nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Doran <kdo...@apache.org>
Subject Re: NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies
Date Sat, 17 Feb 2018 22:34:02 GMT
Hi Ryan,

 

You’ll need to add the DN for your cluster nodes as “Initial User Identities” to the
file-user-group-provider in authorizers.xml. I.e.:

 

    <property name="Initial User Identity 1"> CN=my-node-1, OU=NIFI </property>

    <property name="Initial User Identity 2"> CN=my-node-2, OU=NIFI </property>

 

Let me know if you have any other questions!

 

Cheers,

Kevin 

 

From: Ryan H <ryan.howell.development@gmail.com>
Reply-To: <users@nifi.apache.org>
Date: Saturday, February 17, 2018 at 17:22
To: <users@nifi.apache.org>
Subject: NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies

 

Hi Users,

 

I am trying to setup a 3 node secure cluster and running into the following error:

 

org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException:
Unable to locate node CN=my-node-1, OU=NIFI to seed policies.

 

I scaled it back and tried to just get a single node secure cluster working for ease of troubleshooting
and get the same error. I've tried adding/removing the space in the DN just in case, but it
seems that my node identity is parsing to null for whatever reason (based on the source code
where the error is being thrown from ''FileAccessPolicyProvider.populateNodes()")

 

Any help is always appreciated!

 

Cheers,

 

Ryan H

 

 

 

My Config:

authorizers.xml

<authorizers>

    <userGroupProvider>

        <identifier>file-user-group-provider</identifier>

        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>

        <property name="Users File">./conf/users.xml</property>

        <property name="Legacy Authorized Users File"></property>

        <property name="Initial User Identity 1">CN=admin, OU=NIFI</property>

    </userGroupProvider>

    

    <accessPolicyProvider>

            <identifier>file-access-policy-provider</identifier>

            <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>

            <property name="User Group Provider">file-user-group-provider</property>

            <property name="Authorizations File">./conf/authorizations.xml</property>

            <property name="Initial Admin Identity">CN=admin, OU=NIFI</property>

            <property name="Legacy Authorized Users File"></property>

            <property name="Node Identity 1">CN=my-node-1, OU=NIFI</property>

        </accessPolicyProvider>

</authorizers> 

 

nifi.properties

# web properties #

nifi.web.war.directory=./lib

nifi.web.http.host=

nifi.web.http.port=

nifi.web.http.network.interface.default=

nifi.web.https.host=my-node-1

nifi.web.https.port=8443

nifi.web.https.network.interface.default=

nifi.web.jetty.working.directory=./work/jetty

nifi.web.jetty.threads=200

nifi.web.max.header.size=16 KB

nifi.web.proxy.context.path=

 

# security properties #

nifi.sensitive.props.key=

nifi.sensitive.props.key.protected=

nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL

nifi.sensitive.props.provider=BC

nifi.sensitive.props.additional.keys=

 

nifi.security.keystore=./keystore.jks

nifi.security.keystoreType=jks

nifi.security.keystorePasswd=generated-password

nifi.security.keyPasswd=generated-password

nifi.security.truststore=./truststore.jks

nifi.security.truststoreType=jks

nifi.security.truststorePasswd=generated-password

nifi.security.needClientAuth=true

nifi.security.user.authorizer=managed-authorizer

nifi.security.user.login.identity.provider=

nifi.security.ocsp.responder.url=

nifi.security.ocsp.responder.certificate=


Mime
View raw message