nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan H <ryan.howell.developm...@gmail.com>
Subject NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies
Date Sat, 17 Feb 2018 22:22:06 GMT
Hi Users,

I am trying to setup a 3 node secure cluster and running into the following
error:

org.apache.nifi.authorization.exception.AuthorizerCreationException:
org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable
to locate node CN=my-node-1, OU=NIFI to seed policies.

I scaled it back and tried to just get a single node secure cluster working
for ease of troubleshooting and get the same error. I've tried
adding/removing the space in the DN just in case, but it seems that my node
identity is parsing to null for whatever reason (based on the source code
where the error is being thrown from
''FileAccessPolicyProvider.populateNodes()")

Any help is always appreciated!

Cheers,

Ryan H



My Config:
*authorizers.xml*
<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">CN=admin,
OU=NIFI</property>
    </userGroupProvider>

    <accessPolicyProvider>
            <identifier>file-access-policy-provider</identifier>

<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
            <property name="User Group
Provider">file-user-group-provider</property>
            <property name="Authorizations
File">./conf/authorizations.xml</property>
            <property name="Initial Admin Identity">CN=admin,
OU=NIFI</property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Node Identity 1">CN=my-node-1,
OU=NIFI</property>
        </accessPolicyProvider>
</authorizers>

*nifi.properties*
# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=my-node-1
nifi.web.https.port=8443
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=generated-password
nifi.security.keyPasswd=generated-password
nifi.security.truststore=./truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=generated-password
nifi.security.needClientAuth=true
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

Mime
View raw message