This is an automated email from the ASF dual-hosted git repository. chriss pushed a commit to branch NIFI-7060 in repository https://gitbox.apache.org/repos/asf/nifi.git
commit abfea95ba5f76563b3bb2975c6972d12f865737a Author: Adrian Martin <adrianmartinpa...@gmail.com> AuthorDate: Wed Jan 22 18:35:33 2020 +0000 Replace properties defined as env variables --- nifi-docker/dockerhub/sh/common.sh | 11 +++-- nifi-docker/dockerhub/sh/secure.sh | 38 +++++++-------- nifi-docker/dockerhub/sh/start.sh | 54 +++++++++++++--------- nifi-docker/dockerhub/sh/toolkit.sh | 7 +-- .../sh/update_cluster_state_management.sh | 4 +- nifi-docker/dockerhub/sh/update_login_providers.sh | 2 +- 6 files changed, 66 insertions(+), 50 deletions(-) diff --git a/nifi-docker/dockerhub/sh/common.sh b/nifi-docker/dockerhub/sh/common.sh index d78aec494c..f2121abec8 100755 --- a/nifi-docker/dockerhub/sh/common.sh +++ b/nifi-docker/dockerhub/sh/common.sh @@ -20,13 +20,13 @@ prop_replace () { target_file=${3:-${nifi_props_file}} echo "File [${target_file}] replacing [${1}]" - sed -i -e "s|^$1=.*$|$1=$2|" ${target_file} + sed -i -e "s|^$1=.*$|$1=$2|" "${target_file}" } uncomment() { target_file=${2} echo "File [${target_file}] uncommenting [${1}]" - sed -i -e "s|^\#$1|$1|" ${target_file} + sed -i -e "s|^\#$1|$1|" "${target_file}" } # 1 - property key to add or replace @@ -37,9 +37,9 @@ prop_add_or_replace () { property_found=$(awk -v property="${1}" 'index($0, property) == 1') if [ -z "${property_found}" ]; then echo "File [${target_file}] adding [${1}]" - echo "$1=$2" >> ${target_file} + echo "$1=$2" >> "${target_file}" else - prop_replace $1 $2 $3 + prop_replace "$1" "$2" "$3" fi } @@ -47,4 +47,5 @@ prop_add_or_replace () { export nifi_bootstrap_file=${NIFI_HOME}/conf/bootstrap.conf export nifi_props_file=${NIFI_HOME}/conf/nifi.properties export nifi_toolkit_props_file=${HOME}/.nifi-cli.nifi.properties -export hostname=$(hostname) +hostname=$(hostname) +export hostname diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh index 4fff214e8c..dd021ccd76 100755 --- a/nifi-docker/dockerhub/sh/secure.sh +++ b/nifi-docker/dockerhub/sh/secure.sh @@ -22,21 +22,21 @@ scripts_dir='/opt/nifi/scripts' # Perform idempotent changes of configuration to support secure environments echo 'Configuring environment with SSL settings' -: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} +: "${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."}" if [ ! -f "${KEYSTORE_PATH}" ]; then echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." exit 1 fi -: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} -: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} +: "${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."}" +: "${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."}" -: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} +: "${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."}" if [ ! -f "${TRUSTSTORE_PATH}" ]; then echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." exit 1 fi -: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} -: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} +: "${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."}" +: "${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."}" prop_replace 'nifi.security.keystore' "${KEYSTORE_PATH}" prop_replace 'nifi.security.keystoreType' "${KEYSTORE_TYPE}" @@ -46,36 +46,38 @@ prop_replace 'nifi.security.truststore' "${TRUSTSTORE_PATH}" prop_replace 'nifi.security.truststoreType' "${TRUSTSTORE_TYPE}" prop_replace 'nifi.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}" -prop_replace 'keystore' "${KEYSTORE_PATH}" ${nifi_toolkit_props_file} -prop_replace 'keystoreType' "${KEYSTORE_TYPE}" ${nifi_toolkit_props_file} -prop_replace 'keystorePasswd' "${KEYSTORE_PASSWORD}" ${nifi_toolkit_props_file} -prop_replace 'keyPasswd' "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}" ${nifi_toolkit_props_file} -prop_replace 'truststore' "${TRUSTSTORE_PATH}" ${nifi_toolkit_props_file} -prop_replace 'truststoreType' "${TRUSTSTORE_TYPE}" ${nifi_toolkit_props_file} +# shellcheck disable=SC2154 +prop_replace 'keystore' "${KEYSTORE_PATH}" "${nifi_toolkit_props_file}" +prop_replace 'keystoreType' "${KEYSTORE_TYPE}" "${nifi_toolkit_props_file}" +prop_replace 'keystorePasswd' "${KEYSTORE_PASSWORD}" "${nifi_toolkit_props_file}" +prop_replace 'keyPasswd' "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}" "${nifi_toolkit_props_file}" +prop_replace 'truststore' "${TRUSTSTORE_PATH}" "${nifi_toolkit_props_file}" +prop_replace 'truststoreType' "${TRUSTSTORE_TYPE}" "${nifi_toolkit_props_file}" +# shellcheck disable=SC2086 prop_replace 'truststorePasswd' "${TRUSTSTORE_PASSWORD}" ${nifi_toolkit_props_file} # Disable HTTP and enable HTTPS prop_replace 'nifi.web.http.port' '' prop_replace 'nifi.web.http.host' '' prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}" -prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}" +prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$hostname}" prop_replace 'nifi.remote.input.secure' 'true' # Enable the property only for cluster install prop_replace 'nifi.cluster.protocol.is.secure' "${NIFI_CLUSTER_IS_NODE:-false}" # Setup nifi-toolkit -prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}" ${nifi_toolkit_props_file} +prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$hostname}:${NIFI_WEB_HTTPS_PORT:-8443}" "${nifi_toolkit_props_file}" # Configure Authorizer and Login Identity Provider prop_replace 'nifi.security.user.authorizer' "${NIFI_SECURITY_USER_AUTHORIZER:-managed-authorizer}" prop_replace 'nifi.security.user.login.identity.provider' "${NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER}" # Establish initial user and an associated admin identity -sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml -sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml +sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' "${NIFI_HOME}/conf/authorizers.xml" +sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' "${NIFI_HOME}/conf/authorizers.xml" if [ -n "${NODE_IDENTITY}" ]; then - sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"${NODE_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml + sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"${NODE_IDENTITY}"'</property>|' "${NIFI_HOME}/conf/authorizers.xml" fi -prop_replace 'proxiedEntity' "${INITIAL_ADMIN_IDENTITY}" ${nifi_toolkit_props_file} +prop_replace 'proxiedEntity' "${INITIAL_ADMIN_IDENTITY}" "${nifi_toolkit_props_file}" diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh index 869a8e41b5..35cf333718 100755 --- a/nifi-docker/dockerhub/sh/start.sh +++ b/nifi-docker/dockerhub/sh/start.sh @@ -17,44 +17,56 @@ scripts_dir='/opt/nifi/scripts' +# shellcheck source=./common.sh [ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" # Override JVM memory settings -if [ ! -z "${NIFI_JVM_HEAP_INIT}" ]; then - prop_replace 'java.arg.2' "-Xms${NIFI_JVM_HEAP_INIT}" ${nifi_bootstrap_file} +if [ -n "${NIFI_JVM_HEAP_INIT}" ]; then + # shellcheck disable=SC2154 + prop_replace 'java.arg.2' "-Xms${NIFI_JVM_HEAP_INIT}" "${nifi_bootstrap_file}" fi -if [ ! -z "${NIFI_JVM_HEAP_MAX}" ]; then - prop_replace 'java.arg.3' "-Xmx${NIFI_JVM_HEAP_MAX}" ${nifi_bootstrap_file} +if [ -n "${NIFI_JVM_HEAP_MAX}" ]; then + prop_replace 'java.arg.3' "-Xmx${NIFI_JVM_HEAP_MAX}" "${nifi_bootstrap_file}" fi -if [ ! -z "${NIFI_JVM_DEBUGGER}" ]; then - uncomment "java.arg.debug" ${nifi_bootstrap_file} +if [ -n "${NIFI_JVM_DEBUGGER}" ]; then + uncomment "java.arg.debug" "${nifi_bootstrap_file}" fi +# Replace NiFi properties with environment variables +NIFI_ENV_VARS=$(printenv | awk -F= '/^NIFI_/ {print $1}') + +for ENV_VAR in $NIFI_ENV_VARS; do + PROP_NAME=$(echo "$ENV_VAR" | tr _ . | tr '[:upper:]' '[:lower:]') + PROP_VALUE=$(printenv "$ENV_VAR") + prop_replace "$PROP_NAME" "$PROP_VALUE" +done + # Establish baseline properties prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}" -prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}" +prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$hostname}" prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}" -prop_replace 'nifi.remote.input.host' "${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}" +prop_replace 'nifi.remote.input.host' "${NIFI_REMOTE_INPUT_HOST:-$hostname}" prop_replace 'nifi.remote.input.socket.port' "${NIFI_REMOTE_INPUT_SOCKET_PORT:-10000}" prop_replace 'nifi.remote.input.secure' 'true' prop_replace 'nifi.cluster.protocol.is.secure' 'true' # Set nifi-toolkit properties files and baseUrl "${scripts_dir}/toolkit.sh" -prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}" ${nifi_toolkit_props_file} +# shellcheck disable=SC2154 +prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$hostname}:${NIFI_WEB_HTTPS_PORT:-8443}" "${nifi_toolkit_props_file}" -prop_replace 'keystore' "${NIFI_HOME}/conf/keystore.p12" ${nifi_toolkit_props_file} -prop_replace 'keystoreType' "PKCS12" ${nifi_toolkit_props_file} -prop_replace 'truststore' "${NIFI_HOME}/conf/truststore.p12" ${nifi_toolkit_props_file} -prop_replace 'truststoreType' "PKCS12" ${nifi_toolkit_props_file} +prop_replace 'keystore' "${NIFI_HOME}/conf/keystore.p12" "${nifi_toolkit_props_file}" +prop_replace 'keystoreType' "PKCS12" "${nifi_toolkit_props_file}" +prop_replace 'truststore' "${NIFI_HOME}/conf/truststore.p12" "${nifi_toolkit_props_file}" +prop_replace 'truststoreType' "PKCS12" "${nifi_toolkit_props_file}" if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then prop_replace 'nifi.web.https.port' '' prop_replace 'nifi.web.https.host' '' prop_replace 'nifi.web.http.port' "${NIFI_WEB_HTTP_PORT}" - prop_replace 'nifi.web.http.host' "${NIFI_WEB_HTTP_HOST:-$HOSTNAME}" + prop_replace 'nifi.web.http.host' "${NIFI_WEB_HTTP_HOST:-$hostname}" prop_replace 'nifi.remote.input.secure' 'false' prop_replace 'nifi.cluster.protocol.is.secure' 'false' prop_replace 'nifi.security.keystore' '' @@ -62,11 +74,11 @@ if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then prop_replace 'nifi.security.truststore' '' prop_replace 'nifi.security.truststoreType' '' prop_replace 'nifi.security.user.login.identity.provider' '' - prop_replace 'keystore' '' ${nifi_toolkit_props_file} - prop_replace 'keystoreType' '' ${nifi_toolkit_props_file} - prop_replace 'truststore' '' ${nifi_toolkit_props_file} - prop_replace 'truststoreType' '' ${nifi_toolkit_props_file} - prop_replace 'baseUrl' "http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT}" ${nifi_toolkit_props_file} + prop_replace 'keystore' '' "${nifi_toolkit_props_file}" + prop_replace 'keystoreType' '' "${nifi_toolkit_props_file}" + prop_replace 'truststore' '' "${nifi_toolkit_props_file}" + prop_replace 'truststoreType' '' "${nifi_toolkit_props_file}" + prop_replace 'baseUrl' "http://${NIFI_WEB_HTTP_HOST:-$hostname}:${NIFI_WEB_HTTP_PORT}" "${nifi_toolkit_props_file}" if [ -n "${NIFI_WEB_PROXY_HOST}" ]; then echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode. Unsetting nifi.web.proxy.host.' @@ -80,7 +92,7 @@ fi prop_replace 'nifi.variable.registry.properties' "${NIFI_VARIABLE_REGISTRY_PROPERTIES:-}" prop_replace 'nifi.cluster.is.node' "${NIFI_CLUSTER_IS_NODE:-false}" -prop_replace 'nifi.cluster.node.address' "${NIFI_CLUSTER_ADDRESS:-$HOSTNAME}" +prop_replace 'nifi.cluster.node.address' "${NIFI_CLUSTER_ADDRESS:-$hostname}" prop_replace 'nifi.cluster.node.protocol.port' "${NIFI_CLUSTER_NODE_PROTOCOL_PORT:-}" prop_replace 'nifi.cluster.node.protocol.max.threads' "${NIFI_CLUSTER_NODE_PROTOCOL_MAX_THREADS:-50}" prop_replace 'nifi.zookeeper.connect.string' "${NIFI_ZK_CONNECT_STRING:-}" @@ -109,7 +121,7 @@ if [ -n "${NIFI_SENSITIVE_PROPS_KEY}" ]; then fi if [ -n "${SINGLE_USER_CREDENTIALS_USERNAME}" ] && [ -n "${SINGLE_USER_CREDENTIALS_PASSWORD}" ]; then - ${NIFI_HOME}/bin/nifi.sh set-single-user-credentials "${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD}" + "${NIFI_HOME}/bin/nifi.sh" set-single-user-credentials "${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD}" fi . "${scripts_dir}/update_cluster_state_management.sh" diff --git a/nifi-docker/dockerhub/sh/toolkit.sh b/nifi-docker/dockerhub/sh/toolkit.sh index 5262c91734..465b38400f 100755 --- a/nifi-docker/dockerhub/sh/toolkit.sh +++ b/nifi-docker/dockerhub/sh/toolkit.sh @@ -15,7 +15,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -cat <<EOT > ${nifi_toolkit_props_file} +# shellcheck disable=SC2154 +cat <<EOT > "${nifi_toolkit_props_file}" baseUrl= keystore= keystoreType= @@ -27,6 +28,6 @@ truststorePasswd= proxiedEntity= EOT -cat <<EOT > ${HOME}/.nifi-cli.config +cat <<EOT > "${HOME}/.nifi-cli.config" nifi.props=${nifi_toolkit_props_file} -EOT \ No newline at end of file +EOT diff --git a/nifi-docker/dockerhub/sh/update_cluster_state_management.sh b/nifi-docker/dockerhub/sh/update_cluster_state_management.sh index 718e52de77..da49bdb65c 100755 --- a/nifi-docker/dockerhub/sh/update_cluster_state_management.sh +++ b/nifi-docker/dockerhub/sh/update_cluster_state_management.sh @@ -15,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -state_providers_file=${NIFI_HOME}/conf/state-management.xml +state_providers_file="${NIFI_HOME}/conf/state-management.xml" property_xpath='/stateManagement/cluster-provider/property' edit_property() { @@ -28,4 +28,4 @@ edit_property() { } edit_property 'Connect String' "${NIFI_ZK_CONNECT_STRING}" -edit_property "Root Node" "${NIFI_ZK_ROOT_NODE}" \ No newline at end of file +edit_property "Root Node" "${NIFI_ZK_ROOT_NODE}" diff --git a/nifi-docker/dockerhub/sh/update_login_providers.sh b/nifi-docker/dockerhub/sh/update_login_providers.sh index c0ddc0ca75..b323ce7153 100755 --- a/nifi-docker/dockerhub/sh/update_login_providers.sh +++ b/nifi-docker/dockerhub/sh/update_login_providers.sh @@ -15,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -login_providers_file=${NIFI_HOME}/conf/login-identity-providers.xml +login_providers_file="${NIFI_HOME}/conf/login-identity-providers.xml" property_xpath='//loginIdentityProviders/provider/property' # Update a given property in the login-identity-providers file if a value is specified