You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Aldrin Piri (JIRA)" <ji...@apache.org> on 2018/01/24 19:41:01 UTC
[jira] [Commented] (MINIFI-429) Unable to use SSL Context with
ListenHTTP
[ https://issues.apache.org/jira/browse/MINIFI-429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16338118#comment-16338118 ]
Aldrin Piri commented on MINIFI-429:
------------------------------------
Hi [~davidrsmith],
It appears that 1.4.0 changed the type of SSLContextService the ListenHTTP processor used from SSLContextService to RestrictedSSLContextService. As 0.3.0 was upgraded to the NiFi 1.4.0 core libraries, flows making use of that processor from a template prior to NiFi 1.4.0 would no longer be valid.
Could you see if adjusting the class to be org.apache.nifi.ssl.RestrictedSSLContextService works?
For context, the associated issue is here: https://issues.apache.org/jira/browse/NIFI-2528.
Doing a quick test it seems that this works for me as anticipated. If it works out for you also, please let us know and I can make a note in terms of migration.
> Unable to use SSL Context with ListenHTTP
> -----------------------------------------
>
> Key: MINIFI-429
> URL: https://issues.apache.org/jira/browse/MINIFI-429
> Project: Apache NiFi MiNiFi
> Issue Type: Bug
> Components: Core Framework, Processing Configuration
> Affects Versions: 0.3.0
> Environment: VM running CentoS 7.3, with 16Gb ram & 4 CPU's
> Reporter: David Smith
> Assignee: Aldrin Piri
> Priority: Major
>
> I have a VM which is running, NiFi 1.3.0 and MiNiFi 0.3.0 (Java version) and Java 8. They share a common keystore which I have set up as StandardSSLContextService in NIFI.
> I have created a flow which starts with a ListenHTTP, a couple of updateAttributes, and then a PostHTTP. The flow works fine in NiFi, I exported it as a template and used the MiniFi 0.3.0 Toolkit to convert it into a yml file. I have edited the new config.yml file with the passowrds for the keystores etc. however when I start Minifi I get an ERROR when ListenHTTP tries to start, PostHTTP appears to start correctly. Unfortunately the VM is in a segregated system so it is difficult to copy configs an logs.
> Below are a copy of the ERROR message and what I believe is the pertinent parts of the config.yml file:
>
> ERROR [main] o.apache.nifi.controller.FlowController Unable to start ListenHTTP[id= <UUID>] due to java.langIllegalStateException: Processor ListenHTTP is not in a valid state due to ['SSL Context Service' validated against '968df85a-dfd5-39ad-0000-000000000000' is invalid because Controller Service '968df85a-dfd5-39ad-0000-000000000000' is not a valid Controller Service Identifier or does not reference the correct type of Controller Service]
>
> config.yml (part of)
> name: ListenHTTP
> class: org.apache.nifi.processors.standard.ListenHTTP
> max concurrent tasks: 1
> scheduling strategy: TIMER DRIVEN
> scheduling period: 0 sec
> yield period: 1 sec
> run duration nanos: 0
> Properties:
> Authorized DN Pattern: .*
> Base Path: contentListener
> HTTP Headers to receive as Attributes (Regex) :
> Listening Port : 22222
> Max data to receive per second:
> Max Unconfirmed FLowFile Time: 60 secs
> SSL Context Service: 968df85a-dfd5-39ad-0000-00000000000
>
> Controller Services:
> - id: 968df85a-dfd5-39ad-0000-00000000000 name: StandardSSLContextService type: org.apache.nifi.ssl.StandardSSLContextService
> Properties:
> Keystore FIlename: /opt/keystore/host.key
> Keystore Password: XXXXXXX
> Keystore Type: JKS
> SSL Protocol: TLS
> Truststore Filename: /opt/keystore/trust.key
> Truststore Password: YYYYYY
> Truststore Type: JKS
> Key-password: XXXXXXX
>
>
> If any further information is required please ask.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)