Added new role for building the Docker images from scratch.

Added new role for building the CA for user and host certificates.

Added new role for building the Docker images from scratch.
ab8eb09e · Bozidar Proevski · root · cbdbff71 · cbdbff71 · cbdbff71
Commit ab8eb09e authored 5 years ago by Bozidar Proevski Committed by root 5 years ago
--- a/roles/nifi/files/dsoclab-nifi-2.p12
+++ b/roles/nifi/files/dsoclab-nifi-2.p12
--- a/roles/nifi/files/dsoclab-nifi-3.p12
+++ b/roles/nifi/files/dsoclab-nifi-3.p12
--- a/roles/nifi/files/flow-dsoclab-nifi-1.xml.gz
+++ b/roles/nifi/files/flow-dsoclab-nifi-1.xml.gz
--- a/roles/nifi/files/flow-dsoclab-nifi-2.xml.gz
+++ b/roles/nifi/files/flow-dsoclab-nifi-2.xml.gz
--- a/roles/nifi/files/flow-dsoclab-nifi-3.xml.gz
+++ b/roles/nifi/files/flow-dsoclab-nifi-3.xml.gz
--- a/roles/nifi/tasks/main.yml
+++ b/roles/nifi/tasks/main.yml
@@ -19,6 +19,13 @@
  tags:
    - start
+- name: Configure NiFi boostrap properties
+  template:
+    src: bootstrap.conf.j2
+    dest: conf/bootstrap.conf
+  tags:
+    - start
 - name: Configure NiFi properties for secure servers
  template:
    src: nifi.properties.j2

--- a/roles/nifi/templates/authorizers.xml.j2
+++ b/roles/nifi/templates/authorizers.xml.j2
@@ -49,7 +49,7 @@
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
-        <property name="Initial User Identity 1">CN=bozidar_proevski</property>
+        <property name="Initial User Identity 1">CN={{ nifiadmin[0][0] }}</property>
 {% for nifi in groups['nificontainers'] %}
        <property name="Initial User Identity {{ loop.index +1 }}">CN={{ nifi }}</property>
 {% endfor %}
@@ -252,7 +252,7 @@
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
-        <property name="Initial Admin Identity">CN=bozidar_proevski</property>
+        <property name="Initial Admin Identity">CN={{ nifiadmin[0][0] }}</property>
        <property name="Legacy Authorized Users File"></property>
 {% for nifi in groups['nificontainers'] %}
        <property name="Node Identity {{ loop.index }}">CN={{ nifi }}</property>

--- a/roles/nifi/templates/bootstrap.conf.j2
+++ b/roles/nifi/templates/bootstrap.conf.j2
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Java command to use when running NiFi
+java=java
+# Username to use when running NiFi. This value will be ignored on Windows.
+run.as=
+# Configure where NiFi's lib and conf directories live
+lib.dir=./lib
+conf.dir=./conf
+# How long to wait after telling NiFi to shutdown before explicitly killing the Process
+graceful.shutdown.seconds=20
+# Disable JSR 199 so that we can use JSP's without running a JDK
+java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true
+# JVM memory settings
+java.arg.2=-Xms{{ javamem }}
+java.arg.3=-Xmx{{ javamem }}
+# Enable Remote Debugging
+#java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
+java.arg.4=-Djava.net.preferIPv4Stack=true
+# allowRestrictedHeaders is required for Cluster/Node communications to work properly
+java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
+java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol
+# The G1GC is still considered experimental but has proven to be very advantageous in providing great
+# performance without significant "stop-the-world" delays.
+java.arg.13=-XX:+UseG1GC
+#Set headless mode by default
+java.arg.14=-Djava.awt.headless=true
+# Master key in hexadecimal format for encrypted sensitive configuration values
+nifi.bootstrap.sensitive.key=
+# Sets the provider of SecureRandom to /dev/urandom to prevent blocking on VMs
+java.arg.15=-Djava.security.egd=file:/dev/urandom
+# Requires JAAS to use only the provided JAAS configuration to authenticate a Subject, without using any "fallback" methods (such as prompting for username/password)
+# Please see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html, section "EXCEPTIONS TO THE MODEL"
+java.arg.16=-Djavax.security.auth.useSubjectCredsOnly=true
+###
+# Notification Services for notifying interested parties when NiFi is stopped, started, dies
+###
+# XML File that contains the definitions of the notification services
+notification.services.file=./conf/bootstrap-notification-services.xml
+# In the case that we are unable to send a notification for an event, how many times should we retry?
+notification.max.attempts=5
+# Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi is started?
+#nifi.start.notification.services=email-notification
+# Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi is stopped?
+#nifi.stop.notification.services=email-notification
+# Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi dies?
+#nifi.dead.notification.services=email-notification