New branch added with different approach

roles/nginx/tasks/main.yml

+---
+
+- name: Configure nginx for proxying
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/nginx.conf
+  tags:
+    - start
+    - reconf
+
+- name: Restart nginx service
+  command: nginx -s reload
+  tags:
+    - start
+    - reconf

roles/nginx/templates/nginx.conf.j2

+user  nginx;
+include /usr/share/nginx/modules/*.conf;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log info;
+pid        /run/nginx.pid;
+events {
+    worker_connections  1024;
+}
+
+stream {
+  resolver 127.0.0.11;
+
+  upstream nifiserv {
+  {% for nifihost in groups['nificontainers'] %}
+     server {{nifihost}}:9443;
+  {% endfor %}
+  }
+  server {
+    listen 443;
+    proxy_pass nifiserv;
+  }
+
+  upstream nifiservtcp7750 {
+  {% for nifihost in groups['nificontainers'] %}
+     server {{nifihost}}:7750;
+  {% endfor %}
+  }
+  server {
+    listen 7750;
+    proxy_pass nifiservtcp7750;
+  }
+
+  upstream nifiservtcp7751 {
+  {% for nifihost in groups['nificontainers'] %}
+     server {{nifihost}}:7751;
+  {% endfor %}
+  }
+  server {
+    listen 7751;
+    proxy_pass nifiservtcp7751;
+  }
+}
+

roles/nifi/README.md

-Role Name
-=========
-
-A brief description of the role goes here.
-
-Requirements
-------------
-
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
-
-Role Variables
---------------
-
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
-
-Dependencies
-------------
-
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-Example Playbook
-----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
-
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
-
-License
--------
-
-BSD
-
-Author Information
-------------------
-
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/nifi/defaults/main.yml

----
-# defaults file for nifi
-
-nifi_version: 1.9.2
-nifi_toolkit_version: 1.9.2
-
-nifi_base_dir: /opt/nifi
-nifi_home: "{{ nifi_base_dir }}/nifi-current"
-nifi_toolkit_home: "{{ nifi_base_dir }}/nifi-toolkit"
-nifi_pid_dir: "{{ nifi_home }}/run"
-nifi_log_dir: "{{ nifi_home }}/logs"
-
-nifi_uid: 1000
-nifi_gid: 1000

roles/nifi/files/common.sh

-#!/bin/sh -e
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-
-# 1 - value to search for
-# 2 - value to replace
-# 3 - file to perform replacement inline
-prop_replace () {
-  target_file=${3:-${nifi_props_file}}
-  echo 'replacing target file ' ${target_file}
-  sed -i -e "s|^$1=.*$|$1=$2|"  ${target_file}
-}
-
-uncomment() {
-	target_file=${2}
-	echo "Uncommenting ${target_file}"
-	sed -i -e "s|^\#$1|$1|" ${target_file}
-}
-
-# NIFI_HOME is defined by an ENV command in the backing Dockerfile
-export nifi_bootstrap_file=${NIFI_HOME}/conf/bootstrap.conf
-export nifi_props_file=${NIFI_HOME}/conf/nifi.properties
-export nifi_toolkit_props_file=${HOME}/.nifi-cli.nifi.properties
-export hostname=$(hostname)

roles/nifi/files/docker-entrypoint.sh

-#!/bin/sh
-
-../scripts/start.sh

roles/nifi/files/nifi-env.sh

-#!/bin/sh
-
-
-

roles/nifi/files/secure.sh

-#!/bin/sh -e
-
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-
-scripts_dir='/opt/nifi/scripts'
-
-[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
-
-# Perform idempotent changes of configuration to support secure environments
-echo 'Configuring environment with SSL settings'
-
-: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."}
-if [ ! -f "${KEYSTORE_PATH}" ]; then
-    echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
-    exit 1
-fi
-: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."}
-: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."}
-
-: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."}
-if [ ! -f "${TRUSTSTORE_PATH}" ]; then
-    echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
-    exit 1
-fi
-: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."}
-: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."}
-
-prop_replace 'nifi.security.keystore'           "${KEYSTORE_PATH}"
-prop_replace 'nifi.security.keystoreType'       "${KEYSTORE_TYPE}"
-prop_replace 'nifi.security.keystorePasswd'     "${KEYSTORE_PASSWORD}"
-prop_replace 'nifi.security.keyPasswd'          "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}"
-prop_replace 'nifi.security.truststore'         "${TRUSTSTORE_PATH}"
-prop_replace 'nifi.security.truststoreType'     "${TRUSTSTORE_TYPE}"
-prop_replace 'nifi.security.truststorePasswd'   "${TRUSTSTORE_PASSWORD}"
-
-prop_replace 'keystore'           "${KEYSTORE_PATH}"                    ${nifi_toolkit_props_file}
-prop_replace 'keystoreType'       "${KEYSTORE_TYPE}"                    ${nifi_toolkit_props_file}
-prop_replace 'keystorePasswd'     "${KEYSTORE_PASSWORD}"                ${nifi_toolkit_props_file}
-prop_replace 'keyPasswd'          "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}" ${nifi_toolkit_props_file}
-prop_replace 'truststore'         "${TRUSTSTORE_PATH}"                  ${nifi_toolkit_props_file}
-prop_replace 'truststoreType'     "${TRUSTSTORE_TYPE}"                  ${nifi_toolkit_props_file}
-prop_replace 'truststorePasswd'   "${TRUSTSTORE_PASSWORD}"              ${nifi_toolkit_props_file}
-
-# Disable HTTP and enable HTTPS
-prop_replace 'nifi.web.http.port'   ''
-prop_replace 'nifi.web.http.host'   ''
-prop_replace 'nifi.web.https.port'  "${NIFI_WEB_HTTPS_PORT:-8443}"
-prop_replace 'nifi.web.https.host'  "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
-prop_replace 'nifi.remote.input.secure' 'true'
-
-# Setup nifi-toolkit
-prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}" ${nifi_toolkit_props_file}
-
-# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately
-if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
-    echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode.  The NiFi UI may be inaccessible if using port mapping.'
-else
-    prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
-fi
-
-# Establish initial user and an associated admin identity
-sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
-sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
-
-if [ -n "${NODE_IDENTITY}" ]; then
-    sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"${NODE_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
-fi
-
-prop_replace 'proxiedEntity' "${INITIAL_ADMIN_IDENTITY}" ${nifi_toolkit_props_file}

roles/nifi/files/start.sh

-#!/bin/sh -e
-
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-
-scripts_dir='/opt/nifi/nifi-current/scripts'
-
-[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
-
-# Override JVM memory settings
-if [ ! -z "${NIFI_JVM_HEAP_INIT}" ]; then
-    prop_replace 'java.arg.2'       "-Xms${NIFI_JVM_HEAP_INIT}" ${nifi_bootstrap_file}
-fi
-
-if [ ! -z "${NIFI_JVM_HEAP_MAX}" ]; then
-    prop_replace 'java.arg.3'       "-Xmx${NIFI_JVM_HEAP_MAX}" ${nifi_bootstrap_file}
-fi
-
-if [ ! -z "${NIFI_JVM_DEBUGGER}" ]; then
-    uncomment "java.arg.debug" ${nifi_bootstrap_file}
-fi
-
-# Establish baseline properties
-prop_replace 'nifi.web.http.port'               "${NIFI_WEB_HTTP_PORT:-8080}"
-prop_replace 'nifi.web.http.host'               "${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
-prop_replace 'nifi.remote.input.host'           "${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
-prop_replace 'nifi.remote.input.socket.port'    "${NIFI_REMOTE_INPUT_SOCKET_PORT:-10000}"
-prop_replace 'nifi.remote.input.secure'         'false'
-
-# Set nifi-toolkit properties files and baseUrl
-"${scripts_dir}/toolkit.sh"
-prop_replace 'baseUrl' "http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT:-8080}" ${nifi_toolkit_props_file}
-
-prop_replace 'nifi.variable.registry.properties'    "${NIFI_VARIABLE_REGISTRY_PROPERTIES:-}"
-prop_replace 'nifi.cluster.is.node'                         "${NIFI_CLUSTER_IS_NODE:-false}"
-prop_replace 'nifi.cluster.node.address'                    "${NIFI_CLUSTER_ADDRESS:-$HOSTNAME}"
-prop_replace 'nifi.cluster.node.protocol.port'              "${NIFI_CLUSTER_NODE_PROTOCOL_PORT:-}"
-prop_replace 'nifi.cluster.node.protocol.threads'           "${NIFI_CLUSTER_NODE_PROTOCOL_THREADS:-10}"
-prop_replace 'nifi.cluster.node.protocol.max.threads'       "${NIFI_CLUSTER_NODE_PROTOCOL_MAX_THREADS:-50}"
-prop_replace 'nifi.zookeeper.connect.string'                "${NIFI_ZK_CONNECT_STRING:-}"
-prop_replace 'nifi.zookeeper.root.node'                     "${NIFI_ZK_ROOT_NODE:-/nifi}"
-prop_replace 'nifi.cluster.flow.election.max.wait.time'     "${NIFI_ELECTION_MAX_WAIT:-5 mins}"
-prop_replace 'nifi.cluster.flow.election.max.candidates'    "${NIFI_ELECTION_MAX_CANDIDATES:-}"
-prop_replace 'nifi.web.proxy.context.path'                  "${NIFI_WEB_PROXY_CONTEXT_PATH:-}"
-
-. "${scripts_dir}/update_cluster_state_management.sh"
-
-# Check if we are secured or unsecured
-case ${AUTH} in
-    tls)
-        echo 'Enabling Two-Way SSL user authentication'
-        . "${scripts_dir}/secure.sh"
-        ;;
-    ldap)
-        echo 'Enabling LDAP user authentication'
-        # Reference ldap-provider in properties
-        prop_replace 'nifi.security.user.login.identity.provider' 'ldap-provider'
-
-        . "${scripts_dir}/secure.sh"
-        . "${scripts_dir}/update_login_providers.sh"
-        ;;
-    *)
-        if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
-            echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode.  Will not update nifi.web.proxy.host.'
-        fi
-        ;;
-esac
-
-# Continuously provide logs so that 'docker logs' can    produce them
-tail -F "${NIFI_HOME}/logs/nifi-app.log" &
-"${NIFI_HOME}/bin/nifi.sh" run &
-nifi_pid="$!"
-
-trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT;
-
-echo NiFi running with PID ${nifi_pid}.
-wait ${nifi_pid}