apache
MINIFICPP-1925 Ensure compatibility with the MiNiFi C2 server
Ensure that config update and heartbeats from MiNiFi C2 server are handled properly in MiNiFi agent
- Read flowid from configuration update parameter
- Make C2 operation strings case-insensitive
- Handle
nullin requested operations - Remove
Acceptheader temporarily until MiNiFi C2 handling is fixed - Add test coverage for MiNiFi C2 compatibility
https://issues.apache.org/jira/browse/MINIFICPP-1925
Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.
In order to streamline the review of the contribution we ask you to ensure the following steps have been taken:
For all changes:
-
[ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
-
[ ] Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
-
[ ] Has your PR been rebased against the latest commit within the target branch (typically main)?
-
[ ] Is your initial contribution a single, squashed commit?
For code changes:
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
- [ ] If applicable, have you updated the LICENSE file?
- [ ] If applicable, have you updated the NOTICE file?
For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible.
Hey @lordgamez Great PR!
I've tried your changes, and they do not work with NiFi C2 over HTTPS. I am getting the next error:
[2022-10-05 23:07:51.015] [org::apache::nifi::minifi::extensions::curl::HTTPClient] [error] curl_easy_perform() failed SSL peer certificate or SSH remote key was not OK on https://nifi-c2:8880/c2/config/heartbeat, error code 60
Do you have experience in setting up the secured connection with NiFi C2?
Hey @lordgamez Great PR!
I've tried your changes, and they do not work with NiFi C2 over HTTPS. I am getting the next error:
[2022-10-05 23:07:51.015] [org::apache::nifi::minifi::extensions::curl::HTTPClient] [error] curl_easy_perform() failed SSL peer certificate or SSH remote key was not OK on https://nifi-c2:8880/c2/config/heartbeat, error code 60Do you have experience in setting up the secured connection with NiFi C2?
Hi @ihor-sokoliuk-exa ,
I don't have any experience setting up NiFi C2 over SSL, but I'll investigate this use case and try to update the PR with this option.
Hi @ihor-sokoliuk-exa,
I pushed a new commit 88a3bc2ed9cac02c8d4f0e8caff7ca7b47e01877 that updates the PR to support SSL connection in C2 messages. To enable the SSL connection you need to configure the following:
On C2 server side, in the c2.properties file the minifi.c2.server.secure=true should be set and the corresponding keystore and truststore should be configured as well. The authorizations.yaml file should also be changed to allow the agent's connections through SSL. For this you should define the agent class's DN in the authorities.yaml and set the allow action for this class in the authorizations.yaml for each endpoint. See the added test files for reference.
On the MiNiFi side you should add an SSLContextService controller in the config.yml file where you can set the client certificate paths for the SSL connection. After that the nifi.c2.rest.ssl.context.service property should be set to the name of the SSLContextService in the minifi.properties file for the MiNiFi agent to use that SSL service for the C2 connection.
@lordgamez you rock!
Everything works like a charm!
Thank you for your contribution and the instructions particularly.
@lordgamez you rock!
Everything works like a charm!
Thank you for your contribution and the instructions particularly.
You're welcome, I'm glad it worked :)