stackoom
  简体   繁体   中英

NiFi: Why Does My User Have Insufficient Permissions?

 原文  2020-09-27 14:35:23       docker/ ssl/ apache-nifi

Question

I am following the steps in the "Standalone Instance, Two-Way SSL" section of https://hub.docker.com/r/apache/nifi . However, when I visit the NiFi page, my user has insufficient permissions. Below is the process I am using:

Generate self-signed certificates

mkdir conf

docker exec \
  -ti toolkit \
  /opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh \
    standalone \
    -n 'nifi1.bluejay.local' \
    -C 'CN=admin,OU=NIFI'

docker cp toolkit:/opt/nifi/nifi-current/nifi-cert.pem        conf
docker cp toolkit:/opt/nifi/nifi-current/nifi-key.key         conf

docker cp toolkit:/opt/nifi/nifi-current/nifi1.bluejay.local  conf

docker cp toolkit:/opt/nifi/nifi-current/CN=admin_OU=NIFI.p12      conf
docker cp toolkit:/opt/nifi/nifi-current/CN=admin_OU=NIFI.password conf

docker stop toolkit

Import client certificate to browser

Import the .p12 file into your browser.

Update /etc/hosts

Add "127.0.0.1 nifi1.bluejay.local" to the end of your /etc/hosts file.

Define a NiFi network

docker network create --subnet=10.18.0.0/16 nifi

Run NiFi in a container

docker run -d \
  -e AUTH=tls \
  -e KEYSTORE_PATH=/opt/certs/keystore.jks \
  -e KEYSTORE_TYPE=JKS \
  -e KEYSTORE_PASSWORD=$(grep keystorePasswd conf/nifi1.bluejay.local/nifi.properties | cut -d'=' -f2) \
  -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
  -e TRUSTSTORE_PASSWORD=$(grep truststorePasswd conf/nifi1.bluejay.local/nifi.properties | cut -d'=' -f2) \
  -e TRUSTSTORE_TYPE=JKS \
  -e INITIAL_ADMIN_IDENTITY="CN=admin,OU=NIFI" \
  -e NIFI_WEB_PROXY_CONTEXT_PATH=/nifi \
  -e NIFI_WEB_PROXY_HOST=nifi1.bluejay.local \
  --hostname nifi1.bluejay.local \
  --ip 10.18.0.10 \
  --name nifi \
  --net nifi \
  -p 8443:8443 \
  -v $(pwd)/conf/nifi1.bluejay.local:/opt/certs:ro \
  -v /data/projects/nifi-shared:/opt/nifi/nifi-current/ls-target \
  apache/nifi

Visit Page

When you visit http://localhost:8443/nifi, you'll be asked to select a certificate. Select the certificate (eg admin) that you imported.

At this point, I am seeing:

Insufficient Permissions
Unknown user with identity 'CN=admin, OU=NIFI'. Contact the system administrator.

In the examples I am seeing, there is no mention of this issue or how to resolve it.

How are permissions assigned to the Initial Admin Identity?

1 answers

solution1
 1 ACCPTED  2020-09-27 22:54:02

You are missing a space at line

-e INITIAL_ADMIN_IDENTITY="CN=admin,OU=NIFI"

See the error msg.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User is not admin and does not have permissions to use host bind mounts for resource Docker does not care about user permissions. Why? Docker: non-root user does not have writing permissions when using volumes Why does the `--list` option to `kubectl auth can-i` display the same permissions for any user provided with `--as` option? Docker: Why does my project have a .env file? My Docker container does not have IP address. Why? Insufficient permissions for local file change in strapi docker Docker Insufficient permissions to set thread priority What permissions should a user have to expose a docker container port? Vagrant user doesn't have root permissions even with sudo?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM