nifi

Edited on In

安装

推荐:官方指导

下载

下载地址

1
2
3
4
5
6
7
8
9
mkdir ~/tools && cd tools
wget https://dlcdn.apache.org/nifi/1.18.0/nifi-1.18.0-bin.zip
unzip nifi-1.18.0-bin.zip --no-check-certificate
wget https://dlcdn.apache.org/nifi/1.18.0/nifi-toolkit-1.18.0-bin.zip --no-check-certificate
mv nifi-1.18.0 nifi
mv nifi-toolkit-1.18.0 nifi-toolkit
mv nifi ../
mv nifi-toolkit ../
cd ../nifi

启动

1
bin/nifi.sh start

image-20221121143546215

1
2
# 查看状态
bin/nifi.sh status

image-20221121143748553

1
2
# 停止
bin/nifi.sh stop

配置

/home/nifi/nifi/conf/bootstrap.conf

查看启动后的默认账号密码

1
cat logs/nifi-app.log | grep Generated

修改端口

1
2
vim ~/nifi/conf/nifi.properties
# 修改参数 nifi.web.https.port=58443

修改用户名密码

1
2
# 语法 bin/nifi.sh set-single-user-credentials <username> <password>
~/nifi/bin/nifi.sh set-single-user-credentials nifi Skynj@123QWE

image-20221121144431104

配置证书

默认证书只有 60天,这里生成新的证书。

1
2
cd ~/
~/nifi-toolkit/bin/tls-toolkit.sh standalone -n '192.168.15.45' -C 'CN=Skynj,OU=NIFI' -o 'target' -d 3650

image-20221121150036406

查看生成结果

image-20221121150128039

复制证书到 nifi 配置中

1
cp -rf ~/target/192.168.15.45/* ~/nifi/conf/

配置 nifi

1
2
3
4
5
6
7
8
9
vim ~/nifi/conf/nifi.properties
# 一个12位数的密码 nifi.sensitive.props.key=skynj@123qwe
# 修改 web host nifi.web.https.port=192.168.14.122
# 修改 web 端口 nifi.web.https.port=58443
# 启动
~/nifi/bin/nifi.sh start
~/nifi/bin/nifi.sh status
# 如果启动失败,则查看日志
cat ~/nifi/logs/nifi-app.log

查看接口是否正常访问

1
2
curl https://127.0.0.1:58443/nifi/login
curl https://192.168.14.122:58443/nifi/login

访问

浏览器访问:https://192.168.14.122:58443/nifi/login

伪集群

前言

  • 三个节点:node1、node2、node3
  • 三个节点hostnode1.nifi、node2.nifi、node3.nifi
  • 主节点:node1
  • 使用内置 zk
    • 客户端端口:12181,12888,13888
    • node连接端口:22181,22888,23888
    • leader选举端口:32181,32888,33888
  • nifi端口使用
    • 负载均衡端口:16342, 26342, 36342
    • Https UI/API 端口:19443,29443,39443
    • sitesite 端口:10443,20443,30443
    • 集群通讯端口:11443,21443,31443

准备环境

修改host

1
2
3
4
5
# root 权限执行,这里不是伪分布式,则使用真是的局域网IP,每个节点都需要添加
# 这里不能使用 127.0.0.1
echo '192.168.1.1 node1.nifi' >> /etc/hosts
echo '192.168.1.1 node2.nifi' >> /etc/hosts
echo '192.168.1.1 node3.nifi' >> /etc/hosts

创建用户

1
2
3
4
5
6
7
8
# root 权限执行
useradd  -d "/home/nifi1" -m -s "/bin/bash" nifi1
useradd  -d "/home/nifi2" -m -s "/bin/bash" nifi2
useradd  -d "/home/nifi3" -m -s "/bin/bash" nifi3
# 修改密码
passwd nifi1
passwd nifi2
passwd nifi3

主节点ca

1
2
3
4
5
6
7
8
9
10
11
su nifi1
ssh-keygen -t ecdsa 
# 一直回车
# 颁发给其它两个节点,高版本 openssh-clients 无 ssh-copy-id 命令
ssh-copy-id -i ~/.ssh/id_ecdsa.pub nifi2@node2.nifi
ssh-copy-id -i ~/.ssh/id_ecdsa.pub nifi3@node3.nifi
# 无 ssh-copy-id 命令 时,可以使用
scp ~/.ssh/id_ecdsa.pub nifi2@node2.nifi:/home/nifi2/
scp ~/.ssh/id_ecdsa.pub nifi3@node3.nifi:/home/nifi3/
ssh nifi2@node2.nifi 'mkdir ~/.ssh ; chmod 700 ~/.ssh;cat /home/nifi2/id_ecdsa.pub >> ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys '
ssh nifi3@node3.nifi 'mkdir ~/.ssh ; chmod 700 ~/.ssh;cat /home/nifi3/id_ecdsa.pub >> ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys'

测试

1
2
3
4
ssh nifi2@node2.nifi
exit
ssh nifi3@node3.nifi
exit

安装NIFI

下载

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 安装节点 node1
su nifi1
mkdir ~/tools ; cd ~/tools
wget https://dlcdn.apache.org/nifi/1.18.0/nifi-1.18.0-bin.zip --no-check-certificate
wget https://dlcdn.apache.org/nifi/1.18.0/nifi-toolkit-1.18.0-bin.zip --no-check-certificate
unzip nifi-1.18.0-bin.zip 
unzip nifi-toolkit-1.18.0-bin.zip
mv nifi-1.18.0 nifi ; mv nifi ~/
mv nifi-toolkit-1.18.0 nifi-toolkit ; mv nifi-toolkit ~/
echo 'PATH=$PATH:/home/nifi1/nifi/bin:/home/nifi1/nifi-toolkit/bin' >> ~/.bashrc
echo 'export $PATH' >> ~/.bashrc 
source ~/.bashrc
cd ~/
# 复制到 node2、node3
scp -r nifi  nifi2@node2.nifi:/home/nifi2/
scp -r nifi  nifi3@node3.nifi:/home/nifi3/

集群 CA

生成CA

1
2
3
4
5
6
7
8
9
cd ~/
# 批量生成
tls-toolkit.sh standalone -n 'node[1-3].nifi' -C 'CN=nifi' -c 'ca.nifi' -o 'ca' -d 3650
# 或者单个生成
tls-toolkit.sh standalone -n 'node1.nifi' -c 'ca.nifi' -o 'ca' -d 3650
tls-toolkit.sh standalone -n 'node2.nifi' -o 'ca' -d 3650
tls-toolkit.sh standalone -n 'node3.nifi' -o 'ca' -d 3650
tls-toolkit.sh standalone -C 'CN=nifi' -o 'ca' -d 3650
ll ca

结果

1
2
3
4
5
6
7
8
9
#  The client certificate in a PKCS12 keystore
-rw------- 1 nifi1 nifi1 3469 12月 15 14:47 CN=nifi.p12   
# The corresponding file containing the randomly-generated password. Use -b or --clientCertPassword when generating to specify a password
-rw------- 1 nifi1 nifi1   43 12月 15 14:47 CN=nifi.password
-rw------- 1 nifi1 nifi1 1224 12月 15 14:47 nifi-cert.pem
-rw------- 1 nifi1 nifi1 1675 12月 15 14:47 nifi-key.key
drwx------ 2 nifi1 nifi1   71 12月 15 14:47 node1.nifi
drwx------ 2 nifi1 nifi1   71 12月 15 14:47 node2.nifi
drwx------ 2 nifi1 nifi1   71 12月 15 14:47 node3.nifi

复制证书

1
2
3
cp -R  ~/ca/node1.nifi/* ~/nifi/conf/
scp -r ~/ca/node2.nifi/* nifi2@node2.nifi:/home/nifi2/nifi/conf/
scp -r ~/ca/node3.nifi/* nifi3@node3.nifi:/home/nifi3/nifi/conf/

配置节点

node1 节点上执行

node1 配置

1
2
3
4
5
6
7
8
9
# 在 node1.nifi 上直接执行
sed -i 's?nifi.state.management.embedded.zookeeper.start=false?nifi.state.management.embedded.zookeeper.start=true?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.remote.input.socket.port=10443?nifi.remote.input.socket.port=10443?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.web.https.port=9443?nifi.web.https.port=19443?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.cluster.is.node=false?nifi.cluster.is.node=true?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.cluster.node.protocol.port=11443?nifi.cluster.node.protocol.port=11443?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.cluster.load.balance.host=?nifi.cluster.load.balance.host=node1.nifi?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.cluster.load.balance.port=6342?nifi.cluster.load.balance.port=16342?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.zookeeper.connect.string=?nifi.zookeeper.connect.string=node1.nifi:12181,node2.nifi:22181,node3.nifi:32181?g' ~/nifi/conf/nifi.properties

node2 配置

1
2
3
4
5
6
7
8
9
# 在 node1.nifi 上直接执行
ssh nifi2@node2.nifi "sed -i 's?nifi.state.management.embedded.zookeeper.start=false?nifi.state.management.embedded.zookeeper.start=true?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.remote.input.socket.port=10443?nifi.remote.input.socket.port=20443?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.web.https.port=9443?nifi.web.https.port=29443?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.is.node=false?nifi.cluster.is.node=true?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.node.protocol.port=11443?nifi.cluster.node.protocol.port=21443?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.load.balance.host=?nifi.cluster.load.balance.host=node2.nifi?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.load.balance.port=6342?nifi.cluster.load.balance.port=26342?g' ~/nifi/conf/nifi.properties"
ssh nifi2@node2.nifi "sed -i 's?nifi.zookeeper.connect.string=?nifi.zookeeper.connect.string=node1.nifi:12181,node2.nifi:22181,node3.nifi:32181?g' ~/nifi/conf/nifi.properties"

node3 配置

1
2
3
4
5
6
7
8
9
# 在 node1.nifi 上直接执行
ssh nifi3@node3.nifi "sed -i 's?nifi.state.management.embedded.zookeeper.start=false?nifi.state.management.embedded.zookeeper.start=true?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.remote.input.socket.port=10443?nifi.remote.input.socket.port=30443?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.web.https.port=9443?nifi.web.https.port=39443?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.is.node=false?nifi.cluster.is.node=true?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.node.protocol.port=11443?nifi.cluster.node.protocol.port=31443?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.load.balance.host=?nifi.cluster.load.balance.host=node3.nifi?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.load.balance.port=6342?nifi.cluster.load.balance.port=36342?g' ~/nifi/conf/nifi.properties"
ssh nifi3@node3.nifi "sed -i 's?nifi.zookeeper.connect.string=?nifi.zookeeper.connect.string=node1.nifi:12181,node2.nifi:22181,node3.nifi:32181?g' ~/nifi/conf/nifi.properties"

修改集群节点等待时间与数量

1
2
3
4
5
6
7
8
9
# node1
sed -i 's?nifi.cluster.flow.election.max.wait.time=5 mins?nifi.cluster.flow.election.max.wait.time=1 mins?g' ~/nifi/conf/nifi.properties
sed -i 's?nifi.cluster.flow.election.max.candidates=?nifi.cluster.flow.election.max.candidates=3?g' ~/nifi/conf/nifi.properties
# node2
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.flow.election.max.wait.time=5 mins?nifi.cluster.flow.election.max.wait.time=1 mins?g' ~/nifi/conf/nifi.properties" 
ssh nifi2@node2.nifi "sed -i 's?nifi.cluster.flow.election.max.candidates=?nifi.cluster.flow.election.max.candidates=3?g' ~/nifi/conf/nifi.properties" 
# node3
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.flow.election.max.wait.time=5 mins?nifi.cluster.flow.election.max.wait.time=1 mins?g' ~/nifi/conf/nifi.properties" 
ssh nifi3@node3.nifi "sed -i 's?nifi.cluster.flow.election.max.candidates=?nifi.cluster.flow.election.max.candidates=3?g' ~/nifi/conf/nifi.properties"

修改节点的配置加密key

1
2
3
4
5
6
# node1
sed -i 's?nifi.sensitive.props.key=?nifi.sensitive.props.key=qweQWE123123?g' ~/nifi/conf/nifi.properties
# node2
ssh nifi2@node2.nifi "sed -i 's?nifi.sensitive.props.key=?nifi.sensitive.props.key=qweQWE123123?g' ~/nifi/conf/nifi.properties" 
# node3
ssh nifi3@node3.nifi "sed -i 's?nifi.sensitive.props.key=?nifi.sensitive.props.key=qweQWE123123?g' ~/nifi/conf/nifi.properties"

zk 配置

node1.nifi 上直接执行

添加 zk server 配置

1
2
3
4
5
6
7
8
9
# node1
sed -i 's?server.1=?server.1=node1.nifi:12888:13888;12181?g' ~/nifi/conf/zookeeper.properties
echo '' >> ~/nifi/conf/zookeeper.properties
echo 'server.2=node2.nifi:22888:23888;22181' >> ~/nifi/conf/zookeeper.properties
echo 'server.3=node3.nifi:32888:33888;32181' >> ~/nifi/conf/zookeeper.properties
# node2
scp ~/nifi/conf/zookeeper.properties nifi2@node2.nifi:/home/nifi2/nifi/conf/
# node3
scp ~/nifi/conf/zookeeper.properties nifi3@node3.nifi:/home/nifi3/nifi/conf/

添加节点标识

1
2
3
4
5
6
7
# node1
mkdir -p ~/nifi/state/zookeeper
echo 1 >> ~/nifi/state/zookeeper/myid
# node2
ssh nifi2@node2.nifi "mkdir -p ~/nifi/state/zookeeper;echo 2 >> ~/nifi/state/zookeeper/myid"
# node3
ssh nifi3@node3.nifi "mkdir -p ~/nifi/state/zookeeper;echo 3 >> ~/nifi/state/zookeeper/myid"

允许连接

1
2
3
4
5
6
# node1
sed -i 's?<property name="Connect String"></property>?<property name="Connect String">node1.nifi:12181,node2.nifi:22181,node3.nifi:32181</property>?g' ~/nifi/conf/state-management.xml
# node2
scp ~/nifi/conf/state-management.xml nifi2@node2.nifi:/home/nifi2/nifi/conf/
# node3
scp ~/nifi/conf/state-management.xml nifi3@node3.nifi:/home/nifi3/nifi/conf/

身份配置

1
2
3
4
5
6
7
8
# node1 
sed -i 's?<property name="Initial User Identity 1"></property>?<property name="Initial User Identity 1">CN=nifi</property>\n<property name="Initial User Identity 2">CN=node1.nifi, OU=NIFI</property>\n<property name="Initial User Identity 3">CN=node2.nifi, OU=NIFI</property>\n<property name="Initial User Identity 4">CN=node3.nifi, OU=NIFI</property>?g' ~/nifi/conf/authorizers.xml
sed -i 's?<property name="Initial Admin Identity"></property>?<property name="Initial Admin Identity">CN=nifi</property>?g' ~/nifi/conf/authorizers.xml
sed -i 's?<property name="Node Identity 1"></property>?<property name="Node Identity 1">CN=node1.nifi, OU=NIFI</property>\n<property name="Node Identity 2">CN=node2.nifi, OU=NIFI</property>\n<property name="Node Identity 3">CN=node3.nifi, OU=NIFI</property>?g' ~/nifi/conf/authorizers.xml
# node2
scp ~/nifi/conf/authorizers.xml nifi2@node2.nifi:/home/nifi2/nifi/conf/
# node3
scp ~/nifi/conf/authorizers.xml nifi3@node3.nifi:/home/nifi3/nifi/conf/

启动

1
2
3
~/nifi/bin/nifi.sh start
ssh nifi2@node2.nifi "source /etc/profile;~/nifi/bin/nifi.sh start"
ssh nifi3@node2.nifi "source /etc/profile;~/nifi/bin/nifi.sh start"

查看启动日志

1
tailf ~/nifi/logs/nifi-app.log

伪集群

1
firewall-cmd --zone=public --add-port=19443/tcp --add-port=29443/tcp --add-port=29443/tcp --permanent

集群

安装ZK

1
192.168.15.44:22181

安装集群

配置证书

58节点

1
2
3
4
cd ~/
~/nifi-toolkit/bin/tls-toolkit.sh standalone -n '192.168.15.58,192.168.15.59' -o 'target' -c 'ca.nifi' -d 3650
scp target/192.168.15.58/* nifi@192.168.15.58:/home/nifi/nifi/conf/
scp target/192.168.15.59/* nifi@192.168.15.59:/home/nifi/nifi/conf/
1
vim ~/nifi/conf/authorizers.xml
1
2
3
4
5
6

<accessPolicyProvider>
    <property name="Node Identity 1">CN=192.168.15.58, OU=NIFI</property>
    <property name="Node Identity 2">CN=192.168.15.59, OU=NIFI</property>
    <property name="Initial Admin Identity">192.168.15.58</property>
</accessPolicyProvider>

58 节点配置 NIFI

1
2
3
4
5
sed -i 's/nifi.cluster.is.node=false/nifi.cluster.is.node=true/g' ~/nifi/conf/nifi.properties
sed -i 's/nifi.zookeeper.connect.string=/nifi.zookeeper.connect.string=192.168.15.44:22181/g' ~/nifi/conf/nifi.properties
sed -i 's/nifi.sensitive.props.key=/nifi.sensitive.props.key=Skynj@123QWE/g' ~/nifi/conf/nifi.properties
sed -i 's?<property name=\"Connect String\"></property>?<property name=\"Connect String\">192.168.15.44:22181</property>?g'  ~/nifi/conf/state-management.xml
cat ~/nifi/conf/nifi.properties
1
2
3
4
5
nifi.sensitive.props.key=Skynj@123QWE
nifi.cluster.is.node=true
# 选举
nifi.cluster.flow.election.max.candidates=
nifi.zookeeper.connect.string=192.168.15.44:22181

置空

集群要使用一致的 authorizations.xml users.xml

1
2
3
rm ~/nifi/conf/authorizations.xml  
rm ~/nifi/conf/users.xml
rm ~/nifi/conf/flow.*

修改用户名密码

从节点不需要

1
~/nifi/bin/nifi.sh set-single-user-credentials nifi Skynj@123QWE

启动

1
2
3
4
~/nifi/bin/nifi.sh start
~/nifi/bin/nifi.sh status
cat ~/nifi/logs/nifi-app.log
tailf ~/nifi/logs/nifi-app.log

重启

1
2
~/nifi/bin/nifi.sh restart
~/nifi/bin/nifi.sh status

使用内置 ZK

修改 nifi.properties

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
nifi.state.management.configuration.file=./conf/state-management.xml
nifi.state.management.embedded.zookeeper.start=true
nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties
# https
nifi.remote.input.secure=true
nifi.web.https.host=192.168.15.58
nifi.web.https.port=9443

nifi.sensitive.props.key=Skynj@123QWE

nifi.cluster.protocol.is.secure=true
nifi.cluster.is.node=true
nifi.cluster.node.address=192.168.15.58
nifi.cluster.node.protocol.port=11443
# nodes x 7
nifi.cluster.node.protocol.max.threads=16
nifi.cluster.flow.election.max.wait.time=5 mins
# 选举
nifi.cluster.flow.election.max.candidates=


nifi.cluster.load.balance.host=192.168.15.58
nifi.cluster.load.balance.port=6342
nifi.zookeeper.connect.string=192.168.15.44:22181
nifi.zookeeper.root.node=/nifi-test

各节点配置 ~/nifi/conf/state-management.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<stateManagement>
    <local-provider>
        <id>local-provider</id>
        <class>org.apache.nifi.controller.state.providers.local.WriteAheadLocalStateProvider</class>
        <property name="Directory">./state/local</property>
        <property name="Always Sync">false</property>
        <property name="Partitions">16</property>
        <property name="Checkpoint Interval">2 mins</property>
    </local-provider>
    <cluster-provider>
        <id>zk-provider</id>
        <class>org.apache.nifi.controller.state.providers.zookeeper.ZooKeeperStateProvider</class>
        <property name="Connect String">192.168.15.58:2181,192.168.15.58:2181</property>
        <property name="Root Node">/nifi-test</property>
        <property name="Session Timeout">10 seconds</property>
        <property name="Access Control">Open</property>
    </cluster-provider>
    <!-- <cluster-provider>
                <id>redis-provider</id>
                <class>org.apache.nifi.redis.state.RedisStateProvider</class>
                <property name="Redis Mode">Standalone</property>
                <property name="Connection String">localhost:6379</property>
            </cluster-provider>
        -->
</stateManagement>

~/nifi/conf/zookeeper.properties

1
2
server.1=192.168.15.58:2888:3888;2181
server.2=192.168.15.59:2888:3888;2181

属性 server.节点ID=IP:2888:3888;2181

节点 58

1
2
mkdir -p ~/nifi/state/zookeeper
echo 1 > ~/nifi/state/zookeeper/myid

节点59

1
2
mkdir -p ~/nifi/state/zookeeper
echo 2 > ~/nifi/state/zookeeper/myid

本文地址: https://github.com/maxzhao-it/blog/post/ba72ba5e/