Support Questions

Find answers, ask questions, and share your expertise

NIFI Failed to refresh Ranger Policies

avatar
Contributor

Hi Team,

We have integrated NIFI with Ranger. Also cluster is kerberized. NIFI is SSL enabled but Ranger is not SSL enabled.

We are getting following error in nifi-app.log:

2018-06-25 06:44:48,636 INFO [main] o.a.n.r.a.RangerBasePluginWithPolicies Converting Ranger ServicePolicies model into NiFi policy model for viewing purposes in NiFi UI.
2018-06-25 06:44:48,641 WARN [main] o.a.n.r.a.RangerBasePluginWithPolicies Resources [*] include a wildcard value. Skipping policy for viewing purposes. Will still be used for access decisions.
2018-06-25 06:44:48,652 INFO [main] o.a.r.plugin.service.RangerBasePlugin Policies will NOT be reordered based on number of evaluations
2018-06-25 06:44:48,710 ERROR [Thread-15] o.a.ranger.plugin.util.PolicyRefresher PolicyRefresher(serviceName=MMCHDPDEV_nifi): failed to refresh policies. Will continue to use last known version of policies (69)
com.sun.jersey.api.client.ClientHandlerException: java.lang.RuntimeException: java.lang.NullPointerException
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
        at com.sun.jersey.api.client.Client.handle(Client.java:652)
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
        at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509)
        at org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(RangerAdminRESTClient.java:122)
        at org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(RangerAdminRESTClient.java:115)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1678)
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:125)
        at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
        at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
        at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:171)
Caused by: java.lang.RuntimeException: java.lang.NullPointerException
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1506)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
        at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3036)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:489)
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253)
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
        ... 13 common frames omitted
Caused by: java.lang.NullPointerException: null
        at java.util.Base64$Encoder.encode(Base64.java:261)
        at java.util.Base64$Encoder.encodeToString(Base64.java:315)
        at sun.net.www.protocol.http.NegotiateAuthentication.setHeaders(NegotiateAuthentication.java:208)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1749)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
        ... 15 common frames omitted
2018-06-25 06:44:49,821 INFO [main] o.a.n.r.v.FileBasedVariableRegistry Loaded 104 properties from system properties and environment variables
2018-06-25 06:44:49,821 INFO [main] o.a.n.r.v.FileBasedVariableRegistry Loaded a total of 104 properties.  Including precedence overrides effective accessible registry key size is 104

Ranger Policies are not getting applied for NIFI.

How to resolve it. Please suggest.

Thanks,

Bhushan

1 ACCEPTED SOLUTION

avatar
Contributor

Thanks @Arti Wadhwani for pointing out Ranger logs. We saw authorization exception for nifi user. We have fixed it by adding nifi user in Ranger service policy.

View solution in original post

5 REPLIES 5

avatar
Contributor

avatar
Rising Star

@Bhushan Kandalkar Is the Test Connection for Ranger NiFi repo working fine?

avatar
Contributor

@Arti Wadhwani, Test Connection for Ranger NiFi repo is working fine.

avatar
Rising Star

@Bhushan Kandalkar - what do you see in Ranger logs for the same timeframe?

avatar
Contributor

Thanks @Arti Wadhwani for pointing out Ranger logs. We saw authorization exception for nifi user. We have fixed it by adding nifi user in Ranger service policy.