Cloudera Community
bkandalkar
user rank
New Member

Nifi Integration with Ranger Not Working

by New Member in Support Questions
‎06-07-2018 08:11 AM
‎06-07-2018 08:11 AM
HI All, In our cluster NIFI is SSL enabled. Ranger is not SSL enabled. Both NIFI and Ranger are integrated with AD/LDAP. Before enabling NIFI plugin in Ranger, our AD/LDAP users are able to see NIFI UI. But after enabling NIFI plugin in Ranger, our AD/LDAP users are not able to see NIFI UI. We are getting following message on NIFI screen: Insufficient Permissions Untrusted proxy CN=*.test.com, OU=NIFI nifi-user.log shows Authentication success but Untrusted proxy error as follows: 2018-06-07 07:00:13,447 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://usdf24v0075.test.com:9091/nifi-api/flow/current-user (source ip: 10.23.118.51) 2018-06-07 07:00:13,449 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for test-user 2018-06-07 07:00:13,612 INFO [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<test-user><CN=*.test.com, OU=NIFI>) GET https://usdf24v0075.test.com:9091/nifi-api/flow/current-user (source ip: 10.23.132.140) 2018-06-07 07:00:13,615 WARN [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Untrusted proxy CN=*.test.com, OU=NIFI I have also deleted authorizers.xml and users.xml file from NIFI node and restarted NIFI as well. How to resolve it.? Please suggest. Thanks ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-17-2018 10:16 AM
‎05-17-2018 10:16 AM
@Vishal Dhavale @Andy LoPresto @Sandeep Nemuri @Rishi @dvillarreal... Please suggest ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-17-2018 10:09 AM
‎05-17-2018 10:09 AM
@Geoffrey Shelton Okot, here is the info: In hue.ini, under besswax I set following: [[ssl]] # SSL communication enabled for this server. (optional since Hue 3.8) enabled=true # Path to Certificate Authority certificates. cacerts=/home/dev/hive-certificate/ca-chaincert.pem # Choose whether Hue should validate certificates received from the server. validate=true ca-chaincert.pem has following certificates: echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> hadmgrndcc03-2.test.org.pem keytool -import-alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem keytool -import-alias rootca -file rootca -keystore ca-chaincert.pem keytool -import-alias intermediate -file intermediate -keystore ca-chaincert.pem ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-17-2018 06:20 AM
‎05-17-2018 06:20 AM
@Geoffrey Shelton Okot, could you please share link. ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-16-2018 11:47 AM
‎05-16-2018 11:47 AM
@Geoffrey Shelton Okot, I haven't set cacert path. Do we need to import certificates of Hive servers in cacert file? How can I create cacert file? We have internal CA signed certificate for Hive. ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-16-2018 11:20 AM
‎05-16-2018 11:20 AM
@Geoffrey Shelton Okot, What about cacert? do we need to include it? ... View more

Re: Getting Error While accessing Hive through Hu...

by New Member in Support Questions
‎05-16-2018 07:21 AM
‎05-16-2018 07:21 AM
@Neeraj Sabharwal @Kuldeep Kulkarni @Alexandru Anghel @Andy LoPresto ...Please suggest. ... View more

Getting Error While accessing Hive through Hue

by New Member in Support Questions
‎05-15-2018 12:17 PM
‎05-15-2018 12:17 PM
Hi, We are using HDP-2.3.4.0 and Hue-3.8 in our environment. We have enabled SSL for Hiveserver2. We haven't enabled SSL for Hue. Now, when we are trying to access SSL enabled Hive through Hue we are getting following error: Error! Failed to retrieve tables for database: default [Errno 185090050] _ssl.c:344: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib In hue.ini, under besswax I set following: [[ssl]] # SSL communication enabled for this server. (optional since Hue 3.8) enabled=true # Path to Certificate Authority certificates. cacerts=/home/dev/hive-certificate/ca-chaincert.pem # Choose whether Hue should validate certificates received from the server. validate=true ca-chaincert.pem has following certificates: echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > hadmgrndcc03-2.test.org.pem keytool -import -alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem keytool -import -alias rootca -file rootca -keystore ca-chaincert.pem keytool -import -alias intermediate -file intermediate -keystore ca-chaincert.pem How to access SSL enabled Hive through Hue? What configurations needs to be done? Please suggest. Thanks. ... View more
Labels:

Re: Knox Hive HA Configuration Does Not Work in HD...

by New Member in Support Questions
‎05-11-2018 09:55 AM
‎05-11-2018 09:55 AM
Thanks @Rishi ... View more

Re: Knox Hive HA Configuration Does Not Work in HD...

by New Member in Support Questions
‎05-11-2018 09:43 AM
‎05-11-2018 09:43 AM
@Rishi, in which HDP version is it fixed? ... View more
Contact Me
Online
Offline
Last Visited
‎08-19-2019 08:03 AM
Community Statistics
Member Since ‎08-10-2017 09:07 AM
Last Visited ‎08-19-2019 08:03 AM
Posts 108
Kudos received 2