Hi there,
I've notice an odd behavior when using embedded Zookeeper on a NiFi cluster
with MapR compatible processors:
I noticed that every time I enable embedded zookeeper, NiFi's HDFS
processors (e.g. PutHDFS) start complaining about Kerberos identities:
2016-10-26 20:07:22,376 ERROR [StandardProcessScheduler Thread-2]
o.apache.nifi.processors.hadoop.PutHDFS
java.io.IOException: Login failure for princical@REALM-NAME-GOES-HERE from
keytab /path/to/keytab_file/nifi.keytab
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1084)
~[hadoop-common-2.7.0-mapr-1602.jar:na]
at
org.apache.nifi.hadoop.SecurityUtil.loginKerberos(SecurityUtil.java:52)
~[nifi-hadoop-utils-1.0.0.jar:1.0.0]
at
org.apache.nifi.processors.hadoop.AbstractHadoopProcessor.resetHDFSResources(AbstractHadoopProcessor.java:285)
~[nifi-hdfs-processors-1.0.0.jar:1.0.0]
at
org.apache.nifi.processors.hadoop.AbstractHadoopProcessor.abstractOnScheduled(AbstractHadoopProcessor.java:213)
~[nifi-hdfs-processors-1.0.0.jar:1.0.0]
at
org.apache.nifi.processors.hadoop.PutHDFS.onScheduled(PutHDFS.java:181)
[nifi-hdfs-processors-1.0.0.jar:1.0.0]
So far so good, these errors are quite familiar to people using NiFi
against secure MapR clusters and caused by issues around the custom JAAS
settings required by Java applications relying on the MapR client to work.
The normal workaround this would be instructing NiFi to where the the JAAS
settings via bootstrap.conf [1]:
$grep jaas
java.arg.15=-Djava.security.auth.login.config=./conf/nifi-jaas.conf
The contents of nifi-jaas.conf are a copy of the relevant MapR JAAS stanza:
While the workaround seems to work (still doing tests) I ask:
Should setting
nifi.state.management.embedded.zookeeper.start=true
Cause this behavior?
Cheers
