Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Nifi Ranger plugin .json empty

Nifi Ranger plugin .json empty

New Contributor

Hello

I have deployed Nifi cluster and enabled Nifi-Ranger plugin. Using client certficate I am able to login to Nifi UI but when I login with AD credentials, I get authorization issues. In the Ranger audit section I see the nifi plugin sync happening. But authorizaton goes unsuccessful.

So on debugging I found that the json file where the policies are updated locally is empty with a file size 0kb. I tried re-enabling the plugin but no luck and also moving the empty json file and re-enabling the plugin, the file gets re-created but the sync does not happen. I also checked the permissions, which were "nifi:nifi" so changed it to "nifi:hadoop" but no luck.

Is this a bug or I am missing something? I see other plugins in HDP cluster working perfectly, this is the case I am seeing in HDF-Ranger.

And yeah All logs are clean.

Any help is appreciated.

Thanks

Deep

6 REPLIES 6

Re: Nifi Ranger plugin .json empty

Have you actually created any policies in Ranger to give your user access to the NiFi?

Re: Nifi Ranger plugin .json empty

New Contributor

Yes @Bryan Bende I have created user policies. But even if no policy is created, my understanding is the json file should not be empty, it should be filled up with atleast some attributes? but in this case it is empty, 0kb file.

Re: Nifi Ranger plugin .json empty

New Contributor

Also I have followed this document while setting up policies for node-identities, and have setup additional user policies.

https://community.hortonworks.com/articles/58769/hdf-20-enable-ranger-authorization-for-hdf-compone....

Re: Nifi Ranger plugin .json empty

Is the json file you are looking at in /tmp/ ? You are correct that it should not be empty.

Also, do you see any errors in nifi-app.log or in ranger_admin.log when the sync is happening?

Also, is Ranger secured in any way? Kerberos or SSL?

Re: Nifi Ranger plugin .json empty

New Contributor

Ahh found it. It seems to be updating it. I was looking at the json file in /etc/ranger/... Generally it is in /etc/ranger/... But I donno why in the case of Nifi it is in /tmp. Thanks @Bryan Bende.

Re: Nifi Ranger plugin .json empty

Somewhere in the NiFi config for ranger-nifi-security.xml there is a property that controls the location:

<property>

    <name>ranger.plugin.nifi.policy.cache.dir</name>

    <value>/tmp</value>

Don't have an account?
Coming from Hortonworks? Activate your account here