Support Questions
Find answers, ask questions, and share your expertise

Setting up NIFI Ranger Plugin issue

Explorer

Issues trying to setting up Ranger provider. I'm using HDF 3.0.1.1 with SSL certs with 3 clustered nodes. SSL works fine but when I enabled the ranger plugin NIFI won't start up. I'm getting the following error before shutdown: "The specified authorizer 'ranger-provider' could not be found".

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: The specified authorizer 'ranger-provider' could not be found. at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)

I do not see any explanation in your documentation on setting up the authorizers file for the Ranger Provider. I have the file-provider setup and it was working fine before.

<authorizer> <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">/usr/hdf/current/nifi/conf/authorizations.xml</property> <property name="Users File">/usr/hdf/current/nifi/conf/users.xml</property> <property name="Initial Admin Identity">CN=nifiadmin, OU=NIFI</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">CN=host1.myco.com, OU=NIFI</property> <property name="Node Identity 2">CN=host2.myco.com, OU=NIFI</property> <property name="Node Identity 2">CN=host3.myco.com, OU=NIFI</property> </authorizer> </authorizers>

I'm not using LDAP (using Unix authentication).ranger-nifi-policy.png


ranger-test-connection-error.png
3 REPLIES 3

Re: Setting up NIFI Ranger Plugin issue

Explorer

I see an issue with keystore:


java.io.FileNotFoundException: /etc/nifi/conf/keystore.jks (Permission denied).
/etc/nifi/conf/keystore.jks (Permission denied).

Re: Setting up NIFI Ranger Plugin issue

Contributor

Can you check the permissions on .jks file and correct them if needed and also the chmod value

Re: Setting up NIFI Ranger Plugin issue

Explorer

I resolved this issue by adding the ranger-provider authorizer:

<authorizer> <identifier>ranger-provider</identifier> <class>org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer</class> <property name="Ranger Audit Config Path">/etc/nifi/conf/ranger-nifi-audit.xml</property> <property name="Ranger Security Config Path">/etc/nifi/conf/ranger-nifi-security.xml</property> <property name="Ranger Service Type">nifi</property> <property name="Ranger Application Id">nifi</property> <property name="Ranger Admin Identity">CN=nifiadmin, OU=NIFI</property> <property name="Ranger Kerberos Enabled">false</property> </authorizer>nifi-test-connection-succeed.png

nifi-authorizersxml-file.png