我在将Minifi-c++实例连接到C2 (Command&Control) 服务器时遇到问题。
我已经设置了一个安全的 Nifi 实例,并且我已经成功设置了一个 Minifi-c++ 实例和一个 minifi-C2,它们都直接连接到 Nifi 实例。
我已经验证手动配置的 Minifi 正确地通过 S2S 发送。
我还验证了 C2 服务器可以提供配置的模板(至少当请求是从具有正确凭据的浏览器完成时)。
现在我已经放弃了所有连接/网络和身份验证问题,唯一剩下的就是启用 Minifi 中的 c2 配置选项。
nifi.remote.input.secure=true
nifi.security.need.ClientAuth=true
nifi.security.client.certificate=./conf/cert.pem
nifi.security.client.private.key=./conf/key.pem
nifi.security.client.pass.phrase=./conf/password
nifi.security.client.ca.certificate=./conf/chain.pem
#nifi.rest.api.user.name=
#nifi.rest.api.password=
nifi.c2.enable=true
nifi.c2.agent.protocol.class=RESTSender
nifi.c2.rest.url="https://myUrl:15005/c2/c2-protocol/heartbeat"
nifi.c2.rest.url.ack="https://myUrl:15005/c2/c2-protocol/acknowledge"
nifi.c2.flow.base.url="https://myUrl:15005/c2/c2-protocol"
nifi.c2.root.classes=DeviceInfoNode,AgentInformation,FlowInformation
nifi.c2.agent.heartbeat.period=5000
nifi.c2.agent.heartbeat.reporter.class=RESTReceiver
nifi.c2.agent.class=RemoteMinifyTest
nifi.c2.agent.identifier=CN=test-minifi
nifi.c2.root.class.definitions=metrics
nifi.c2.root.class.definitions.metrics.name=metrics
# ... more metrics stuff
Minifi 实例因反气候而失败
[...::Properties] [info] Using configuration file to load configuration for UID properties
from ./conf/minifi-uid.properties (located at ...)
[main] [info] MINIFI_HOME=/path-to-minify
[...::Properties] [info] Using configuration file to load configuration for MiNiFi configuration
from ./conf/minifi.properties (located at ...)
[...::PythonCreator] [info] Adding ... some python stuff
[...::FlowController] [info] FlowController NiFi Configuration file ./conf/config.yml <- empty
[main] [info] Loading FlowController
[...::FlowController] [info] Load Flow Controller from file ./conf/config.yml
[...::FlowController] [info] Loaded root processor Group
[...::FlowController] [info] Initializing timers
[...::FlowController] [info] Loaded controller service provider
[...::FlowController] [info] Loaded flow repository
[...::FlowController] [info] Starting Flow Controller
[...::StandardControllerServiceProvider] [info] Enabling 0 controller services
[...::C2Agent] [info] Class is RESTSender
[...::FlowController] [info] Started Flow Controller
[main] [info] MiNiFi started
[...::TailFile] [error] store state file failed
在 C2 服务器上注册的唯一内容是
DEBUG [qtp1356728614-16] X509AuthenticationProvider Authenticating X509AuthenticationToken
with principal CN=test-minifi
DEBUG [qtp1356728614-16] C2AnonymousAuthenticationFilter SecurityContextHolder not
populated with anonymous token, as it already contained:
'org.apache.nifi.minifi.c2.security.authentication.C2AuthenticationToken@b51a431b: Principal:
CN=test-minifi; Credentials: [PROTECTED]; Authenticated: true; Details: null;
Granted Authorities: TEST'
每次心跳出现一次
我的 Minifi 实例正在正确识别自己,并且已提供适当的授权
# authorities.xml
CN=test-minifi:
- TEST
# authorizations.xml
Default Action: deny
Paths:
/c2/config:
Default Action: deny
Actions:
- Authorization: TEST
Query Parameters:
class: RemoteMinifyTest
Action: allow
/c2/config/contentTypes:
Default Action: deny
Actions:
- Authorization: TEST
Action: allow
我错过了什么?