Support Questions
Find answers, ask questions, and share your expertise

NiFi Knox - Secured Hadoop

Highlighted

NiFi Knox - Secured Hadoop

Hello,

My group is utilizing NiFi secured using LDAP and connecting to a secured Hadoop cluster that utilizes Keberos. I have used Kerberos principal/keytab to connect to Hadoop but have seen some inconsistent connections. Sometimes NiFi SelectHiveQL processor will error out stating 'No Valid Credentials' can be found even though the keytab authenticates using kinit. To avoid this issue I have attempted to use our Knox service.

Knox seems to consistently be successful. I have tried removing Kerberos principal/keytab from HiveConnectionPool but I receive an error stating, 'HiveConfigurator is invalid because Kerberos Keytab/Principal must be provided when using a secure configuration'. My understanding is by using Knox I should not need a Keytab/Principal. Am I incorrect in my understanding?

Most of the examples I have seen show case NiFi cluster being fully integrated into Kerberos or Knox. What have I been looking for is just utilizing a Kerberized\Knox connection which seems to be done less from what I have seen on the forums.

Summary

Can I access Hive through Knox without needing a keytab/principal defined and how would I setup this connection?

NiFi v1.5 Prod & NiFi v1.6 Dev

Thanks

2 REPLIES 2

Re: NiFi Knox - Secured Hadoop

Contributor

If not a keytab you should have the trust store of the hive and pass it along for the knox to connect to hive. So if you are making a db connection it should look something like

knoxhsot.com:8443;ssl=1;sslTrustStore=/path/to/keystore.jks;trustStorePassword=passwordofkeystore;transportMode=http;httpPath=hive/gateway/path

Highlighted

Re: NiFi Knox - Secured Hadoop

Thanks for the reply J Koppole. I will look into this solution further.