.driver.directory=/path/to/drivers
+nifi.registry.db.username=nifireg
+nifi.registry.db.password=changeme</pre>
+</div>
+</div>
+</li>
+</ol>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="schema-differences-limitations"><a class="anchor"
href="administration-guide.html#schema-differences-limitations"></a>Schema
Differences & Limitations</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Due to differences across database implementations, there are two versions
of the schema for NiFi Registry’s metadata database. The original version
supports H2 and Postgres, and a second versions supports MySQL.</p>
+</div>
+<div class="paragraph">
+<p>MySQL has limitations on the maximum size of text columns that are part of
an index, or unique key. This means the maximum length of some columns is
significantly less when using MySQL vs. H2/Postgres.</p>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+If choosing to use MySQL it is important to understand these limitations and
accept them.
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>The following tables summarizes the schema differences in column
lengths:</p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 33%;">
+<col style="width: 33%;">
+<col style="width: 33%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Table.Column</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>H2/Postgres</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>MySQL</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUCKET.NAME</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">1000</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">767</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">FLOW_SNAPSHOT.CREATED_BY</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">4096</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">767</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">SIGNING_KEY.TENANT_IDENTITY</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">4096</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">767</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE.GROUP_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE.ARTIFACT_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE_VERSION.CREATED_BY</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">4096</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">767</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE_VERSION.BUILT_BY</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">4096</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">767</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE_VERSION_DEPENDENCY.GROUP_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">BUNDLE_VERSION_DEPENDENCY.ARTIFACT_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">EXTENSION_PROVIDED_SERVICE_API.CLASS_NAME</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">EXTENSION_PROVIDED_SERVICE_API.GROUP_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">EXTENSION_PROVIDED_SERVICE_API.ARTIFACT_ID</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">500</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">200</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<div class="sect1">
<h2 id="persistence-providers"><a class="anchor"
href="administration-guide.html#persistence-providers"></a>Persistence
Providers</h2>
<div class="sectionbody">
<div class="paragraph">
-<p>NiFi Registry uses a pluggable flow persistence provider to store the
content of the flows saved to the registry. NiFi Registry provides <code><a
href="administration-guide.html#filesystemflowpersistenceprovider">FileSystemFlowPersistenceProvider</a></code>
and <code><a
href="administration-guide.html#gitflowpersistenceprovider">GitFlowPersistenceProvider</a></code>.</p>
+<p>NiFi Registry uses a pluggable persistence provider to store the content of
each versioned item. Each type of versioned item, such as a versioned flow or
extension bundle, has its own persistence provider.</p>
</div>
<div class="paragraph">
-<p>Each persistence provider has its own configuration parameters, those can
be configured in a XML file specified in <em><a
href="administration-guide.html#providers-properties">nifi-registry.properties</a></em>.</p>
+<p>Each persistence provider has its own configuration parameters, which can
be configured in an XML file specified in <em><a
href="administration-guide.html#providers-properties">nifi-registry.properties</a></em>.</p>
+</div>
+<div class="sect2">
+<h3 id="flow-persistence-providers"><a class="anchor"
href="administration-guide.html#flow-persistence-providers"></a>Flow
Persistence Providers</h3>
+<div class="paragraph">
+<p>The flow persistence provider stores the content of the flows saved to the
registry. NiFi Registry provides <code><a
href="administration-guide.html#filesystemflowpersistenceprovider">FileSystemFlowPersistenceProvider</a></code>
and <code><a
href="administration-guide.html#gitflowpersistenceprovider">GitFlowPersistenceProvider</a></code>.</p>
</div>
<div class="paragraph">
<p>The XML configuration file looks like below. It has a
<code>flowPersistenceProvider</code> element in which qualified class name of a
persistence provider implementation and its configuration properties are
defined. See following sections for available configurations for each
provider.</p>
</div>
<div class="listingblock">
-<div class="title">Example providers.xml</div>
+<div class="title">Example flow persistence provider in providers.xml</div>
<div class="content">
-<pre class="highlight"><code class="language-xml" data-lang="xml"><?xml
version="1.0" encoding="UTF-8" standalone="yes"?>
-<providers>
-
- <flowPersistenceProvider>
- <class>persistence-provider-qualified-class-name</class>
- <property name="property-1">property-value-1</property>
- <property name="property-2">property-value-2</property>
- <property name="property-n">property-value-n</property>
- </flowPersistenceProvider>
-
-</providers></code></pre>
+<pre class="highlight"><code class="language-xml"
data-lang="xml"><flowPersistenceProvider>
+ <class>persistence-provider-qualified-class-name</class>
+ <property name="property-1">property-value-1</property>
+ <property name="property-2">property-value-2</property>
+ <property name="property-n">property-value-n</property>
+</flowPersistenceProvider></code></pre>
</div>
</div>
-<div class="sect2">
-<h3 id="filesystemflowpersistenceprovider"><a class="anchor"
href="administration-guide.html#filesystemflowpersistenceprovider"></a>FileSystemFlowPersistenceProvider</h3>
+<div class="sect3">
+<h4 id="filesystemflowpersistenceprovider"><a class="anchor"
href="administration-guide.html#filesystemflowpersistenceprovider"></a>FileSystemFlowPersistenceProvider</h4>
<div class="paragraph">
<p>FileSystemFlowPersistenceProvider simply stores serialized Flow contents
into <code>{bucket-id}/{flow-id}/{version}</code> directories.</p>
</div>
@@ -2431,8 +2900,8 @@ providing 2 total locations, including <
</tbody>
</table>
</div>
-<div class="sect2">
-<h3 id="gitflowpersistenceprovider"><a class="anchor"
href="administration-guide.html#gitflowpersistenceprovider"></a>GitFlowPersistenceProvider</h3>
+<div class="sect3">
+<h4 id="gitflowpersistenceprovider"><a class="anchor"
href="administration-guide.html#gitflowpersistenceprovider"></a>GitFlowPersistenceProvider</h4>
<div class="paragraph">
<p><code>GitFlowPersistenceProvider</code> stores flow contents under a Git
directory.</p>
</div>
@@ -2488,21 +2957,21 @@ flows:
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Remote To Push</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">When a new
flow snapshot is created, this persistence provider updated files in the
specified Git directory, then create a commit to the local repository. If
<code>Remote To Push</code> is defined, it also pushes to the specified remote
repository. E.g. <code>origin</code>. To define more detailed remote spec such
as branch names, use <code>Refspec</code>. See
-<a href="https://git-scm.com/book/en/v2/Git-Internals-The-Refspec";
target="_blank">https://git-scm.com/book/en/v2/Git-Internals-The-Refspec</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">When a new
flow snapshot is created, this persistence provider updates files in the
specified Git directory, then creates a commit to the local repository. If
<code>Remote To Push</code> is defined, it also pushes to the specified remote
repository (e.g. <code>origin</code>). To define more detailed remote spec such
as branch names, use <code>Refspec</code> (see
+<a href="https://git-scm.com/book/en/v2/Git-Internals-The-Refspec";
target="_blank">https://git-scm.com/book/en/v2/Git-Internals-The-Refspec</a>).</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Remote Access User</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">This user
name is used to make push requests to the remote repository when <code>Remote
To Push</code> is enabled, and the remote repository is accessed by HTTP
protocol. If SSH is used, user authentication is done with SSH keys.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">This
username is used to make push requests to the remote repository when
<code>Remote To Push</code> is enabled, and the remote repository is accessed
by HTTP protocol. If SSH is used, user authentication is done with SSH
keys.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Remote Access Password</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Used with
<code>Remote Access User</code>.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The
password for the <code>Remote Access User</code>.</p></td>
</tr>
</tbody>
</table>
-<div class="sect3">
-<h4 id="initialize-git-directory"><a class="anchor"
href="administration-guide.html#initialize-git-directory"></a>Initialize Git
directory</h4>
+<div class="sect4">
+<h5 id="initialize-git-directory"><a class="anchor"
href="administration-guide.html#initialize-git-directory"></a>Initialize Git
directory</h5>
<div class="paragraph">
<p>In order to use <code>GitFlowPersistenceRepository</code>, you need to
prepare a Git directory on the local file system. You can do so by initializing
a directory with <code>git init</code> command, or clone an existing Git
project from a remote Git repository by <code>git clone</code> command.</p>
</div>
@@ -2519,8 +2988,8 @@ flows:
</ul>
</div>
</div>
-<div class="sect3">
-<h4 id="git-user-configuration"><a class="anchor"
href="administration-guide.html#git-user-configuration"></a>Git user
configuration</h4>
+<div class="sect4">
+<h5 id="git-user-configuration"><a class="anchor"
href="administration-guide.html#git-user-configuration"></a>Git user
configuration</h5>
<div class="paragraph">
<p>This persistence provider uses preconfigured Git user name and user email
address when it creates Git commits. NiFi Registry user name is added to commit
messages.</p>
</div>
@@ -2548,8 +3017,8 @@ Date: Tue May 8 14:30:31 2018 +0900
</ul>
</div>
</div>
-<div class="sect3">
-<h4 id="git-user-authentication"><a class="anchor"
href="administration-guide.html#git-user-authentication"></a>Git user
authentication</h4>
+<div class="sect4">
+<h5 id="git-user-authentication"><a class="anchor"
href="administration-guide.html#git-user-authentication"></a>Git user
authentication</h5>
<div class="paragraph">
<p>By default, this persistence repository only create commits to local
repository. No user authentication is needed to do so. However, if 'Commit To
Push' is enabled, user authentication to the remote Git repository is
required.</p>
</div>
@@ -2577,10 +3046,10 @@ Host bitbucket.org
</div>
</div>
</div>
-<div class="sect2">
-<h3 id="switching-from-other-persistence-provider"><a class="anchor"
href="administration-guide.html#switching-from-other-persistence-provider"></a>Switching
from other Persistence Provider</h3>
+<div class="sect3">
+<h4 id="switching-from-other-flow-persistence-provider"><a class="anchor"
href="administration-guide.html#switching-from-other-flow-persistence-provider"></a>Switching
from other Flow Persistence Provider</h4>
<div class="paragraph">
-<p>In order to switch the Persistence Provider to use, it is necessary to
reset NiFi Registry.
+<p>In order to switch the Flow Persistence Provider, it is necessary to reset
NiFi Registry.
For example, to switch from <code>FileSystemFlowPersistenceProvider</code> to
<code>GitFlowPersistenceProvider</code>, follow these steps:</p>
</div>
<div class="olist arabic">
@@ -2609,8 +3078,8 @@ For example, to switch from <code>FileSy
</ol>
</div>
</div>
-<div class="sect2">
-<h3 id="data-model-version-of-serialized-flow-snapshots"><a class="anchor"
href="administration-guide.html#data-model-version-of-serialized-flow-snapshots"></a>Data
model version of serialized Flow snapshots</h3>
+<div class="sect3">
+<h4 id="data-model-version-of-serialized-flow-snapshots"><a class="anchor"
href="administration-guide.html#data-model-version-of-serialized-flow-snapshots"></a>Data
model version of serialized Flow snapshots</h4>
<div class="paragraph">
<p>Serialized Flow snapshots saved by these persistence providers have
versions, so that the data format and schema can evolve over time. Data model
version update is done automatically by NiFi Registry when it reads and stores
each Flow content.</p>
</div>
@@ -2643,6 +3112,147 @@ For example, to switch from <code>FileSy
</table>
</div>
</div>
+<div class="sect2">
+<h3 id="bundle-persistence-providers"><a class="anchor"
href="administration-guide.html#bundle-persistence-providers"></a>Bundle
Persistence Providers</h3>
+<div class="paragraph">
+<p>The bundle persistence provider stores the content of extension bundles
saved to the registry. NiFi Registry provides <code><a
href="administration-guide.html#filesystembundlepersistenceprovider">FileSystemBundlePersistenceProvider</a></code>
and <code><a
href="administration-guide.html#s3bundlepersistenceprovider">S3BundlePersistenceProvider</a></code>.</p>
+</div>
+<div class="paragraph">
+<p>The XML configuration file looks like below. It has a
<code>extensionBundlePersistenceProvider</code> element in which the qualified
class name of a persistence provider implementation and its configuration
properties are defined. See following sections for available configurations for
each provider.</p>
+</div>
+<div class="listingblock">
+<div class="title">Example extension bundle persistence provider in
providers.xml</div>
+<div class="content">
+<pre class="highlight"><code class="language-xml"
data-lang="xml"><extensionBundlePersistenceProvider>
+ <class>persistence-provider-qualified-class-name</class>
+ <property name="property-1">property-value-1</property>
+ <property name="property-2">property-value-2</property>
+ <property name="property-n">property-value-n</property>
+</extensionBundlePersistenceProvider></code></pre>
+</div>
+</div>
+<div class="sect3">
+<h4 id="filesystembundlepersistenceprovider"><a class="anchor"
href="administration-guide.html#filesystembundlepersistenceprovider"></a>FileSystemBundlePersistenceProvider</h4>
+<div class="paragraph">
+<p>The <code>FileSystemBundlePersistenceProvider</code> stores the content of
extension bundles on the local file system. The bundles are organized in
directories according to bucket id, group, artifact, and version.</p>
+</div>
+<div class="paragraph">
+<p>Example of persisted extension bundles:</p>
+</div>
+<div class="literalblock">
+<div class="content">
+<pre>Extension Bundle Storage Directory/
+âââ {bucket-id}/
+ âââ {group-id}/
+ âââ {artifact-id}
+ âââ {version}/{artifact-id}-{version}.{extension}
+âââ d1beba88-32e9-45d1-bfe9-057cc41f7ce8/
+ âââ org.apache.nifi
+ âââ nifi-example-nar
+ âââ 1.0.0/nifi-example-nar-1.0.0.nar
+ âââ 2.0.0/nifi-example-nar-2.0.0.nar</pre>
+</div>
+</div>
+<div class="sect4">
+<h5 id="configuration"><a class="anchor"
href="administration-guide.html#configuration"></a>Configuration</h5>
+<div class="paragraph">
+<p>Qualified class name:
<code>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</code></p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 50%;">
+<col style="width: 50%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Property</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Description</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Extension Bundle Storage Directory</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">REQUIRED:
File system path for a directory where extension bundle contents files are
persisted to. If the directory does not exist when NiFi Registry starts, it
will be created. If the directory exists, it must be readable and writable from
NiFi Registry.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<div class="sect3">
+<h4 id="s3bundlepersistenceprovider"><a class="anchor"
href="administration-guide.html#s3bundlepersistenceprovider"></a>S3BundlePersistenceProvider</h4>
+<div class="paragraph">
+<p>The <code>S3BundlePersistenceProvider</code> stores the content of
extension bundles in a AWS S3 bucket. The bucket is expected to already exist
and be accessible to the credentials provided to the persistence providcer.</p>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+This provider must be added to the classpath by specifying a custom extension
directory in <em>nifi-registry.properties</em>, such as
<code>nifi.registry.extension.dir.aws=./ext/aws/lib</code>, where
<code>./ext/aws/</code> contains the contents of the extracted
<em>nifi-registry-aws-assembly-<version>-bin.zip</em>.
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>The key of an extension bundle in the S3 bucket will be the following:</p>
+</div>
+<div class="literalblock">
+<div class="content">
+<pre>/{registry-bucket-id}/{group-id}/{artifact-id}/{version}/{artifact-id}-{version}.{extension}</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>If an optional Key Prefix is specified, then that prefix will be applied to
the beginning of the above key.</p>
+</div>
+<div class="sect4">
+<h5 id="configuration-2"><a class="anchor"
href="administration-guide.html#configuration-2"></a>Configuration</h5>
+<div class="paragraph">
+<p>Qualified class name:
<code>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</code></p>
+</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 50%;">
+<col style="width: 50%;">
+</colgroup>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Property</strong></p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><strong>Description</strong></p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Region</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">REQUIRED:
The name of the S3 region where the bucket exists.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Bucket Name</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">REQUIRED:
The name of an existing bucket to store extension bundles.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Key
Prefix</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">An
optional prefix that if specified will be added to the beginning of all S3
keys.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Credentials Provider</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">REQUIRED:
Indicates how credentials will be provided, must be a value of
<code>DEFAULT_CHAIN</code> or <code>STATIC</code>. <code>DEFAULT_CHAIN</code>
will consider in order: Java system properties, environment variables,
credential profiles (<code>~/.aws/credentials</code>). <code>STATIC</code>
requires that <code>Access Key</code> and <code>Secret Access Key</code> be
specified directly in this file.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Access Key</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The access
key to use when using <code>STATIC</code> credentials provider.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Secret Access Key</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The secret
access key to use when using <code>STATIC</code> credentials provider.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Endpoint URL</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">An
optional URL that overrides the default AWS S3 endpoint URL. Set this when
using an AWS S3 API compatible service hosted at a different URL.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+</div>
+</div>
</div>
<div class="sect1">
<h2 id="event-hooks"><a class="anchor"
href="administration-guide.html#event-hooks"></a>Event Hooks</h2>
@@ -2718,8 +3328,8 @@ their purpose are listed below.</p>
<tfoot>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>Whitelisted Event Type</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">EventTypes
the hook provider configured with this property should respond to. If this
property is left blank or not provided all events will fire for the configured
hook provider. Multiple 'Whitelisted Event Type' can be specified and often are.
-EX: <property name="Whitelisted Event Type
1">CREATE_FLOW</property> and <property name="Whitelisted Event
Type 2">UPDATE_FLOW</property> would invoke the configured hook
provider for the CREATE_FLOW and UPDATE_FLOW EventTypes.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Event
types the hook provider configured with this property should respond to. If
this property is left blank or not provided, all events will fire for the
configured hook provider. Multiple <code>Whitelisted Event Type</code> can be
specified and often are. For example,
+<code><property name="Whitelisted Event Type
1">CREATE_FLOW</property></code> and <code><property
name="Whitelisted Event Type 2">UPDATE_FLOW</property></code> would
invoke the configured hook provider for the <code>CREATE_FLOW</code> and
<code>UPDATE_FLOW</code> event types.</p></td>
</tr>
</tfoot>
</table>
@@ -2727,7 +3337,7 @@ EX: <property name="Whitelisted Event
<div class="sect2">
<h3 id="scripteventhookprovider"><a class="anchor"
href="administration-guide.html#scripteventhookprovider"></a>ScriptEventHookProvider</h3>
<div class="paragraph">
-<p>Hook provider for invoking a shell script that has been written by a user
and placed on a file system that is accessible
+<p>The <code>ScriptEventHookProvider</code> invokes a shell script that has
been written by a user and placed on a file system that is accessible
by the NiFi Registry instance that the provider is configured for.</p>
</div>
<div class="literalblock">
@@ -2772,8 +3382,8 @@ by the NiFi Registry instance that the p
<div class="sect2">
<h3 id="loggingeventhookprovider"><a class="anchor"
href="administration-guide.html#loggingeventhookprovider"></a>LoggingEventHookProvider</h3>
<div class="paragraph">
-<p>The LoggingEventHookProvider logs a string representation of each event
using an SLF4J logger. The logger can be configured
-via NiFi Registryâs logback.xml, which by default contains an appender that
writes to a log file named nifi-registry-event.log in the logs directory.</p>
+<p>The <code>LoggingEventHookProvider</code> logs a string representation of
each event using an SLF4J logger. The logger can be configured
+via NiFi Registryâs <em>logback.xml</em>, which by default contains an
appender that writes to a log file named <em>nifi-registry-event.log</em> in
the <code>logs</code> directory.</p>
</div>
<div class="literalblock">
<div class="content">
@@ -2787,10 +3397,156 @@ via NiFi Registryâs logback.xml, wh
</div>
</div>
</div>
+<div class="sect1">
+<h2 id="url-aliasing"><a class="anchor"
href="administration-guide.html#url-aliasing"></a>URL Aliasing</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>A versioned item may contain the URL of a registry instance embedded in the
content of the item. For example, flows with nested versioning contain the URL
of the registry where the nested versioned flow is located. If the location of
the registry instances changes, then the content is no longer accurate.</p>
+</div>
+<div class="paragraph">
+<p>URL aliasing can be used to dynamically handle this situation so that URLs
are never written to the stored content, and can be re-written with the correct
value when being retrieved by a client.</p>
+</div>
+<div class="paragraph">
+<p>The aliases are configured in an XML file which can be specified in <em><a
href="administration-guide.html#alias-properties">nifi-registry.properties</a></em>.</p>
+</div>
+<div class="listingblock">
+<div class="title">Example aliases in registry-aliases.xml</div>
+<div class="content">
+<pre class="highlight"><code class="language-xml"
data-lang="xml"><aliases>
+ <alias>
+ <internal>NIFI_REGISTRY_1</internal>
+ <external>http://registry1.nifi.apache.org:18080</external>
+ </alias>
+ <alias>
+ <internal>NIFI_REGISTRY_2</internal>
+ <external>http://registry2.nifi.apache.org:18080</external>
+ </alias>
+</aliases></code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>If a flow is saved to registry with two child process groups, each under
version control, the incoming flow would contain something like the
following:</p>
+</div>
+<div class="literalblock">
+<div class="content">
+<pre>"processGroups" : [ {
+ ...
+ "versionedFlowCoordinates" : {
+ "bucketId" : "ca20e058-f6e7-404c-aee0-e30833e792c7",
+ "flowId" : "178a6657-e1a7-4cce-8f83-4e615e38f57a",
+ "registryUrl" : "http://registry1.nifi.apache.org:18080";,
+ "version" : 1
+ },
+ {
+ ...
+ "versionedFlowCoordinates" : {
+ "bucketId" : "ca20e058-f6e7-404c-aee0-e30833e792c7",
+ "flowId" : "985cb44b-3aec-32be-860f-d2a0f2c72aac",
+ "registryUrl" : "http://registry2.nifi.apache.org:18080";,
+ "version" : 1
+ }
+]</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>With the example aliases configuration above, the URLs would be written to
the flow persistence provider as the following:</p>
+</div>
+<div class="literalblock">
+<div class="content">
+<pre>"processGroups" : [ {
+ ...
+ "versionedFlowCoordinates" : {
+ "bucketId" : "ca20e058-f6e7-404c-aee0-e30833e792c7",
+ "flowId" : "178a6657-e1a7-4cce-8f83-4e615e38f57a",
+ "registryUrl" : "NIFI_REGISTRY_1",
+ "version" : 1
+ },
+ {
+ ...
+ "versionedFlowCoordinates" : {
+ "bucketId" : "ca20e058-f6e7-404c-aee0-e30833e792c7",
+ "flowId" : "985cb44b-3aec-32be-860f-d2a0f2c72aac",
+ "registryUrl" : "NIFI_REGISTRY_2",
+ "version" : 1
+ }
+]</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>When this flow is retrieved from any API call, the internal values would be
rewritten to the external values.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="backup-recovery"><a class="anchor"
href="administration-guide.html#backup-recovery"></a>Backup & Recovery</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>In order to prevent data loss it is important to consider backup and
recovery options. The data that needs to be considered is the following:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Metadata Database</p>
+</li>
+<li>
+<p>Persistence providers</p>
+</li>
+<li>
+<p>Configuration files</p>
+</li>
+</ul>
+</div>
+<div class="sect2">
+<h3 id="metadata-database-2"><a class="anchor"
href="administration-guide.html#metadata-database-2"></a>Metadata Database</h3>
+<div class="paragraph">
+<p>If using H2, the database file should be backed up periodically to an
external location. In order to ensure a proper backup, NiFi Registry should be
stopped to ensure no write operations are occurring while copying the file.</p>
+</div>
+<div class="paragraph">
+<p>If using Postgres, backups may be taken on the Postgres database, or
Postgres may be configured for high availability such that there is a failover
or backup instance.</p>
+</div>
+<div class="paragraph">
+<p>If starting a brand new NiFi Registry instance, the metadata database can
be automatically rebuilt from the information in the
<code>GitFlowPersistenceProvider</code>. This is a one-time operation during
the first start of the application, and is not meant to keep the DB in sync
with external changes made in Git. This feature only applies to flows and would
not be able to restore information about extension bundles.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="persistence-providers-2"><a class="anchor"
href="administration-guide.html#persistence-providers-2"></a>Persistence
Providers</h3>
+<div class="paragraph">
+<p>Each persistence provider may have its own option for backup &
recovery.</p>
+</div>
+<div class="sect3">
+<h4 id="flow-persistence"><a class="anchor"
href="administration-guide.html#flow-persistence"></a>Flow Persistence</h4>
+<div class="paragraph">
+<p>If using the <code>FileSystemFlowPersistenceProvider</code>, the directory
where flows are stored should be backed up periodically to an external
location. In order to ensure a proper backup, NiFi Registry should be stopped
to ensure no flows are being written to disk. If using H2 for metadata, H2
should be backed up at the same time to ensure consistency between the flows on
disk and the contents in H2.</p>
+</div>
+<div class="paragraph">
+<p>If using the <code>GitFlowPersistenceProvider</code>, the ability to
automatically push to a remote may be configured. This provides an automatic
backup of the data in the remote repo.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="bundle-persistence"><a class="anchor"
href="administration-guide.html#bundle-persistence"></a>Bundle Persistence</h3>
+<div class="paragraph">
+<p>If using the <code>FileSystemBundlePersistenceProvider</code>, the
directory where bundles are stored should be backed up periodically to an
external location. In order to ensure a proper backup, NiFi Registry should be
stopped to ensure no bundles are being written to disk. If using H2 for
metadata, H2 should be backed up at the same time to ensure consistency between
the bundles on disk and the contents in H2.</p>
+</div>
+<div class="paragraph">
+<p>If using the <code>S3BundlePersistenceProvider</code>, data will be stored
remotely and automatically replicated.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="configuration-files"><a class="anchor"
href="administration-guide.html#configuration-files"></a>Configuration
Files</h3>
+<div class="paragraph">
+<p>If using NiFi Registry’s policy based authorization, the users,
groups, and policies are stored in files on disk named <em>users.xml</em> and
<em>authorizations.xml</em>. These files should be periodically backed up to an
external location. In order to ensure a proper backup, NiFi Registry should be
stopped to ensure no authorization data is being written to disk.</p>
+</div>
+<div class="paragraph">
+<p>If using Ranger, then all authorization information is stored externally
and there is nothing to back up.</p>
+</div>
+</div>
+</div>
+</div>
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2018-09-22 09:25:14 -04:00
+Last updated 2019-05-16 16:37:59 -04:00
</div>
</div>
</body>
Modified: nifi/site/trunk/docs/nifi-registry-docs/html/getting-started.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-registry-docs/html/getting-started.html?rev=1859662&r1=1859661&r2=1859662&view=diff
==============================================================================
--- nifi/site/trunk/docs/nifi-registry-docs/html/getting-started.html (original)
+++ nifi/site/trunk/docs/nifi-registry-docs/html/getting-started.html Tue May
21 16:47:35 2019
@@ -755,7 +755,7 @@ the versioned flow you just saved (a ref
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2018-09-22 09:25:14 -04:00
+Last updated 2019-05-16 16:37:59 -04:00
</div>
</div>
</body>
