Hello,
I would like to know what is the easiest way to evaluate Authorization and
Multi-Tenancy functionnalities ?
I've tried installation with the following steps but I've a "Unable to
locate initial admin" at the end.
Steps :
- Download nifi-1.4.0-bin.zip and unzip in nifi-1.4.0
- download nifi-toolkit-1.4.0-bin.zip and unzip in nifi-toolkit-1.4.0
- cd nifi-toolkit-1.4.0
# .\bin\tls-toolkit.bat standalone -n localhost -C "CN=bbende,
OU=ApacheNiFi" -o ../target
2017/11/11 06:18:11 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No
nifiPropertiesFile specified, using embedded one.
2017/11/11 06:18:12 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running
standalone certificate generation with output directory ..\target
2017/11/11 06:18:12 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Using existing
CA certificate ..\target\nifi-cert.pem and key ..\target\nifi-key.key
2017/11/11 06:18:12 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl
configuration to ..\target\localhost
2017/11/11 06:18:13 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully
generated TLS configuration for localhost 1 in ..\target\localhost
2017/11/11 06:18:13 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generating new
client certificate ..\target\CN=bbende_OU=ApacheNiFi.p12
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
**********************************************************************************
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
WARNING!!!!
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
**********************************************************************************
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
Unlimited JCE Policy is not installed which means we cannot utilize a
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
PKCS12 password longer than 7 characters.
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
Autogenerated password has been reduced to 7 characters.
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
Please strongly consider installing Unlimited JCE Policy at
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
Another alternative is to add a stronger password with the openssl tool to
the
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
resulting client certificate: ..\target\CN=bbende_OU=ApacheNiFi.p12
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
openssl pkcs12 -in '..\target\CN=bbende_OU=ApacheNiFi.p12' -out
'/tmp/CN=bbende_OU=ApacheNiFi.p12'
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
openssl pkcs12 -export -in '/tmp/CN=bbende_OU=ApacheNiFi.p12' -out
'..\target\CN=bbende_OU=ApacheNiFi.p12'
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
rm -f '/tmp/CN=bbende_OU=ApacheNiFi.p12'
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
2017/11/11 06:18:13 WARN [main] org.apache.nifi.toolkit.tls.util.TlsHelper:
**********************************************************************************
2017/11/11 06:18:13 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully
generated client certificate ..\target\CN=bbende_OU=ApacheNiFi.p12
2017/11/11 06:18:13 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit
standalone completed successfully
# cd ..
# copy target\localhost\* nifi-1.4.0\conf
- Edit nifi-1.4.0\conf\authorizers.xml and set the following:
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group
Provider">file-user-group-provider</property>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">CN=bbende,
OU=ApacheNiFi</property>
<property name="Legacy Authorized Users File"></property>
<property name="Node Identity 1"></property>
</accessPolicyProvider>
- Start apache nifi :
# cd nifi-1.4.0
# bin\run-nifi.bat
Failed to determine if Process 14172 is running; assuming that it is not
2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command
Starting Apache NiFi...
2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command
Working Directory: C:\Users\cedri\nifi\NIFI-1~1.0
2017-11-11 06:26:22,402 INFO [main] org.apache.nifi.bootstrap.Command
Command: C:\Program Files\Java\jdk1.8.0_144\bin\java.exe -classpath
C:\Users\cedri\nifi\NIFI-1~1.0\.\conf;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\javax.servlet-api-3.1.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jcl-over-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jetty-schemas-3.1.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\jul-to-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\log4j-over-slf4j-1.7.25.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\logback-classic-1.2.3.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\logback-core-1.2.3.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-api-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-framework-api-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-nar-utils-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-properties-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\nifi-runtime-1.4.0.jar;C:\Users\cedri\nifi\NIFI-1~1.0\.\lib\slf4j-api-1.7.25.jar
-Dorg.apache.jasper.compiler.disablejsr199=true -Xmx512m -Xms512m
-Djava.security.egd=file:/dev/urandom
-Dsun.net.http.allowRestrictedHeaders=true -Djava.net.preferIPv4Stack=true
-Djava.awt.headless=true -XX:+UseG1GC
-Djava.protocol.handler.pkgs=sun.net.www.protocol
-Dnifi.properties.file.path=C:\Users\cedri\nifi\NIFI-1~1.0\.\conf\nifi.properties
-Dnifi.bootstrap.listen.port=50727 -Dapp=NiFi
-Dorg.apache.nifi.bootstrap.config.log.dir=C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\\logs
org.apache.nifi.NiFi
2017-11-11 06:26:22,787 WARN [main] org.apache.nifi.bootstrap.Command Failed
to set permissions so that only the owner can read pid file
C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\run\nifi.pid; this may allows others
to have access to the key needed to communicate with NiFi. Permissions
should be changed so that only the owner can read this file
2017-11-11 06:26:22,787 WARN [main] org.apache.nifi.bootstrap.Command Failed
to set permissions so that only the owner can read status file
C:\Users\cedri\nifi\NIFI-1~1.0\bin\..\run\nifi.status; this may allows
others to have access to the key needed to communicate with NiFi.
Permissions should be changed so that only the owner can read this file
2017-11-11 06:26:22,802 INFO [main] org.apache.nifi.bootstrap.Command
Launched Apache NiFi with Process ID 12968
But the server fail to start :-( with this error :
Error creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException:
org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable
to locate initial admin CN=bbende, OU=ApacheNiFi to seed policies
.
What I'm missing ?
nifi-app.log
<http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-app.log>
nifi-bootstrap.log
<http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-bootstrap.log>
nifi-user.log
<http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi-user.log>
authorizers.xml
<http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/authorizers.xml>
nifi.properties
<http://apache-nifi-users-list.2361937.n4.nabble.com/file/t341/nifi.properties>
Regards
Cédric
--
Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
