Add and configure the NiFi service

Provides the steps for how to add and configure your NiFi service.

You have installed a CDP Private Cloud Base cluster and prepared it for the CFM deployment. For more information, see the Deployment Guide.
You have equivalence between source and target clusters. For example, if your source NiFi cluster has 3 nodes, the CFM 2.1.4 NiFi cluster must have at least 3 nodes as well.
You have reviewed the information about preserving your source cluster files and directories and made the necessary backups.

From Cloudera Manager, add the CFM 2.1.4 NiFi service.

Set some initial configurations.

Generally, you can accept default values during the initial installation. However, there are some settings that you should configure before proceeding:


Property	Description
Master Key Password nifi.master.key.password	This password is used when you generate the master key for sensitive properties encryption in the NiFi properties file when it is written to disk. It must contain at least 12 characters.
Sensitive Properties Key nifi.sensitive.props.key	This is the password used when you encrypt any sensitive property values that are configured in NiFi components. It must contain at least 12 characters. If you change the Sensitive Properties Key from what was used in your source cluster, you must also update the encrypted sensitive property values in the flow.xml.gz. Refer to the section “Migrating a Flow with Sensitive Properties” below.

Stop the NiFi service.
Update the NiFi configuration.

In your CFM 2.1.4 NiFi, use Cloudera Manager to walk through all the configuration values and match the values from your source cluster that are not cluster specific. Examples of cluster specific values include keystore, truststore, ZooKeeper hostnames, and similar.

Reference the source NiFi configuration files collected earlier as needed. Double check all entries for typos.

note

Do not copy over or migrate any data repositories, local state, ZooKeeper state, or flow.xml.gz from your source NiFi at this time.

Sample configuration changes

Update the Login Identity Provider properties.

The Template for login-identity-providers.xml from Ambari is now composed of individual properties in Cloudera Manager.

As an example, if using LDAP for authentication, the following login-identity-providers.xml:

<loginIdentityProviders>
    <provider>
            <identifier>ldap-provider</identifier>
            <class>org.apache.nifi.ldap.LdapProvider</class>
            <property name="Authentication Strategy">SIMPLE</property>
            <property name="Manager DN">uid=admin,ou=people,dc=hadoop,dc=apache,dc=org</property>
            <property name="Manager Password">admin-password</property>
            <property name="Referral Strategy">FOLLOW</property>
            <property name="Connect Timeout">10 secs</property>
            <property name="Read Timeout">10 secs</property>
            <property name="Url">ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389</property>
            <property name="User Search Base">ou=people,dc=hadoop,dc=apache,dc=org</property>
            <property name="User Search Filter">uid={0}</property>
            <property name="Identity Strategy">USE_USERNAME</property>
            <property name="Authentication Expiration">12 hours</property>
    </provider>
</loginIdentityProviders>

You would use Cloudera Manager to set the following NiFi service properties instead.

LDAP Enabled is checked
Login Identity Provider: Default LDAP Provider Class set to org.apache.nifi.ldap.LdapProvider
LDAP Authentication Strategy set to SIMPLE
LDAP Manager DN set to uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
LDAP Manager Password set to admin-password
LDAP Referral Strategy set to FOLLOW
LDAP Connect Timeout set to 10 secs
LDAP Read Timeout set to 10 secs
LDAP Url set to ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389
LDAP User Search Base set to ou=people,dc=hadoop,dc=apache,dc=org
Login Identity Provider: Default LDAP User Search Filter set to uid={0}
Login Identity Provider: Default LDAP Identity Strategy set to USE_USERNAME
Login Identity Provider: Default LDAP Authentication Expiration set to 12 hours

There are several additional LDAP configuration requirements:

Enable TLS/SSL for NiFi Node is checked
Initial Admin Identity set to admin
Login Identity Provider ID set to ldap-provider
Authorizers: LDAP User Search Filter set to (uid=*)
Authorizers: LDAP User Identity Attribute set to uid

When you have completed the steps for adding and configuring the NiFi Service, you may proceed with adding and configuring the NiFi Registry service.