Add and configure the NiFi Registry service

Provides the steps for how to add and configure your NiFi Registry service.

  • You have installed a CDP Private Cloud Base cluster and prepared it for the CFM deployment. For more information, see the Deployment Guide.

  • You have equivalence between source and target clusters. For example, if your source NiFi cluster has 3 nodes, the CFM 2.0.x NiFi cluster must have at least 3 nodes as well.

  • You have added the NiFi service.

  1. Add CFM 2.0.x NiFi Registry service.
  2. Set some initial configurations.
    Generally, you can accept default values during the initial installation. However, there are some settings that you should configure before proceeding:
    Property Description

    Master Key Password

    nifi.registry.master.key.password

    This password is used to generate the master key for encrypting NiFi Registry properties on the filesystem.
  3. Stop the NiFi Registry service.
  4. Update the NiFi Registry configuration.

    In your CFM 2.0.x NiFi Registry, use Cloudera Manager to walk through all the configuration values and match the values from your source cluster that are not cluster specific. Examples of cluster specific values include keystore, truststore, and similar.

    Reference the source NiFi Registry configuration files collected earlier as needed. Double check all entries for typos.

Sample configuration changes

Update the Login Identity Provider properties.

The Template for identity-providers.xml from Ambari is now composed of individual properties in Cloudera Manager.

As an example, if using LDAP for authentication, the following identity-providers.xml:

<identityProviders>
    <provider>
        <identifier>ldap-provider</identifier>
     <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>
        <property name="Manager DN">uid=admin,ou=people,dc=hadoop,dc=apache,dc=org</property>
        <property name="Manager Password">admin-password</property>
        <property name="Referral Strategy">FOLLOW</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>
        <property name="Url">ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389</property>
        <property name="User Search Base">ou=people,dc=hadoop,dc=apache,dc=org</property>
        <property name="User Search Filter">uid={0}</property>
        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">12 hours</property>
    </provider>
</identityProviders>

You would use Cloudera Manager to set the following NiFi Registry service properties instead.

  • LDAP Enabled is checked

  • Identity Provider: Default LDAP Provider Class set to org.apache.nifi.registry.security.ldap.LdapIdentityProvider

  • LDAP Authentication Strategy set to SIMPLE

  • LDAP Manager DN set to uid=admin,ou=people,dc=hadoop,dc=apache,dc=org

  • LDAP Manager Password set to admin-password

  • LDAP Referral Strategy set to FOLLOW

  • LDAP Connect Timeout set to 10 secs

  • LDAP Read Timeout set to 10 secs

  • LDAP Url set to ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389

  • LDAP User Search Base set to ou=people,dc=hadoop,dc=apache,dc=org

  • Identity Provider: Default LDAP User Search Filter set to uid={0}

  • Identity Provider: Default LDAP Identity Strategy set to USE_USERNAME

  • Identity Provider: Default LDAP Authentication Expiration set to 12 hours

There are several additional LDAP configuration requirements:

  • Enable TLS/SSL for NiFi Registry is checked

  • Initial Admin Identity set to admin

  • Identity Provider Identifier set to ldap-provider

  • Authorizers: LDAP User Search Filter set to (uid=*)

  • Authorizers: LDAP User Identity Attribute set to uid

  • Client Authentication Required is unchecked

When you have finished adding and configuring both the NiFi and NiFi Registry services, verify your CFM 2.0.x installation.