NiFi - automating creation of users/groups during install - apache-nifi

I have a puppet module that is deploying a standalone nifi instance. It's all working and it will deploy the application with an initial admin user etc via authorizers.conf.
But in order to configure additional users and groups there is a long process of creating policies and adding users and groups via the gui. I want to automate some of this in my puppet module.
It would be good to be able to automatically create an admin group which is already assigned to a load of policies.
It doesn't seem like this is possible though as the best-practice is to only edit authorizers.xml and allow that to create the resulting authorisations.xml and users.xml, and there is no setting within authorizers.xml to create initial groups or initial policies.
My only idea at the moment is to use something like the nipyapi python module to create users and groups via the api during the initial install.
Or perhaps ignoring the authorisers.xml and just deploy a pre-configured authorizations.xml and users.xml.
Am I missing any other simple or better options?

Related

Running Cron on a specifc server in AWS

I am developing a project in spring. In this project I have written a cron job as well. I am going to deploy this on 4 AWS servers, but I want my cron job to run on only a single server (let's name that as admin server).
So here my question is how can I identify admin server uniquely. I was thinking to use the IP as identification but as far as I know IP is not static for AWS servers. is there any other way for identification so that I can put that check in my cron job code so that it will run only on admin server?
You can always start the admin instance with some user data as metadata or add a tag to your instance.
The metadata solution might be easier to integrate as you can just issue an unauthenticated HTTP request from within the instance to read the value. If that is a security concern for you, then you can go with the tag and use the API to retrieve the tag value.

Configure as code with security groups and ldap

We are trying to set up a SonarQube server (v. 6.5) to run in Kubernetes. Because of this, we need everything to be configured "as code" not through the web interface.
We have successfully set up single sign-on (SSO) against LDAP server, and that works as such. But since users can then not log out in order to log in as a static admin, we need some way to configure a group that has admin privileges.
It is my understanding that this should be done via group mapping, but all documentation and examples I can find only suggest setting up the groups through the UI.
Is there some way to configure groups via sonar.properties (or other properties file) that are then automatically mapped against groups from LDAP, and configure a group to get admin rights?
I am pretty new to SonarQube (and no ldap expert either), so I hope the question makes sense.
There is no way to configure groups through properties. There are web services (which are used by the UI itself) with which you could script this.
Alternately, see if you can turn on group synching with your SSO. Then you just have to grant admin rights (via the UI? via web services?) to the appropriate group in SonarQube.

Nifi - Update Remote Process Group through Rest API

We are using templates to package up some data transfer jobs between two nifi clusters, one acting as a sender, the other as the receiver. One of our jobs contains a remote process group and all worked fine at the point the template was created.
However when we deploy the template through our environments (dev, test, pre, prod), it is tedious and annoying to have to manually delete and a recreate a remote process group in the user interface. I'd like to automate this to simplify deploying templates and reduce the manual intervention.
Is it possible to update a remote processor group and its port configuration through the rest-api ?
Do I just use the REST api to create a new RPG with the correct configuration ?
Does anyone have any experience with this?
There is a JIRA to address this issue [1] which will be worked in conjunction with some of the ongoing Flow Registry (SDLC for flows) efforts. Until then, the best option would be (2) above.
[1] https://issues.apache.org/jira/browse/NIFI-4526

How to add an AWS EC2 instance on Scalr

I have an AWS account with 14 instances and using scalr. I added the Api reference details and it showed up, at that time instances were pretty low. As and when I keep adding new instances it accepted few and reject the rest. Now I have an instance newly made on AWS which is not getting loaded in scalr.
Any ideas?
Instances that you create using AWS will not show up in Scalr.
Instead, you create Farms (in Scalr) through the use of custom and/or pre-configured Scalr Roles. When you launch those farms/roles, it will launch the required instances in AWS. It's like a wrapper around AWS that provides extra features, but it will only ever know about instances that have been launched from a Scalr role.
It is possible to import an existing server into Scalr although it involves installing the scalarizr software onto that server and opening some ports. Full details can be found here. Once complete, you'll have a new role that you can add to a farm and then launch.

How do I get the initial configuration of my Azure role?

Suppose I deploy an Azure role supplying a service package and a service configuration. Then I change the configuration one or more times without redeploying the role.
Is it possible to get the initial configuration?
The RoleEnvironment API only reflects the current values.
You could handle the RoleEnvironment.Changing event and keep track of the configuration changes from there.
You can change the service configuration in a number of ways:
Using the management portal
Click on the deployment (it must in Ready state!)
Click on "Configure" - edit the configuration.
Using the Manamgement REST API's Change Deployment Configuration method.
If you go for second option, you can either create your own classes or use, for example this NuGet package.
However I don't think (I'm not aware of a method) you can get the initial service configuration once it has been changed.

Resources