Jeremy, I am not familiar with Bitbucket pipelines but would you mind explaining why are you wrapping the deployment with sudo?
Reason I ask is because nifi.sh already has logic to drop the process privileges from root to an uid of choice. Cheers On Sat, May 27, 2017 at 1:33 AM, Jeremy Taylor <[email protected]> wrote: > Greetings, > > I’m hoping to upgrade the my software team’s baseline to use NiFi 1.2.0. > I’m having trouble w/ a particular situation of trying to take nifi down. > Prior to this version, I’ve been able to use the nifi.sh script w/o sudo > rights to kill nifi when it has been brought up by a service (systemd, not > init.d). > > Main points: > > 1) We have had auto-deploy working via bitbucket pipelines to a staging > system that has auto deployed all the nifi required files from our baseline > (not nifi internal configs). > > 2) The AWS VM that runs nifi autmatically starts up nifi in a service > state via systemd services. We masquerade running it as a non-root user w/ > sudo rights, but do not use those sudo rights as scripts in bitbucket > pipelines won’t support sudo rights. > > 3) The deploy script for our staging server that runs nifi attempts to > take down nifi with a `nifi.sh stop`, which has worked prior to this > version. The newer nifi flow being deployed is manipulated via XSL and > then copied in where it needs to go before restarting nifi w/ `nifi.sh > start` ; (we stop using systemd upon the first deploy to the staging system) > > 4) I’ve done a diff between the latest nifi.sh and the previous nifi.sh > from 1.1.2 and only see a tiny difference. > > 5) Our staging server starts up every morning and brings up nifi and > related services via systemd services. > > 6) I realize using nifi as an init.d service is more supported than using > it as a systemd service. However, we’ve not been able to masquerade as a > different user properly very well when using init.d. Having to be root for > bitbucket pipelines would also be a dealbreaker for us. Thus, having the > service being run as a user other than root is important to us. > > 7) For reference, our systemd service file only deals with calling the > RunNiFi class and does not bother with the nifi shell script. > > > > Questions: > 1) Would anyone know why a simple “nifi.sh stop” would no longer kill a > pre-existing nifi process being run as a systemd service in nifi 1.2.0? > > 2) We are thinking of attempting a brute force kill that would kill the > “RunNiFi start” Java process. We are concerned that not exiting gracefully > would be really bad for nifi and related nifi repositories. Would this > route be recommended anyway in our circumstance? > 3) Any further recommendations? > > > > --Jeremy >
