Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

one of NIFI instance web server not coming up post enable kerberos

Labels:
VijayM
Explorer

Created ‎02-13-2018 08:52 AM

Team,

I have a 3 Node NIFI cluster.

Enabled with Openldap and Ranger and it was working fine.

I have enabled kerberos on HDP 2.6 cluster and post which one of NIFI instance web UI not coming up.

nifi-app.log throws below error.

Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setX509AuthenticationProvider(org.apache.nifi.web.security.x509.X509AuthenticationProvider); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'x509AuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: Error creating RangerBasePlugin at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:661) at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331) ... 41 common frames omitted Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'x509AuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: Error creating RangerBasePlugin at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108) at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1143) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1046) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192) at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116) at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:618) ... 43 common frames omitted Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: Error creating RangerBasePlugin at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ... 58 common frames omitted Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Error creating RangerBasePlugin at org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer.onConfigured(RangerNiFiAuthorizer.java:127) at org.apache.nifi.authorization.AuthorizerFactoryBean$3.onConfigured(AuthorizerFactoryBean.java:463) at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:109) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ... 63 common frames omitted Caused by: java.io.IOException: Login failure for nifi/vijayhdf-1.novalocal@NOVALOCAL.COM from keytab /etc/security/keytabs/nifi.service.keytab: javax.security.auth.login.LoginException: Receive timed out at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:963) at org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer.onConfigured(RangerNiFiAuthorizer.java:111) ... 66 common frames omitted Caused by: javax.security.auth.login.LoginException: Receive timed out

nifi-bootstrap.log throws below error:

2018-02-13 08:40:44,459 INFO [main] org.apache.nifi.bootstrap.Command Launched Apache NiFi with Process ID 4129 2018-02-13 08:40:47,285 INFO [NiFi Bootstrap Command Listener] org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening for Bootstrap requests on port 46529 2018-02-13 08:44:46,118 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setX509AuthenticationProvider(org.apache.nifi.web.security.x509.X509AuthenticationProvider); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'x509AuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: Error creating RangerBasePlugin 2018-02-13 08:44:46,118 ERROR [NiFi logging handler] org.apache.nifi.StdErr Shutting down... 2018-02-13 08:44:46,529 INFO [main] org.apache.nifi.bootstrap.RunNiFi NiFi never started. Will not restart NiFi

Initial Admin identity set to one of kerberos principal i.e. nifiadmin@NOVALOCAL.COM

Kindly suggest to fix the issue?

932 Views
0 Kudos
2 REPLIES 2

umair_khan
Expert Contributor

Created ‎02-13-2018 09:04 PM

Check your file-provider property in Nifi. Should be set to kerberos if you are using kerberos to authenticate user:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_login_identity_provid...

712 Views
0 Kudos

VijayM
Explorer

Created ‎02-14-2018 12:34 PM

@Umair Khan,

It is pointing to kerberos-provider. Below snap for the same.

[root@vijayhdf-1 conf]# grep -i nifi.security.user.login.identity.provider nifi.properties nifi.security.user.login.identity.provider=kerberos-provider

[root@vijayhdf-1 conf]# tail -10 login-identity-providers.xml

<provider>

<identifier>kerberos-provider</identifier>

<class>org.apache.nifi.kerberos.KerberosProvider</class>

<property name="Default Realm">HADOOP.COM</property>

<property name="Authentication Expiration">12 hours</property>

</provider>

- Vijay Mishra


712 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements