nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: Jetty failure to start: org.jasypt.exceptions.EncryptionOperationNotPossibleException
Date Wed, 26 Jul 2017 17:50:08 GMT
I also forgot to mention that if you do want Ansible to generate a new key, you can use the
Encrypt Config Tool (part of the NiFi Toolkit) to perform key rotation and encrypted value
migration [1] of the nifi.properties and flow.xml.gz files. I should probably write a blog
entry with step-by-step instructions, but the Admin Guide does have an explanation and you
can script this operation via Ansible if you desire.

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#existing-flow-migration
<https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#existing-flow-migration>

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jul 26, 2017, at 10:47 AM, Andy LoPresto <alopresto@apache.org> wrote:
> 
> Russell,
> 
> Thanks for following up and documenting this. If you are willing to file a Jira, we can
hopefully improve the error messaging to make this easier for users to diagnose, and as there
is already a ticket (NIFI-3116 [1]) to remove Jasypt (the underlying library which is generating
the stacktrace), they may be done in conjunction. Thanks.
> 
> [1] https://issues.apache.org/jira/browse/NIFI-3116 <https://issues.apache.org/jira/browse/NIFI-3116>
> 
> Andy LoPresto
> alopresto@apache.org <mailto:alopresto@apache.org>
> alopresto.apache@gmail.com <mailto:alopresto.apache@gmail.com>
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
> 
>> On Jul 26, 2017, at 8:39 AM, Russell Bateman <russ@windofkeltia.com <mailto:russ@windofkeltia.com>>
wrote:
>> 
>> Follow-up...
>> 
>> We use openJRE, so the JCE problem doesn't affect us.
>> 
>> The problem was as Mark suggested: Our Ansible instructions upgraded NiFi and created
a new nifi.sensitive.props.key. In nifi.properties this property, if extant, is used to encrypt
sensitive properties in flow.xml.gz. Thus, upon relaunching NiFi, the wrong key was used to
decrypt resulting in the reported failure to start, flow.xml.gz is no longer useful.
>> 
>> How did we solve it?
>> 
>> We looked in the nifi.properties.rpmsave file, what RPM does with a file it's changed,
and copied the old key from this property to paste in over the newly generated key in nifi.properties.
Relaunched, NiFi worked with no problem. The full solution, in our case, is to insist in Ansible
that it not generate for and replace nifi.sensitive.props.key with a new key.
>> 
>> Many thanks to Mark and Joe for their very immediate and useful help saving us much
time down!
>> 
>> Russ
>> 
>> 
>> On 07/26/2017 07:53 AM, Russell Bateman wrote:
>>> Thanks for these suggestions, guys. I've only come in this morning to this complaint
on a customer's production server to which I don't have access. So, I'm at the beginning of
it, but I've never seen this before and thought I'd ask in the meantime. Your suggestions
are invaluable; I'm sure that something like what you say must be going on. I'll confer with
the DevOps guys when they get in for the day.
>>> 
>>> Many thanks,
>>> 
>>> Russ
>>> 
>>> On 07/26/2017 07:46 AM, Joe Witt wrote:
>>>> Has the version of java being used changed by chance on the system?
>>>> And if so, or perhaps even if not, were the JCE extensions
>>>> installed/configured previously and now it is not?  Other than that
>>>> the only other thing that comes to mind is if the sensitive properties
>>>> key was changed
>>>> 
>>>> On Wed, Jul 26, 2017 at 9:40 AM, Russell Bateman <russ@windofkeltia.com>
<mailto:russ@windofkeltia.com> wrote:
>>>>> I'm getting this stack trace reported. I'm completely unfamiliar with
this
>>>>> problem or what could cause it--never having seen it before. I could
use
>>>>> some help here.
>>>>> 
>>>>> Thanks.
>>>>> 
>>>>> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
>>>>> Failed to start web server... shutting down.
>>>>> org.apache.nifi.encrypt.EncryptionException:
>>>>> org.jasypt.exceptions.EncryptionOperationNotPossibleException
>>>>>         at
>>>>> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProperties(FlowFromDOMFactory.java:411)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.serialization.FlowFromDOMFactory.getControllerService(FlowFromDOMFactory.java:96)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.fingerprint.FingerprintFactory.addFlowControllerFingerprint(FingerprintFactory.java:211)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:176)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:146)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.StandardFlowSynchronizer.checkFlowInheritability(StandardFlowSynchronizer.java:1335)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.StandardFlowSynchronizer.checkFlowInheritability(StandardFlowSynchronizer.java:1325)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:240)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1461)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:83)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:678)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:508)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         at
>>>>> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:69)
>>>>> ~[na:na]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:837)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:533)
>>>>> ~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:810)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:345)
>>>>> ~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1404)
>>>>> ~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1366)
>>>>> ~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262)
>>>>> ~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:520)
>>>>> ~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:231)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at org.eclipse.jetty.server.Server.start(Server.java:411)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at org.eclipse.jetty.server.Server.doStart(Server.java:378)
>>>>> ~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>>>>> ~[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>>>>>         at
>>>>> org.apache.nifi.web.server.JettyServer.start(JettyServer.java:675)
>>>>> ~[nifi-jetty-1.1.2.jar:1.1.2]
>>>>>         at org.apache.nifi.NiFi.<init>(NiFi.java:156)
>>>>> [nifi-runtime-1.1.2.jar:1.1.2]
>>>>>         at org.apache.nifi.NiFi.main(NiFi.java:262)
>>>>> [nifi-runtime-1.1.2.jar:1.1.2]
>>>>> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException:
>>>>> null
>>>>>         at
>>>>> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
>>>>> ~[jasypt-1.9.2.jar:na]
>>>>>         at
>>>>> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>>>>> ~[jasypt-1.9.2.jar:na]
>>>>>         at
>>>>> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
>>>>> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>>>>>         ... 42 common frames omitted
>>> 
>> 
> 


Mime
View raw message