82fe051413
Signed-off-by: David Handerman <exceptionfactory@apache.org> Co-authored-by: David Handermann <exceptionfactory@apache.org> |
||
---|---|---|
.. | ||
c2-client-api | ||
c2-client-base | ||
c2-client-http | ||
c2-client-service | ||
README.md | ||
pom.xml |
README.md
Apache NiFi MiNiFi Command and Control (C2) Client
The c2-client-bundle provides implementation for the client aspect of the C2 Protocol. The essence of the implementation is the heartbeat construction and the communication with the C2 server via the C2HttpClient.
Currently, relying on the C2 Protocol API is limited to sending heartbeats and processing/acknowledging UPDATE configuration operation in the response (if any). When exposed the new configuration will be downloaded and passed back to the system using the C2 protocol.
When C2 is enabled, C2ClientService will be scheduled to send heartbeats periodically, so the C2 Server can notify the client about any operations that is defined by the protocol and needs to be executed on the client side.
Using the client means that configuration changes and other operations can be triggered and controlled centrally via the C2 server making the management of clients more simple and configuring them more flexible. The client supports bidirectional TLS authentication.
Configuration
To use the client, the parameters coming from C2ClientConfig
need to be properly set (this configuration class is also used for instantiating C2HeartbeatFactory
and C2HttpClient
)
# The C2 Server endpoint where the heartbeat is sent
private final String c2Url;
# The C2 Server endpoint where the acknowledge is sent
private final String c2AckUrl;
# The class the agent belongs to (flow definition is tied to agent class on the server side)
private final String agentClass;
# Unique identifier for the agent if not provided it will be generated
private final String agentIdentifier;
# Directory where persistent configuration (e.g.: generated agent and device id will be persisted)
private final String confDirectory;
# Property of RuntimeManifest defined in c2-protocol. A unique identifier for the manifest
private final String runtimeManifestIdentifier;
# Property of RuntimeManifest defined in c2-protocol. The type of the runtime binary. Usually set when the runtime is built
private final String runtimeType;
# The frequency of sending the heartbeats. This property is used by the c2-client-bundle user who should schedule the client
private final Long heartbeatPeriod;
# Security properties for communication with the C2 Server
private final String keystoreFilename;
private final String keystorePass;
private final String keyPass;
private final KeystoreType keystoreType;
private final String truststoreFilename;
private final String truststorePass;
private final KeystoreType truststoreType;
private final HostnameVerifier hostnameVerifier;