Re: [Bug] Duplicate Flow Import From Registry

[Eric Secules]

Hi Joe,

Nifi is running on my laptop, the registry is running in an cloud service
VM located in north america (same as me). It's behind a vpn too.

Thanks,
Eric




On Thu., Dec. 10, 2020, 9:26 p.m. Joe Witt,  wrote:

> Eric,
>
> This is simply NiFi on your laptop (single node?) talking to a Registry
> running on some IaaS infrastructure?  There is no load balancer/proxy/etc..
> in between ?
>
> Thanks
>
> On Thu, Dec 10, 2020 at 4:17 PM Eric Secules  wrote:
>
>> Hello everyone,
>>
>> My team is encountering a bug where we import a flow from our registry
>> residing in the cloud to our laptops. The import takes a long time and we
>> end up with multiple copies (about 6) of the same flow one on top of each
>> other on the canvas. The canvas becomes unresponsive and we are unable to
>> move boxes around.
>>
>> I am also experiencing slowness when showing local changes, reverting
>> local changes and changing the local version.
>>
>> Thanks,
>> Eric
>>
>

Re: Tls-toolkit.sh?

[Andrew Lim]

There are some videos that show usage of the tls-toolkit on the NiFi Registry 
web page [1].  Check out "Setting Up a Secure Apache NiFI Registry” first and 
then "Setting Up a Secure NiFi to Integrate with a Secure NiFi Registry”.

-Drew

[1] https://nifi.apache.org/registry.html 



> On Dec 11, 2020, at 12:43 PM, Darren Govoni  wrote:
> 
> Yeah. I did put the same cert into the browser. But maybe needs a redo. 
> Usually browser prompts to choose the cert but here it doesnt.
> 
> Sent from my Verizon, Samsung Galaxy smartphone
> Get Outlook for Android 
> From: Etienne Jouvin 
> Sent: Friday, December 11, 2020 12:40:28 PM
> To: users@nifi.apache.org 
> Subject: Re: Tls-toolkit.sh?
>  
> Hi.
> 
> You have to generate a certificate for client, to inject in the browser.
> I never did it, always setup accounts with LDAPs.
> 
> But there is a nice guide :
> https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-provided-certificates
>  
> 
> 
> Etienne
> 
> 
> 
> Le ven. 11 déc. 2020 à 18:32, Darren Govoni  > a écrit :
> Hi
> 
> So i used tls-toolkit.sh standalone -n 'localhost' -C 'CN=localhost,OU=NIFI'
> 
> It generated the keystore/truststore and nifi.properties. when i use chrome 
> or firefox both reject the cert and wont load nifi.
> 
> Am i missing something?
> 
> Darren
> From: Andrew Grande mailto:apere...@gmail.com>>
> Sent: Friday, December 11, 2020 12:02:46 PM
> To: users@nifi.apache.org  
> mailto:users@nifi.apache.org>>
> Subject: Re: Tls-toolkit.sh?
>  
> NiFi toolkit link here https://nifi.apache.org/download.html 
> 
> 
> Enjoy :)
> 
> On Fri, Dec 11, 2020, 8:59 AM Darren Govoni  > wrote:
> Hi
> 
> I want to setup a secure local nifi and the online docs refer to this script 
> but i cant find it anywhere.
> 
> Any clues?
> 
> Darren
> 
> Sent from my Verizon, Samsung Galaxy smartphone
> Get Outlook for Android 

Re: Tls-toolkit.sh?

[Darren Govoni]

Yeah. I did put the same cert into the browser. But maybe needs a redo. Usually 
browser prompts to choose the cert but here it doesnt.

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android


From: Etienne Jouvin 
Sent: Friday, December 11, 2020 12:40:28 PM
To: users@nifi.apache.org 
Subject: Re: Tls-toolkit.sh?

Hi.

You have to generate a certificate for client, to inject in the browser.
I never did it, always setup accounts with LDAPs.

But there is a nice guide :
https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-provided-certificates

Etienne



Le ven. 11 déc. 2020 à 18:32, Darren Govoni 
mailto:dar...@ontrenet.com>> a écrit :
Hi

So i used tls-toolkit.sh standalone -n 'localhost' -C 'CN=localhost,OU=NIFI'

It generated the keystore/truststore and nifi.properties. when i use chrome or 
firefox both reject the cert and wont load nifi.

Am i missing something?

Darren

From: Andrew Grande mailto:apere...@gmail.com>>
Sent: Friday, December 11, 2020 12:02:46 PM
To: users@nifi.apache.org 
mailto:users@nifi.apache.org>>
Subject: Re: Tls-toolkit.sh?

NiFi toolkit link here https://nifi.apache.org/download.html

Enjoy :)

On Fri, Dec 11, 2020, 8:59 AM Darren Govoni 
mailto:dar...@ontrenet.com>> wrote:
Hi

I want to setup a secure local nifi and the online docs refer to this script 
but i cant find it anywhere.

Any clues?

Darren

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android

Re: Tls-toolkit.sh?

[Etienne Jouvin]

Hi.

You have to generate a certificate for client, to inject in the browser.
I never did it, always setup accounts with LDAPs.

But there is a nice guide :
https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-provided-certificates

Etienne



Le ven. 11 déc. 2020 à 18:32, Darren Govoni  a écrit :

> Hi
>
> So i used tls-toolkit.sh standalone -n 'localhost' -C
> 'CN=localhost,OU=NIFI'
>
> It generated the keystore/truststore and nifi.properties. when i use
> chrome or firefox both reject the cert and wont load nifi.
>
> Am i missing something?
>
> Darren
> --
> *From:* Andrew Grande 
> *Sent:* Friday, December 11, 2020 12:02:46 PM
> *To:* users@nifi.apache.org 
> *Subject:* Re: Tls-toolkit.sh?
>
> NiFi toolkit link here https://nifi.apache.org/download.html
>
> Enjoy :)
>
> On Fri, Dec 11, 2020, 8:59 AM Darren Govoni  wrote:
>
> Hi
>
> I want to setup a secure local nifi and the online docs refer to this
> script but i cant find it anywhere.
>
> Any clues?
>
> Darren
>
> Sent from my Verizon, Samsung Galaxy smartphone
> Get Outlook for Android 
>
>

Re: Tls-toolkit.sh?

[Darren Govoni]

Hi

So i used tls-toolkit.sh standalone -n 'localhost' -C 'CN=localhost,OU=NIFI'

It generated the keystore/truststore and nifi.properties. when i use chrome or 
firefox both reject the cert and wont load nifi.

Am i missing something?

Darren

From: Andrew Grande 
Sent: Friday, December 11, 2020 12:02:46 PM
To: users@nifi.apache.org 
Subject: Re: Tls-toolkit.sh?

NiFi toolkit link here https://nifi.apache.org/download.html

Enjoy :)

On Fri, Dec 11, 2020, 8:59 AM Darren Govoni 
mailto:dar...@ontrenet.com>> wrote:
Hi

I want to setup a secure local nifi and the online docs refer to this script 
but i cant find it anywhere.

Any clues?

Darren

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android

Re: Tls-toolkit.sh?

[Darren Govoni]

Ah. Separate download. Got it. Thank you.

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android


From: Andrew Grande 
Sent: Friday, December 11, 2020 12:02:46 PM
To: users@nifi.apache.org 
Subject: Re: Tls-toolkit.sh?

NiFi toolkit link here https://nifi.apache.org/download.html

Enjoy :)

On Fri, Dec 11, 2020, 8:59 AM Darren Govoni 
mailto:dar...@ontrenet.com>> wrote:
Hi

I want to setup a secure local nifi and the online docs refer to this script 
but i cant find it anywhere.

Any clues?

Darren

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android

Re: Tls-toolkit.sh?

[Andrew Grande]

NiFi toolkit link here https://nifi.apache.org/download.html

Enjoy :)

On Fri, Dec 11, 2020, 8:59 AM Darren Govoni  wrote:

> Hi
>
> I want to setup a secure local nifi and the online docs refer to this
> script but i cant find it anywhere.
>
> Any clues?
>
> Darren
>
> Sent from my Verizon, Samsung Galaxy smartphone
> Get Outlook for Android 
>

Tls-toolkit.sh?

[Darren Govoni]

Hi

I want to setup a secure local nifi and the online docs refer to this script 
but i cant find it anywhere.

Any clues?

Darren

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android

Re: GUI functions not available in secure / cluster instance

[Etienne Jouvin]

Ok.

Thanks a lot.

(By the way I keep in mind to document my problem  with certificate and so
on)

Etienne

Le ven. 11 déc. 2020 à 16:54, Pierre Villard 
a écrit :

> This is a known problem and, for now, the workaround is to set:
>
> nifi.security.allow.anonymous.authentication=true
>
> The property name is unfortunately misleading. This does not change
> anything in terms of security. What it means is that static content of the
> UI (css, js, png, etc) can be accessed without the authentication token.
> There are discussions to find a solution for this.
>
> Thanks,
> Pierre
>
> Le jeu. 10 déc. 2020 à 16:03, Etienne Jouvin  a
> écrit :
>
>> Hello all.
>>
>> Strange behaviour on the GUI.
>> For background, I have 3 nodes in cluster.
>> Authentication based on LDAP.
>> Groups based also on LDAP.
>>
>> In nifi.properties
>> nifi.security.allow.anonymous.authentication=false
>>
>> And with this, when I want to access the advanced setting of
>> UpdateAttribute :
>> [image: image.png]
>> In web console, I can see permission denied on ressources:
>> [image: image.png]
>>
>> Same when I want to display the flowfile content :
>> [image: image.png]
>>
>> I must put in nifi.properties
>> nifi.security.allow.anonymous.authentication=true
>>
>> To have access to those functions.
>>
>> So in my understanding, when I have secure instance, I must allow
>> anonymous authentication.
>>
>> Etienne
>>
>>
>>

Re: GUI functions not available in secure / cluster instance

[Pierre Villard]

This is a known problem and, for now, the workaround is to set:

nifi.security.allow.anonymous.authentication=true

The property name is unfortunately misleading. This does not change
anything in terms of security. What it means is that static content of the
UI (css, js, png, etc) can be accessed without the authentication token.
There are discussions to find a solution for this.

Thanks,
Pierre

Le jeu. 10 déc. 2020 à 16:03, Etienne Jouvin  a
écrit :

> Hello all.
>
> Strange behaviour on the GUI.
> For background, I have 3 nodes in cluster.
> Authentication based on LDAP.
> Groups based also on LDAP.
>
> In nifi.properties
> nifi.security.allow.anonymous.authentication=false
>
> And with this, when I want to access the advanced setting of
> UpdateAttribute :
> [image: image.png]
> In web console, I can see permission denied on ressources:
> [image: image.png]
>
> Same when I want to display the flowfile content :
> [image: image.png]
>
> I must put in nifi.properties
> nifi.security.allow.anonymous.authentication=true
>
> To have access to those functions.
>
> So in my understanding, when I have secure instance, I must allow
> anonymous authentication.
>
> Etienne
>
>
>

RE: [External] Re: Need help setting up NiFi PutS3Object processor

[Dennis N Brown]

Hi Peter,  Thanks so much!!  That works!  I guess I had not tried that since I 
upgraded from v1.8 … that does not seem to work btw on v1.8.

Regards,

Dennis



From: Peter Turcsanyi 
Sent: December 10, 2020 18:55
To: users@nifi.apache.org
Subject: [External] Re: Need help setting up NiFi PutS3Object processor

Dennis,

You can add user-defined metadata via dynamic properties of PutS3Object itself 
(no UpdateAttribute needed). Plus (+) icon at the top-right corner on the 
processor properties tab.
The name of the dynamic property will be the key (or name) of the user-defined 
metadata.
The value of the dynamic property will be the value of the user-defined 
metadata. You can use expression language for the value (eg. referencing FF 
attributes or now() for the timestamp).

Hope it helps.

Best,
Peter Turcsanyi

On Thu, Dec 10, 2020 at 11:27 PM Dennis N Brown 
mailto:dbr...@lenovo.com>> wrote:

Running NiFi v1.12.1 , attempting to copy files from existing filesystem to S3.

Trying to set user-defined metadata on the file objects, but can't seem to 
figure out the correct format.

All the doc suggests it can be done with dynamic properties, so have an 
UpdateAttribute processor before the PutS3Object processor and have attempted 
everything I can think of to pass the correct format, but no metadata gets 
created.

I have been able to set metadata with python using something like:

s3.upload_file(Filename, bucketname, key, ExtraArgs={"Metadata": 
{"upload_ts":"2020-12-02 10:57:00.34343","path":"put/some/path/here"}})

so I know it can be done.



Can someone provide an example of the correct format to use.



Thanks!


Regards,

Dennis N Brown