Enable Kerberos for NiFi¶
Prerequisites¶
Below are the list of prerequisites to enable Kerberos for the NiFi data lake platform:
- A Hadoop cluster must be running.
- NiFi should be running with latest changes.
- Kerberos should be enabled.
- Keytabs should be created and accessible.
Types of Processors to be Configured¶
HDFS¶
- IngestHDFS
- CreateHDFSFolder
- PutHDFS
Hive¶
- TableRegister
- ExecuteHQLStatement
- TableMerge
Spark¶
- ExecuteSparkJob
Configuration Steps¶
Create a Kerberos keytab file for Nifi user.
kadmin.local
addprinc -randkey nifi@sandbox.hortonworks.com
xst -norandkey -k /etc/security/keytabs/nifi.headless.keytab nifi@sandbox.hortonworks.com
exit
chown nifi:hadoop /etc/security/keytabs/nifi.headless.keytab
chmod 440 /etc/security/keytabs/nifi.headless.keytab
Test that the keytab works. You can initialize your keytab file using below command.
su - nifi
kinit -kt /etc/security/keytabs/nifi.headless.keytab nifi
klist
Make sure nifi.properties file is available in conf directory of NiFi installed location.
Open nifi.properties file and set location of krb5.conf file to property nifi.kerberos.krb5.file.
vi nifi.properties
nifi.kerberos.krb5.file=/etc/krb5.conf
HDFS Processor Configuration : Log in to NiFi UI and select HDFS processor and set properties which is highlighted in red box.
SPARK Processor Configuration : Log in to NiFi UI and select HDFS processor and set properties which is highlighted in red box.
Hive Processor Configuration : Log in to NiFi UI and go to toolbar.
Go to Controller Service Tab and disable Thrift Controller Services if already running which highlighted in red box.
Make sure everything has stopped properly like below.
Update HiveServer2 hostname and Hive principal name.
Database Connection URL:
'jdbc:hive2://:<HOSTNAME>:10000/default;principal=hive/<HOSTNAME>@HOSTNAME'
ex.
'jdbc:hive2://localhost:10000/default;principal=hive/sandbox.hortonworks.com@sandbox.hortonworks.com'
Update Kerberos user information and Hadoop Configuration. Apply Changes and start controller services.
You have successfully configured NiFi DataLake Platform with Kerberos.