NiFi Registry in Docker with Git auto-cloning on startup

tl;dr

Running NiFi Registry with Git and auto-cloning on startup is possible with three authentication options:

1. HTTPS user and password
2. git+ssh (~/.ssh bind mount)
3. git+ssh (SSH keys as environment variables)

1. HTTPS user and password

   docker run --name nifi-registry \
      -p 18080:18080 \
      -e 'FLOW_PROVIDER=git' \
      -e 'GIT_REMOTE_URL=https://github.com/michalklempa/docker-nifi-registry-example-flow.git' \
      -e 'GIT_CHECKOUT_BRANCH=example' \
      -e 'FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY=/opt/nifi-registry/flow-storage-git' \
      -e 'FLOW_PROVIDER_GIT_REMOTE_TO_PUSH=origin' \
      -e 'FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER=michalklempa' \
      -e 'FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD=thisisnotmypassword:)' \
      -e 'GIT_CONFIG_USER_NAME=Michal Klempa' \
      -e 'GIT_CONFIG_USER_EMAIL=michalklempa@gmail.com' \
      -d \
      michalklempa/nifi-registry:latest
   

2. git+ssh (~/.ssh bind mount):

    docker run --name nifi-registry \
      -p 18080:18080 \
      -v ~/.ssh:/home/nifi/.ssh \
      -e 'FLOW_PROVIDER=git' \
      -e 'GIT_REMOTE_URL=git@github.com:michalklempa/docker-nifi-registry-example-flow.git' \
      -e 'GIT_CHECKOUT_BRANCH=example' \
      -e 'FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY=/opt/nifi-registry/flow-storage-git' \
      -e 'FLOW_PROVIDER_GIT_REMOTE_TO_PUSH=origin' \
      -e 'GIT_CONFIG_USER_NAME=Michal Klempa' \
      -e 'GIT_CONFIG_USER_EMAIL=michal.klempa@gmail.com' \
      -d \
      michalklempa/nifi-registry:latest
   

3. git+ssh (SSH keys as environment variables):

    docker run --name nifi-registry \
      -p 18080:18080 \
      -e 'FLOW_PROVIDER=git' \
      -e 'GIT_REMOTE_URL=git@github.com:michalklempa/docker-nifi-registry-example-flow.git' \
      -e 'GIT_CHECKOUT_BRANCH=example' \
      -e 'FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY=/opt/nifi-registry/flow-storage-git' \
      -e 'FLOW_PROVIDER_GIT_REMOTE_TO_PUSH=origin' \
      -e 'GIT_CONFIG_USER_NAME=Michal Klempa' \
      -e 'GIT_CONFIG_USER_EMAIL=michal.klempa@gmail.com' \
      -e 'SSH_PRIVATE_KEY='$(base64 -w 0 < ~/.ssh/id_rsa) \
      -e 'SSH_KNOWN_HOSTS='$(base64 -w 0 < ~/.ssh/known_hosts) \
      -e 'SSH_PRIVATE_KEY_PASSPHRASE=' \
      -d \
      michalklempa/nifi-registry:latest
   

Docker image for NiFi Registry

Let me introduce my Docker image for NiFi Registry:

• based on openjdk:8-jdk-alpine (251MB vs. 387MB official image).
• cloning git repository at image startup
• supports Kerberos, LDAP, two-way SSL
• option to provide configuration files by mounting them, useful for ConfigMaps in Kubernetes and Volumes in Docker Swarm
• Debug NiFi Registry using Java Remote Debug mode (-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000)
• setting -Xms and -Xmx via environment variables
• database configuration for PostgreSQL
• option to set any nifi-registry.properties key using environment variable

Setting up NiFi Registry was described in post by Bryan Bende: Apache NiFi Registry 0.2.0. And there is a JIRA issue for clone git repository at startup as a feature. Until this feature is contributed into the Java codebase, we may live with my Docker image, which I decided to publish as my part of contribution to open-source:

• hub.docker.com/r/michalklempa/nifi-registry
• source code github.com/michalklempa/docker-nifi-registry

Feel free to test it and feedback is welcome.