You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/01/21 16:51:28 UTC
svn commit: r1653570 -
/incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html
Author: mcgilman
Date: Wed Jan 21 15:51:27 2015
New Revision: 1653570
URL: http://svn.apache.org/r1653570
Log:
Updating admin guide to match 0.0.1 release
Modified:
incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html
Modified: incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html
URL: http://svn.apache.org/viewvc/incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html?rev=1653570&r1=1653569&r2=1653570&view=diff
==============================================================================
--- incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html (original)
+++ incubator/nifi/site/trunk/content/docs/nifi-docs/administration-guide.html Wed Jan 21 15:51:27 2015
@@ -437,7 +437,7 @@ body.book #toc,body.book #preamble,body.
<div id="toc" class="toc">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel1">
-<li><a href="#how-to-install">How to install</a></li>
+<li><a href="#how-to-install-and-start-nifi">How to install and start NiFi</a></li>
<li><a href="#best-practice-configuration">Best Practice Configuration</a></li>
<li><a href="#security-configuration">Security Configuration</a></li>
<li><a href="#controlling-levels-of-access">Controlling Levels of Access</a></li>
@@ -446,41 +446,287 @@ body.book #toc,body.book #preamble,body.
</div>
<div id="content">
<div class="sect1">
-<h2 id="how-to-install"><a class="anchor" href="#how-to-install"></a>How to install</h2>
+<h2 id="how-to-install-and-start-nifi"><a class="anchor" href="#how-to-install-and-start-nifi"></a>How to install and start NiFi</h2>
<div class="sectionbody">
-<div class="paragraph">
-<p>Installation instructions…​</p>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+This section is incomplete.
+</td>
+</tr>
+</table>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Linux</p>
+<div class="ulist">
+<ul>
+<li>
+<p>Decompress and untar into desired installation directory.</p>
+</li>
+<li>
+<p>Make any desired edits in files found under <installdir>/conf</p>
+</li>
+<li>
+<p>Execute the following commands</p>
+<div class="ulist">
+<ul>
+<li>
+<p>start: starts NiFi in the background</p>
+</li>
+<li>
+<p>stop: stops NiFi that is running in the background</p>
+</li>
+<li>
+<p>status: provides the current status of NiFi</p>
+</li>
+<li>
+<p>run: runs NiFi in the foreground and waits for a Ctl-C to initiate shutdown of NiFi</p>
+</li>
+<li>
+<p>intall: installs NiFi as a service that can then be controlled via</p>
+<div class="ulist">
+<ul>
+<li>
+<p>service nifi start</p>
+</li>
+<li>
+<p>service nifi stop</p>
+</li>
+<li>
+<p>service nifi status</p>
+</li>
+</ul>
+</div>
+</li>
+</ul>
+</div>
+</li>
+</ul>
+</div>
+</li>
+</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="best-practice-configuration"><a class="anchor" href="#best-practice-configuration"></a>Best Practice Configuration</h2>
<div class="sectionbody">
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+Typical Linux defaults are not necessarily well tuned for the needs of an IO intensive application like
+NiFi. For all of these areas your distributions requirements may vary. Use these sections as advice but
+consult your distribution specific documentation for how best to achieve these recommendations.
+</td>
+</tr>
+</table>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Maximum File Handles</dt>
+<dd>
+<p>NiFi will at any one time potentially have a very large number of file handles open. Increase the limits by
+editing <em>/etc/security/limits.conf</em> to add
+something like</p>
+</dd>
+</dl>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>* hard nofile 50000
+* soft nofile 50000</pre>
+</div>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Maximum Forked Processes</dt>
+<dd>
+<p>NiFi may be configured to generate a significant number of threads. To increase the allowable number edit <em>/etc/security/limits.conf</em></p>
+</dd>
+</dl>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>* hard nproc 10000
+* soft nproc 10000</pre>
+</div>
+</div>
<div class="paragraph">
-<p>The following are things which are good to check…​</p>
+<p>And your distribution may require an edit to /etc/security/limits.d/90-nproc.conf by adding</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>* soft nproc 10000</pre>
+</div>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Increase the number of TCP socket ports available</dt>
+<dd>
+<p>This is particularly important if your flow will be setting up and tearing
+down a large number of sockets in small period of time.</p>
+</dd>
+</dl>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>sudo sysctl -w net.ipv4.ip_local_port_range="10000 65000"</pre>
+</div>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Set how long sockets stay in a TIMED_WAIT state when closed</dt>
+<dd>
+<p>You don’t want your sockets to sit and linger too long given that you want to be
+able to quickly setup and teardown new sockets. It is a good idea to read more about
+it but to adjust do something like</p>
+</dd>
+</dl>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>sudo sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait="1"</pre>
+</div>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Tell linux you never want NiFi to swap</dt>
+<dd>
+<p>Swapping is fantastic for some applications. It isn’t good for something like
+NiFi that always wants to be running. To tell linux you’d like swapping off you
+can edit <em>/etc/sysctl.conf</em> to add the following line</p>
+</dd>
+</dl>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre>vm.swappiness = 0</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>For the partions handling the various NiFi repos turn off things like <em>atime</em>.
+Doing so can cause a surprising bump in throughput. Edit the <em>/etc/fstab</em> file
+and for the partition(s) of interest add the <em>noatime</em> option.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="security-configuration"><a class="anchor" href="#security-configuration"></a>Security Configuration</h2>
<div class="sectionbody">
-<div class="paragraph">
-<p>Two-way SSL…​</p>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+This section is incomplete.
+</td>
+</tr>
+</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="controlling-levels-of-access"><a class="anchor" href="#controlling-levels-of-access"></a>Controlling Levels of Access</h2>
<div class="sectionbody">
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+This section is incomplete.
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>Once NiFi is configured to run securely as discussed in the previous section, it is necessary
+to manually designate an ADMIN user in the authorized-users.xml file, which is located in the
+root installation’s conf directory. After this ADMIN user has been added, s/he may grant access
+to other users, systems, and other instances of NiFi, through the User Interface (UI) without having to manually edit the authorized-users.xml
+file. If you are the administrator, you would add yourself as the ADMIN user in this file.</p>
+</div>
+<div class="paragraph">
+<p>Open the authorized-users.xml file in a text editor. You will notice that it includes a template
+to guide you, with example entries that are commented out.</p>
+</div>
+<div class="paragraph">
+<p>It is only necessary to manually add one user, the ADMIN user,
+to this file.
+So, at a minimum, the following example entry should be included and contain the user Distinguished Name (dn)
+in place of "user dn - read only and admin":</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre><users>
+ <user dn="[user dn - read only and admin]">
+ <role name="ROLE_ADMIN"/>
+ </user>
+</users></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Here is an example entry using the name John Smith:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre><users>
+ <user dn="[cn=John Smith,ou=people,dc=example,dc=com]">
+ <role name="ROLE_ADMIN"/>
+ </user>
+</users></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>After the authorized-users.xml file has been edited and saved, restart NiFi.
+Once the application starts, the ADMIN user is
+able to access the UI at the https URL that is configured in the nifi.properties file.</p>
+</div>
+<div class="paragraph">
+<p>From the UI, click on the Users icon ( <span class="image"><img src="./images/iconUsers.png" alt="Users" width="32"></span> ) in the
+Management Toolbar (upper-right corner of the UI), and the User Management Page opens.</p>
+</div>
+<div class="paragraph">
+<p>The ADMIN user should be listed. Click on the pencil icon to see this user’s role(s). You may edit the
+roles by selecting the appropriate checkboxes.</p>
+</div>
+<div class="paragraph">
+<p>When other users want access to the NiFi UI, they navigate to the configured URL and are
+prompted to request access. When someone has requested access, the ADMIN user sees a star
+on the Users icon in the Management Toolbar, alerting the ADMIN to the fact that a request is
+pending. Upon opening the User Management Page, the pending request is visible, and the ADMIN
+can grant access and click on the pencil icon to set the user’s roles appropriately.</p>
+</div>
+<div class="paragraph">
+<p>The ADMIN may also select multiple users and add them to a "Group". Hold down the Shift key and select
+multiple users, then click the <code>Group</code> button in the upper-right corner of the User Management Page.
+Then, provide a name for the group.</p>
+</div>
<div class="paragraph">
-<p>Within the web-ui …​.</p>
+<p>The group feature is especially useful when a remote NiFi cluster is connecting to this NiFi using
+a Remote Process Group. In that scenario, all the nodes
+in the remote cluster can be included in the same group. When the ADMIN wants to grant port access to the remote
+cluster, s/he can grant it to the group and avoid having to grant it individually to each node in the cluster.</p>
</div>
</div>
</div>
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2014-12-31 12:06:24 EST
+Last updated 2015-01-21 10:20:49 EST
</div>
</div>
</body>