nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Rosander <bryanrosan...@gmail.com>
Subject Re: Multiple nifi.kerberos.krb5.file ("There Can Be Only One!)
Date Mon, 18 Jul 2016 21:13:47 GMT
Hey Michael,

Your best bet will probably be to use the site-to-site functionality of
NiFi in order to bridge the Kerberos (and potentially Hadoop distribution
version) gap.  Configure one instance of NiFi to talk to each cluster and
have them exchange data over site-to-site.

These instances of NiFi could probably still reside on the same machine or
vm if desired.

https://nifi.apache.org/docs/nifi-docs/html/user-guide.html#site-to-site

Thanks,
Bryan

On Mon, Jul 18, 2016 at 5:05 PM, Michael Dyer <michael.dyer@trapezoid.com>
wrote:

> I'm trying to set up a single NiFi server that can connect to two HDFS
> clusters, each with it's own Kerberos realm.
>
> According to the NiFi docs:
>
> "At this time, only a single krb5 file is allowed to be specified per NiFi
> instance"
>
> Is there a workaround that would allow me to connect to both clusters?
>
> I've tried merging the two krb5.conf files, but I'm not able to get past
> this error message (after disabling default_realm)
>
> Caused by: java.lang.IllegalArgumentException: Illegal principal name
> xxx@YYYY.ORG:
> org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
> No rules applied to xxx@YYYY.ORG
>
>
>

Mime
View raw message