Steve Lawrence created NIFI-6740:
------------------------------------
Summary: No way to configure bootstrap or nifi command/control
ports
Key: NIFI-6740
URL: https://issues.apache.org/jira/browse/NIFI-6740
Project: Apache NiFi
Issue Type: Bug
Reporter: Steve Lawrence
Currently, when Bootstrap starts it binds to a random ephemeral port on
localhost in {{NifiListener.java}}:
{code:java}
serverSocket = new ServerSocket();
serverSocket.bind(new InetSocketAddress("localhost", 0));
{code}
And then it passes this port to NiFi via the {{-Dnifi.bootstrap.listener.port}}
argument.
Subsequently, NiFi will also bind to a random ephemeral port in
{{BootstrapListener.java}}, and then pass that port to Boostrap via the port
that was passed in.
These two ports provide a method of communication for command/control between
the Bootstrap and Nifi processes.
Unfortunately, because these ports are ephemeral and change on every start up,
it makes it difficult to have predfined security policies (e.g.
iptables/firewall) in place for these ports.
To resolve this, one solution is to add new configuration options to
bootstrap.conf/nifi.properties, which would allow administrators to define
values for these ports. This ensures that everytime NiFi starts, the
command/control ports will remain constant allowing for pre-defined security
policies to be created. For backwards compatbility, the options can default to
zero to maintain the ephemeral port behavior.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
