[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user asfgit closed the pull request at: https://github.com/apache/nifi-registry/pull/89 ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user Chaffelson commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r169721507 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB + +**Note**: The default version of NiFi-Registry specified by the Dockerfile is typically that of one that is unreleased if working from source. +To build an image for a prior released version, one can override the `NIFI_REGISTRY_VERSION` build-arg with the following command: + +docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry Version} -t apache/nifi-registry:latest . --- End diff -- Sorry I missed the notification of your review @kevdoran All your suggestions are perfectly reasonable. I think that the pattern of passing environment variables is what is useful here, and expanding it to cover other requirements is a good idea. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165704918 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB + +**Note**: The default version of NiFi-Registry specified by the Dockerfile is typically that of one that is unreleased if working from source. +To build an image for a prior released version, one can override the `NIFI_REGISTRY_VERSION` build-arg with the following command: + +docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry Version} -t apache/nifi-registry:latest . + +There is, however, no guarantee that older versions will work as properties have changed and evolved with subsequent releases. +The configuration scripts are suitable for at least 0.1.0+. + +## Running a container + +### Standalone Instance, Unsecured +The minimum to run a NiFi Registry instance is as follows: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerRun.sh + +This will provide a running instance, exposing the instance UI to the host system on at port 18080, +viewable at `http://localhost:18080/nifi-registry`. +For a list of the environment variables recognised in this build, look into the .sh/secure.sh and .sh/start.sh scripts + +### Standalone Instance, Two-Way SSL +In this configuration, the user will need to provide certificates and the associated configuration information. +Of particular note, is the `AUTH` environment variable which is set to `tls`. Additionally, the user must provide an +the DN as provided by an accessing client certificate in the `INITIAL_ADMIN_IDENTITY` environment variable. +This value will be used to seed the instance with an initial user with administrative privileges. +Finally, this command makes use of a volume to provide certificates on the host system to the container instance. + +docker run --name nifi-registry \ + -v /User/bob/certs/localhost:/opt/certs \ + -p 8443:8443 \ + -e AUTH=tls \ + -e KEYSTORE_PATH=/opt/certs/keystore.jks \ + -e KEYSTORE_TYPE=JKS \ + -e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \ + -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \ + -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \ + -e TRUSTSTORE_TYPE=JKS \ + -e INITIAL_ADMIN_IDENTITY='CN=Random User, O=Apache, OU=NiFiRegistry, C=US' \ + -d \ + apache/nifi-registry:latest + +### Standalone Instance, LDAP +In this configuration, the user will need to provide certificates and the associated configuration information. Optionally, +if the LDAP provider of interest is operating in LDAPS or START_TLS modes, certificates will additionally be needed. +Of particular note, is the `AUTH` environment variable which is set to `ldap`. Additionally, the user must provide a +DN as provided by the configured LDAP server in the `INITIAL_ADMIN_IDENTITY` environment variable. This value will be +used to seed the instance with an initial user with administrative privileges. Finally, this command makes use of a +volume to provide certificates on the host system to the container instance. + + For a minimal, connection to an LDAP server using SIMPLE authentication: + +docker run --name nifi-registry \ + -v /User/bob/certs/localhost:/opt/certs \ + -p 8443:8443 \ + -e AUTH=tls \ + -e KEYSTORE_PATH=/opt/certs/keystore.jks \ + -e KEYSTORE_TYPE=JKS \ + -e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \ + -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165704322 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB + +**Note**: The default version of NiFi-Registry specified by the Dockerfile is typically that of one that is unreleased if working from source. +To build an image for a prior released version, one can override the `NIFI_REGISTRY_VERSION` build-arg with the following command: + +docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry Version} -t apache/nifi-registry:latest . + +There is, however, no guarantee that older versions will work as properties have changed and evolved with subsequent releases. +The configuration scripts are suitable for at least 0.1.0+. + +## Running a container + +### Standalone Instance, Unsecured +The minimum to run a NiFi Registry instance is as follows: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerRun.sh + +This will provide a running instance, exposing the instance UI to the host system on at port 18080, +viewable at `http://localhost:18080/nifi-registry`. +For a list of the environment variables recognised in this build, look into the .sh/secure.sh and .sh/start.sh scripts + +### Standalone Instance, Two-Way SSL +In this configuration, the user will need to provide certificates and the associated configuration information. +Of particular note, is the `AUTH` environment variable which is set to `tls`. Additionally, the user must provide an +the DN as provided by an accessing client certificate in the `INITIAL_ADMIN_IDENTITY` environment variable. +This value will be used to seed the instance with an initial user with administrative privileges. +Finally, this command makes use of a volume to provide certificates on the host system to the container instance. + +docker run --name nifi-registry \ + -v /User/bob/certs/localhost:/opt/certs \ + -p 8443:8443 \ --- End diff -- `-p 18443:18443` ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165706402 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB + +**Note**: The default version of NiFi-Registry specified by the Dockerfile is typically that of one that is unreleased if working from source. +To build an image for a prior released version, one can override the `NIFI_REGISTRY_VERSION` build-arg with the following command: + +docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry Version} -t apache/nifi-registry:latest . --- End diff -- typo in 'REGISTRY': `--build-arg=NIFI_REGISTRY_VERSION={Desired NiFi-Registry Version}` ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165667293 --- Diff: nifi-registry-docker/dockerhub/sh/update_login_providers.sh --- @@ -0,0 +1,48 @@ +#!/bin/sh -e + +#Licensed to the Apache Software Foundation (ASF) under one or more +#contributor license agreements. See the NOTICE file distributed with +#this work for additional information regarding copyright ownership. +#The ASF licenses this file to You under the Apache License, Version 2.0 +#(the "License"); you may not use this file except in compliance with +#the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +#Unless required by applicable law or agreed to in writing, software +#distributed under the License is distributed on an "AS IS" BASIS, +#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +#See the License for the specific language governing permissions and +#limitations under the License. + +login_providers_file=${NIFI_REGISTRY_HOME}/conf/identity-providers.xml +property_xpath='//identityProviders/provider/property' + +# Update a given property in the login-identity-providers file if a value is specified +edit_property() { + property_name=$1 + property_value=$2 + + if [ -n "${property_value}" ]; then +xmlstarlet ed --inplace -u "${property_xpath}[@name='${property_name}']" -v "${property_value}" "${login_providers_file}" + fi +} + +# Remove comments to enable the ldap-provider +sed -i '/To enable the ldap-identity-provider remove/d' "${login_providers_file}" + +edit_property 'Authentication Strategy' "${LDAP_AUTHENTICATION_STRATEGY}" +edit_property 'Manager DN' "${LDAP_MANAGER_DN}" +edit_property 'Manager Password'"${LDAP_MANAGER_PASSWORD}" +edit_property 'TLS - Keystore' "${LDAP_TLS_KEYSTORE}" +edit_property 'TLS - Keystore Password' "${LDAP_TLS_KEYSTORE_PASSWORD}" +edit_property 'TLS - Keystore Type' "${LDAP_TLS_KEYSTORE_TYPE}" +edit_property 'TLS - Truststore'"${LDAP_TLS_TRUSTSTORE}" +edit_property 'TLS - Truststore Password' "${LDAP_TLS_TRUSTSTORE_PASSWORD}" +edit_property 'TLS - Truststore Type' "${LDAP_TLS_TRUSTSTORE_TYPE}" +edit_property 'TLS - Protocol' "${LDAP_TLS_PROTOCOL}" +edit_property 'Url' "${LDAP_URL}" +edit_property 'User Search Base'"${LDAP_USER_SEARCH_BASE}" +edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}" +<<< f271b0a5e09d90ac935c655f3a9d2faa0957a646 --- End diff -- Conflict resolution artifact; remove line 47. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165668227 --- Diff: nifi-registry-docker/dockerhub/sh/secure.sh --- @@ -0,0 +1,56 @@ +#!/bin/sh -e + +#Licensed to the Apache Software Foundation (ASF) under one or more +#contributor license agreements. See the NOTICE file distributed with +#this work for additional information regarding copyright ownership. +#The ASF licenses this file to You under the Apache License, Version 2.0 +#(the "License"); you may not use this file except in compliance with +#the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +#Unless required by applicable law or agreed to in writing, software +#distributed under the License is distributed on an "AS IS" BASIS, +#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +#See the License for the specific language governing permissions and +#limitations under the License. + +scripts_dir='/opt/nifi-registry/scripts' + +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" + +# Perform idempotent changes of configuration to support secure environments +echo 'Configuring environment with SSL settings' + +: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} +if [ ! -f "${KEYSTORE_PATH}" ]; then +echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." +exit 1 +fi +: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} +: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} + +: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} +if [ ! -f "${TRUSTSTORE_PATH}" ]; then +echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." +exit 1 +fi +: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} +: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} + +prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}" +prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}" +prop_replace 'nifi.registry.security.keystorePasswd' "${KEYSTORE_PASSWORD}" --- End diff -- Noticed we don't have a way to specify `nifi.registry.security.keystorePasswd` through env variables. This is the case for the NiFi docker image as well. The default behavior on startup is to use the keystorePasswd as the keyPasswd, and I think that is good for most use cases, but at some point it might be nice to add the ability to set `nifi.registry.security.keyPasswd` via the env var KEY_PASSWORD. Can add that as an enhancement for NiFi as well. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165704215 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB + +**Note**: The default version of NiFi-Registry specified by the Dockerfile is typically that of one that is unreleased if working from source. +To build an image for a prior released version, one can override the `NIFI_REGISTRY_VERSION` build-arg with the following command: + +docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry Version} -t apache/nifi-registry:latest . + +There is, however, no guarantee that older versions will work as properties have changed and evolved with subsequent releases. +The configuration scripts are suitable for at least 0.1.0+. + +## Running a container + +### Standalone Instance, Unsecured +The minimum to run a NiFi Registry instance is as follows: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerRun.sh --- End diff -- Same for this section. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165704131 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh + +This will attempt to build and tag an image matching the string in DockerImage.txt + +dockerhub dchaffey$ cat DockerImage.txt +> apache/nifi-registry:0.1.0 +docker images +> REPOSITORY TAG IMAGE ID CREATED SIZE +> apache/nifi-registry 0.1.0 751428cbf63115 minutes ago 342MB --- End diff -- Same for this section ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165703332 --- Diff: nifi-registry-docker/dockerhub/Dockerfile --- @@ -0,0 +1,56 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM openjdk:8-jdk-slim +LABEL maintainer="Apache NiFi " +LABEL site="https://nifi.apache.org"; + +ARG UID=1000 +ARG GID=1000 +ARG NIFI_REGISTRY_VERSION=0.1.0 --- End diff -- This should be bumped to the next release version (0.2.0) as the default so that when master gets released as a stable 0.2.0, this matches that. Older versions can be specified as a build arg, as in the readme. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165704059 --- Diff: nifi-registry-docker/dockerhub/README.md --- @@ -0,0 +1,127 @@ + + +# Docker Image Quickstart + +## Capabilities +This image currently supports running in standalone mode either unsecured or with user authentication provided through: + * [Two-Way SSL with Client Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration) + * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider) + +## Building +The Docker image can be built using the following command: + +. ~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh --- End diff -- I see what you're going for here, but to be consistent with the overall readme document (as below we specify how to use build args), this should be changed to use the `docker build` instructions rather than the convenience shell script. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165673532 --- Diff: nifi-registry-docker/dockerhub/sh/update_login_providers.sh --- @@ -0,0 +1,48 @@ +#!/bin/sh -e + +#Licensed to the Apache Software Foundation (ASF) under one or more +#contributor license agreements. See the NOTICE file distributed with +#this work for additional information regarding copyright ownership. +#The ASF licenses this file to You under the Apache License, Version 2.0 +#(the "License"); you may not use this file except in compliance with +#the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +#Unless required by applicable law or agreed to in writing, software +#distributed under the License is distributed on an "AS IS" BASIS, +#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +#See the License for the specific language governing permissions and +#limitations under the License. + +login_providers_file=${NIFI_REGISTRY_HOME}/conf/identity-providers.xml +property_xpath='//identityProviders/provider/property' + +# Update a given property in the login-identity-providers file if a value is specified +edit_property() { + property_name=$1 + property_value=$2 + + if [ -n "${property_value}" ]; then +xmlstarlet ed --inplace -u "${property_xpath}[@name='${property_name}']" -v "${property_value}" "${login_providers_file}" + fi +} + +# Remove comments to enable the ldap-provider +sed -i '/To enable the ldap-identity-provider remove/d' "${login_providers_file}" + +edit_property 'Authentication Strategy' "${LDAP_AUTHENTICATION_STRATEGY}" +edit_property 'Manager DN' "${LDAP_MANAGER_DN}" +edit_property 'Manager Password'"${LDAP_MANAGER_PASSWORD}" +edit_property 'TLS - Keystore' "${LDAP_TLS_KEYSTORE}" +edit_property 'TLS - Keystore Password' "${LDAP_TLS_KEYSTORE_PASSWORD}" +edit_property 'TLS - Keystore Type' "${LDAP_TLS_KEYSTORE_TYPE}" +edit_property 'TLS - Truststore'"${LDAP_TLS_TRUSTSTORE}" +edit_property 'TLS - Truststore Password' "${LDAP_TLS_TRUSTSTORE_PASSWORD}" +edit_property 'TLS - Truststore Type' "${LDAP_TLS_TRUSTSTORE_TYPE}" +edit_property 'TLS - Protocol' "${LDAP_TLS_PROTOCOL}" +edit_property 'Url' "${LDAP_URL}" +edit_property 'User Search Base'"${LDAP_USER_SEARCH_BASE}" +edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}" +<<< f271b0a5e09d90ac935c655f3a9d2faa0957a646 +edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}" --- End diff -- Another future enhancement would be to edit authorizers.xml to enable and edit the ldap-user-group-provider ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user Chaffelson commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165031282 --- Diff: nifi-registry-docker/pom.xml --- @@ -0,0 +1,29 @@ + + +http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + +nifi-registry +org.apache.nifi.registry +0.1.1-SNAPSHOT --- End diff -- @kevdoran Updating... ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user Chaffelson commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165030284 --- Diff: nifi-registry-docker/dockerhub/DockerImage.txt --- @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apache/nifi-registry:0.1.0 --- End diff -- @kevdoran I don't know if there's a convention, but looking at the changes to the equivalent NiFi file I think they do not use snapshot, just the base tag name. This would also be more in line with how most Docker tags look ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r164847991 --- Diff: nifi-registry-docker/pom.xml --- @@ -0,0 +1,29 @@ + + +http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + +nifi-registry +org.apache.nifi.registry +0.1.1-SNAPSHOT --- End diff -- This should be version 0.2.0-SNAPSHOT since master was updated. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r164846239 --- Diff: nifi-registry-docker/dockerhub/DockerImage.txt --- @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apache/nifi-registry:0.1.0 --- End diff -- nifi-registry-0.1.0 is already released and master is now at nifi-registry-0.2.0-SNAPSHOT. I think this version should not be 0.1.0. Looking at what NiFi does, this should probably track towards the next version, i.e., `nifi-registry:0.2.0` (or perhaps `nifi-registry:0.2.0-SNAPSHOT`). @apiri do we have a convention for this file? If one needs to publish a dockerhub image for NiFi Registry 0.1.0, that should probably be done by branching from the rel/nifi-registry-0.1.0 tag. Thoughts? ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user Chaffelson commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r163768777 --- Diff: nifi-registry-docker/dockerhub/Dockerfile --- @@ -0,0 +1,56 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM openjdk:8-jdk-slim --- End diff -- My first attempt was blindly lifting the Dockerfile from the main NiFi build, but that threw runtime errors so I looked into which Java might be preferable. I picked 8-jdk-slim because it's the smallest that ran with no errors. I have attached the log from the attempt to run with 'openjdk:8-jre' [nifi-registry-JRE_Error.txt](https://github.com/apache/nifi-registry/files/1662938/nifi-registry-JRE_Error.txt) ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user apiri commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r163679675 --- Diff: nifi-registry-docker/dockerhub/Dockerfile --- @@ -0,0 +1,56 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM openjdk:8-jdk-slim --- End diff -- Is there a reason the JDK variant is needed over the JRE? ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user Chaffelson commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r162395707 --- Diff: nifi-registry-docker/pom.xml --- @@ -0,0 +1,15 @@ + --- End diff -- Good point, updated as requested. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
Github user bbende commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r162360367 --- Diff: nifi-registry-docker/pom.xml --- @@ -0,0 +1,15 @@ + --- End diff -- Thanks for putting this together! I noticed the Travis build for this PR failed due to the RAT check... my guess is its because this file needs the Apache license header. You can run -Pcontrib-check when you build locally to ensure the build passes styling and license checks. ---
[GitHub] nifi-registry pull request #89: NIFIREG-120 Basic Docker Image Support
GitHub user Chaffelson opened a pull request: https://github.com/apache/nifi-registry/pull/89 NIFIREG-120 Basic Docker Image Support NIFIREG-120 Ported a simplified version of the Dockerhub image from the main NiFI project. You can merge this pull request into a Git repository by running: $ git pull https://github.com/Chaffelson/nifi-registry NIFIREG-120 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi-registry/pull/89.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #89 commit c59899939eb1b0f94f2f8c6a3e9c218357d1582a Author: dchaffey Date: 2018-01-18T12:58:39Z NIFIREG-120 Ported simplified Dockerhub build from NiFi ---