nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre <andre-li...@fucs.org>
Subject Secure Site to Site works when using HTTP but fails when using RAW fails
Date Thu, 08 Dec 2016 13:42:30 GMT
devs,

I may be missing something but for some reason I am unable to use RAW
protocol in secure mode.

As par documentation I've set:

nifi.remote.input.host=node1.textbed.internal
nifi.remote.input.secure=true
nifi.remote.input.socket.port=54321
nifi.remote.input.http.enabled=false
nifi.remote.input.http.transaction.ttl=30 sec

I then add the RPG to canvas. Ports get detected.

However when I try to enable transmission the whole thing fails. Due to
timing and content I suspect the following messages are related:

2016-12-09 00:15:26,306 DEBUG [Site-to-Site Worker Thread-145]
o.a.n.r.p.s.SocketFlowFileServerProtocol
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
Got Request Type REQUEST_PEER_LIST from
Peer[url=nifi://producer.textbed.internal:35868]
2016-12-09 00:15:26,306 DEBUG [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener Request type from
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
is REQUEST_PEER_LIST
2016-12-09 00:15:26,308 INFO [Site-to-Site Worker Thread-145]
o.a.n.c.c.n.LeaderElectionNodeProtocolSender Determined that Cluster
Coordinator is located at node1.textbed.internal:1221; will use this
address for sending heartbeat messages
2016-12-09 00:15:26,450 ERROR [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener Unable to communicate with remote
instance Peer[url=nifi://producer.textbed.internal:35868]
(SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744])
due to java.lang.NullPointerException; closing connection
2016-12-09 00:15:26,456 ERROR [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener
java.lang.NullPointerException: null
        at
org.apache.nifi.remote.SocketRemoteSiteListener$1$1.run(SocketRemoteSiteListener.java:280)
~[nifi-site-to-site-1.1.0.jar:1.1.0]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
2016-12-09 00:15:26,456 DEBUG [Site-to-Site Worker Thread-145]
o.a.n.r.p.s.SocketFlowFileServerProtocol
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
Shutting down with Peer[url=nifi://producer.textbed.internal:35868]
2016-12-09 00:15:28,591 INFO [Clustering Tasks Thread-3]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2016-12-09
00:15:28,483 and sent to node2.textbed.internal:1221 at 2016-12-09
00:15:28,591; send took 108 millis
2016-12-09 00:15:29,573 WARN [NiFi Web Server-280]
org.eclipse.jetty.http.HttpParser Illegal character 0x0 in state=METHOD for
buffer HeapByteBuffer@5c3ed51[p=5,l=32,c=17408,r=27]={NiFi\x00<<<\x16SocketFlowFileProtocol\x00\x00\x00\x06>>>1.1\r\nAccept:
appl...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}


On the client side (I am using MiNiFi as it is faster to debug) I can see
(with debugging enabled):

2016-12-09 00:17:23,664 DEBUG [NiFi Site-to-Site Connection Pool
Maintenance] o.apache.nifi.remote.client.PeerSelector
java.io.IOException: Unable to communicate with remote NiFi cluster in
order to determine which nodes exist in the remote cluster
        at
org.apache.nifi.remote.client.PeerSelector.fetchRemotePeerStatuses(PeerSelector.java:392)
        at
org.apache.nifi.remote.client.PeerSelector.refreshPeers(PeerSelector.java:346)
        at
org.apache.nifi.remote.client.socket.EndpointConnectionPool$2.run(EndpointConnectionPool.java:127)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
        at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
        at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
        Suppressed: java.io.IOException: Channel is closed
                at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:573)
                at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannelInputStream.read(SSLSocketChannelInputStream.java:46)
                at
org.apache.nifi.stream.io.ByteCountingInputStream.read(ByteCountingInputStream.java:51)
                at
org.apache.nifi.stream.io.BufferedInputStream.fill(BufferedInputStream.java:206)
                at
org.apache.nifi.stream.io.BufferedInputStream.read(BufferedInputStream.java:227)
                at java.io.DataInputStream.readInt(DataInputStream.java:387)
                at
org.apache.nifi.remote.protocol.socket.SocketClientProtocol.getPeerStatuses(SocketClientProtocol.java:225)
                at
org.apache.nifi.remote.client.socket.EndpointConnectionPool.fetchRemotePeerStatuses(EndpointConnectionPool.java:404)
                at
org.apache.nifi.remote.client.PeerSelector.fetchRemotePeerStatuses(PeerSelector.java:379)
                ... 9 common frames omitted



I have run openssl s_client and the TLS connection itself seems to proceed


New, TLSv1/SSLv3, Cipher ...
    Verify return code: 0 (ok)
---
GET / HTTP/1.0
...

Note about the HTTP request.

This is on purpose:

Since I know HTTP S2S works, I tried it by entering into what should be a
violation of the protocol and it seems to work:

2016-12-08 23:01:28,142 ERROR [Site-to-Site Worker Thread-297]
o.a.nifi.remote.SocketRemoteSiteListener Unable to communicate with remote
instance null due to org.apache.nifi.remote.exception.HandshakeException:
Handshake with nifi://producer.testbed.internal:12345 failed because the
Magic Header was not present; closing connection



I noticed from the trace above that a NPE happens when
SocketRemoteSiteListener makes a call to


https://github.com/apache/nifi/blob/master/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java#L412

    public Integer getRemoteInputHttpPort() {
        if (!isSiteToSiteHttpEnabled()) {
            return null;
        }


Is this expected?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message