Update authorizers.xml file under conf directory of nifi with new authorizer given below:

Similar documents
Security 3. NiFi Authentication. Date of Publish:

Apache NiFi System Administration

Configuring NiFi Authentication and Proxying with Apache Knox

Ambari Managed HDF Upgrade

HDP Security Audit 3. Managing Auditing. Date of Publish:

Installing Apache Atlas

Ranger 0.5 Audit Configuration

Knox Implementation with AD/LDAP

Hortonworks Data Platform

PASSPORTAL PLUGIN DOCUMENTATION

docs.hortonworks.com

Enterprise Steam Installation and Setup

Hortonworks Data Platform

Installation 1. DLM Installation. Date of Publish:

Apache Ranger User Guide

Subversion Plugin HTTPS Kerberos authentication

Ranger installation in Kerberized Environment

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Hortonworks DataFlow

Configuring Ambari Authentication with LDAP/AD

Oracle NoSQL Database Security Guide. Release 18.1

Installing Apache Ranger KMS

C IBM. IBM WebSphere App Server Network Deployment V8.0- Core Admin

Source, Sink, and Processor Configuration Values

How to Configure Big Data Management 10.1 for MapR 5.1 Security Features

Hortonworks DataFlow

Installation and Configuration Guide

On-demand target, up and running

Joomla 1.6 Integration

Installation and Configuration Guide Simba Technologies Inc.

LDAP Connection Check Tool

CompleteView Video Proxy User Manual. CompleteView Version 4.6.1

Hortonworks DataFlow

Hortonworks Data Platform

Configuring Apache Ranger Authentication with UNIX, LDAP, or AD

ACS 5.x: LDAP Server Configuration Example

Hortonworks Data Platform

vrealize Operations Manager Management Pack for vrealize Hyperic Release Notes

Installation Guide for antegma accallio OX Version 1.0

Anchore Container Image Scanner Plugin

Hortonworks Data Platform

Configuring SAML-based Single Sign-on for Informatica Web Applications

Understanding Admin Access and RBAC Policies on ISE

Installation and Configuration Guide Simba Technologies Inc.

Pivotal Greenplum Command Center

Exam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo

Configuring Apache Knox SSO

Perceptive SOAPBridge Connector

XIA Configuration Server

TIBCO Spotfire Connecting to a Kerberized Data Source

TIBCO ActiveMatrix Policy Director Administration

DoD Common Access Card Authentication. Feature Description

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

Security configuration of the mail server IBM

Configuring Apache Knox SSO

How to Configure Authentication and Access Control (AAA)

Managing Administrative Security

Creating Column Profiles on LDAP Data Objects

Advanced Integration TLS Certificate on the NotifySCM Server

Cloudera ODBC Driver for Apache Hive

XIA Automation Server

Creating a connection from Talend ETL Tool to Oracle Autonomous Data Warehouse

Hortonworks DataFlow

Important Notice Cloudera, Inc. All rights reserved.

Configuring Ambari Authentication with LDAP/AD

Administration Guide. 05 Apr TM and copyright Imagicle spa

Upgrading Big Data Management to Version Update 2 for Hortonworks HDP

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

Healthcare Database Connector

Juniper Networks SSL VPN Integration Guide

AppScaler SSO Active Directory Guide

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

Configuring Ambari Authentication with LDAP/AD

Pivotal Greenplum Command Center

Using ANM With Virtual Data Centers

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

Using vrealize Operations Tenant App as a Service Provider

Apache ZooKeeper ACLs

Apache NiFi Configuration Best Practices

Troubleshooting Single Sign-On

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Integration Guide. LoginTC

RSA Identity Governance and Lifecycle Collector Data Sheet for Zendesk

BlueCoat BCCPP. Blue Coat Certified Proxy Professional.

Troubleshooting Single Sign-On

BMC FootPrints 12 Integration with Remote Support

Configuring SSL for EPM /4 Products (Cont )

Hortonworks Hive ODBC Driver

IBM A Assessment- IBM WebSphere Appl Server ND V8.0, Core Admin.

IVE Quick Startup Guide - OS 4.0

Configuring Administrative Operations

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Authenticating and Importing Users with AD and LDAP

vrealize Operations Management Pack for vrealize Hyperic Release Notes

AppWizard Installation/Upgrade Guide (v.4.00)

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Xcalenets Console Setup Guide. Xcalenets Console Setup Guide (Standalone version)

Read the following information carefully, before you begin an upgrade.

Comodo Certificate Manager

Installation Guide for antegma accallio SP Version 1.0

Transcription:

NiFi Plugin Prerequisites Installation Configure Ranger NiFi plugin Update authorizer Create service for Nifi in Ranger Admin UI Create policy cache directory Create spool directory Create NiFi Ranger plugin Audit config file Create NiFi Ranger plugin Security config file Change ownership and permissions of files Update ranger authorizer in nifi.properties Create Users and Policies Prerequisites Installation Install, configure NiFi in SSL mode and start. Install Ranger Admin manually. Update value of property policymgr_supportedcomponents=nifi under install.properties file before running Ranger setup script. This property controls the components visible on Ranger Admin UI (feel free to add name of other Ranger supported components based on your requirement). Install and configure and start Ranger Usersync. Configure Ranger NiFi plugin 1. Update authorizer Update authorizers.xml file under conf directory of nifi with new authorizer given below: <authorizer> <identifier>ranger-provider</identifier> <class>org.apache.nifi.ranger.authorization. RangerNiFiAuthorizer</class> <property name="ranger Audit Config Path">../nifi/conf /ranger-nifi-audit.xml <property name="ranger Security Config Path">../nifi/conf /ranger-nifi-security.xml <property name="ranger Service Type">nifi <property name="ranger Application Id">nifi <property name="ranger Admin Identity"> <property name="ranger Kerberos Enabled">false </authorizer> Properties in authorizer Ranger Audit Config Path - path to the NiFi Ranger plugin Audit config file. Ranger Security Config Path - path to the NiFi Ranger plugin Security config file. Ranger Service Type - is the type of service definition in Ranger. Ranger Application Id - is the service-name create in Ranger Admin UI. Refer point 2 on how to create service. Ranger Admin Identity - is the DN of the certificate that Ranger will use to communicate with Nifi.

2. Ranger Kerberos Enabled - if Ranger is setup in kerberos. Create service for Nifi in Ranger Admin UI Service Name - nifi Nifi URL - https://{nifi-host}:{nifi-port}/nifi-api/resources Authentication Type - SSL Keystore - value of nifi.security.keystore from nifi.properties Keystore Type - jks Keystore Password - value of nifi.security.keypasswd from nifi.properties Truststore - value of nifi.security.truststore from nifi.properties Truststore Type - jks Truststore Password - value of nifi.security.truststorepasswd from nifi.properties Under Add New Configurations, add policy.download.auth.users with value as nifi process user 3. 4. 5. Create policy cache directory mkdir -p /etc/ranger/{service-name}/policycache Change the user and group ownership of directory /{service-name} and /policycache with Nifi process user. While creating file ranger-nifi-security.xml file, will need to update the policy cache directory path in property ranger.plugin.nifi. policy.cache.dir as /etc/ranger/{service-name}/policycache. Create spool directory mkdir -p /var/log/nifi/audit/solr/spool While creating ranger-nifi-audit.xml file, will need to update spool directory path in property xasecure.audit.destination.solr.batch. filespool.dir as /var/log/nifi/audit/solr/spool. Create NiFi Ranger plugin Audit config file Create ranger-nifi-audit.xml file under conf directory of nifi

<configuration> <name>xasecure.audit.is.enabled</name> <value>true</value> <name>xasecure.audit.destination.solr</name> <value>true</value> <name>xasecure.audit.destination.solr.batch.filespool.dir< /name> <value>/var/log/nifi/audit/solr/spool</value> <name>xasecure.audit.destination.solr.urls</name> <value>none</value> <name>xasecure.audit.destination.solr.zookeepers</name> <value>z1:2181/znode</value> </configuration> 6. If using solr standalone for audits, update xasecure.audit.destination.solr.urls property as per your cluster configuration else make it NONE If using SolrCloud, update xasecure.audit.destination.solr.zookeepers property as per your zookeeper hosts and znode else NONE If you have SolrCloud enabled in kerberos and Ranger also enabled in kerberos need to add below properties: xasecure.audit.jaas.client.option.principal - nifi principal xasecure.audit.jaas.client.option.keytab - nifi keytab path xasecure.audit.jaas.client.loginmodulename - com.sun.security.auth.module.krb5loginmodule xasecure.audit.jaas.client.loginmodulecontrolflag - required xasecure.audit.jaas.client.option.usekeytab - true xasecure.audit.jaas.client.option.storekey - false xasecure.audit.jaas.client.option.servicename - solr xasecure.audit.destination.solr.force.use.inmemory.jaas.config - true Create NiFi Ranger plugin Security config file Create ranger-nifi-security.xml file under conf directory of nifi <configuration> <name>ranger.plugin.nifi.policy.rest.url</name> <value>http://{ranger-host}:6080</value> <description>url to Ranger Admin</description>

<name>ranger.plugin.nifi.service.name</name> <value>{service-name}</value> <description>name of the Ranger service containing policies for this nifi instance</description> <name>ranger.plugin.nifi.policy.source.impl</name> <value>org.apache.ranger.admin.client.rangeradminrestclient< /value> <description>class to retrieve policies from the source< /description> <name>ranger.plugin.nifi.policy.rest.ssl.config.file</name> <value>ranger-policymgr-ssl.xml</value> <description>path to the file containing SSL details to contact Ranger Admin</description> <name>ranger.plugin.nifi.policy.pollintervalms</name> <value>30000</value> <description>how often to poll for changes in policies?< /description> <name>ranger.plugin.nifi.policy.cache.dir</name> <value>/etc/ranger/{service-name}/policycache</value> <description>directory where Ranger policies are cached after successful retrieval from the source</description> <name>ranger.plugin.nifi.policy.rest.client.connection. timeoutms</name> <value>120000</value> <description>rangerrestclient Connection Timeout in Milli Seconds</description> <name>ranger.plugin.nifi.policy.rest.client.read.timeoutms< /name> <value>30000</value> <description>rangerrestclient read Timeout in Milli Seconds< /description>

</configuration> 7. 8. 9. Change ownership and permissions of files Give user and group ownership with nifi process user and set permission 400 to files ranger-nifi-audit.xml and ranger-nifisecurity.xml Update ranger authorizer in nifi.properties Update property nifi.security.user.authorizer=ranger-provider in file nifi.properties. This will tell NiFi to use the Ranger authorizer, rather than the default file-based authorizer. 1. Restart NiFi process Create Users and Policies Create user with username which is same as DN of the client certificate used to access NiFi Create policy for above created user to give READ, WRITE permission for resource /flow

Check Audits generated under Audit Tab

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback