You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Karthick Narendran (Jira)" <ji...@apache.org> on 2021/03/15 13:38:00 UTC
[jira] [Comment Edited] (NIFI-7850) NIFI dockerhub image does not
start when configured with LDAP authentication
[ https://issues.apache.org/jira/browse/NIFI-7850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17301617#comment-17301617 ]
Karthick Narendran edited comment on NIFI-7850 at 3/15/21, 1:37 PM:
--------------------------------------------------------------------
Hi [~suskuma], We ran into this issue when configuring TLS authentication. It is reproducible on a cluster install using the below command. However, the error doesn't appear on a standalone instance.
I have submitted a patch - https://github.com/apache/nifi/pull/4896
{code:java}
docker run --name nifi \
-v /Users/karthicknarendran/Downloads/nifi-docker/certs/localhost:/opt/certs \
-p 8443:8443 \
-e AUTH=tls \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
-e KEYSTORE_TYPE=JKS \
-e KEYSTORE_PASSWORD=pa55w0rd \
-e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
-e TRUSTSTORE_PASSWORD=pa55w0rd \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY='CN=host1' \
-e NIFI_CLUSTER_NODE_PROTOCOL_PORT=11443 \
-e NIFI_CLUSTER_IS_NODE=true \
-e NIFI_ZK_CONNECT_STRING=zookeeper-client:2181 \
-e NIFI_ZK_ROOT_NODE=/nifi_secure \
-ti \
apache/nifi:1.13.0{code}
Stack trace:
{code:java}
Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false. at org.apache.nifi.util.NiFiProperties.getNodeApiAddress(NiFiProperties.java:1272) at org.apache.nifi.controller.StandardFlowService.<init>(StandardFlowService.java:214) at org.apache.nifi.controller.StandardFlowService.createClusteredInstance(StandardFlowService.java:180) at org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:54) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 44 common frames omitted2021-03-15 11:34:08,388 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...2021-03-15 11:34:08,403 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@69d103f0{SSL, (ssl, http/1.1)}{a6987b21f06a:8443}2021-03-15 11:34:08,403 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped scavenging{code}
Cc: [~jfrazee]
was (Author: karthick-rn):
Hi [~suskuma], We ran into this issue when configuring TLS authentication. It is reproducible on a cluster install using the below command. However, the error doesn't appear on a standalone instance.
I have submitted a patch -
{code:java}
docker run --name nifi \
-v /Users/karthicknarendran/Downloads/nifi-docker/certs/localhost:/opt/certs \
-p 8443:8443 \
-e AUTH=tls \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
-e KEYSTORE_TYPE=JKS \
-e KEYSTORE_PASSWORD=pa55w0rd \
-e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
-e TRUSTSTORE_PASSWORD=pa55w0rd \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY='CN=host1' \
-e NIFI_CLUSTER_NODE_PROTOCOL_PORT=11443 \
-e NIFI_CLUSTER_IS_NODE=true \
-e NIFI_ZK_CONNECT_STRING=zookeeper-client:2181 \
-e NIFI_ZK_ROOT_NODE=/nifi_secure \
-ti \
apache/nifi:1.13.0{code}
Stack trace:
{code:java}
Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false. at org.apache.nifi.util.NiFiProperties.getNodeApiAddress(NiFiProperties.java:1272) at org.apache.nifi.controller.StandardFlowService.<init>(StandardFlowService.java:214) at org.apache.nifi.controller.StandardFlowService.createClusteredInstance(StandardFlowService.java:180) at org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:54) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 44 common frames omitted2021-03-15 11:34:08,388 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...2021-03-15 11:34:08,403 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@69d103f0{SSL, (ssl, http/1.1)}{a6987b21f06a:8443}2021-03-15 11:34:08,403 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped scavenging{code}
Cc: [~jfrazee]
> NIFI dockerhub image does not start when configured with LDAP authentication
> ----------------------------------------------------------------------------
>
> Key: NIFI-7850
> URL: https://issues.apache.org/jira/browse/NIFI-7850
> Project: Apache NiFi
> Issue Type: Bug
> Components: Docker
> Affects Versions: 1.12.0
> Environment: Docker on Kubernetes
> Reporter: Ney Walens De Mesquita
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When starting NIFI docks image configured to use LDAP authentication, the process exists with the error:
> {quote}The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.
> {quote}
>
> When checking the start.sh and secure.sh scripts, I have noticed that some standard parameters are set but not the one referred in the error.
>
> I managed to fix the issue on my local environment by adding the following to secure.sh:
> {quote}prop_replace 'nifi.cluser.protocol.is.secure' 'true'
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)