nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy LoPresto (Jira)" <j...@apache.org>
Subject [jira] [Updated] (NIFI-7467) Improve S2S peer retrieval process
Date Fri, 05 Jun 2020 20:43:00 GMT

     [ https://issues.apache.org/jira/browse/NIFI-7467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andy LoPresto updated NIFI-7467:
--------------------------------
    Fix Version/s: 1.12.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Improve S2S peer retrieval process
> ----------------------------------
>
>                 Key: NIFI-7467
>                 URL: https://issues.apache.org/jira/browse/NIFI-7467
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: cluster, peer, security, site-to-site, subjectAltName
>             Fix For: 1.12.0
>
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> During investigation for NIFI-7407, [~thenatog] and I discovered a scenario where site
to site peer retrieval was sub-optimal. Some of this was related to hosting a secure cluster
with multiple nodes on the same physical/virtual server, introducing hostname and SAN resolution
problems. In other instances, the retrieval has a nested {{NullPointerException}}. 
> {code}
> 2020-05-14 18:44:39,140 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater
Heartbeat created at 2020-05-14 18:44:39,124 and sent to node3.nifi:11443 at 2020-05-14 18:44:39,140;
send took 15 millis
> 2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi
cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers
due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist
in the remote cluster
> 2020-05-14 18:44:44,159 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater
Heartbeat created at 2020-05-14 18:44:44,146 and sent to node3.nifi:11443 at 2020-05-14 18:44:44,159;
send took 13 millis
> 2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] o.apache.nifi.remote.client.PeerSelector
Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi
cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers
due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist
in the remote cluster
> 2020-05-14 18:44:46,791 INFO [Timer-Driven Process Thread-10] o.a.nifi.remote.client.http.HttpClient
Couldn't find a valid peer to communicate with.
> 2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi
cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers
due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist
in the remote cluster
> 2020-05-14 18:44:49,178 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater
Heartbeat created at 2020-05-14 18:44:49,164 and sent to node3.nifi:11443 at 2020-05-14 18:44:49,178;
send took 13 millis
> 2020-05-14 18:44:51,332 INFO [Timer-Driven Process Thread-6] o.a.n.remote.StandardRemoteProcessGroup
Successfully refreshed Flow Contents for RemoteProcessGroup[https://node1.nifi:9441/nifi];
updated to reflect 1 Input Ports [InputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]]
and 0 Output Ports [OutputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]]
> 2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi
cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers
due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist
in the remote cluster
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message