nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre <andre-li...@fucs.org>
Subject Re: NiFi Cluster on Docker (Kubernetes) - HTTPS issues
Date Fri, 21 Apr 2017 00:38:35 GMT
Johny,

Tell me more... tell me more... have you ensure the cluster cross
communication has been set to https?

I remember seeing something like that in the summer days when I partially
setup the cluster nodes to use TLS (forgetting to do the whole job).

Can you confirm the settings for:

nifi.cluster.protocol.is.secure
nifi.remote.input.secure
nifi.web.https.port

Can you also confirm you are using wildcard certificates (or alternate
subject names) and the following are set to the correct hostnames?

nifi.web.https.host
nifi.remote.input.host

Also, can you confirm the cluster is effectively up and running? Do you see
mentions to heartbeat being made in nifi-app.log?

Cheers


On 20 Apr 2017 23:20, "Johny Travolta" <ster.efx@gmail.com> wrote:

> Hey guys,
>
> Thanks for a great product. However , to set NiFi in fully automatic way is
> a bit tricky.
> For sure the tricky part is authentication to NiFi Cluster itself (why You
> guys forced 1st user authentication with certificate? That's a huge issue
> here :) )
>
> Basically, I have created a Docker image , and I can deploy NiFi Cluster in
> automated way.
> However, we need authentication , so we must use HTTPS.
> Now, I am thinking that the problem is that all my instances are created
> the same way (from same docker image ), with same Root certificate and same
> keys...
>
> My user can login succesfully to NiFi via HTTPS, however what I see after
> is the error message below. I am not able to do anything after this:
>
>
> I know that my certificate is good, because I can login (If I will go to
> /login page) this message is visible:
>
>
> And the logs says :
>
> <nabble_embed> at
> org.apache.nifi.cluster.coordination.http.replication.Thread
> PoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestR
> eplicator.java:802)
> ~[nifi-framework-clust er-1.2.0-SNAPSHOT.jar:1.2.0-SNAPSHOT] at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [na:1.8.0_121] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [na:1.8.0_121] at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1142)
> [na:1.8.0_121] at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:617)
> [na:1.8.0_121] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
> Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> connection? at
> sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
> ~[na:1.8.0_121] at sun.security.ssl.InputRecord.read(InputRecord.java:527)
> ~[na:1.8.0_121] at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
> ~[na:1.8.0_121] at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
> cketImpl.java:1375)
> ~[na:1.8.0_121] at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
> ~[na:1.8.0_121] at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
> ~[na:1.8.0_121] at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> ~[na:1.8.0_121] at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio
> n.connect(AbstractDelegateHttpsURLConnection.java:185)
> ~[na:1.8.0_121] at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
> HttpURLConnection.java:1546)
> ~[na:1.8.0_121] at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
> ttpURLConnection.java:1474)
> ~[na:1.8.0_121] at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
> ~[na:1.8.0_121] at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getRespons
> eCode(HttpsURLConnectionImpl.java:338)
> ~[na:1.8.0_121] at
> com.sun.jersey.client.urlconnection.URLConnectionClientHandl
> er._invoke(URLConnectionClientHandler.java:253)
> ~[jersey-client-1.19.jar:1.19] at
> com.sun.jersey.client.urlconnection.URLConnectionClientHandl
> er.handle(URLConnectionClientHandler.java:153)
> ~[jersey-client-1.19.jar:1.19] ... 12 common frames omitted</nabble_embed>
>
> Thanks if You can give me a right direction to fix this!
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message