Member since
05-17-2016
190
Posts
46
Kudos Received
11
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1386 | 09-07-2017 06:24 PM | |
1787 | 02-24-2017 06:33 AM | |
2574 | 02-10-2017 09:18 PM | |
7058 | 01-11-2017 08:55 PM | |
4697 | 12-15-2016 06:16 PM |
03-27-2018
07:22 PM
build.txt Hello all, Any pointers would be helpful. I am trying to build NiFi from source on Centos 7. Have the preconditions met as per https://nifi.apache.org/quickstart.html EDIT : Attached the build log However, the build fails with the below trace :- [INFO] dockermaven 1.6.0-SNAPSHOT ......................... SUCCESS [ 0.713 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:05 min (Wall Clock)
[INFO] Finished at: 2018-03-27T18:15:24Z
[INFO] ------------------------------------------------------------------------
Downloaded from central: https://repo1.maven.org/maven2/org/apache/curator/curator-framework/2.10.0/curator-framework-2.10.0.pom (2.5 kB at 34 kB/s)
[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:1.1:npm (npm install) on project nifi-web-ui: Failed to run task: 'npm --cache-min Infinity install' failed. (error code 1) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :nifi-web-ui
Destroying 6 processes
Destroying process..
Destroying process..
Destroying process..
Destroying process..
Destroying process..
Destroying process..
Destroyed 6 processes
... View more
Labels:
- Labels:
-
Apache NiFi
03-12-2018
09:05 PM
NiFi failed to start with this change, I rolled back the changes. I am assuming that it expects an expression at the filter.
... View more
03-07-2018
06:56 PM
@Matt Clarke I assume I am getting close to the solution. I made the changes as you suggested. However I get the below error on login. o.a.n.w.a.c.AccessDeniedExceptionMapper identity[user1], groups[] does not have permission to access the requested resource. No applicable policies could be found. Returning Forbidden response. The Group Name is empty/not picked up. What could be wrong here?
... View more
03-07-2018
05:52 PM
@Matt Clarke, thank you. I will update after I give this a try.
... View more
03-07-2018
05:29 PM
Hi All, Is there a document that details on how to configure LDAP Group Authorization for NiFi - Ranger? This is for HDF 3.1.1 or NiFi 1.5 With the default configuration, NiFi still needs the policies to be defined for every user. Group level policies doesn't take into effect. Assuming that there is some configuration that is missing to the configs. EDIT: userGroupProvider <userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">uid=admin,cn=blah,cn=blah,dc=blah,dc=com</property>
<property name="Manager Password">blah</property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://blah.ldap.com:389</property>
<property name="Page Size"></property>
<property name="Sync Interval">30 mins</property>
<property name="User Search Base">cn=users,cn=accounts,dc=blah,dc=blah,dc=com</property>
<property name="User Object Class">person</property>
<property name="User Search Scope">SUBTREE</property>
<property name="User Search Filter">(uid={0})</property>
<property name="User Identity Attribute">USE_USERNAME</property>
<property name="User Group Name Attribute"></property>
<property name="User Group Name Attribute - Referenced Group Attribute"></property>
<property name="Group Search Base">cn=groups,cn=accounts,dc=blah,dc=blah,dc=com</property>
<property name="Group Object Class">groupofnames</property>
<property name="Group Search Scope">SUBTREE</property>
<property name="Group Search Filter">(cn={0})</property>
<property name="Group Name Attribute">cn</property>
<property name="Group Member Attribute">member</property>
<property name="Group Member Attribute - Referenced User Attribute">uid</property>
</userGroupProvider> Sample User - LDAP Sample Group - LDAP
... View more
Labels:
- Labels:
-
Apache NiFi
-
Apache Ranger
02-16-2018
05:48 PM
3 Kudos
In this article, we will have a walk through of integrating LDAP with NiFi Registry. The precondition for LDAP to work with NiFi-Registry is that SSL need to be enabled. This article also covers the "How To" enable SSL for NiFI Registry. For the sake of simplicity, I am using self signed certificates (JKS, using keytool). Steps for creating self signed certificates are as below :- Generate KeyStore keytool -genkey -keyalg RSA -validity 3650 -alias <alias_name> -keypass <pwd> -storepass <pwd> -dname "cn=hostname, ou=home, o=ak, c=us" -keystore nifi_reg_keystore.jks Export a certificate with the public key keytool -export -alias <alias_name> -file nifi_reg.cer -storepass <pwd> -keystore nifi_reg_keystore.jks Generate TrustStore keytool -import -noprompt -alias nr-c0 -file nifi_reg.cer -storepass changeitchangeit -keystore nifi_reg_truststore.jks
Below, is a representation of the NiFi Registry UI with default http and anonymous user login. Now we will login to Ambari and use the above generated certificate details to complete setting up SSL. On the configuration tab, search for the SSL settings. The section to be edited is as below:- Populate the form with the details of the truststore and keystore that we generated above. At this stage, SSL setup for NiFi Registry is complete, however we have't assigned any users to login to the UI. Either we generate a certificate for an Initial Admin, or create an initial admin from the LDAP user base. We will use an LDAP user as the Initial Admin for the NiFi Registry. The configuration information for the same is as below, There are 4 sections that need to be edited, Configure Initial Admin Configure Security Identity Provider (nifi.registry.security.identity.provider) Configure login-identity-providers.xml
Remove the 2 lines that say
To enable the ldap-identity-provider remove 2 lines. This is 1 of 2. To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. Fill details specific to your LDAP server. I am using a SIMPLE auth strategy with a non ssl LDAP server. Below are relevant sections from my configuration window
Configure authorizers.xml
Remove the 2 lines that say
To enable the ldap-user-group-provider remove 2 lines. This is 1 of 2. To enable the ldap-user-group-provider remove 2 lines. This is 2 of 2. Configure ldap-user-group-provider Configure accessPolicyProvider The below screenshot shows the relevant section for configuring the ldap-user-group-provider Screenshot below shows the configuration changes needed to the access policy provider. Set User Group Provider to ldap-user-group-provider. At this stage, we are in a position to save all the configuration changes and restart the NiFI Registry services. Follow the Ambari prompts and you should see as below Now we should be good to access the NiFi Registry UI and login as the Initial Admin that is configured. guest1 in my example. Access NiFi Registry UI from Quick Links Login Using the Initial Admin Credentials Verify login is successful Verify users are available/sync-ed You should be able to proceed using the NiFi registry from here on.
... View more
Labels:
11-28-2017
10:31 PM
@Matt Clarke : question on the /resources policy - The server running Ranger should be granted “read” privileges to this resource. How do we accomplish this? Is SSL for Ranger mandatory in this case?
... View more
10-06-2017
06:47 PM
@Karthik Narayanan it was NiFi 1.1 and looking at the pom.xml, I am assuming there is an avro 1.7 dependency. The logical time stamp stuff was introduced in avro 1.8
... View more