nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hunter morgan <Hunter.Mor...@capitalone.com>
Subject Re: flow as code and minify scaling/isolation
Date Fri, 24 Feb 2017 22:18:21 GMT
but what about filesystem access to processors? are those sandboxed?
On Feb 24, 2017, at 4:55 PM, Andrew Grande-2 [via Apache NiFi Developer List] <ml-node+s39713n14965h23@n7.nabble.com<mailto:ml-node+s39713n14965h23@n7.nabble.com>>
wrote:

Hi,

I think all processors acting as clients do isolate Kerberos keytabs and
client certificates.

The Kafka situation is a current design limitation of Kafka, not NiFi. The
good news is there's an effort underway to have Kafka not rely on global
singleton config and specify those per connection instead. But this is more
in the Kafka 0.11.x line.

Andrew

On Fri, Feb 24, 2017, 4:23 PM hunter morgan <[hidden email]<x-msg://2/user/SendEmail.jtp?type=node&node=14965&i=0>>
wrote:

> thanks for the links.
>
> i'm thinking that having the option of getting a template out of it or
> running in minifi would be good enough. i was sad to find that the rest api
> didn't seem to be included in minifi, so with it, accessible template
> export. i'm gonna look at that this weekend. glad to have more direction.
>
> yeah there is an impedance mismatch so far. but the minifi yaml config
> looks
> like the closest official completed work to such a workflow. i have mixed
> feelings about the flow repository stuff that's going on, but that's
> probably because i'm a dev that likes my existing tools (git, vi, cli
> goodness).
>
> it's hard to provide secure multitenant capability in nifi and isolate
> keytabs/jass/keystores between users, especially when processors use code
> (like kafka clients) that require or document using jvm opts to configure
> global jaas.
>
>
> also i think i wasn't joined to the list or something, so i should find out
> quicker next time there's a response.
>
>
>
> --
> View this message in context:
> http://apache-nifi-developer-list.39713.n7.nabble.com/flow-as-code-and-minify-scaling-isolation-tp14564p14963.html
> Sent from the Apache NiFi Developer List mailing list archive at
> Nabble.com<http://Nabble.com>.
>


________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-nifi-developer-list.39713.n7.nabble.com/flow-as-code-and-minify-scaling-isolation-tp14564p14965.html
To unsubscribe from flow as code and minify scaling/isolation, click here<http://apache-nifi-developer-list.39713.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=14564&code=SHVudGVyLk1vcmdhbkBjYXBpdGFsb25lLmNvbXwxNDU2NHwtMjQ1OTc3MDkx>.
NAML<http://apache-nifi-developer-list.39713.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>

________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One
and/or its affiliates and may only be used solely in performance of work or services for Capital
One. The information transmitted herewith is intended only for use by the individual or entity
to which it is addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any review, retransmission, dissemination, distribution, copying
or other use of, or taking of any action in reliance upon this information is strictly prohibited.
If you have received this communication in error, please contact the sender and delete the
material from your computer.




--
View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/flow-as-code-and-minify-scaling-isolation-tp14564p14967.html
Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message