nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aldrin Piri (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MINIFI-429) Unable to use SSL Context with ListenHTTP
Date Wed, 24 Jan 2018 19:41:01 GMT

    [ https://issues.apache.org/jira/browse/MINIFI-429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16338118#comment-16338118
] 

Aldrin Piri commented on MINIFI-429:
------------------------------------

Hi  [~davidrsmith],

It appears that 1.4.0 changed the type of SSLContextService the ListenHTTP processor used
from SSLContextService to RestrictedSSLContextService.  As 0.3.0 was upgraded to the NiFi
1.4.0 core libraries, flows making use of that processor from a template prior to NiFi 1.4.0
would no longer be valid.

Could you see if adjusting the class to be org.apache.nifi.ssl.RestrictedSSLContextService
works?  

For context, the associated issue is here: https://issues.apache.org/jira/browse/NIFI-2528.

Doing a quick test it seems that this works for me as anticipated.  If it works out for you
also, please let us know and I can make a note in terms of migration.

> Unable to use SSL Context with ListenHTTP
> -----------------------------------------
>
>                 Key: MINIFI-429
>                 URL: https://issues.apache.org/jira/browse/MINIFI-429
>             Project: Apache NiFi MiNiFi
>          Issue Type: Bug
>          Components: Core Framework, Processing Configuration
>    Affects Versions: 0.3.0
>         Environment: VM running CentoS 7.3,  with 16Gb ram   & 4 CPU's
>            Reporter: David Smith
>            Assignee: Aldrin Piri
>            Priority: Major
>
> I  have a VM which is running, NiFi 1.3.0 and MiNiFi 0.3.0 (Java version) and Java 8.
They share a common keystore which I have set up as StandardSSLContextService in  NIFI.
> I have created a flow which starts with a ListenHTTP, a couple of updateAttributes, and
then a PostHTTP. The flow works fine in NiFi, I exported it as a template and used the MiniFi
0.3.0 Toolkit to convert it into a yml file. I have edited the new config.yml file with the
passowrds for the keystores etc. however when I start Minifi I get an ERROR when ListenHTTP
tries to start, PostHTTP appears to start correctly. Unfortunately the VM is in a segregated
system so it is difficult to copy configs an logs.
> Below are a copy of the ERROR message and what I believe is the pertinent parts of the
config.yml file:
>  
> ERROR [main] o.apache.nifi.controller.FlowController Unable to start ListenHTTP[id= <UUID>]
due to java.langIllegalStateException: Processor ListenHTTP is not in a valid state due to
['SSL Context Service' validated against '968df85a-dfd5-39ad-0000-000000000000' is invalid
because Controller Service  '968df85a-dfd5-39ad-0000-000000000000' is not a valid Controller
Service Identifier or does not reference the correct type of Controller Service]
>  
> config.yml  (part of)
> name: ListenHTTP
> class: org.apache.nifi.processors.standard.ListenHTTP
> max concurrent tasks: 1
> scheduling strategy: TIMER DRIVEN
> scheduling period: 0 sec
> yield period: 1 sec
> run duration nanos: 0
> Properties:
>      Authorized DN Pattern: .*
>     Base Path: contentListener
>     HTTP Headers to receive as Attributes (Regex) :
>     Listening Port : 22222
>     Max data to receive per second:
>    Max Unconfirmed FLowFile Time: 60 secs
>    SSL Context Service: 968df85a-dfd5-39ad-0000-00000000000
>  
> Controller Services:
>  - id: 968df85a-dfd5-39ad-0000-00000000000   name: StandardSSLContextService   type:
org.apache.nifi.ssl.StandardSSLContextService
>    Properties:
>       Keystore FIlename: /opt/keystore/host.key
>       Keystore Password: XXXXXXX
>       Keystore Type: JKS
>       SSL Protocol: TLS
>       Truststore Filename: /opt/keystore/trust.key
>       Truststore Password:  YYYYYY
>       Truststore Type: JKS
>       Key-password:  XXXXXXX
>  
>  
> If any further information is required please ask.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message