Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.ConsumeJMS/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.ConsumeJMS/index.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.ConsumeJMS/index.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.ConsumeJMS/index.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1 @@ +<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>ConsumeJMS</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">ConsumeJMS</h1><h2>Description: </h2><p>Consumes JMS Message of type BytesMessage or TextMessage transforming its content to a FlowFile and transitioning it to 'success' relationship. JMS attributes such as headers and properties will be copied as FlowFile attributes.</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>jms, get, message, receive, consume</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the <strong>nifi.properties</strong> file has an entry for the property <strong>nifi.sensitive.props.key</strong>.</p><table id="properties"><tr><th>Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Connection Factory Service</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>JMSConnectionFactoryProviderDefinition<br/><strong>Implementation:</strong><a href="../../../nifi-jms-cf-service-nar/1.3.0/org.apache.nifi.jms.cf.JMSConnectionFactoryProvider/index.html">JMSConnectionFactoryProvider</a></td><td id="description">The Controller Service that is used to obtain ConnectionFactory</td></tr><tr><t d id="name"><strong>Destination Name</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of the JMS Destination. Usually provided by the administrator (e.g., 'topic://myTopic' or 'myTopic').<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Destination Type</strong></td><td id="default-value">QUEUE</td><td id="allowable-values"><ul><li>QUEUE</li><li>TOPIC</li></ul></td><td id="description">The type of the JMS Destination. Could be one of 'QUEUE' or 'TOPIC'. Usually provided by the administrator. Defaults to 'TOPIC</td></tr><tr><td id="name">User Name</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">User Name used for authentication and authorization.</td></tr><tr><td id="name">Password</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">Password used for authentication and authorization.<br/><strong>Sensitive Property: true</st rong></td></tr><tr><td id="name"><strong>Session Cache size</strong></td><td id="default-value">1</td><td id="allowable-values"></td><td id="description">The maximum limit for the number of cached Sessions.</td></tr><tr><td id="name"><strong>Acknowledgement Mode</strong></td><td id="default-value">2</td><td id="allowable-values"><ul><li>AUTO_ACKNOWLEDGE (1) <img src="../../../../../html/images/iconInfo.png" alt="Automatically acknowledges a client's receipt of a message, regardless if NiFi session has been commited. Can result in data loss in the event where NiFi abruptly stopped before session was commited." title="Automatically acknowledges a client's receipt of a message, regardless if NiFi session has been commited. Can result in data loss in the event where NiFi abruptly stopped before session was commited."></img></li><li>CLIENT_ACKNOWLEDGE (2) <img src="../../../../../html/images/iconInfo.png" alt="(DEFAULT) Manually acknowledges a client's receipt of a message after NiFi Ses sion was commited, thus ensuring no data loss" title="(DEFAULT) Manually acknowledges a client's receipt of a message after NiFi Session was commited, thus ensuring no data loss"></img></li><li>DUPS_OK_ACKNOWLEDGE (3) <img src="../../../../../html/images/iconInfo.png" alt="This acknowledgment mode instructs the session to lazily acknowledge the delivery of messages. May result in both data duplication and data loss while achieving the best throughput." title="This acknowledgment mode instructs the session to lazily acknowledge the delivery of messages. May result in both data duplication and data loss while achieving the best throughput."></img></li></ul></td><td id="description">The JMS Acknowledgement Mode. Using Auto Acknowledge can cause messages to be lost on restart of NiFi but may provide better performance than Client Acknowledge.</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>All FlowFiles that are received from the JMS Destination are routed to this relationship</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3>None specified.<h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component does not allow an incoming relationship.<h3>See Also:</h3><p><a href="../org.apache.nifi.jms.processors.PublishJMS/index.html">PublishJMS</a>, <a href="../../../nifi-jms-cf-service-nar/1.3.0/org.apache.nifi.jms.cf.JMSConnectionFactoryProvider/index.html">JMSConnectionFactoryProvider</a></p></body></html> \ No newline at end of file
Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/additionalDetails.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/additionalDetails.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/additionalDetails.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/additionalDetails.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<html lang="en"> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<head> + <meta charset="utf-8" /> + <title>PublishJMS</title> + <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" /> +</head> + +<body> +<h2>Summary</h2> +<p> + This processor publishes the contents of the incoming FlowFile to a JMS compliant messaging system. +</p> +<p> + This processor does two things. It constructs JMS Message by extracting FlowFile contents (both body and attributes). + Once message is constructed it is sent to a pre-configured JMS Destination. + Standard <a href="http://docs.spring.io/spring-integration/api/org/springframework/integration/jms/JmsHeaders.html";>JMS Headers</a> + will be extracted from the FlowFile and set on <i>javax.jms.Message</i> as JMS headers while other + FlowFile attributes will be set as properties of <i>javax.jms.Message</i>. Upon success the incoming FlowFile is transferred + to the <i>success</i> Relationship and upon failure FlowFile is + penalized and transferred to the <i>failure</i> Relationship. +</p> +<h2>Configuration Details</h2> +<p> + At the time of writing this document it only defines the essential configuration properties which are suitable for most cases. + Other properties will be defined later as this component progresses. + Configuring PublishJMS: +</p> +<ol> + <li><b>User Name</b> - [OPTIONAL] User Name used for authentication and authorization when this processor obtains <i>javax.jms.Connection</i> + from the pre-configured <i>javax.jms.ConnectionFactory</i> (see below). + </li> + <li><b>Password</b> - [OPTIONAL] Password used in conjunction with <b>User Name</b>. + </li> + <li><b>Destination Name</b> - [REQUIRED] the name of the <i>javax.jms.Destination</i>. + Usually provided by administrator (e.g., 'topic://myTopic'). + </li> + <li><b>Destination Type</b> - [OPTIONAL] the type of the <i>javax.jms.Destination</i>. Could be one of 'QUEUE' or 'TOPIC' + Usually provided by the administrator. Defaults to 'TOPIC'. + </li> + <li><b>Session Cache size</b> - [OPTIONAL] Specify the desired size for the JMS Session cache (per JMS Session type). This cache + size is the maximum limit for the number of cached Sessions. + Usually provided by the administrator (e.g., '2453'). Defaults to '1'. + </li> + <li><b>Connection Factory Service</b> - [REQUIRED] link to a pre-configured instance of org.apache.nifi.jms.cf.JMSConnectionFactoryProvider. + </li> +</ol> + +</body> +</html> \ No newline at end of file Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/index.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/index.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.3.0/org.apache.nifi.jms.processors.PublishJMS/index.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1 @@ +<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>PublishJMS</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">PublishJMS</h1><h2>Description: </h2><p>Creates a JMS Message from the contents of a FlowFile and sends it to a JMS Destination (queue or topic) as JMS BytesMessage. FlowFile attributes will be added as JMS headers and/or properties to the outgoing JMS message.</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>jms, put, message, send, publish</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the <strong>nifi.properties</strong> file has an entry for the property <strong>nifi.sensitive.props.key</strong>.</p><table id="properties"><tr><th>Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Connection Factory Service</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>JMSConnectionFactoryProviderDefinition<br/><strong>Implementation:</strong><a href="../../../nifi-jms-cf-service-nar/1.3.0/org.apache.nifi.jms.cf.JMSConnectionFactoryProvider/index.html">JMSConnectionFactoryProvider</a></td><td id="description">The Controller Service that is used to obtain ConnectionFactory</td></tr><tr><td id="name "><strong>Destination Name</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of the JMS Destination. Usually provided by the administrator (e.g., 'topic://myTopic' or 'myTopic').<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Destination Type</strong></td><td id="default-value">QUEUE</td><td id="allowable-values"><ul><li>QUEUE</li><li>TOPIC</li></ul></td><td id="description">The type of the JMS Destination. Could be one of 'QUEUE' or 'TOPIC'. Usually provided by the administrator. Defaults to 'TOPIC</td></tr><tr><td id="name">User Name</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">User Name used for authentication and authorization.</td></tr><tr><td id="name">Password</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">Password used for authentication and authorization.<br/><strong>Sensitive Property: true</strong></td> </tr><tr><td id="name"><strong>Session Cache size</strong></td><td id="default-value">1</td><td id="allowable-values"></td><td id="description">The maximum limit for the number of cached Sessions.</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>All FlowFiles that are sent to the JMS destination are routed to this relationship</td></tr><tr><td>failure</td><td>All FlowFiles that cannot be sent to JMS destination are routed to this relationship</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3>None specified.<h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>See Also:</h3><p><a href="../org.apache.nifi.jms.processors.ConsumeJMS/index.html">ConsumeJMS</a>, <a href="../../../nifi-jms-cf-service-nar/1.3.0/org.apache.nifi.jms .cf.JMSConnectionFactoryProvider/index.html">JMSConnectionFactoryProvider</a></p></body></html> \ No newline at end of file Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/additionalDetails.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/additionalDetails.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/additionalDetails.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/additionalDetails.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1,142 @@ +<!DOCTYPE html> +<html lang="en"> + <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <head> + <meta charset="utf-8" /> + <title>ConsumeKafka</title> + <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" /> + </head> + + <body> + <!-- Processor Documentation ================================================== --> + <h2>Description:</h2> + <p> + This Processor polls <a href="http://kafka.apache.org/";>Apache Kafka</a> + for data using KafkaConsumer API available with Kafka 0.10.x. When a message is received + from Kafka, the message will be deserialized using the configured Record Reader, and then + written to a FlowFile by serializing the message with the configured Record Writer. + </p> + <h2>Security Configuration:</h2> + <p> + The Security Protocol property allows the user to specify the protocol for communicating + with the Kafka broker. The following sections describe each of the protocols in further detail. + </p> + <h3>PLAINTEXT</h3> + <p> + This option provides an unsecured connection to the broker, with no client authentication and no encryption. + In order to use this option the broker must be configured with a listener of the form: + <pre> + PLAINTEXT://host.name:port + </pre> + </p> + <h3>SSL</h3> + <p> + This option provides an encrypted connection to the broker, with optional client authentication. In order + to use this option the broker must be configured with a listener of the form: + <pre> + SSL://host.name:port + </pre> + In addition, the processor must have an SSL Context Service selected. + </p> + <p> + If the broker specifies ssl.client.auth=none, or does not specify ssl.client.auth, then the client will + not be required to present a certificate. In this case, the SSL Context Service selected may specify only + a truststore containing the public key of the certificate authority used to sign the broker's key. + </p> + <p> + If the broker specifies ssl.client.auth=required then the client will be required to present a certificate. + In this case, the SSL Context Service must also specify a keystore containing a client key, in addition to + a truststore as described above. + </p> + <h3>SASL_PLAINTEXT</h3> + <p> + This option uses SASL with a PLAINTEXT transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_PLAINTEXT://host.name:port + </pre> + In addition, the Kerberos Service Name must be specified in the processor. + </p> + <h4>SASL_PLAINTEXT - GSSAPI</h4> + <p> + If the SASL mechanism is GSSAPI, then the client must provide a JAAS configuration to authenticate. The + JAAS configuration can be provided by specifying the java.security.auth.login.config system property in + NiFi's bootstrap.conf, such as: + <pre> + java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf + </pre> + </p> + <p> + An example of the JAAS config file would be the following: + <pre> + KafkaClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + keyTab="/path/to/nifi.keytab" + serviceName="kafka" + principal="[email protected]"; + }; + </pre> + <b>NOTE:</b> The serviceName in the JAAS file must match the Kerberos Service Name in the processor. + </p> + <p> + Alternatively, starting with Apache NiFi 1.2.0 which uses the Kafka 0.10.2 client, the JAAS + configuration when using GSSAPI can be provided by specifying the Kerberos Principal and Kerberos Keytab + directly in the processor properties. This will dynamically create a JAAS configuration like above, and + will take precedence over the java.security.auth.login.config system property. + </p> + <h4>SASL_PLAINTEXT - PLAIN</h4> + <p> + If the SASL mechanism is PLAIN, then client must provide a JAAS configuration to authenticate, but + the JAAS configuration must use Kafka's PlainLoginModule. An example of the JAAS config file would + be the following: + <pre> + KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="nifi" + password="nifi-password"; + }; + </pre> + </p> + <p> + <b>NOTE:</b> It is not recommended to use a SASL mechanism of PLAIN with SASL_PLAINTEXT, as it would transmit + the username and password unencrypted. + </p> + <p> + <b>NOTE:</b> Using the PlainLoginModule will cause it be registered in the JVM's static list of Providers, making + it visible to components in other NARs that may access the providers. There is currently a known issue + where Kafka processors using the PlainLoginModule will cause HDFS processors with Keberos to no longer work. + </p> + <h3>SASL_SSL</h3> + <p> + This option uses SASL with an SSL/TLS transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_SSL://host.name:port + </pre> + </p> + <p> + See the SASL_PLAINTEXT section for a description of how to provide the proper JAAS configuration + depending on the SASL mechanism (GSSAPI or PLAIN). + </p> + <p> + See the SSL section for a description of how to configure the SSL Context Service based on the + ssl.client.auth property. + </p> + + </body> +</html> Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/index.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/index.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/index.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1 @@ +<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>ConsumeKafkaRecord_0_10</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">ConsumeKafkaRecord_0_10</h1><h2>Description: </h2><p>Consumes messages from Apache Kafka specifically built against the Kafka 0.10.x Consumer API. The complementary NiFi processor for sending messages is PublishKafka_0_10. Please note that, at this time, the Processor assumes that all records that are retrieved from a given partition have the same schema. If any of the Kafka messages are pulled but cannot be parsed or written with the configured Record Reader or Record Writer, the contents of the message will be written to a separate FlowFile, and that FlowFile will be transferred to the 'parse.failure' relationship. Otherwise, each FlowFile is sent to the 'success' relationship and may contain many individual messages within the single FlowFile. A 'record.count' attribute is added to indicate how many messages are contained in the FlowFile.</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>Kafka, Get, Record, csv, avro, json, Ingest, Ingress, Topic, PubSub, Consume, 0.10.x</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>.</p><table id="properties"><tr><th>Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Kafka Brokers</strong></td><td id="default-value">localhost:9092</td><td id="allo wable-values"></td><td id="description">A comma-separated list of known Kafka Brokers in the format <host>:<port><br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Topic Name(s)</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of the Kafka Topic(s) to pull from. More than one can be supplied if comma separated.<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Topic Name Format</strong></td><td id="default-value">names</td><td id="allowable-values"><ul><li>names <img src="../../../../../html/images/iconInfo.png" alt="Topic is a full topic name or comma separated list of names" title="Topic is a full topic name or comma separated list of names"></img></li><li>pattern <img src="../../../../../html/images/iconInfo.png" alt="Topic is a regex using the Java Pattern syntax" title="Topic is a regex using the Java Pattern syntax"></img></li></ul> </td><td id="description">Specifies whether the Topic(s) provided are a comma separated list of names or a single regular expression</td></tr><tr><td id="name"><strong>Record Reader</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>RecordReaderFactory<br/><strong>Implementations: </strong><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonPathReader/index.html">JsonPathReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.csv.CSVReader/index.html">CSVReader</a><br/><a href="../../../nifi-scripting-nar/1.3.0/org.apache.nifi.record.script.ScriptedReader/index.html">ScriptedReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.avro.AvroReader/index.html">AvroReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.grok.GrokReader/index.html">GrokReader</a><br/><a href="../ ../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonTreeReader/index.html">JsonTreeReader</a></td><td id="description">The Record Reader to use for incoming FlowFiles</td></tr><tr><td id="name"><strong>Record Writer</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>RecordSetWriterFactory<br/><strong>Implementations: </strong><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.text.FreeFormTextRecordSetWriter/index.html">FreeFormTextRecordSetWriter</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.csv.CSVRecordSetWriter/index.html">CSVRecordSetWriter</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonRecordSetWriter/index.html">JsonRecordSetWriter</a><br/><a href="../../../nifi-scripting-nar/1.3.0/org.apache.nifi.record.script.ScriptedRecordSetWriter/index.html">ScriptedRecordSetWriter</a><b r/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.avro.AvroRecordSetWriter/index.html">AvroRecordSetWriter</a></td><td id="description">The Record Writer to use in order to serialize the data before sending to Kafka</td></tr><tr><td id="name"><strong>Security Protocol</strong></td><td id="default-value">PLAINTEXT</td><td id="allowable-values"><ul><li>PLAINTEXT <img src="../../../../../html/images/iconInfo.png" alt="PLAINTEXT" title="PLAINTEXT"></img></li><li>SSL <img src="../../../../../html/images/iconInfo.png" alt="SSL" title="SSL"></img></li><li>SASL_PLAINTEXT <img src="../../../../../html/images/iconInfo.png" alt="SASL_PLAINTEXT" title="SASL_PLAINTEXT"></img></li><li>SASL_SSL <img src="../../../../../html/images/iconInfo.png" alt="SASL_SSL" title="SASL_SSL"></img></li></ul></td><td id="description">Protocol used to communicate with brokers. Corresponds to Kafka's 'security.protocol' property.</td></tr><tr><td id="name">Kerberos Service Name</td><t d id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config. Corresponds to Kafka's 'security.protocol' property.It is ignored unless one of the SASL options of the <Security Protocol> are selected.</td></tr><tr><td id="name">Kerberos Principal</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">Kerberos Keytab</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos keytab that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defi ned in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">SSL Context Service</td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>SSLContextService<br/><strong>Implementation:</strong><a href="../../../nifi-ssl-context-service-nar/1.3.0/org.apache.nifi.ssl.StandardSSLContextService/index.html">StandardSSLContextService</a></td><td id="description">Specifies the SSL Context Service to use for communicating with Kafka.</td></tr><tr><td id="name"><strong>Group ID</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">A Group ID is used to identify consumers that are within the same consumer group. Corresponds to Kafka's 'group.id' property.</td></tr><tr><td id="name"><strong>Offset Reset</strong></td><td id="default-value">latest</td><td id="allowable-values"><ul><li>earliest <img src="../../../../../html/images/iconInfo.png" al t="Automatically reset the offset to the earliest offset" title="Automatically reset the offset to the earliest offset"></img></li><li>latest <img src="../../../../../html/images/iconInfo.png" alt="Automatically reset the offset to the latest offset" title="Automatically reset the offset to the latest offset"></img></li><li>none <img src="../../../../../html/images/iconInfo.png" alt="Throw exception to the consumer if no previous offset is found for the consumer's group" title="Throw exception to the consumer if no previous offset is found for the consumer's group"></img></li></ul></td><td id="description">Allows you to manage the condition when there is no initial offset in Kafka or if the current offset does not exist any more on the server (e.g. because that data has been deleted). Corresponds to Kafka's 'auto.offset.reset' property.</td></tr><tr><td id="name">Max Poll Records</td><td id="default-value">10000</td><td id="allowable-values"></td><td id="description">Specifies the m aximum number of records Kafka should return in a single poll.</td></tr><tr><td id="name">Max Uncommitted Time</td><td id="default-value">1 secs</td><td id="allowable-values"></td><td id="description">Specifies the maximum amount of time allowed to pass before offsets must be committed. This value impacts how often offsets will be committed. Committing offsets less often increases throughput but also increases the window of potential data duplication in the event of a rebalance or JVM restart between commits. This value is also related to maximum poll records and the use of a message demarcator. When using a message demarcator we can have far more uncommitted messages than when we're not as there is much less for us to keep track of in memory.</td></tr></table><h3>Dynamic Properties: </h3><p>Dynamic Properties allow the user to specify both the name and value of a property.<table id="dynamic-properties"><tr><th>Name</th><th>Value</th><th>Description</th></tr><tr><td id="name">The name of a Kafka configuration property.</td><td id="value">The value of a given Kafka configuration property.</td><td>These properties will be added on the Kafka configuration after loading any provided configuration properties. In the event a dynamic property represents a property that was already set, its value will be ignored and WARN message logged. For the list of available Kafka properties please refer to: http://kafka.apache.org/documentation.html#configuration. </td></tr></table></p><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>FlowFiles received from Kafka. Depending on demarcation strategy it is a flow file per message or a bundle of messages grouped by topic and partition.</td></tr><tr><td>parse.failure</td><td>If a message from Kafka cannot be parsed using the configured Record Reader, the contents of the message will be routed to this Relationship as its own individual FlowFile.</td></tr></table><h3 >Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table >id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>record.count</td><td>The > number of records received</td></tr><tr><td>mime.type</td><td>The MIME Type >that is provided by the configured Record >Writer</td></tr><tr><td>kafka.partition</td><td>The partition of the topic >the records are from</td></tr><tr><td>kafka.topic</td><td>The topic records >are from</td></tr></table><h3>State management: </h3>This component does not >store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input >requirement: </h3>This component does not allow an incoming >relationship.<h3>See Also:</h3><p><a >href="../org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html">ConsumeKafka_0_10</a>, > <a >href="../org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/index.html">PublishKafka_0_10</a>, > <a >href="../org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/index.html">PublishKafk aRecord_0_10</a></p></body></html> \ No newline at end of file Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/additionalDetails.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/additionalDetails.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/additionalDetails.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/additionalDetails.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1,142 @@ +<!DOCTYPE html> +<html lang="en"> + <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <head> + <meta charset="utf-8" /> + <title>ConsumeKafka</title> + <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" /> + </head> + + <body> + <!-- Processor Documentation ================================================== --> + <h2>Description:</h2> + <p> + This Processor polls <a href="http://kafka.apache.org/";>Apache Kafka</a> + for data using KafkaConsumer API available with Kafka 0.10.x. When a message is received + from Kafka, this Processor emits a FlowFile where the content of the FlowFile is the value + of the Kafka message. + </p> + <h2>Security Configuration:</h2> + <p> + The Security Protocol property allows the user to specify the protocol for communicating + with the Kafka broker. The following sections describe each of the protocols in further detail. + </p> + <h3>PLAINTEXT</h3> + <p> + This option provides an unsecured connection to the broker, with no client authentication and no encryption. + In order to use this option the broker must be configured with a listener of the form: + <pre> + PLAINTEXT://host.name:port + </pre> + </p> + <h3>SSL</h3> + <p> + This option provides an encrypted connection to the broker, with optional client authentication. In order + to use this option the broker must be configured with a listener of the form: + <pre> + SSL://host.name:port + </pre> + In addition, the processor must have an SSL Context Service selected. + </p> + <p> + If the broker specifies ssl.client.auth=none, or does not specify ssl.client.auth, then the client will + not be required to present a certificate. In this case, the SSL Context Service selected may specify only + a truststore containing the public key of the certificate authority used to sign the broker's key. + </p> + <p> + If the broker specifies ssl.client.auth=required then the client will be required to present a certificate. + In this case, the SSL Context Service must also specify a keystore containing a client key, in addition to + a truststore as described above. + </p> + <h3>SASL_PLAINTEXT</h3> + <p> + This option uses SASL with a PLAINTEXT transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_PLAINTEXT://host.name:port + </pre> + In addition, the Kerberos Service Name must be specified in the processor. + </p> + <h4>SASL_PLAINTEXT - GSSAPI</h4> + <p> + If the SASL mechanism is GSSAPI, then the client must provide a JAAS configuration to authenticate. The + JAAS configuration can be provided by specifying the java.security.auth.login.config system property in + NiFi's bootstrap.conf, such as: + <pre> + java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf + </pre> + </p> + <p> + An example of the JAAS config file would be the following: + <pre> + KafkaClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + keyTab="/path/to/nifi.keytab" + serviceName="kafka" + principal="[email protected]"; + }; + </pre> + <b>NOTE:</b> The serviceName in the JAAS file must match the Kerberos Service Name in the processor. + </p> + <p> + Alternatively, starting with Apache NiFi 1.2.0 which uses the Kafka 0.10.2 client, the JAAS + configuration when using GSSAPI can be provided by specifying the Kerberos Principal and Kerberos Keytab + directly in the processor properties. This will dynamically create a JAAS configuration like above, and + will take precedence over the java.security.auth.login.config system property. + </p> + <h4>SASL_PLAINTEXT - PLAIN</h4> + <p> + If the SASL mechanism is PLAIN, then client must provide a JAAS configuration to authenticate, but + the JAAS configuration must use Kafka's PlainLoginModule. An example of the JAAS config file would + be the following: + <pre> + KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="nifi" + password="nifi-password"; + }; + </pre> + </p> + <p> + <b>NOTE:</b> It is not recommended to use a SASL mechanism of PLAIN with SASL_PLAINTEXT, as it would transmit + the username and password unencrypted. + </p> + <p> + <b>NOTE:</b> Using the PlainLoginModule will cause it be registered in the JVM's static list of Providers, making + it visible to components in other NARs that may access the providers. There is currently a known issue + where Kafka processors using the PlainLoginModule will cause HDFS processors with Keberos to no longer work. + </p> + <h3>SASL_SSL</h3> + <p> + This option uses SASL with an SSL/TLS transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_SSL://host.name:port + </pre> + </p> + <p> + See the SASL_PLAINTEXT section for a description of how to provide the proper JAAS configuration + depending on the SASL mechanism (GSSAPI or PLAIN). + </p> + <p> + See the SSL section for a description of how to configure the SSL Context Service based on the + ssl.client.auth property. + </p> + + </body> +</html> Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1 @@ +<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>ConsumeKafka_0_10</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">ConsumeKafka_0_10</h1><h2>Description: </h2><p>Consumes messages from Apache Kafka specifically built against the Kafka 0.10.x Consumer API. Please note there are cases where the publisher can get into an indefinite stuck state. We are closely monitoring how this evolves in the Kafka community and will take advantage of those fixes as soon as we can. In the meantime it is possible to enter states where the only resolution will be to restart the JVM NiFi runs on. The complementary NiFi processor for sending messages is PublishKafka_0_10.</p><p><a href="additionalDetails.html">Additional Deta ils...</a></p><h3>Tags: </h3><p>Kafka, Get, Ingest, Ingress, Topic, PubSub, Consume, 0.10.x</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>.</p><table id="properties"><tr><th>Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Kafka Brokers</strong></td><td id="default-value">localhost:9092</td><td id="allowable-values"></td><td id="description">A comma-separated list of known Kafka Brokers in the format <host>:<port><br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Security Protocol</strong></td><td id="default-value">PLAINTEXT</td><td id="allowable-values"><ul><li>PLAINTEXT <img src=" ../../../../../html/images/iconInfo.png" alt="PLAINTEXT" title="PLAINTEXT"></img></li><li>SSL <img src="../../../../../html/images/iconInfo.png" alt="SSL" title="SSL"></img></li><li>SASL_PLAINTEXT <img src="../../../../../html/images/iconInfo.png" alt="SASL_PLAINTEXT" title="SASL_PLAINTEXT"></img></li><li>SASL_SSL <img src="../../../../../html/images/iconInfo.png" alt="SASL_SSL" title="SASL_SSL"></img></li></ul></td><td id="description">Protocol used to communicate with brokers. Corresponds to Kafka's 'security.protocol' property.</td></tr><tr><td id="name">Kerberos Service Name</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config. Corresponds to Kafka's 'security.protocol' property.It is ignored unless one of the SASL options of the <Security Protocol> are selected.</td></tr><tr><td id="name">Kerberos Principal</td><td id="defau lt-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">Kerberos Keytab</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos keytab that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">SSL Context Service</td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>SSLContextService<br/><strong>Implementation:</strong><a href="../../../nifi-ssl-context-service-nar/1.3.0/org.apache.nifi.ssl.StandardSSLContextService/ index.html">StandardSSLContextService</a></td><td id="description">Specifies the SSL Context Service to use for communicating with Kafka.</td></tr><tr><td id="name"><strong>Topic Name(s)</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of the Kafka Topic(s) to pull from. More than one can be supplied if comma separated.<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Topic Name Format</strong></td><td id="default-value">names</td><td id="allowable-values"><ul><li>names <img src="../../../../../html/images/iconInfo.png" alt="Topic is a full topic name or comma separated list of names" title="Topic is a full topic name or comma separated list of names"></img></li><li>pattern <img src="../../../../../html/images/iconInfo.png" alt="Topic is a regex using the Java Pattern syntax" title="Topic is a regex using the Java Pattern syntax"></img></li></ul></td><td id="description">Specifies whether the Topic(s) provided are a comma separated list of names or a single regular expression</td></tr><tr><td id="name"><strong>Group ID</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">A Group ID is used to identify consumers that are within the same consumer group. Corresponds to Kafka's 'group.id' property.</td></tr><tr><td id="name"><strong>Offset Reset</strong></td><td id="default-value">latest</td><td id="allowable-values"><ul><li>earliest <img src="../../../../../html/images/iconInfo.png" alt="Automatically reset the offset to the earliest offset" title="Automatically reset the offset to the earliest offset"></img></li><li>latest <img src="../../../../../html/images/iconInfo.png" alt="Automatically reset the offset to the latest offset" title="Automatically reset the offset to the latest offset"></img></li><li>none <img src="../../../../../html/images/iconInfo.png" alt="Throw exception to the consumer if no previous offset is found for the consumer's group" title="Throw exception to the consumer if no previous offset is found for the consumer's group"></img></li></ul></td><td id="description">Allows you to manage the condition when there is no initial offset in Kafka or if the current offset does not exist any more on the server (e.g. because that data has been deleted). Corresponds to Kafka's 'auto.offset.reset' property.</td></tr><tr><td id="name"><strong>Key Attribute Encoding</strong></td><td id="default-value">utf-8</td><td id="allowable-values"><ul><li>UTF-8 Encoded <img src="../../../../../html/images/iconInfo.png" alt="The key is interpreted as a UTF-8 Encoded string." title="The key is interpreted as a UTF-8 Encoded string."></img></li><li>Hex Encoded <img src="../../../../../html/images/iconInfo.png" alt="The key is interpreted as arbitrary binary data and is encoded using hexadecimal characters with uppercase letters" title="The key is interpreted as arbitrary binary data and is encoded using hexadecima l characters with uppercase letters"></img></li></ul></td><td id="description">FlowFiles that are emitted have an attribute named 'kafka.key'. This property dictates how the value of the attribute should be encoded.</td></tr><tr><td id="name">Message Demarcator</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">Since KafkaConsumer receives messages in batches, you have an option to output FlowFiles which contains all Kafka messages in a single batch for a given topic and partition and this property allows you to provide a string (interpreted as UTF-8) to use for demarcating apart multiple Kafka messages. This is an optional property and if not provided each Kafka message received will result in a single FlowFile which time it is triggered. To enter special character such as 'new line' use CTRL+Enter or Shift+Enter depending on the OS<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name">Max Poll Records</td><td id="defau lt-value">10000</td><td id="allowable-values"></td><td id="description">Specifies the maximum number of records Kafka should return in a single poll.</td></tr><tr><td id="name">Max Uncommitted Time</td><td id="default-value">1 secs</td><td id="allowable-values"></td><td id="description">Specifies the maximum amount of time allowed to pass before offsets must be committed. This value impacts how often offsets will be committed. Committing offsets less often increases throughput but also increases the window of potential data duplication in the event of a rebalance or JVM restart between commits. This value is also related to maximum poll records and the use of a message demarcator. When using a message demarcator we can have far more uncommitted messages than when we're not as there is much less for us to keep track of in memory.</td></tr></table><h3>Dynamic Properties: </h3><p>Dynamic Properties allow the user to specify both the name and value of a property.<table id="dynamic-pr operties"><tr><th>Name</th><th>Value</th><th>Description</th></tr><tr><td id="name">The name of a Kafka configuration property.</td><td id="value">The value of a given Kafka configuration property.</td><td>These properties will be added on the Kafka configuration after loading any provided configuration properties. In the event a dynamic property represents a property that was already set, its value will be ignored and WARN message logged. For the list of available Kafka properties please refer to: http://kafka.apache.org/documentation.html#configuration. </td></tr></table></p><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>FlowFiles received from Kafka. Depending on demarcation strategy it is a flow file per message or a bundle of messages grouped by topic and partition.</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Descrip tion</th></tr><tr><td>kafka.count</td><td>The number of messages written if more than one</td></tr><tr><td>kafka.key</td><td>The key of message if present and if single message. How the key is encoded depends on the value of the 'Key Attribute Encoding' property.</td></tr><tr><td>kafka.offset</td><td>The offset of the message in the partition of the topic.</td></tr><tr><td>kafka.partition</td><td>The partition of the topic the message or message bundle is from</td></tr><tr><td>kafka.topic</td><td>The topic the message or message bundle is from</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component does not allow an incoming relationship.</body></html> \ No newline at end of file Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/additionalDetails.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/additionalDetails.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/additionalDetails.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/additionalDetails.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1,143 @@ +<!DOCTYPE html> +<html lang="en"> + <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <head> + <meta charset="utf-8" /> + <title>PublishKafka</title> + <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" /> + </head> + + <body> + <!-- Processor Documentation ================================================== --> + <h2>Description:</h2> + <p> + This Processor puts the contents of a FlowFile to a Topic in + <a href="http://kafka.apache.org/";>Apache Kafka</a> using KafkaProducer API available + with Kafka 0.10.x API. The contents of the incoming FlowFile will be read using the + configured Record Reader. Each record will then be serialized using the configured + Record Writer, and this serialized form will be the content of a Kafka message. + This message is optionally assigned a key by using the <Kafka Key> Property. + </p> + <h2>Security Configuration:</h2> + <p> + The Security Protocol property allows the user to specify the protocol for communicating + with the Kafka broker. The following sections describe each of the protocols in further detail. + </p> + <h3>PLAINTEXT</h3> + <p> + This option provides an unsecured connection to the broker, with no client authentication and no encryption. + In order to use this option the broker must be configured with a listener of the form: + <pre> + PLAINTEXT://host.name:port + </pre> + </p> + <h3>SSL</h3> + <p> + This option provides an encrypted connection to the broker, with optional client authentication. In order + to use this option the broker must be configured with a listener of the form: + <pre> + SSL://host.name:port + </pre> + In addition, the processor must have an SSL Context Service selected. + </p> + <p> + If the broker specifies ssl.client.auth=none, or does not specify ssl.client.auth, then the client will + not be required to present a certificate. In this case, the SSL Context Service selected may specify only + a truststore containing the public key of the certificate authority used to sign the broker's key. + </p> + <p> + If the broker specifies ssl.client.auth=required then the client will be required to present a certificate. + In this case, the SSL Context Service must also specify a keystore containing a client key, in addition to + a truststore as described above. + </p> + <h3>SASL_PLAINTEXT</h3> + <p> + This option uses SASL with a PLAINTEXT transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_PLAINTEXT://host.name:port + </pre> + In addition, the Kerberos Service Name must be specified in the processor. + </p> + <h4>SASL_PLAINTEXT - GSSAPI</h4> + <p> + If the SASL mechanism is GSSAPI, then the client must provide a JAAS configuration to authenticate. The + JAAS configuration can be provided by specifying the java.security.auth.login.config system property in + NiFi's bootstrap.conf, such as: + <pre> + java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf + </pre> + </p> + <p> + An example of the JAAS config file would be the following: + <pre> + KafkaClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + keyTab="/path/to/nifi.keytab" + serviceName="kafka" + principal="[email protected]"; + }; + </pre> + <b>NOTE:</b> The serviceName in the JAAS file must match the Kerberos Service Name in the processor. + </p> + <p> + Alternatively, starting with Apache NiFi 1.2.0 which uses the Kafka 0.10.2 client, the JAAS + configuration when using GSSAPI can be provided by specifying the Kerberos Principal and Kerberos Keytab + directly in the processor properties. This will dynamically create a JAAS configuration like above, and + will take precedence over the java.security.auth.login.config system property. + </p> + <h4>SASL_PLAINTEXT - PLAIN</h4> + <p> + If the SASL mechanism is PLAIN, then client must provide a JAAS configuration to authenticate, but + the JAAS configuration must use Kafka's PlainLoginModule. An example of the JAAS config file would + be the following: + <pre> + KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="nifi" + password="nifi-password"; + }; + </pre> + </p> + <p> + <b>NOTE:</b> It is not recommended to use a SASL mechanism of PLAIN with SASL_PLAINTEXT, as it would transmit + the username and password unencrypted. + </p> + <p> + <b>NOTE:</b> Using the PlainLoginModule will cause it be registered in the JVM's static list of Providers, making + it visible to components in other NARs that may access the providers. There is currently a known issue + where Kafka processors using the PlainLoginModule will cause HDFS processors with Keberos to no longer work. + </p> + <h3>SASL_SSL</h3> + <p> + This option uses SASL with an SSL/TLS transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_SSL://host.name:port + </pre> + </p> + <p> + See the SASL_PLAINTEXT section for a description of how to provide the proper JAAS configuration + depending on the SASL mechanism (GSSAPI or PLAIN). + </p> + <p> + See the SSL section for a description of how to configure the SSL Context Service based on the + ssl.client.auth property. + </p> + </body> +</html> Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/index.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/index.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafkaRecord_0_10/index.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1 @@ +<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>PublishKafkaRecord_0_10</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">PublishKafkaRecord_0_10</h1><h2>Description: </h2><p>Sends the contents of a FlowFile as individual records to Apache Kafka using the Kafka 0.10.x Producer API. The contents of the FlowFile are expected to be record-oriented data that can be read by the configured Record Reader. Please note there are cases where the publisher can get into an indefinite stuck state. We are closely monitoring how this evolves in the Kafka community and will take advantage of those fixes as soon as we can. In the meantime it is possible to enter states where the only resolution will be to restart the JVM NiFi runs on. The complementary NiFi processor for fetching messages is ConsumeKafka_0_10_Record.</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>Apache, Kafka, Record, csv, json, avro, logs, Put, Send, Message, PubSub, 0.10.x</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>.</p><table id="properties"><tr><th>Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Kafka Brokers</strong></td><td id="default-value">localhost:9092</td><td id="allowable-values"></td><td id="description">A comma-separated list of known Kafka Brokers in the format <host>:<port><br/><strong>Supports Expression Languag e: true</strong></td></tr><tr><td id="name"><strong>Topic Name</strong></td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of the Kafka Topic to publish to.<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Record Reader</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>RecordReaderFactory<br/><strong>Implementations: </strong><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonPathReader/index.html">JsonPathReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.csv.CSVReader/index.html">CSVReader</a><br/><a href="../../../nifi-scripting-nar/1.3.0/org.apache.nifi.record.script.ScriptedReader/index.html">ScriptedReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.avro.AvroReader/index.html">AvroReader</a><br/><a href="../../. ./nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.grok.GrokReader/index.html">GrokReader</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonTreeReader/index.html">JsonTreeReader</a></td><td id="description">The Record Reader to use for incoming FlowFiles</td></tr><tr><td id="name"><strong>Record Writer</strong></td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>RecordSetWriterFactory<br/><strong>Implementations: </strong><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.text.FreeFormTextRecordSetWriter/index.html">FreeFormTextRecordSetWriter</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.csv.CSVRecordSetWriter/index.html">CSVRecordSetWriter</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.json.JsonRecordSetWriter/index.html">JsonRecordSetWriter</a><br/><a href="../../. ./nifi-scripting-nar/1.3.0/org.apache.nifi.record.script.ScriptedRecordSetWriter/index.html">ScriptedRecordSetWriter</a><br/><a href="../../../nifi-record-serialization-services-nar/1.3.0/org.apache.nifi.avro.AvroRecordSetWriter/index.html">AvroRecordSetWriter</a></td><td id="description">The Record Writer to use in order to serialize the data before sending to Kafka</td></tr><tr><td id="name"><strong>Security Protocol</strong></td><td id="default-value">PLAINTEXT</td><td id="allowable-values"><ul><li>PLAINTEXT <img src="../../../../../html/images/iconInfo.png" alt="PLAINTEXT" title="PLAINTEXT"></img></li><li>SSL <img src="../../../../../html/images/iconInfo.png" alt="SSL" title="SSL"></img></li><li>SASL_PLAINTEXT <img src="../../../../../html/images/iconInfo.png" alt="SASL_PLAINTEXT" title="SASL_PLAINTEXT"></img></li><li>SASL_SSL <img src="../../../../../html/images/iconInfo.png" alt="SASL_SSL" title="SASL_SSL"></img></li></ul></td><td id="description">Protocol used to communicate with brokers. Corresponds to Kafka's 'security.protocol' property.</td></tr><tr><td id="name">Kerberos Service Name</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config. Corresponds to Kafka's 'security.protocol' property.It is ignored unless one of the SASL options of the <Security Protocol> are selected.</td></tr><tr><td id="name">Kerberos Principal</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos principal that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">Kerberos Keytab</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The Kerberos keytab that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.</td></tr><tr><td id="name">SSL Context Service</td><td id="default-value"></td><td id="allowable-values"><strong>Controller Service API: </strong><br/>SSLContextService<br/><strong>Implementation:</strong><a href="../../../nifi-ssl-context-service-nar/1.3.0/org.apache.nifi.ssl.StandardSSLContextService/index.html">StandardSSLContextService</a></td><td id="description">Specifies the SSL Context Service to use for communicating with Kafka.</td></tr><tr><td id="name"><strong>Delivery Guarantee</strong></td><td id="default-value">0</td><td id="allowable-values"><ul><li>Best Effort <img src="../../../../../html/images/iconInfo.png" alt="FlowFile will be routed to success after successfully writing the content to a Kafka node, without waiting for a response. This provid es the best performance but may result in data loss." title="FlowFile will be routed to success after successfully writing the content to a Kafka node, without waiting for a response. This provides the best performance but may result in data loss."></img></li><li>Guarantee Single Node Delivery <img src="../../../../../html/images/iconInfo.png" alt="FlowFile will be routed to success if the message is received by a single Kafka node, whether or not it is replicated. This is faster than <Guarantee Replicated Delivery> but can result in data loss if a Kafka node crashes" title="FlowFile will be routed to success if the message is received by a single Kafka node, whether or not it is replicated. This is faster than <Guarantee Replicated Delivery> but can result in data loss if a Kafka node crashes"></img></li><li>Guarantee Replicated Delivery <img src="../../../../../html/images/iconInfo.png" alt="FlowFile will be routed to failure unless the message is replicated to the app ropriate number of Kafka Nodes according to the Topic configuration" title="FlowFile will be routed to failure unless the message is replicated to the appropriate number of Kafka Nodes according to the Topic configuration"></img></li></ul></td><td id="description">Specifies the requirement for guaranteeing that a message is sent to Kafka. Corresponds to Kafka's 'acks' property.</td></tr><tr><td id="name">Message Key Field</td><td id="default-value"></td><td id="allowable-values"></td><td id="description">The name of a field in the Input Records that should be used as the Key for the Kafka message.<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name"><strong>Max Request Size</strong></td><td id="default-value">1 MB</td><td id="allowable-values"></td><td id="description">The maximum size of a request in bytes. Corresponds to Kafka's 'max.request.size' property and defaults to 1 MB (1048576).</td></tr><tr><td id="name"><strong>Acknowledgment Wait Time</str ong></td><td id="default-value">5 secs</td><td id="allowable-values"></td><td id="description">After sending a message to Kafka, this indicates the amount of time that we are willing to wait for a response from Kafka. If Kafka does not acknowledge the message within this time period, the FlowFile will be routed to 'failure'.</td></tr><tr><td id="name"><strong>Max Metadata Wait Time</strong></td><td id="default-value">5 sec</td><td id="allowable-values"></td><td id="description">The amount of time publisher will wait to obtain metadata or wait for the buffer to flush during the 'send' call before failing the entire 'send' call. Corresponds to Kafka's 'max.block.ms' property<br/><strong>Supports Expression Language: true</strong></td></tr><tr><td id="name">Partitioner class</td><td id="default-value">org.apache.kafka.clients.producer.internals.DefaultPartitioner</td><td id="allowable-values"><ul><li>RoundRobinPartitioner <img src="../../../../../html/images/iconInfo.png" alt="Messages will be assigned partitions in a round-robin fashion, sending the first message to Partition 1, the next Partition to Partition 2, and so on, wrapping as necessary." title="Messages will be assigned partitions in a round-robin fashion, sending the first message to Partition 1, the next Partition to Partition 2, and so on, wrapping as necessary."></img></li><li>DefaultPartitioner <img src="../../../../../html/images/iconInfo.png" alt="Messages will be assigned to random partitions." title="Messages will be assigned to random partitions."></img></li></ul></td><td id="description">Specifies which class to use to compute a partition id for a message. Corresponds to Kafka's 'partitioner.class' property.</td></tr><tr><td id="name"><strong>Compression Type</strong></td><td id="default-value">none</td><td id="allowable-values"><ul><li>none</li><li>gzip</li><li>snappy</li><li>lz4</li></ul></td><td id="description">This parameter allows you to specify the compression codec for all data gener ated by this producer.</td></tr></table><h3>Dynamic Properties: </h3><p>Dynamic Properties allow the user to specify both the name and value of a property.<table id="dynamic-properties"><tr><th>Name</th><th>Value</th><th>Description</th></tr><tr><td id="name">The name of a Kafka configuration property.</td><td id="value">The value of a given Kafka configuration property.</td><td>These properties will be added on the Kafka configuration after loading any provided configuration properties. In the event a dynamic property represents a property that was already set, its value will be ignored and WARN message logged. For the list of available Kafka properties please refer to: http://kafka.apache.org/documentation.html#configuration. </td></tr></table></p><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>FlowFiles for which all content was sent to Kafka.</td></tr><tr><td>failure</td><td>Any FlowFile that cannot be sent to K afka will be routed to this Relationship</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>msg.count</td><td>The number of messages that were sent to Kafka for this FlowFile. This attribute is added only to FlowFiles that are routed to success.</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>See Also:</h3><p><a href="../org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/index.html">PublishKafka_0_10</a>, <a href="../org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10/index.html">ConsumeKafka_0_10</a>, <a href="../org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_0_10/index.html">ConsumeKafkaRecord_0_10</a></p></body></html> \ No newline at end of file Added: nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/additionalDetails.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/additionalDetails.html?rev=1798216&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/additionalDetails.html (added) +++ nifi/site/trunk/docs/nifi-docs/components/org.apache.nifi/nifi-kafka-0-10-nar/1.3.0/org.apache.nifi.processors.kafka.pubsub.PublishKafka_0_10/additionalDetails.html Fri Jun 9 13:20:11 2017 @@ -0,0 +1,155 @@ +<!DOCTYPE html> +<html lang="en"> + <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <head> + <meta charset="utf-8" /> + <title>PublishKafka</title> + <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" /> + </head> + + <body> + <!-- Processor Documentation ================================================== --> + <h2>Description:</h2> + <p> + This Processor puts the contents of a FlowFile to a Topic in + <a href="http://kafka.apache.org/";>Apache Kafka</a> using KafkaProducer API available + with Kafka 0.10.x API. The content of a FlowFile becomes the contents of a Kafka message. + This message is optionally assigned a key by using the <Kafka Key> Property. + </p> + + <p> + The Processor allows the user to configure an optional Message Demarcator that + can be used to send many messages per FlowFile. For example, a <i>\n</i> could be used + to indicate that the contents of the FlowFile should be used to send one message + per line of text. It also supports multi-char demarcators (e.g., 'my custom demarcator'). + If the property is not set, the entire contents of the FlowFile + will be sent as a single message. When using the demarcator, if some messages are + successfully sent but other messages fail to send, the resulting FlowFile will be + considered a failed FlowFile and will have additional attributes to that effect. + One of such attributes is 'failed.last.idx' which indicates the index of the last message + that was successfully ACKed by Kafka. (if no demarcator is used the value of this index will be -1). + This will allow PublishKafka to only re-send un-ACKed messages on the next re-try. + </p> + <h2>Security Configuration:</h2> + <p> + The Security Protocol property allows the user to specify the protocol for communicating + with the Kafka broker. The following sections describe each of the protocols in further detail. + </p> + <h3>PLAINTEXT</h3> + <p> + This option provides an unsecured connection to the broker, with no client authentication and no encryption. + In order to use this option the broker must be configured with a listener of the form: + <pre> + PLAINTEXT://host.name:port + </pre> + </p> + <h3>SSL</h3> + <p> + This option provides an encrypted connection to the broker, with optional client authentication. In order + to use this option the broker must be configured with a listener of the form: + <pre> + SSL://host.name:port + </pre> + In addition, the processor must have an SSL Context Service selected. + </p> + <p> + If the broker specifies ssl.client.auth=none, or does not specify ssl.client.auth, then the client will + not be required to present a certificate. In this case, the SSL Context Service selected may specify only + a truststore containing the public key of the certificate authority used to sign the broker's key. + </p> + <p> + If the broker specifies ssl.client.auth=required then the client will be required to present a certificate. + In this case, the SSL Context Service must also specify a keystore containing a client key, in addition to + a truststore as described above. + </p> + <h3>SASL_PLAINTEXT</h3> + <p> + This option uses SASL with a PLAINTEXT transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_PLAINTEXT://host.name:port + </pre> + In addition, the Kerberos Service Name must be specified in the processor. + </p> + <h4>SASL_PLAINTEXT - GSSAPI</h4> + <p> + If the SASL mechanism is GSSAPI, then the client must provide a JAAS configuration to authenticate. The + JAAS configuration can be provided by specifying the java.security.auth.login.config system property in + NiFi's bootstrap.conf, such as: + <pre> + java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf + </pre> + </p> + <p> + An example of the JAAS config file would be the following: + <pre> + KafkaClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + keyTab="/path/to/nifi.keytab" + serviceName="kafka" + principal="[email protected]"; + }; + </pre> + <b>NOTE:</b> The serviceName in the JAAS file must match the Kerberos Service Name in the processor. + </p> + <p> + Alternatively, starting with Apache NiFi 1.2.0 which uses the Kafka 0.10.2 client, the JAAS + configuration when using GSSAPI can be provided by specifying the Kerberos Principal and Kerberos Keytab + directly in the processor properties. This will dynamically create a JAAS configuration like above, and + will take precedence over the java.security.auth.login.config system property. + </p> + <h4>SASL_PLAINTEXT - PLAIN</h4> + <p> + If the SASL mechanism is PLAIN, then client must provide a JAAS configuration to authenticate, but + the JAAS configuration must use Kafka's PlainLoginModule. An example of the JAAS config file would + be the following: + <pre> + KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="nifi" + password="nifi-password"; + }; + </pre> + </p> + <p> + <b>NOTE:</b> It is not recommended to use a SASL mechanism of PLAIN with SASL_PLAINTEXT, as it would transmit + the username and password unencrypted. + </p> + <p> + <b>NOTE:</b> Using the PlainLoginModule will cause it be registered in the JVM's static list of Providers, making + it visible to components in other NARs that may access the providers. There is currently a known issue + where Kafka processors using the PlainLoginModule will cause HDFS processors with Keberos to no longer work. + </p> + <h3>SASL_SSL</h3> + <p> + This option uses SASL with an SSL/TLS transport layer to authenticate to the broker. In order to use this + option the broker must be configured with a listener of the form: + <pre> + SASL_SSL://host.name:port + </pre> + </p> + <p> + See the SASL_PLAINTEXT section for a description of how to provide the proper JAAS configuration + depending on the SASL mechanism (GSSAPI or PLAIN). + </p> + <p> + See the SSL section for a description of how to configure the SSL Context Service based on the + ssl.client.auth property. + </p> + </body> +</html>
