[
https://issues.apache.org/jira/browse/NIFI-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816227#comment-17816227
]
Joe Witt commented on NIFI-12765:
-
This JIRA seems strongly related to NIFI-12738 and should probably be combined.
The comments on that JIRA apply here as well
https://issues.apache.org/jira/browse/NIFI-12738
Based on my recent reading it appears Ranger depends on Jetty 9 so it is
actually surprising Jetty 10 or 11 works for it in any capacity but notably we
clearly seem to have no such tests/validations for this and it is not being
maintained in our apache nifi codebase. Also notably Jetty 9, 10, 11 are all
end of life from a community support point of view. My recommendations on the
other JIRA apply here as well.
> Nifi and nifi registry ranger audit is broken
> -
>
> Key: NIFI-12765
> URL: https://issues.apache.org/jira/browse/NIFI-12765
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 2.0.0-M2, 2.0.0
>Reporter: Zoltán Kornél Török
>Assignee: Zoltán Kornél Török
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> h3. Bug description
> Currently ranger plugins are not reporting audit events into ranger.
> h2. Investigation
> In the nifi log I found the following ("classic") NoClassDefFoundError:
> {code:java}
> ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect
> to Solr server.
> ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError:
> org/eclipse/jetty/client/util/SPNEGOAuthentication
> at
> org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168)
> at
> org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: java.lang.ClassNotFoundException:
> org.eclipse.jetty.client.util.SPNEGOAuthentication
> at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> ... 5 common frames omitted {code}
> As you can see ranger-audit depends on solr client which depends on jetty
> client.
> The problem is that solr client class use
> org.eclipse.jetty.client.util.SPNEGOAuthentication -
> [https://github.infra.cloudera.com/CDH/solr/blob/solr9-master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46]
> However in case jetty 12.x line, this class is moved to another package:
> [https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef]
>
> So the problem exist, since jetty version upgraded to 12
> h2. Proposed solution
> Sadly there is no available solr client (or ranger client), which haven't had
> this dependency. The only solution what I found (and propose in my pr) is to
> override jetty version in case of ranger plugins to jetty line 11, where this
> class is not moved. I tested it on my environment and the audit logging to
> ranger worked well with that version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)