Add and configure the NiFi Registry service
Provides the steps for how to add and configure your NiFi Registry service.
-
You have installed a CDP Private Cloud Base cluster and prepared it for the CFM deployment. For more information, see the Deployment Guide.
-
You have equivalence between source and target clusters. For example, if your source NiFi cluster has 3 nodes, the CFM 2.0.x NiFi cluster must have at least 3 nodes as well.
-
You have added the NiFi service.
Sample configuration changes
Update the Login Identity Provider properties.
The Template for identity-providers.xml from Ambari is now composed of individual properties in Cloudera Manager.
As an example, if using LDAP for authentication, the following identity-providers.xml:
<identityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">uid=admin,ou=people,dc=hadoop,dc=apache,dc=org</property>
<property name="Manager Password">admin-password</property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389</property>
<property name="User Search Base">ou=people,dc=hadoop,dc=apache,dc=org</property>
<property name="User Search Filter">uid={0}</property>
<property name="Identity Strategy">USE_USERNAME</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
</identityProviders>
You would use Cloudera Manager to set the following NiFi Registry service properties instead.
-
LDAP Enabled is checked
-
Identity Provider: Default LDAP Provider Class set to
org.apache.nifi.registry.security.ldap.LdapIdentityProvider
-
LDAP Authentication Strategy set to
SIMPLE
-
LDAP Manager DN set to
uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
-
LDAP Manager Password set to
admin-password
-
LDAP Referral Strategy set to
FOLLOW
-
LDAP Connect Timeout set to
10 secs
-
LDAP Read Timeout set to
10 secs
-
LDAP Url set to
ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389
-
LDAP User Search Base set to
ou=people,dc=hadoop,dc=apache,dc=org
-
Identity Provider: Default LDAP User Search Filter set to
uid={0}
-
Identity Provider: Default LDAP Identity Strategy set to
USE_USERNAME
-
Identity Provider: Default LDAP Authentication Expiration set to
12 hours
There are several additional LDAP configuration requirements:
-
Enable TLS/SSL for NiFi Registry is checked
-
Initial Admin Identity set to
admin
-
Identity Provider Identifier set to
ldap-provider
-
Authorizers: LDAP User Search Filter set to
(uid=*)
-
Authorizers: LDAP User Identity Attribute set to
uid
-
Client Authentication Required is unchecked
When you have finished adding and configuring both the NiFi and NiFi Registry services, verify your CFM 2.0.x installation.