You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@nifi.apache.org by Ryan H <ry...@gmail.com> on 2017/03/16 15:52:04 UTC

Kerberos Required for Secure Cluster Setup?

Hi All,

In response to the error that I posted about earlier today, I couldn't help
but wonder if Kerberos is required when setting up a secure NiFi cluster.
Is this the case?

Error in reference when trying to access the UI for a 2 node secure cluster
(version 1.1.1) in AWS:

2017-03-16 12:39:41,110 INFO [NiFi Web Server-117]
o.a.n.w.a.c.IllegalStateExceptionMapper
java.lang.IllegalStateException: Kerberos ticket login not supported by
this NiFi.. Returning Conflict response.

Any thoughts on this? Or is this possibly a misleading error shown in the
nifi-user.log...


-Ryan H.

Re: Kerberos Required for Secure Cluster Setup?

Posted by Ryan H <ry...@gmail.com>.

Hi Bryan,

No worries, I should have been more clear with my first email. I was trying
to complete in what was going on and I started to question if Kerberos was
required due to the error message(s). I'm still stuck with the error stated
in my original email on trying to access the UI due to the errors mentioned
in that email.

Cheers,

Ryan H.

On Thu, Mar 16, 2017 at 1:21 PM, Bryan Bende <bb...@gmail.com> wrote:

> Ryan,
>
> I haven't had time to look into your other email yet, but I can
> confirm that Kerberos is not required for a secure cluster, and you
> always end up seeing that 409 conflict for access/kerberos.
>
> Thanks,
>
> Bryan
>
> On Thu, Mar 16, 2017 at 12:41 PM, Ryan H
> <ry...@gmail.com> wrote:
> > As a follow up to the last email, when looking at the Chrome Dev Tools,
> > there are two requests that are failing when trying to access the UI.
> >
> > This Request Succeeds:
> >
> > Request URL:
> > https://my-server-address/nifi/
> > Request Method:
> > GET
> > Status Code:
> > 200 OK
> > Remote Address:
> > 10.227.80.39:443
> > Referrer Policy:
> > no-referrer-when-downgrade
> >
> >
> > Then These Fail:
> >
> > Request URL:
> > https://my-server-address/nifi-api/access/kerberos
> > Request Method:
> > POST
> > Status Code:
> > 409 Conflict
> > Remote Address:
> > 10.227.80.39:443
> > Referrer Policy:
> > no-referrer-when-downgrade
> >
> > Request URL:
> > https://my-server-address/nifi-api/flow/current-user
> > Request Method:
> > GET
> > Status Code:
> > 500 Internal Server Error
> > Remote Address:
> > 10.227.80.39:443
> > Referrer Policy:
> > no-referrer-when-downgrade
> >
> >
> >
> > Cheers,
> >
> > Ryan H.
> >
> > On Thu, Mar 16, 2017 at 11:52 AM, Ryan H <ryan.howell.development@
> gmail.com>
> > wrote:
> >>
> >> Hi All,
> >>
> >> In response to the error that I posted about earlier today, I couldn't
> >> help but wonder if Kerberos is required when setting up a secure NiFi
> >> cluster. Is this the case?
> >>
> >> Error in reference when trying to access the UI for a 2 node secure
> >> cluster (version 1.1.1) in AWS:
> >>
> >> 2017-03-16 12:39:41,110 INFO [NiFi Web Server-117]
> >> o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.
> IllegalStateException:
> >> Kerberos ticket login not supported by this NiFi.. Returning Conflict
> >> response.
> >>
> >> Any thoughts on this? Or is this possibly a misleading error shown in
> the
> >> nifi-user.log...
> >>
> >>
> >> -Ryan H.
> >
> >
>

Re: Kerberos Required for Secure Cluster Setup?

Posted by Bryan Bende <bb...@gmail.com>.

Ryan,

I haven't had time to look into your other email yet, but I can
confirm that Kerberos is not required for a secure cluster, and you
always end up seeing that 409 conflict for access/kerberos.

Thanks,

Bryan

On Thu, Mar 16, 2017 at 12:41 PM, Ryan H
<ry...@gmail.com> wrote:
> As a follow up to the last email, when looking at the Chrome Dev Tools,
> there are two requests that are failing when trying to access the UI.
>
> This Request Succeeds:
>
> Request URL:
> https://my-server-address/nifi/
> Request Method:
> GET
> Status Code:
> 200 OK
> Remote Address:
> 10.227.80.39:443
> Referrer Policy:
> no-referrer-when-downgrade
>
>
> Then These Fail:
>
> Request URL:
> https://my-server-address/nifi-api/access/kerberos
> Request Method:
> POST
> Status Code:
> 409 Conflict
> Remote Address:
> 10.227.80.39:443
> Referrer Policy:
> no-referrer-when-downgrade
>
> Request URL:
> https://my-server-address/nifi-api/flow/current-user
> Request Method:
> GET
> Status Code:
> 500 Internal Server Error
> Remote Address:
> 10.227.80.39:443
> Referrer Policy:
> no-referrer-when-downgrade
>
>
>
> Cheers,
>
> Ryan H.
>
> On Thu, Mar 16, 2017 at 11:52 AM, Ryan H <ry...@gmail.com>
> wrote:
>>
>> Hi All,
>>
>> In response to the error that I posted about earlier today, I couldn't
>> help but wonder if Kerberos is required when setting up a secure NiFi
>> cluster. Is this the case?
>>
>> Error in reference when trying to access the UI for a 2 node secure
>> cluster (version 1.1.1) in AWS:
>>
>> 2017-03-16 12:39:41,110 INFO [NiFi Web Server-117]
>> o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException:
>> Kerberos ticket login not supported by this NiFi.. Returning Conflict
>> response.
>>
>> Any thoughts on this? Or is this possibly a misleading error shown in the
>> nifi-user.log...
>>
>>
>> -Ryan H.
>
>

Re: Kerberos Required for Secure Cluster Setup?

Posted by Ryan H <ry...@gmail.com>.

As a follow up to the last email, when looking at the Chrome Dev Tools,
there are two requests that are failing when trying to access the UI.

This Request Succeeds:

   1. Request URL:
   https://my-server-address/nifi/
   2. Request Method:
   GET
   3. Status Code:
   200 OK
   4. Remote Address:
   10.227.80.39:443
   5. Referrer Policy:
   no-referrer-when-downgrade


Then These Fail:


   1. Request URL:
   https://my-server-address/nifi-api/access/kerberos
   2. Request Method:
   POST
   3. Status Code:
   409 Conflict
   4. Remote Address:
   10.227.80.39:443
   5. Referrer Policy:
   no-referrer-when-downgrade


   1. Request URL:
   https://my-server-address/nifi-api/flow/current-user
   2. Request Method:
   GET
   3. Status Code:
   500 Internal Server Error
   4. Remote Address:
   10.227.80.39:443
   5. Referrer Policy:
   no-referrer-when-downgrade



Cheers,

Ryan H.

On Thu, Mar 16, 2017 at 11:52 AM, Ryan H <ry...@gmail.com>
wrote:

> Hi All,
>
> In response to the error that I posted about earlier today, I couldn't
> help but wonder if Kerberos is required when setting up a secure NiFi
> cluster. Is this the case?
>
> Error in reference when trying to access the UI for a 2 node secure
> cluster (version 1.1.1) in AWS:
>
> 2017-03-16 12:39:41,110 INFO [NiFi Web Server-117] o.a.n.w.a.c.
> IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos
> ticket login not supported by this NiFi.. Returning Conflict response.
>
> Any thoughts on this? Or is this possibly a misleading error shown in the
> nifi-user.log...
>
>
> -Ryan H.
>