The legacy authorized-users.xml is read from once during initial NiFi startup, translated to users.xml and authorizations.xml, and then ignored for the future. If you continue making changes to it, it will have no effect.
If you are upgrading from a 0.x NiFi instance, you can convert your previously configured users and roles to the multi-tenant authorization model. In the authorizers.xml file, specify the location of your existing authorized-users.xml file in the “Legacy Authorized Users File” property. … After you have edited and saved the authorizers.xml file, restart NiFi. Users and roles from the authorized-users.xml file are converted and added as identities and policies in the users.xml and authorizations.xml files. Once the application starts, users who previously had a legacy Administrator role can access the UI and begin managing users, groups, and policies. The authorizers.xml establishes the Authorizer implementation (FileAuthorizer, Ranger, etc.) which will perform policy decisions. The authorizations.xml file (confusing, I understand) is a file store of assigned permissions to the user/entity which the FileAuthorizer reads from. Can you provide a full copy of your authorizations.xml and users.xml files? You can make them GitHub secret gists and just reply directly to me if you want. Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jan 26, 2017, at 10:41 AM, bmichaud <[email protected]> wrote: > > Using the legacy security file and this in the authorizers.xml: > <property name="Node Identity 1">CN=node1.company.com, O=Company > Inc., L=Plymouth, ST=Minnesota, C=US</property> > <property name="Node Identity 2">CN=node2.company.com, O=Company > Inc., L=Plymouth, ST=Minnesota, C=US</property> > <property name="Node Identity 3">CN=node3.company.com, O=Company > Inc., L=Plymouth, ST=Minnesota, C=US</property> > > I was able to generate those servers in the users.xml and each was given > read and write access to the /proxy in the authorizations.xml. > > However, I still get the same error. From what you said, I need to generate > the same information for the common name server from my trust store. > Correct? > > If so, and if I use the same method to properly populate the users.xml and > authorizations.xml using the authorizers.xml property entries, then how do I > specify this other server? The same way? What name should I give it? Does it > matter? Can I do this?: > > <property name="Common Name Server">CN=common.company.com, O=Company > Inc., L=Plymouth, ST=Minnesota, C=US</property> > > > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-1-1-1-can-t-start-as-a-cluster-OverlappingFileLockException-tp14486p14533.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
