Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-12765

Remove Apache Ranger Plugins

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0-M2, 2.0.0-M3
    • 2.0.0-M3
    • None
    • None

    Description

      Bug description

      Currently ranger plugins are not reporting audit events into ranger.

      Investigation

      In the nifi log I found the following ("classic") NoClassDefFoundError:

      ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect to Solr server. ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError: org/eclipse/jetty/client/util/SPNEGOAuthentication
	at org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168)
	at org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227)
	at org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
	at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.ClassNotFoundException: org.eclipse.jetty.client.util.SPNEGOAuthentication
	at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
	... 5 common frames omitted

      As you can see ranger-audit depends on solr client which depends on jetty client.

      The problem is that solr client class use org.eclipse.jetty.client.util.SPNEGOAuthentication - https://github.com/apache/solr/blob/main/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46

      However in case jetty 12.x line, this class is moved to another package: https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef

      So the problem exist, since jetty version upgraded to 12

      Proposed solution

      Sadly there is no available solr client (or ranger client), which haven't had this dependency. The only solution what I found (and propose in my pr) is to override jetty version in case of ranger plugins to jetty line 11, where this class is not moved. I tested it on my environment and the audit logging to ranger worked well with that version.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-12738 Nifi registry ranger integration is not working

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Task - A task that needs to be done. NIFI-12770 Deprecate Apache Ranger Integration for Removal

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-12738 Nifi registry ranger integration is not working

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #8381

          Web Link GitHub Pull Request #8389

          Activity

            People

              taz1988 Zoltán Kornél Török
              taz1988 Zoltán Kornél Török
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1.5h
                  1.5h