cloudera-labs · wmudge · Oct 14, 2025 · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025
diff --git a/roles/minifi_agent_java/README.md b/roles/minifi_agent_java/README.md
@@ -0,0 +1,93 @@
+# MiNiFi Java Agent
+
+This role streamlines the deployment and configuration of Cloudera MiNiFi Java Agent on designated hosts.
+
+The role will:
+- Retrieve the MiNiFi Java tarball from a user-defined or default source
+- Install MiNiFi Java into a configurable directory
+- Apply configuration using a Jinja2 template for `minifi.properties`
+- Configure C2 protocol for communication with EFM server
+- Support TLS/SSL configuration for secure communication
+- Install and start the MiNiFi Java agent service
+- Support authentication for protected download sources
+
+## Requirements
+
+- Network access from the target host to the URL specified in `minifi_java_tarball_url`
+- Access to EFM server for C2 communication (specified in `efm_host_url`)
+- For TLS configuration: Valid certificates and private keys on target host
+
+## Variables
+
+| Name                            | Purpose                                                      | Default (see `defaults/main.yml`)           |
+|----------------------------------|--------------------------------------------------------------|---------------------------------------------|
+| `minifi_java_tarball_url`        | Download link for the MiNiFi Java tarball                   | (default provided in role)                  |
+| `minifi_java_directory`          | Installation directory for MiNiFi Java                      | `/opt/cloudera/cem/minifi-java`              |
+| `minifi_java_properties_path`    | Path to the MiNiFi Java properties file                     | `/opt/cloudera/cem/minifi-java/conf/minifi.properties` |
+| `minifi_java_agent_class_name`   | Agent class name for MiNiFi Java agent                      | `minifi-agent-java`                          |
+| `efm_host_url`                  | URL for the EFM server for C2 communication                 | `http://localhost:10090`                    |
+| `minifi_java_repo_username` | Username for protected repositories (optional)               |                                             |
+| `minifi_java_repo_password` | Password for protected repositories (optional)               |                                             |
+| `minifi_tls_enabled`            | Enable/disable TLS for MiNiFi Java agent                    | `false`                                     |
+| `minifi_tls_client_certificate` | Path to client certificate file for TLS authentication      | `/etc/pki/tls/certs/host.crt`              |
+| `minifi_tls_client_private_key` | Path to client private key file for TLS authentication      | `/etc/pki/tls/private/host.key`            |
+| `minifi_tls_client_ca_certificate` | Path to CA certificate file for TLS authentication       | `/etc/ipa/ca.crt`                          |
+| `minifi_java_service_path`       | Path to the systemd service file for MiNiFi Java.          | `/etc/systemd/system/minifi-java.service` |
+| `minifi_tls_keystore_path`       | Path to the keystore file for TLS configuration.           |                                             |
+| `minifi_tls_keystore_type`       | Type of the keystore (e.g., JKS, PKCS12).                  |                                             |
+| `minifi_tls_keystore_password`   | Password for the keystore file.                            |                                             |
+| `minifi_tls_key_password`        | Password for the private key in the keystore.              |                                             |
+| `minifi_tls_truststore_path`     | Path to the truststore file for TLS configuration.         |                                             |
+| `minifi_tls_truststore_type`     | Type of the truststore (e.g., JKS, PKCS12).                |                                             |
+| `minifi_tls_truststore_password` | Password for the truststore file.                          |                                             |
+| `minifi_tls_ssl_protocol`        | SSL protocol to use for TLS communication (e.g., TLSv1.2). |                                             |
+
+## Example usage
+
+```yaml
+# Basic MiNiFi Java installation
+- hosts: minifi_nodes
+  become: true
+  tasks:
+    - name: Install MiNiFi Java with basic configuration
+      ansible.builtin.import_role:
+        name: cloudera.exe.minifi_agent_java
+      vars:
+        minifi_java_repo_username: "repo_user"
+        minifi_java_repo_password: "repo_pass"
+        efm_host_url: "http://efm-server:10090"
+        minifi_java_agent_class_name: "java-agent"
+# MiNiFi Java installation with TLS configuration
+- hosts: minifi_nodes
+  become: true
+  tasks:
+    - name: Install MiNiFi Java with TLS enabled
+      ansible.builtin.import_role:
+        name: cloudera.exe.minifi_agent_java
+      vars:
+        efm_host_url: "https://efm-server:10090"
+        minifi_tls_enabled: true
+        minifi_tls_keystore_path: "/etc/pki/tls/keystore.jks"
+        minifi_tls_keystore_password: "keystore_password"
+        minifi_tls_truststore_path: "/etc/pki/tls/truststore.jks"
+        minifi_tls_truststore_password: "truststore_password"
+        minifi_tls_ssl_protocol: "TLSv1.2"
+```
+
+## License
+
+```
+Copyright 2025 Cloudera, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```
diff --git a/roles/minifi_agent_java/defaults/main.yml b/roles/minifi_agent_java/defaults/main.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2025 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+minifi_java_directory: "/opt/cloudera/cem/minifi-java"
+minifi_java_tarball_url: "https://archive.cloudera.com/p/cem-agents-java/1.23.04.1000/ubuntu20/apt/tars/nifi-minifi-java/minifi-1.23.04.1000-b3-bin.tar.gz"
+minifi_java_properties_path: "/opt/cloudera/cem/minifi-java/conf/bootstrap.conf"
+minifi_java_service_path: "/etc/systemd/system/minifi-java.service"
+efm_host_url: "http://localhost:10090"
+minifi_java_agent_class_name: "minifi-agent-java"
+
+# TLS Configuration
+minifi_tls_enabled: false
+# TLS settings (only used when minifi_tls_enabled is true)
+# minifi_tls_keystore_path: ""
+# minifi_tls_keystore_type: ""
+# minifi_tls_keystore_password: ""
+# minifi_tls_key_password: ""
+# minifi_tls_truststore_path: ""
+# minifi_tls_truststore_type: ""
+# minifi_tls_truststore_password: ""
+# minifi_tls_ssl_protocol: ""
diff --git a/roles/minifi_agent_java/handlers/main.yml b/roles/minifi_agent_java/handlers/main.yml
@@ -0,0 +1,21 @@
+---
+# Copyright 2025 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Start minifi-java service
+  ansible.builtin.systemd:
+    name: minifi-java
+    daemon_reload: true
+    enabled: true
+    state: started
diff --git a/roles/minifi_agent_java/meta/argument_specs.yml b/roles/minifi_agent_java/meta/argument_specs.yml
@@ -0,0 +1,114 @@
+---
+# Copyright 2025 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+argument_specs:
+  main:
+    short_description: Install and configure Cloudera MiNiFi Java Agent
+    description:
+      - Downloads, installs, and configures Cloudera MiNiFi Java Agent on the target host.
+      - Sets up the MiNiFi properties, and manages the systemd service.
+    author: Cloudera Labs
+    version_added: "3.3.0"
+    options:
+      minifi_java_tarball_url:
+        description: URL to the MiNiFi Java tarball to download and install.
+        type: str
+        required: false
+        default: "https://archive.cloudera.com/p/cem-agents/1.25.05-h2/ubuntu22/apt/tars/nifi-minifi-java/nifi-minifi-java-1.25.05-h2-b5-bin-linux.tar.gz"
+      minifi_java_directory:
+        description: Directory where MiNiFi Java will be installed.
+        type: str
+        required: false
+        default: "/opt/cloudera/cem/minifi-java"
+      minifi_java_properties_path:
+        description: Path to the MiNiFi Java properties file.
+        type: str
+        required: false
+        default: "/opt/cloudera/cem/minifi-java/conf/minifi.properties"
+      minifi_java_agent_class_name:
+        description: Agent class name for MiNiFi Java agent.
+        type: str
+        required: false
+        default: "minifi-agent-java2"
+      efm_api_url:
+        description: URL for the Edge Flow Manager API.
+        type: str
+        required: false
+        default: "http://localhost:10090/efm/api"
+      minifi_java_repo_username:
+        description: Username for protected Minifi repositories.
+        type: str
+        required: false
+      minifi_java_repo_password:
+        description: Password for protected Minifi repositories.
+        type: str
+        required: false
+      efm_host_url:
+        description: URL for the Edge Flow Manager server for C2 communication.
+        type: str
+        default: "http://localhost:10090"
+      minifi_tls_enabled:
+        description: Enable or disable TLS for MiNiFi Java agent.
+        type: bool
+        default: false
+      minifi_tls_client_certificate:
+        description: Path to the client certificate file for TLS authentication.
+        type: str
+        default: "/etc/pki/tls/certs/host.crt"
+      minifi_tls_client_private_key:
+        description: Path to the client private key file for TLS authentication.
+        type: str
+        default: "/etc/pki/tls/private/host.key"
+      minifi_tls_client_ca_certificate:
+        description: Path to the CA certificate file for TLS authentication.
+        type: str
+        default: "/etc/ipa/ca.crt"
+      minifi_java_service_path:
+        description: Path to the systemd service file for MiNiFi Java.
+        type: str
+        required: false
+        default: "/etc/systemd/system/minifi-java.service"
+      minifi_tls_keystore_path:
+        description: Path to the keystore file for TLS configuration.
+        type: str
+        required: false
+      minifi_tls_keystore_type:
+        description: Type of the keystore (e.g., JKS, PKCS12).
+        type: str
+        required: false
+      minifi_tls_keystore_password:
+        description: Password for the keystore file.
+        type: str
+        required: false
+      minifi_tls_key_password:
+        description: Password for the private key in the keystore.
+        type: str
+        required: false
+      minifi_tls_truststore_path:
+        description: Path to the truststore file for TLS configuration.
+        type: str
+        required: false
+      minifi_tls_truststore_type:
+        description: Type of the truststore (e.g., JKS, PKCS12).
+        type: str
+        required: false
+      minifi_tls_truststore_password:
+        description: Password for the truststore file.
+        type: str
+        required: false
+      minifi_tls_ssl_protocol:
+        description: SSL protocol to use for TLS communication (e.g., TLSv1.2).
+        type: str
+        required: false
diff --git a/roles/minifi_agent_java/molecule/default/converge.yml b/roles/minifi_agent_java/molecule/default/converge.yml
@@ -0,0 +1,23 @@
+---
+# Copyright 2025 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Converge
+  hosts: all
+  gather_facts: false
+  become: false
+  tasks:
+    - name: Install and configure MiNiFi Java Agent
+      ansible.builtin.import_role:
+        name: cloudera.exe.minifi_agent_java