diff --git a/CHANGELOG.md b/CHANGELOG.md index c559293b..886d47c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,9 +9,11 @@ All notable changes to this project will be documented in this file. - The lifetime of auto generated TLS certificates is now configurable with the role and roleGroup config property `requestedSecretLifetime`. This helps reducing frequent Pod restarts ([#722]). - Run a `containerdebug` process in the background of each Nifi container to collect debugging information ([#730]). +- Support configuring JVM arguments ([#724]). - Aggregate emitted Kubernetes events on the CustomResources ([#742]). [#722]: https://github.com/stackabletech/nifi-operator/pull/722 +[#724]: https://github.com/stackabletech/nifi-operator/pull/724 [#730]: https://github.com/stackabletech/nifi-operator/pull/730 [#742]: https://github.com/stackabletech/nifi-operator/pull/742 diff --git a/Cargo.lock b/Cargo.lock index 50767091..cefd673c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2362,6 +2362,7 @@ dependencies = [ "semver", "serde", "serde_json", + "serde_yaml", "snafu 0.8.5", "stackable-nifi-crd", "stackable-operator", diff --git a/deploy/helm/nifi-operator/crds/crds.yaml b/deploy/helm/nifi-operator/crds/crds.yaml index b228d736..dba55e52 100644 --- a/deploy/helm/nifi-operator/crds/crds.yaml +++ b/deploy/helm/nifi-operator/crds/crds.yaml @@ -655,6 +655,32 @@ spec: default: {} description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: Allows overriding JVM arguments. Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object podOverrides: default: {} description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) for more information. @@ -1116,6 +1142,32 @@ spec: default: {} description: '`envOverrides` configure environment variables to be set in the Pods. It is a map from strings to strings - environment variables and the value to set. Read the [environment variable overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#env-overrides) for more information and consult the operator specific usage guide to find out about the product specific environment variables that are available.' type: object + jvmArgumentOverrides: + default: + add: [] + remove: [] + removeRegex: [] + description: Allows overriding JVM arguments. Please read on the [JVM argument overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#jvm-argument-overrides) for details on the usage. + properties: + add: + default: [] + description: JVM arguments to be added + items: + type: string + type: array + remove: + default: [] + description: JVM arguments to be removed by exact match + items: + type: string + type: array + removeRegex: + default: [] + description: JVM arguments matching any of this regexes will be removed + items: + type: string + type: array + type: object podOverrides: default: {} description: In the `podOverrides` property you can define a [PodTemplateSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podtemplatespec-v1-core) to override any property that can be set on a Kubernetes Pod. Read the [Pod overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#pod-overrides) for more information. diff --git a/docs/modules/nifi/pages/usage_guide/index.adoc b/docs/modules/nifi/pages/usage_guide/index.adoc index 4e8e442b..79e803be 100644 --- a/docs/modules/nifi/pages/usage_guide/index.adoc +++ b/docs/modules/nifi/pages/usage_guide/index.adoc @@ -48,4 +48,4 @@ spec: <3> xref:usage_guide/extra-volumes.adoc[Extra volumes] with files that can be referenced in custom workflows. <4> xref:usage_guide/resource-configuration.adoc[CPU and memory configuration] can be set per role group. -Not shown are the common settings for xref:usage_guide/operations/cluster-operations.adoc[starting and stopping the cluster] and xref:usage_guide/operations/pod-placement.adoc[distributing Pods]. Additionally, you can set any NiFi setting using xref:usage_guide/configuration-environment-overrides.adoc[overrides]. You can also configure xref:usage_guide/log-aggregation.adoc[log aggregation]. +Not shown are the common settings for xref:usage_guide/operations/cluster-operations.adoc[starting and stopping the cluster] and xref:usage_guide/operations/pod-placement.adoc[distributing Pods]. Additionally, you can set any NiFi setting using xref:usage_guide/overrides.adoc[overrides]. You can also configure xref:usage_guide/log-aggregation.adoc[log aggregation]. diff --git a/docs/modules/nifi/pages/usage_guide/configuration-environment-overrides.adoc b/docs/modules/nifi/pages/usage_guide/overrides.adoc similarity index 93% rename from docs/modules/nifi/pages/usage_guide/configuration-environment-overrides.adoc rename to docs/modules/nifi/pages/usage_guide/overrides.adoc index 4c9df0f9..32c0857b 100644 --- a/docs/modules/nifi/pages/usage_guide/configuration-environment-overrides.adoc +++ b/docs/modules/nifi/pages/usage_guide/overrides.adoc @@ -114,3 +114,8 @@ spec: value: "value1" effect: "NoSchedule" ---- + +== JVM argument overrides + +Stackable operators automatically determine the set of needed JVM arguments, such as memory settings or trust- and keystores. +Using JVM argument overrides you can configure the JVM arguments xref:concepts:overrides.adoc#jvm-argument-overrides[according to the concepts page]. diff --git a/docs/modules/nifi/partials/nav.adoc b/docs/modules/nifi/partials/nav.adoc index 386f7615..d3407296 100644 --- a/docs/modules/nifi/partials/nav.adoc +++ b/docs/modules/nifi/partials/nav.adoc @@ -12,7 +12,7 @@ ** xref:nifi:usage_guide/log-aggregation.adoc[] ** xref:nifi:usage_guide/monitoring.adoc[] ** xref:nifi:usage_guide/updating.adoc[] -** xref:nifi:usage_guide/configuration-environment-overrides.adoc[] +** xref:nifi:usage_guide/overrides.adoc[] ** xref:nifi:usage_guide/writing-to-iceberg-tables.adoc[] ** xref:nifi:usage_guide/operations/index.adoc[] *** xref:nifi:usage_guide/operations/cluster-operations.adoc[] diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index 6c5eded1..5e294dc1 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -30,7 +30,7 @@ use stackable_operator::{ memory::{BinaryMultiple, MemoryQuantity}, product_config_utils::{self, Configuration}, product_logging::{self, spec::Logging}, - role_utils::{GenericRoleConfig, Role, RoleGroupRef}, + role_utils::{GenericRoleConfig, JavaCommonConfig, Role, RoleGroupRef}, schemars::{self, JsonSchema}, status::condition::{ClusterCondition, HasStatusCondition}, time::Duration, @@ -107,7 +107,7 @@ pub struct NifiSpec { // no doc - docs in Role struct. #[serde(default, skip_serializing_if = "Option::is_none")] - pub nodes: Option>, + pub nodes: Option>, // no doc - docs in ProductImage struct. pub image: ProductImage, diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index 898c95db..253ac54b 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -32,6 +32,7 @@ url.workspace = true [dev-dependencies] rstest.workspace = true +serde_yaml.workspace = true [build-dependencies] built.workspace = true diff --git a/rust/operator-binary/src/config/jvm.rs b/rust/operator-binary/src/config/jvm.rs new file mode 100644 index 00000000..723d728a --- /dev/null +++ b/rust/operator-binary/src/config/jvm.rs @@ -0,0 +1,83 @@ +use snafu::{OptionExt, ResultExt, Snafu}; +use stackable_nifi_crd::{NifiConfig, NifiConfigFragment}; +use stackable_operator::{ + memory::{BinaryMultiple, MemoryQuantity}, + role_utils::{self, GenericRoleConfig, JavaCommonConfig, JvmArgumentOverrides, Role}, +}; + +use super::{JVM_SECURITY_PROPERTIES_FILE, NIFI_CONFIG_DIRECTORY}; + +// Part of memory resources allocated for Java heap +const JAVA_HEAP_FACTOR: f32 = 0.8; + +#[derive(Snafu, Debug)] +pub enum Error { + #[snafu(display("invalid memory resource configuration - missing default or value in crd?"))] + MissingMemoryResourceConfig, + + #[snafu(display("invalid memory config"))] + InvalidMemoryConfig { + source: stackable_operator::memory::Error, + }, + + #[snafu(display("failed to merge jvm argument overrides"))] + MergeJvmArgumentOverrides { source: role_utils::Error }, +} + +/// Create the NiFi bootstrap.conf +pub fn build_merged_jvm_config( + merged_config: &NifiConfig, + role: &Role, + role_group: &str, +) -> Result { + let heap_size = MemoryQuantity::try_from( + merged_config + .resources + .memory + .limit + .as_ref() + .context(MissingMemoryResourceConfigSnafu)?, + ) + .context(InvalidMemoryConfigSnafu)? + .scale_to(BinaryMultiple::Mebi) + * JAVA_HEAP_FACTOR; + let java_heap = heap_size + .format_for_java() + .context(InvalidMemoryConfigSnafu)?; + + let jvm_args = vec![ + // Heap settings + format!("-Xmx{java_heap}"), + format!("-Xms{java_heap}"), + // The G1GC is known to cause some problems in Java 8 and earlier, but the issues were addressed in Java 9. If using Java 8 or earlier, + // it is recommended that G1GC not be used, especially in conjunction with the Write Ahead Provenance Repository. However, if using a newer + // version of Java, it can result in better performance without significant \"stop-the-world\" delays. + "-XX:+UseG1GC".to_owned(), + // Set headless mode by default + "-Djava.awt.headless=true".to_owned(), + // Disable JSR 199 so that we can use JSP's without running a JDK + "-Dorg.apache.jasper.compiler.disablejsr199=true".to_owned(), + // Note(sbernauer): This has been here since ages, leaving it here for compatibility reasons. + // That being said: IPV6 rocks :rocket:! + "-Djava.net.preferIPv4Stack=true".to_owned(), + // allowRestrictedHeaders is required for Cluster/Node communications to work properly + "-Dsun.net.http.allowRestrictedHeaders=true".to_owned(), + "-Djava.protocol.handler.pkgs=sun.net.www.protocol".to_owned(), + // Sets the provider of SecureRandom to /dev/urandom to prevent blocking on VMs + "-Djava.security.egd=file:/dev/urandom".to_owned(), + // Requires JAAS to use only the provided JAAS configuration to authenticate a Subject, without using any "fallback" methods (such as prompting for username/password) + // Please see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html, section "EXCEPTIONS TO THE MODEL" + "-Djavax.security.auth.useSubjectCredsOnly=true".to_owned(), + // Zookeeper 3.5 now includes an Admin Server that starts on port 8080, since NiFi is already using that port disable by default. + // Please see https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_adminserver_config for configuration options. + "-Dzookeeper.admin.enableServer=false".to_owned(), + // JVM security properties include especially TTL values for the positive and negative DNS caches. + format!( + "-Djava.security.properties={NIFI_CONFIG_DIRECTORY}/{JVM_SECURITY_PROPERTIES_FILE}" + ), + ]; + + let operator_generated = JvmArgumentOverrides::new_with_only_additions(jvm_args); + role.get_merged_jvm_argument_overrides(role_group, &operator_generated) + .context(MergeJvmArgumentOverridesSnafu) +} diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config/mod.rs similarity index 79% rename from rust/operator-binary/src/config.rs rename to rust/operator-binary/src/config/mod.rs index a5f0c716..5bdea514 100644 --- a/rust/operator-binary/src/config.rs +++ b/rust/operator-binary/src/config/mod.rs @@ -3,6 +3,7 @@ use std::{ fmt::Write, }; +use jvm::build_merged_jvm_config; use product_config::{types::PropertyNameKind, ProductConfigManager}; use snafu::{ResultExt, Snafu}; use stackable_nifi_crd::{ @@ -11,12 +12,12 @@ use stackable_nifi_crd::{ }; use stackable_operator::{ commons::resources::Resources, - memory::{BinaryMultiple, MemoryQuantity}, + memory::MemoryQuantity, product_config_utils::{ transform_all_roles_to_config, validate_all_roles_and_groups_config, ValidatedRoleConfigByPropertyKind, }, - role_utils::Role, + role_utils::{GenericRoleConfig, JavaCommonConfig, Role}, }; use strum::{Display, EnumIter}; @@ -30,6 +31,8 @@ use crate::{ }, }; +pub mod jvm; + pub const NIFI_CONFIG_DIRECTORY: &str = "/stackable/nifi/conf"; pub const NIFI_BOOTSTRAP_CONF: &str = "bootstrap.conf"; @@ -42,8 +45,6 @@ const STORAGE_PROVENANCE_UTILIZATION_FACTOR: f32 = 0.9; const STORAGE_FLOW_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.9; // Content archive only counts _old_ data, so we want to allow some space for active data as well const STORAGE_CONTENT_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.5; -// Part of memory resources allocated for Java heap -const JAVA_HEAP_FACTOR: f32 = 0.8; #[derive(Debug, Display, EnumIter)] pub enum NifiRepository { @@ -75,10 +76,11 @@ pub enum Error { source: stackable_operator::product_config_utils::Error, }, - #[snafu(display("invalid memory config"))] - InvalidMemoryConfig { - source: stackable_operator::memory::Error, - }, + #[snafu(display("invalid memory resource configuration - missing default or value in crd?"))] + MissingMemoryResourceConfig, + + #[snafu(display("invalid JVM config"))] + InvalidJVMConfig { source: jvm::Error }, #[snafu(display("failed to transform product configs"))] ProductConfigTransform { @@ -97,88 +99,35 @@ pub enum Error { /// Create the NiFi bootstrap.conf pub fn build_bootstrap_conf( - nifi_config: &NifiConfig, + merged_config: &NifiConfig, overrides: BTreeMap, + role: &Role, + role_group: &str, ) -> Result { let mut bootstrap = BTreeMap::new(); // Java command to use when running NiFi bootstrap.insert("java".to_string(), "java".to_string()); // Username to use when running NiFi. This value will be ignored on Windows. bootstrap.insert("run.as".to_string(), "".to_string()); - // Preserve shell environment while runnning as "run.as" user + // Preserve shell environment while running as "run.as" user bootstrap.insert("preserve.environment".to_string(), "false".to_string()); // Configure where NiFi's lib and conf directories live bootstrap.insert("lib.dir".to_string(), "./lib".to_string()); bootstrap.insert("conf.dir".to_string(), "./conf".to_string()); - bootstrap.extend(graceful_shutdown_config_properties(nifi_config)); - - let mut java_args = Vec::with_capacity(18); - // Disable JSR 199 so that we can use JSP's without running a JDK - java_args.push("-Dorg.apache.jasper.compiler.disablejsr199=true".to_string()); - - // Read memory limits from config - if let Some(heap_size_definition) = &nifi_config.resources.memory.limit { - tracing::debug!("Read {:?} from crd as memory limit", heap_size_definition); + bootstrap.extend(graceful_shutdown_config_properties(merged_config)); - let heap_size = MemoryQuantity::try_from(heap_size_definition) - .context(InvalidMemoryConfigSnafu)? - .scale_to(BinaryMultiple::Mebi) - * JAVA_HEAP_FACTOR; + let merged_jvm_config = + build_merged_jvm_config(merged_config, role, role_group).context(InvalidJVMConfigSnafu)?; - let java_heap = heap_size - .format_for_java() - .context(InvalidMemoryConfigSnafu)?; - - tracing::debug!( - "Converted {:?} to {} for java heap config", - &heap_size_definition, - java_heap - ); - // Push heap size config as max and min size to java args - java_args.push(format!("-Xmx{}", java_heap)); - java_args.push(format!("-Xms{}", java_heap)); - } else { - tracing::debug!("No memory limits defined"); + for (index, argument) in merged_jvm_config + .effective_jvm_config_after_merging() + .iter() + .enumerate() + { + bootstrap.insert(format!("java.arg.{}", index + 1), argument.clone()); } - java_args.push("-Djava.net.preferIPv4Stack=true".to_string()); - - // allowRestrictedHeaders is required for Cluster/Node communications to work properly - java_args.push("-Dsun.net.http.allowRestrictedHeaders=true".to_string()); - java_args.push("-Djava.protocol.handler.pkgs=sun.net.www.protocol".to_string()); - - // The G1GC is known to cause some problems in Java 8 and earlier, but the issues were addressed in Java 9. If using Java 8 or earlier, - // it is recommended that G1GC not be used, especially in conjunction with the Write Ahead Provenance Repository. However, if using a newer - // version of Java, it can result in better performance without significant \"stop-the-world\" delays. - java_args.push("-XX:+UseG1GC".to_string()); - - // Set headless mode by default - java_args.push("-Djava.awt.headless=true".to_string()); - // Root key in hexadecimal format for encrypted sensitive configuration values - //bootstrap.insert("nifi.bootstrap.sensitive.key=".to_string(), "".to_string()); - // Sets the provider of SecureRandom to /dev/urandom to prevent blocking on VMs - java_args.push("-Djava.security.egd=file:/dev/urandom".to_string()); - // Requires JAAS to use only the provided JAAS configuration to authenticate a Subject, without using any "fallback" methods (such as prompting for username/password) - // Please see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html, section "EXCEPTIONS TO THE MODEL" - java_args.push("-Djavax.security.auth.useSubjectCredsOnly=true".to_string()); - - // Zookeeper 3.5 now includes an Admin Server that starts on port 8080, since NiFi is already using that port disable by default. - // Please see https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_adminserver_config for configuration options. - java_args.push("-Dzookeeper.admin.enableServer=false".to_string()); - - // JVM security properties include especially TTL values for the positive and negative DNS caches. - java_args.push(format!( - "-Djava.security.properties={NIFI_CONFIG_DIRECTORY}/{JVM_SECURITY_PROPERTIES_FILE}" - )); - - // add java args - bootstrap.extend( - java_args - .into_iter() - .enumerate() - .map(|(i, a)| (format!("java.arg.{}", i + 1), a)), - ); - // override with config overrides + // configOverrides come last bootstrap.extend(overrides); Ok(format_properties(bootstrap)) @@ -669,7 +618,7 @@ pub fn build_state_management_xml() -> String { pub fn validated_product_config( resource: &NifiCluster, version: &str, - role: &Role, + role: &Role, product_config: &ProductConfigManager, ) -> Result { let mut roles = HashMap::new(); @@ -714,3 +663,142 @@ fn storage_quantity_to_nifi(quantity: MemoryQuantity) -> String { .value ) } + +#[cfg(test)] +mod tests { + use crate::config::build_bootstrap_conf; + + use super::*; + + use indoc::indoc; + use stackable_nifi_crd::NifiCluster; + + #[test] + fn test_build_bootstrap_conf_defaults() { + let input = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + spec: + image: + productVersion: 1.27.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + zookeeperConfigMapName: simple-nifi-znode + nodes: + roleGroups: + default: + replicas: 1 + "#; + let bootstrap_conf = construct_bootstrap_conf(input); + + assert_eq!( + bootstrap_conf, + indoc! {" + conf.dir=./conf + graceful.shutdown.seconds=300 + java=java + java.arg.1=-Xmx3276m + java.arg.10=-Djavax.security.auth.useSubjectCredsOnly=true + java.arg.11=-Dzookeeper.admin.enableServer=false + java.arg.12=-Djava.security.properties=/stackable/nifi/conf/security.properties + java.arg.2=-Xms3276m + java.arg.3=-XX:+UseG1GC + java.arg.4=-Djava.awt.headless=true + java.arg.5=-Dorg.apache.jasper.compiler.disablejsr199=true + java.arg.6=-Djava.net.preferIPv4Stack=true + java.arg.7=-Dsun.net.http.allowRestrictedHeaders=true + java.arg.8=-Djava.protocol.handler.pkgs=sun.net.www.protocol + java.arg.9=-Djava.security.egd=file:/dev/urandom + lib.dir=./lib + preserve.environment=false + run.as= + "} + ); + } + + #[test] + fn test_build_bootstrap_conf_jvm_argument_overrides() { + let input = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + spec: + image: + productVersion: 1.27.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + zookeeperConfigMapName: simple-nifi-znode + nodes: + config: + resources: + memory: + limit: 42Gi + jvmArgumentOverrides: + remove: + - -XX:+UseG1GC + add: + - -Dhttps.proxyHost=proxy.my.corp + - -Dhttps.proxyPort=8080 + - -Djava.net.preferIPv4Stack=true + roleGroups: + default: + replicas: 1 + jvmArgumentOverrides: + # We need more memory! + removeRegex: + - -Xmx.* + - -Dhttps.proxyPort=.* + add: + - -Xmx40000m + - -Dhttps.proxyPort=1234 + "#; + let bootstrap_conf = construct_bootstrap_conf(input); + + assert_eq!( + bootstrap_conf, + indoc! {" + conf.dir=./conf + graceful.shutdown.seconds=300 + java=java + java.arg.1=-Xms34406m + java.arg.10=-Djava.security.properties=/stackable/nifi/conf/security.properties + java.arg.11=-Dhttps.proxyHost=proxy.my.corp + java.arg.12=-Djava.net.preferIPv4Stack=true + java.arg.13=-Xmx40000m + java.arg.14=-Dhttps.proxyPort=1234 + java.arg.2=-Djava.awt.headless=true + java.arg.3=-Dorg.apache.jasper.compiler.disablejsr199=true + java.arg.4=-Djava.net.preferIPv4Stack=true + java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true + java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol + java.arg.7=-Djava.security.egd=file:/dev/urandom + java.arg.8=-Djavax.security.auth.useSubjectCredsOnly=true + java.arg.9=-Dzookeeper.admin.enableServer=false + lib.dir=./lib + preserve.environment=false + run.as= + "} + ); + } + + fn construct_bootstrap_conf(nifi_cluster: &str) -> String { + let nifi: NifiCluster = serde_yaml::from_str(nifi_cluster).expect("illegal test input"); + + let nifi_role = NifiRole::Node; + let role = nifi.spec.nodes.as_ref().unwrap(); + let merged_config = nifi.merged_config(&nifi_role, "default").unwrap(); + + build_bootstrap_conf(&merged_config, BTreeMap::new(), role, "default").unwrap() + } +} diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index c0904b25..1443fb0f 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -67,7 +67,7 @@ use stackable_operator::{ CustomContainerLogConfig, }, }, - role_utils::{GenericRoleConfig, Role, RoleGroupRef}, + role_utils::{GenericRoleConfig, JavaCommonConfig, Role, RoleGroupRef}, status::condition::{ compute_conditions, operations::ClusterOperationsConditionBuilder, statefulset::StatefulSetConditionBuilder, @@ -560,6 +560,7 @@ pub async fn reconcile_nifi( nifi, &resolved_product_image, &nifi_authentication_config, + role, &rolegroup, rolegroup_config, &merged_config, @@ -734,6 +735,7 @@ async fn build_node_rolegroup_config_map( nifi: &NifiCluster, resolved_product_image: &ResolvedProductImage, nifi_auth_config: &NifiAuthenticationConfig, + role: &Role, rolegroup: &RoleGroupRef, rolegroup_config: &HashMap>, merged_config: &NifiConfig, @@ -784,6 +786,8 @@ async fn build_node_rolegroup_config_map( kind: NIFI_BOOTSTRAP_CONF.to_string(), })? .clone(), + role, + &rolegroup.role_group, ) .context(BootstrapConfigSnafu)?, ) @@ -903,7 +907,7 @@ async fn build_node_rolegroup_statefulset( resolved_product_image: &ResolvedProductImage, cluster_info: &KubernetesClusterInfo, rolegroup_ref: &RoleGroupRef, - role: &Role, + role: &Role, rolegroup_config: &HashMap>, merged_config: &NifiConfig, nifi_auth_config: &NifiAuthenticationConfig,