Adding and configuring the NiFi Registry service

Provides the steps for how to add and configure your NiFi Registry service.

You have installed a CDP Private Cloud Base cluster and prepared it for the CFM deployment. For more information, see the Prepare your CDP Private Cloud Base cluster.
You have equivalence between source and target clusters. For example, if your source NiFi cluster has 3 nodes, the CFM 2.1.5 NiFi cluster must have at least 3 nodes as well.
You have added the NiFi service.

Add CFM 2.1.5 NiFi Registry service.

Set some initial configurations.

Generally, you can accept default values during the initial installation. However, there are some settings that you should configure before proceeding:


Property	Description
Master Key Password nifi.registry.master.key.password	This password is used to generate the master key for encrypting NiFi Registry properties on the filesystem.

Stop the NiFi Registry service.
Update the NiFi Registry configuration.

In your CFM 2.1.5 NiFi Registry, use Cloudera Manager to walk through all the configuration values and match the values from your source cluster that are not cluster specific. Examples of cluster specific values include keystore, truststore, and similar.

Reference the source NiFi Registry configuration files collected earlier as needed. Double check all entries for typos.

note

Do not copy over or migrate any data repositories, local state, ZooKeeper state, or flow.xml.gz from your source NiFi Registry at this time.

Sample configuration changes

Update the Login Identity Provider properties.

The Template for identity-providers.xml from Ambari is now composed of individual properties in Cloudera Manager.

As an example, if using LDAP for authentication, the following identity-providers.xml:

<identityProviders>
    <provider>
        <identifier>ldap-provider</identifier>
     <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>
        <property name="Manager DN">uid=admin,ou=people,dc=hadoop,dc=apache,dc=org</property>
        <property name="Manager Password">admin-password</property>
        <property name="Referral Strategy">FOLLOW</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>
        <property name="Url">ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389</property>
        <property name="User Search Base">ou=people,dc=hadoop,dc=apache,dc=org</property>
        <property name="User Search Filter">uid={0}</property>
        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">12 hours</property>
    </provider>
</identityProviders>

You would use Cloudera Manager to set the following NiFi Registry service properties instead.

LDAP Enabled is checked
Identity Provider: Default LDAP Provider Class set to org.apache.nifi.registry.security.ldap.LdapIdentityProvider
LDAP Authentication Strategy set to SIMPLE
LDAP Manager DN set to uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
LDAP Manager Password set to admin-password
LDAP Referral Strategy set to FOLLOW
LDAP Connect Timeout set to 10 secs
LDAP Read Timeout set to 10 secs
LDAP Url set to ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389
LDAP User Search Base set to ou=people,dc=hadoop,dc=apache,dc=org
Identity Provider: Default LDAP User Search Filter set to uid={0}
Identity Provider: Default LDAP Identity Strategy set to USE_USERNAME
Identity Provider: Default LDAP Authentication Expiration set to 12 hours

There are several additional LDAP configuration requirements:

Enable TLS/SSL for NiFi Registry is checked
Initial Admin Identity set to admin
Identity Provider Identifier set to ldap-provider
Authorizers: LDAP User Search Filter set to (uid=*)
Authorizers: LDAP User Identity Attribute set to uid
Client Authentication Required is unchecked

When you have finished adding and configuring both the NiFi and NiFi Registry services, verify your CFM 2.1.5 installation.