THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Table of Contents | ||
|---|---|---|
|
Migrating to 1.23.0
- The resolution for CVE-2023-36542 included the addition of a new Access Policy component restriction named Reference Remote Resources applied to the following components:
- CaptureChangeMySQL
- ConsumeJMS
- DBCPConnectionPool
- ExtractGrok
- GrokReader
- HikariCPConnectionPool
- HadoopDBCPConnectionPool
- HBase_2_ClientService
- JMSConnectionFactoryProvider
- PublishJMS
- ValidateJson
- ValidateXml
- Deployments with fine-grained Access Policies may require assigning the Reference Remote Resources permission to users who should be able to configure applicable components
- The nifi-riemann-nar and nifi-hbase_1_1_2-client-service-nar are no longer included in the standard binary, but can be downloaded from Maven Central
- RethinkDB Processors are deprecated for removal in 2.0.0
- Upgrading dependencies from H2 Database Engine version 2.1 to 2.2 required internal automated migration
...
Kerberos System Properties
- SPNEGO and service principals for Kerberos are now established via separate system properties.
- New SPNEGO properties
- nifi.kerberos.spnego.principal
- nifi.kerberos.spnego.keytab.location
- nifi.kerberos.spnego.authentication.expiration
- New service properties
- nifi.kerberos.service.principal
- nifi.kerberos.service.keytab.location
- nifi.kerberos.service.principal
- Removed properties
- nifi.kerberos.keytab.location
- nifi.kerberos.authentication.expiration
- nifi.kerberos.keytab.location
- New SPNEGO properties
- SPNEGO and service principals for Kerberos are now established via separate system properties.
- DBCPConnectionPool Service
- The “Database Driver Jar Url” property has been replaced by the “Database Driver Location(s)” property which accepts a comma-separated list of URLs or local files/folders containing the driver JAR.
- Existing processors that reference this service will be invalid until the new property is configured.
- The “Database Driver Jar Url” property has been replaced by the “Database Driver Location(s)” property which accepts a comma-separated list of URLs or local files/folders containing the driver JAR.
MonitorDiskUsage
- This standard reporting task has been simplified to let the user specify a logical name, a directory and a threshold to monitor. Previously it was tightly coupled to the internal flow file and content repositories in a manner that didn't align to the pluggable nature of those repositories. The new approach gives the user total control over what they want it to monitor.
- Connection/Relationship Default Back Pressure Settings
- It used to be that by default no backpressure settings were supplied. This too often meant people learned the value of backpressure the hard way. New connections made will now have a default value set of 10,000 flowfiles and 1GB worth of data size.
Multi-tenant Authorization Model
Authority Provider model has been replaced by a Multi-tenant Authorization model. Access privileges are now defined by policies that can be applied system-wide or to individual components. Details can be found in the ‘Admin Guide’ under ‘Multi-tenant Authorization’.
The system properties nifi.authority.provider.configuration.file and nifi.security.user.authority.provider have been replaced by nifi.authorizer.configuration.file and nifi.security.user.authorizer, respectively. Details on configuration can be found in the “Admin Guide’ under ‘Authorizer Configuration’.
0.7.0 authorized users/roles can be converted to the new authorization model. An existing authorized-users.xml file can be referenced in the authorizers.xml "Legacy Authorized Users File” property to automatically generate users and authorizations. Details on configuration can be found in the “Admin Guide” under ‘Authorizers.xml Setup’.
- Controller Services that will be used by Processors must be defined in the Operate Palette of the root process group or sub process group where they will be used. Controller Services defined in the Global - Controller Settings window can only be used by Reporting Tasks, not by any Processors.
HTTP(S) Site-to-Site
HTTP(S) protocol is now supported in Site-to-Site as an underlying transport protocol.
HTTP(S) protocol is enabled by default (nifi.remote.input.http.enabled=true).Configuration details can be found in the 'Site-to-Site Properties' section of the 'Admin Guide’. Of note:
With both socket and HTTP protocols supported, nifi.remote.input.socket.host has been renamed to nifi.remote.input.host
nifi.remote.input.secure is now set to false by default
Zero-Master Clustering
...