Hello, I would like to know what is the easiest way to evaluate Authorization and Multi-Tenancy functionnalities ?
I've tried installation with the following steps but I've a "Unable to locate initial admin" at the end. Steps : - Download nifi-1.4.0-bin.zip and unzip in nifi-1.4.0 - download nifi-toolkit-1.4.0-bin.zip and unzip in nifi-toolkit-1.4.0 - cd nifi-toolkit-1.4.0 # .\bin\tls-toolkit.bat standalone -n localhost -C "CN=bbende, OU=ApacheNiFi" -o ../target 2017/11/11 06:18:11 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No nifiPropertiesFile specified, using embedded one. 2017/11/11 06:18:12 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone certificate generation with output directory ..\target 2017/11/11 06:18:12 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Using existing CA certificate ..\target\nifi-cert.pem and key ..\target\nifi-key.key 2017/11/11 06:18:12 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl configuration to ..\target\localhost 2017/11/11 06:18:13 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully generated TLS configuration for localhost 1 in ..\target\localhost 2017/11/11 06:18:13 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generating new client certificate ..\target\CN=bbende_OU=ApacheNiFi.p12 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: ********************************************************************************** 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: WARNING!!!! 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: ********************************************************************************** 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: Unlimited JCE Policy is not installed which means we cannot utilize a 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: PKCS12 password longer than 7 characters. 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: Autogenerated password has been reduced to 7 characters. 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: Please strongly consider installing Unlimited JCE Policy at 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: Another alternative is to add a stronger password with the openssl tool to the 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: resulting client certificate: ..\target\CN=bbende_OU=ApacheNiFi.p12 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: openssl pkcs12 -in '..\target\CN=bbende_OU=ApacheNiFi.p12' -out '/tmp/CN=bbende_OU=ApacheNiFi.p12' 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: openssl pkcs12 -export -in '/tmp/CN=bbende_OU=ApacheNiFi.p12' -out '..\target\CN=bbende_OU=ApacheNiFi.p12' 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: rm -f '/tmp/CN=bbende_OU=ApacheNiFi.p12' 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: 2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper: ********************************************************************************** 2017/11/11 06:18:13 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully generated client certificate ..\target\CN=bbende_OU=ApacheNiFi.p12 2017/11/11 06:18:13 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit standalone completed successfully # cd .. # copy target\localhost\* nifi-1.4.0\conf - Edit nifi-1.4.0\conf\authorizers.xml and set the following: <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">CN=bbende, OU=ApacheNiFi</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> </accessPolicyProvider> - Start apache nifi : # cd nifi-1.4.0 # bin\run-nifi.bat Failed to determine if Process 14172 is running; assuming that it is not 2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command Starting Apache NiFi... 2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command Working Directory: C:\Users\cedri\nifi\NIFI-1~1.0 2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command Command: C:\Program Files\Java\jdk1.8.0_144\bin\java.exe -classpath C:\Users\cedri\nifi\NIFI-1~1.0\.\conf;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\javax.servlet-api-3.1.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jcl-over-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jetty-schemas-3.1.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jul-to-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\log4j-over-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\logback-classic-1.2.3.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\logback-core-1.2.3.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-api-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-framework-api-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-nar-utils-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-properties-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-runtime-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\slf4j-api-1.7.25.jar -Dorg.apache.jasper.compiler.disablejsr199=true -Xmx512m -Xms512m -Djava.security.egd=file:/dev/urandom -Dsun.net.http.allowRestrictedHeaders=true -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -XX:+UseG1GC -Djava.protocol.handler.pkgs=sun.net.www.protocol -Dnifi.properties.file.path=C:\Users\cedri\nifi\NIFI-1~1.0\.\conf\nifi.properties -Dnifi.bootstrap.listen.port=50727 -Dapp=NiFi -Dorg.apache.nifi.bootstrap.config.log.dir=C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\\logs org.apache.nifi.NiFi 2017-11-11 06:26:22,787 WARN [main] org.apache.nifi.bootstrap.Command Failed to set permissions so that only the owner can read pid file C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\run\nifi.pid; this may allows others to have access to the key needed to communicate with NiFi. Permissions should be changed so that only the owner can read this file 2017-11-11 06:26:22,787 WARN [main] org.apache.nifi.bootstrap.Command Failed to set permissions so that only the owner can read status file C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\run\nifi.status; this may allows others to have access to the key needed to communicate with NiFi. Permissions should be changed so that only the owner can read this file 2017-11-11 06:26:22,802 INFO [main] org.apache.nifi.bootstrap.Command Launched Apache NiFi with Process ID 12968 But the server fail to start :-( with this error : Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate initial admin CN=bbende, OU=ApacheNiFi to seed policies . What I'm missing ? nifi-app.log <http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-app.log> nifi-bootstrap.log <http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-bootstrap.log> nifi-user.log <http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-user.log> authorizers.xml <http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/authorizers.xml> nifi.properties <http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi.properties> Regards Cédric -- Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/