Hi Kevin, Thanks for the quick reply! That did the trick. Quick question, does the order of the "Initial User Identities" matter as the "Initial Node Identities" do? Or are only the Node Identities order important?
-Ryan H On Sat, Feb 17, 2018 at 5:34 PM, Kevin Doran <[email protected]> wrote: > Hi Ryan, > > > > You’ll need to add the DN for your cluster nodes as “Initial User > Identities” to the file-user-group-provider in authorizers.xml. I.e.: > > > > <*property **name**="Initial User Identity 1"*> CN=my-node-1, OU=NIFI > </*property*> > > <*property **name**="Initial User Identity 2"*> CN=my-node-2, OU=NIFI > </*property*> > > > > Let me know if you have any other questions! > > > > Cheers, > > Kevin > > > > *From: *Ryan H <[email protected]> > *Reply-To: *<[email protected]> > *Date: *Saturday, February 17, 2018 at 17:22 > *To: *<[email protected]> > *Subject: *NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, > OU=NIFI to seed policies > > > > Hi Users, > > > > I am trying to setup a 3 node secure cluster and running into the > following error: > > > > org.apache.nifi.authorization.exception.AuthorizerCreationException: > org.apache.nifi.authorization.exception.AuthorizerCreationException: > Unable to locate node CN=my-node-1, OU=NIFI to seed policies. > > > > I scaled it back and tried to just get a single node secure cluster > working for ease of troubleshooting and get the same error. I've tried > adding/removing the space in the DN just in case, but it seems that my node > identity is parsing to null for whatever reason (based on the source code > where the error is being thrown from ''FileAccessPolicyProvider. > populateNodes()") > > > > Any help is always appreciated! > > > > Cheers, > > > > Ryan H > > > > > > > > My Config: > > *authorizers.xml* > > <authorizers> > > <userGroupProvider> > > <identifier>file-user-group-provider</identifier> > > <class>org.apache.nifi.authorization.FileUserGroupProvider</class> > > <property name="Users File">./conf/users.xml</property> > > <property name="Legacy Authorized Users File"></property> > > <property name="Initial User Identity 1">CN=admin, > OU=NIFI</property> > > </userGroupProvider> > > > > <accessPolicyProvider> > > <identifier>file-access-policy-provider</identifier> > > <class>org.apache.nifi.authorization. > FileAccessPolicyProvider</class> > > <property name="User Group Provider">file-user-group- > provider</property> > > <property name="Authorizations File">./conf/authorizations. > xml</property> > > <property name="Initial Admin Identity">CN=admin, > OU=NIFI</property> > > <property name="Legacy Authorized Users File"></property> > > <property name="Node Identity 1">CN=my-node-1, > OU=NIFI</property> > > </accessPolicyProvider> > > </authorizers> > > > > *nifi.properties* > > # web properties # > > nifi.web.war.directory=./lib > > nifi.web.http.host= > > nifi.web.http.port= > > nifi.web.http.network.interface.default= > > nifi.web.https.host=my-node-1 > > nifi.web.https.port=8443 > > nifi.web.https.network.interface.default= > > nifi.web.jetty.working.directory=./work/jetty > > nifi.web.jetty.threads=200 > > nifi.web.max.header.size=16 KB > > nifi.web.proxy.context.path= > > > > # security properties # > > nifi.sensitive.props.key= > > nifi.sensitive.props.key.protected= > > nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL > > nifi.sensitive.props.provider=BC > > nifi.sensitive.props.additional.keys= > > > > nifi.security.keystore=./keystore.jks > > nifi.security.keystoreType=jks > > nifi.security.keystorePasswd=generated-password > > nifi.security.keyPasswd=generated-password > > nifi.security.truststore=./truststore.jks > > nifi.security.truststoreType=jks > > nifi.security.truststorePasswd=generated-password > > nifi.security.needClientAuth=true > > nifi.security.user.authorizer=managed-authorizer > > nifi.security.user.login.identity.provider= > > nifi.security.ocsp.responder.url= > > nifi.security.ocsp.responder.certificate= >
