You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Karthick Narendran (Jira)" <ji...@apache.org> on 2021/03/15 13:38:00 UTC

[jira] [Comment Edited] (NIFI-7850) NIFI dockerhub image does not start when configured with LDAP authentication

    [ https://issues.apache.org/jira/browse/NIFI-7850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17301617#comment-17301617 ] 

Karthick Narendran edited comment on NIFI-7850 at 3/15/21, 1:37 PM:
--------------------------------------------------------------------

Hi [~suskuma], We ran into this issue when configuring TLS authentication. It is reproducible on a cluster install using the below command. However, the error doesn't appear on a standalone instance. 

I have submitted a patch - https://github.com/apache/nifi/pull/4896

 
{code:java}
docker run --name nifi \
 -v /Users/karthicknarendran/Downloads/nifi-docker/certs/localhost:/opt/certs \
 -p 8443:8443 \
 -e AUTH=tls \
 -e KEYSTORE_PATH=/opt/certs/keystore.jks \
 -e KEYSTORE_TYPE=JKS \
 -e KEYSTORE_PASSWORD=pa55w0rd \
 -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
 -e TRUSTSTORE_PASSWORD=pa55w0rd \
 -e TRUSTSTORE_TYPE=JKS \
 -e INITIAL_ADMIN_IDENTITY='CN=host1' \
 -e NIFI_CLUSTER_NODE_PROTOCOL_PORT=11443 \
 -e NIFI_CLUSTER_IS_NODE=true \
 -e NIFI_ZK_CONNECT_STRING=zookeeper-client:2181 \
 -e NIFI_ZK_ROOT_NODE=/nifi_secure \
 -ti \
 apache/nifi:1.13.0{code}
Stack trace:
{code:java}
Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false. at org.apache.nifi.util.NiFiProperties.getNodeApiAddress(NiFiProperties.java:1272) at org.apache.nifi.controller.StandardFlowService.<init>(StandardFlowService.java:214) at org.apache.nifi.controller.StandardFlowService.createClusteredInstance(StandardFlowService.java:180) at org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:54) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 44 common frames omitted2021-03-15 11:34:08,388 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...2021-03-15 11:34:08,403 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@69d103f0{SSL, (ssl, http/1.1)}{a6987b21f06a:8443}2021-03-15 11:34:08,403 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped scavenging{code}
Cc: [~jfrazee]

 


was (Author: karthick-rn):
Hi [~suskuma], We ran into this issue when configuring TLS authentication. It is reproducible on a cluster install using the below command. However, the error doesn't appear on a standalone instance. 

I have submitted a patch - 

 
{code:java}
docker run --name nifi \
 -v /Users/karthicknarendran/Downloads/nifi-docker/certs/localhost:/opt/certs \
 -p 8443:8443 \
 -e AUTH=tls \
 -e KEYSTORE_PATH=/opt/certs/keystore.jks \
 -e KEYSTORE_TYPE=JKS \
 -e KEYSTORE_PASSWORD=pa55w0rd \
 -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
 -e TRUSTSTORE_PASSWORD=pa55w0rd \
 -e TRUSTSTORE_TYPE=JKS \
 -e INITIAL_ADMIN_IDENTITY='CN=host1' \
 -e NIFI_CLUSTER_NODE_PROTOCOL_PORT=11443 \
 -e NIFI_CLUSTER_IS_NODE=true \
 -e NIFI_ZK_CONNECT_STRING=zookeeper-client:2181 \
 -e NIFI_ZK_ROOT_NODE=/nifi_secure \
 -ti \
 apache/nifi:1.13.0{code}
Stack trace:
{code:java}
Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.Caused by: java.lang.RuntimeException: The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false. at org.apache.nifi.util.NiFiProperties.getNodeApiAddress(NiFiProperties.java:1272) at org.apache.nifi.controller.StandardFlowService.<init>(StandardFlowService.java:214) at org.apache.nifi.controller.StandardFlowService.createClusteredInstance(StandardFlowService.java:180) at org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:54) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 44 common frames omitted2021-03-15 11:34:08,388 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...2021-03-15 11:34:08,403 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@69d103f0{SSL, (ssl, http/1.1)}{a6987b21f06a:8443}2021-03-15 11:34:08,403 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped scavenging{code}
Cc: [~jfrazee]

 

> NIFI dockerhub image does not start when configured with LDAP authentication
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-7850
>                 URL: https://issues.apache.org/jira/browse/NIFI-7850
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Docker
>    Affects Versions: 1.12.0
>         Environment: Docker on Kubernetes
>            Reporter: Ney Walens De Mesquita
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When starting NIFI docks image configured to use LDAP authentication, the process exists with the error:
> {quote}The nifi.web.http.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to false.
> {quote}
>  
> When checking the start.sh and secure.sh scripts, I have noticed that some standard parameters are set but not the one referred in the error.
>  
> I managed to fix the issue on my local environment by adding the following to secure.sh:
> {quote}prop_replace 'nifi.cluser.protocol.is.secure' 'true'
> {quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)