Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Authentication issue while connecting Nifi to Atlas

Explorer

Hi Team, 

following the resolution thread Re: How to report NiFi lineage to Atlas I am now able to use the Atlas lib of Nifi called "ReportLineageToAtlas". I configured the settings as the following (Atlas URLs is changing day by day, after the restart of the servers) : 

dansteu_0-1633441032312.png

In Kerberos Credential Service I inserted Atlas Kerberos Keytab and Atlas Kerberos Principal.

The error I receive while the "ReportLineageToAtlas" is running is about Authentication to Atlas to reach the API :

 

dansteu_1-1633441230233.png

Indeed if I open the Atlas web URL : 

http://34.134.205.221:31000/api/atlas/v2/types/typedefs?name=nifi_output_port  I have no data.

Therefore we have two issues:

1) it seems there's an authentication issue from Atlas towards Nifi API.

2) it seems in the API there are no data named "nifi_output_port" (maybe because it's not yet able to authenticate?).

 

Maybe the two issues are linked.

Do you have any hints about how to fix this problem? Were am I wrong in the settings?

 

I can provide you further details if needed.

 

Thanks a lot!

Daniele.

1 ACCEPTED SOLUTION

Accepted Solutions

@dansteu 

There are multiple changes needed in the properties.

The Atlas Configuration Directory shouldn't be on the /tmp directory. The ideal location would be a directory in the default class path of NiFi. 

Create Atlas Configuration File should be set to true

If Kerberos is being used for authentication, why is the URL http and not https?

For the NIFi URL for Atlas, it would be better to use http://${hostname(true)}:8080/nifi this will provide a URL that will map back to the NiFi component that generated the Atlas lineage

The Atlas Default Metadata Namespace should be populated with a value that is representative of the flow. For example, For example, hdf352 or testflowversion1, or something similar. 

View solution in original post

1 REPLY 1

@dansteu 

There are multiple changes needed in the properties.

The Atlas Configuration Directory shouldn't be on the /tmp directory. The ideal location would be a directory in the default class path of NiFi. 

Create Atlas Configuration File should be set to true

If Kerberos is being used for authentication, why is the URL http and not https?

For the NIFi URL for Atlas, it would be better to use http://${hostname(true)}:8080/nifi this will provide a URL that will map back to the NiFi component that generated the Atlas lineage

The Atlas Default Metadata Namespace should be populated with a value that is representative of the flow. For example, For example, hdf352 or testflowversion1, or something similar. 

View solution in original post