Member since
01-02-2023
55
Posts
1
Kudos Received
3
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
971 | 09-18-2023 04:37 AM | |
1056 | 03-17-2023 06:34 AM | |
1615 | 03-13-2023 01:43 PM |
09-18-2023
04:37 AM
Thanks Matt!
... View more
05-16-2023
04:26 AM
Additionally, i copied the keystore and truststore to the node-master. I did not yet copy the keystore and truststore to node1, node2, node3 and node4.
... View more
04-28-2023
12:13 AM
Any Apache Spark experts out there that have experience security hardening Spark on YARN?
... View more
04-23-2023
02:34 AM
thanks for the reply cotopaul. I'm still very new to NiFi clusters and was thinking, from a purely cloud architecture perspective, that it typically makes sense to abstract the specific endpoints from the end user. I'll review the url you provided. Thanks again for your reply.
... View more
04-21-2023
03:35 AM
Yes, it is possible to create new users in Apache NiFi with administrator privileges similar to the initial admin identity.
You can use the User Authentication Provider in NiFi to add new users with the desired level of access. You can configure the User Authentication Provider to use a variety of authentication mechanisms, including PKI certs, as you are currently using.
Once you have configured the User Authentication Provider, you can add new users and assign them to appropriate user groups with the necessary access policies. You can create a new user group with the same policies as the initial admin identity user group and assign new users to it.
To create a new user group with the same policies as the initial admin identity user group, you can export the policy for the initial admin identity user group, and then import it for the new user group. To do this, navigate to the Access Policies tab in the NiFi UI, select the initial admin identity user group, and click the "Export Policies" button. Then, create a new user group and click the "Import Policies" button to import the policies from the initial admin identity user group.
After creating the new user group and assigning the new users to it, they will have the same access as the initial admin identity user. However, keep in mind that granting administrator privileges to multiple users can pose a security risk. Make sure to regularly review and update access policies to maintain security.
... View more
04-11-2023
05:00 AM
Hello Bakho, did Matt's recommendation/suggestion solve your problem? I am having the same issue using certificates created by the NiFi Toolkit.
... View more
03-30-2023
05:52 AM
@davehkd Changes committed to an early version 1.19 will persist into the next version unless a specific closed jiras exists that makes another changes impacting version. I saw no other newer jiras related to Kotlin version changes at time of this response. Matt
... View more
03-21-2023
06:32 AM
@davehkd When your nodes become disconnected, a reason will be logged and also most recent events viewable from within the cluster UI via the NIFi interface. So first question is reason given for node disconnections? Is it reporting a communication exception with Zookeeper or is it reporting disconnection due to lack of heartbeat (more common). Within a cluster a node is elected as the cluster coordinator by ZK, the nodes begin sending health and status heartbeats to that cluster coordinator. Default is every 5 seconds. The elected cluster coordinator expects to receive at least one heartbeat every 8x the configured heartbeat interval, so every 40 seconds. This is a pretty aggressive setting for NiFi clusters under heavy load or high heap pressure caused by dataflow design. So first make sure that every node in your cluster has the same configured heartbeat interval value (mixed values will definitely cause lots of node disconnections). If you are seeing reason for disconnection as lack of heartbeat, adjust the heartbeat interval to 30 seconds. This means a heartbeat would need to missed in a 4 minutes window instead of 40 seconds. As far as GC goes, GC is triggered when Java heap utilization gets around ~80%. How much memory have you configured your NiFi to use? Setting really high for no reason means would result in longer GC stop-the-world events. Generally NiFi would be configured with 16 GB to 32 GB for most use cases. If you find yourself needing more then that , you should take a closer look at your dataflow implementations (dataflows). The NiFi heap holds many things including the following: - fllow.json.gz is unpacked and loaded into heap memory on startup. Flow.json.gz includes everything you have added and configured via the NiFi UI (flows, controller settings, registry clients, templates, etc.). Templates are a deprecated method of creating flow snippets for reuse. They are held in heap because they are part of the flow.json.gz even though they are not part of any active dataflow. Downloading for external storage and deleting from within NiFi will reduce heap usage. - user and groups synced from ldap if using the ldap-user-group-provider. Shoudl make sure that your have configured filters on this provider so that you are liimiting the number of groups and users to only those the will actually be accessing yoru NiFi. - FlowFiles are what you see queued between processor components on the UI. FlowFiles consist of metatdata/attributes about the FlowFile. NiFi has build in swap settings for how many FlowFiles can exist in a given queue before they start swapping to disk (20,000 set via nifi.queue.swap.threshold in nifi.properties). Swap files are always 10,000 FlowFiles. By default, a connection has a backpressure object threshold of 10,000. This means by default a connection will not likely generate a swap file because it is unlikely to reach the swap threshold with these defaults (connection queues are soft limits). So If you have lots of connection with queued FlowFiles, you will have more heap usage. Generally speaking, a FlowFile's default metadata attributes amount to very little heap usage, but users can write whatever they want to FlowFile attributes. If you extracting and writing larges amounts of content to FlowFile attributes in yoru dataflow(s), you'll have high heap usage and should be question yourself as to why you are doing this. - NiFi processor components - Some processors have resource considerations that users should take in to considerations when using those processors. The embedded documentation within your NiFi will have section for resource considerations under each processor's docs. Look to see if you are using and with heap/memory consideration. Often heap usage can be reduced through dataflow design modifications. I hope these details help you dig into your heap usage and helps you make adjustments to improve your cluster stability. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more