Support Questions

saikrishna_tara · ‎11-14-2016

Hi,

We have a HDF server inside our company's network and we just secured our remote server (one server only) on our HADOOP cluster with LDAP authentication (outside of our network , managed by rackspace).

How do i connect to a remote process using Site 2 Site..? Earlier i have my putHDFS process on remote server and i was sending files using Site 2 Site from local server. Since both are HTTP it was working fine then.

But Now i am not able to connect to the remote port using because of secure connection. (HTTPs\LDAP etc).

What is the solution.? Do i have to go HTTPS on the local server too with the same LDAP settings..??

Thank you.

Regards,

Sai

kkawamura · ‎11-14-2016

@Saikrishna Tarapareddy @Matt

A unsecured NiFi instance can interact with a secured NiFi instancy, if it's configured with its keystore and truststore, and also the remote NiFi has a proper user and policies configured with it.

I have a working example on Github, nifi-integration-test, that confirms inter connectivity among unsecured/secured/standalone/clustered NiFi instances, in which you can find example nifi.properties, keystore and truststore. Here are important properties to configure:

Unsecured NiFi (local instance in your use case)
- nifi.web.http.port=8080
- nifi.web.https.port= (blank)
- nifi.security.keystore=(configure keystore and truststore)
- e.g. nifi-sp.properties
Secured NiFi (remote instance in your use case)
- nifi.web.http.port=(blank)
- nifi.web.https.port= 8443
- nifi.security.keystore=(configure keystore and truststore)
- nifi.remote.input.secure=true
- e.g. nifi-ss.properties

Hope this helps,

Koji

View solution in original post

saikrishna_tara · ‎11-22-2016

@kkawamura @Matt

i have exported remote server certificate to local nifi and local nifi certificate to server. but now i am getting a forbidden error.

i checked and granted all the permissions needed for user "CN=nifistos, OU=nestle" on the https system.

2016-11-22 15:48:59,285 INFO [NiFi Web Server-36] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifistos, OU=nestle) GET https://myremoteserver:10090/nifi-api/site-to-site (source ip: 172.16.2.4)

2016-11-22 15:48:59,285 INFO [NiFi Web Server-36] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifistos, OU=nestle

2016-11-22 15:48:59,286 INFO [NiFi Web Server-36] o.a.n.w.a.c.AccessDeniedExceptionMapper CN=nifistos, OU=nestle does not have permission to access the requested resource. Returning Forbidden response.

anything else that i am missing..??

kkawamura · ‎11-24-2016

Hi @Saikrishna Tarapareddy

Please double check the 'CN=nifistos, OU=nestle' user has right policy settings to use Site-to-Site. The user needs

'retrieve site-to-site details' in global policies (top-right menu)
'receive data via site-to-site' policy of the Input Port (select the Input Port and click the key icon on the operation palette on the left)

Once the user got authenticated, the all authorization checks the user has to pass are above two policies.

saikrishna_tara · ‎11-22-2016

@kkawamura @Matt

found the issue , my Server user has needs a space between CN and OU.

thanks for the help.

kkawamura · ‎11-24-2016

@Saikrishna Tarapareddy

I hadn't read this comment when I wrote a reply few seconds ago. Glad to hear that it worked!

Cloudera Community

Support Questions

How to connect Site to Site from HTTP to HTTPS.??