Adding and configuring the NiFi service
Provides the steps for how to add and configure your NiFi service.
- You have installed a CDP Private Cloud Base cluster and prepared it for the CFM deployment. For more information, see the Preparing your CDP Private Cloud Base cluster.
- You have equivalence between source and target clusters. For example, if your source NiFi cluster has 3 nodes, the CFM 2.1.5 NiFi cluster must have at least 3 nodes as well.
- You have reviewed the information about preserving your source cluster files and directories and made the necessary backups.
Sample configuration changes
Update the Login Identity Provider properties.
The Template for login-identity-providers.xml from Ambari is now composed of individual properties in Cloudera Manager.
As an example, if using LDAP for authentication, the following login-identity-providers.xml:
<loginIdentityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">uid=admin,ou=people,dc=hadoop,dc=apache,dc=org</property>
<property name="Manager Password">admin-password</property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389</property>
<property name="User Search Base">ou=people,dc=hadoop,dc=apache,dc=org</property>
<property name="User Search Filter">uid={0}</property>
<property name="Identity Strategy">USE_USERNAME</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
</loginIdentityProviders>
You would use Cloudera Manager to set the following NiFi service properties instead.
-
LDAP Enabled is checked
-
Login Identity Provider: Default LDAP Provider Class set to
org.apache.nifi.ldap.LdapProvider
-
LDAP Authentication Strategy set to
SIMPLE
-
LDAP Manager DN set to
uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
-
LDAP Manager Password set to
admin-password
-
LDAP Referral Strategy set to
FOLLOW
-
LDAP Connect Timeout set to
10 secs
-
LDAP Read Timeout set to
10 secs
-
LDAP Url set to
ldap://ctr-e144-1587379642025-3931-01-000003.hwx.site:33389
-
LDAP User Search Base set to
ou=people,dc=hadoop,dc=apache,dc=org
-
Login Identity Provider: Default LDAP User Search Filter set to
uid={0}
-
Login Identity Provider: Default LDAP Identity Strategy set to
USE_USERNAME
-
Login Identity Provider: Default LDAP Authentication Expiration set to
12 hours
There are several additional LDAP configuration requirements:
-
Enable TLS/SSL for NiFi Node is checked
-
Initial Admin Identity set to
admin
-
Login Identity Provider ID set to
ldap-provider
-
Authorizers: LDAP User Search Filter set to
(uid=*)
-
Authorizers: LDAP User Identity Attribute set to
uid
When you have completed the steps for adding and configuring the NiFi Service, you may proceed with adding and configuring the NiFi Registry service.