You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "John Wise (Jira)" <ji...@apache.org> on 2022/11/30 14:45:00 UTC
[jira] [Updated] (NIFI-10911) NiFi fails to start due to (likely) corrupted encrypted value(s) in flow.xml.gz
[ https://issues.apache.org/jira/browse/NIFI-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Wise updated NIFI-10911:
-----------------------------
Description:
Over the past 2-3 weeks, a couple of our clusters have failed to start due to a decryption failure. nifi-app.log displays "{{{}o.a.n.c.serialization.FlowFromDOMFactory There was a problem decrypting a sensitive flow configuration value. Check that the nifi.sensitive.props.key value in nifi.properties matches the value used to encrypt the flow.xml.gz file{}}}"
In both cases, none of the encryption key values in {{bootstrap.conf}} and {{nifi.properties}} have changed. The issue appears to be that one, or more, of the "{{{}enc{}}}{}" values in flow.xml.gz have become corrupted.
The issue doesn't present itself until a node is restarted, at which point, NiFi continually fails to start due to the service being configured to auto-restart. Ideally, rather than just failing to start, NiFi would still complete the startup & alert the user to any decryption issues, so that they can be fixed.
In the interim, I've been removing the "{{{}enc{}}}{}" values from the flowfile, which allows NiFi to restart & give us the opportunity to manually re-enter the removed values. It's not ideal, but it does allow us to get our nodes back online.
was:
Over the past 2-3 weeks, a couple of our clusters have failed to start due to a decryption failure. nifi-app.log displays "{{{}o.a.n.c.serialization.FlowFromDOMFactory There was a problem decrypting a sensitive flow configuration value. Check that the nifi.sensitive.props.key value in nifi.properties matches the value used to encrypt the flow.xml.gz file{}}}"
In both cases, none of the encryption key values in {{bootstrap.conf}} and {{nifi.properties}} have changed. The issue appears to be that one, or more, of the "{{{}enc{}{}}}" values in flow.xml.gz have become corrupted.
The issue doesn't present itself until a node is restarted, at which point, NiFi continually fails to start due to the service being configured to auto-restart. Ideally, rather than just failing to start, NiFi would still complete the startup & alert the user to any decryption issues, so that they can be fixed.
In the interim, I've been removing the "{{{}enc{}{}}}" values from the flowfile, which allows NiFi to restart & give us the opportunity to manually re-enter the removed values. It's not ideal, but it does allow us to get our nodes back online.
> NiFi fails to start due to (likely) corrupted encrypted value(s) in flow.xml.gz
> -------------------------------------------------------------------------------
>
> Key: NIFI-10911
> URL: https://issues.apache.org/jira/browse/NIFI-10911
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: John Wise
> Priority: Major
> Labels: decrypt, failure, startup
>
> Over the past 2-3 weeks, a couple of our clusters have failed to start due to a decryption failure. nifi-app.log displays "{{{}o.a.n.c.serialization.FlowFromDOMFactory There was a problem decrypting a sensitive flow configuration value. Check that the nifi.sensitive.props.key value in nifi.properties matches the value used to encrypt the flow.xml.gz file{}}}"
> In both cases, none of the encryption key values in {{bootstrap.conf}} and {{nifi.properties}} have changed. The issue appears to be that one, or more, of the "{{{}enc{}}}{}" values in flow.xml.gz have become corrupted.
> The issue doesn't present itself until a node is restarted, at which point, NiFi continually fails to start due to the service being configured to auto-restart. Ideally, rather than just failing to start, NiFi would still complete the startup & alert the user to any decryption issues, so that they can be fixed.
> In the interim, I've been removing the "{{{}enc{}}}{}" values from the flowfile, which allows NiFi to restart & give us the opportunity to manually re-enter the removed values. It's not ideal, but it does allow us to get our nodes back online.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)