Created 03-09-2017 02:36 AM
Hi,
Since my "nifi" service account kerberos ticket is expiring each day (24hrs), my putHDFS process is failing and i had to start and stop the process as i mentioned in another post. to fix that issue i am planning to regenerate the ticket once in every 12 hours , so that it will never expire. i am planning to use ExecuteScript or ExecuteStreamCommand for this and i am getting errors. as this is my first time using these processes i feel like i am doing something wrong here and asking for your help.
Here are the different ways i tried with..please let me know if this can be done.
ExecuteProcess: only command is set kinit command like this
kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM
20:26:58 UTC ERROR aec3331b-015a-1000-c1e0-4a71379a015b
ExecuteProcess[id=aec3331b-015a-1000-c1e0-4a71379a015b] Failed to create process due to java.io.IOException: Cannot run program "kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM": error=2, No such file or directory: java.io.IOException: Cannot run program "kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM": error=2, No such file or directory
ExecuteStreamCommand:
only command path is set kinit command like this
kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM
20:29:24 UTC ERROR aed90433-015a-1000-527f-016723eb1b0c
ExecuteStreamCommand[id=aed90433-015a-1000-527f-016723eb1b0c] ExecuteStreamCommand[id=aed90433-015a-1000-527f-016723eb1b0c] failed to process due to org.apache.nifi.processor.exception.ProcessException: java.io.IOException: Cannot run program "kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM": error=2, No such file or directory; rolling back session: org.apache.nifi.processor.exception.ProcessException: java.io.IOException: Cannot run program "kinit -k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM": error=2, No such file or directory
Created 03-09-2017 02:36 AM
Using the ExecuteScript processor here should work for you.
The "Command" property should only contain "kinit"
The "Command Arguments" property is where you would add "-k -t /etc/security/keytabs/nifi.keytab nifi/695660.x.com@X.X.COM"
Two things to keep in mind:
1. Make sure the user that runs/owns your NiFi process can also resolve and execute the kinit command
2. Make sure the user that runs/owns your NiFI process has the necessary permissions to navigate down the path to your nifi.keytab and read that file. (The error seems to indicate that your NiFi user can get down that path.)
Thanks,
Matt
Created 03-09-2017 02:36 AM
i will try that , can you edit your post and remove our server name..i had it by mistake in my original post and removed it.
Created 03-09-2017 06:51 PM
In addition to the answer submitted by @Matt Clarke, ExecuteProcess and ExecuteStreamCommand should work as well. However, you'll want to move the arguments you're passing to kinit to the "Command Arguments" properties in the respective processors.
The "Command" property should be set to "kinit" (or "/usr/bin/kinit", the full path to the executable can be provided). The "Command Arguments" property should be set to
-k -t /etc/security/keytabs/nifi.keytab nifi/server@domain.COM
The "Argument Delimiter" should be set to the space character, since you do not have any embedded spaces in the arguments you're using, or you can use the ";" character, for instance. In that case, "Command Arguments" should be set to
-k;-t;/etc/security/keytabs/nifi.keytab;nifi/server@domain.COM