You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/11/30 14:45:00 UTC

[jira] [Commented] (NIFI-10911) NiFi fails to start due to (likely) corrupted encrypted value(s) in flow.xml.gz

    [ https://issues.apache.org/jira/browse/NIFI-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641353#comment-17641353 ] 

David Handermann commented on NIFI-10911:
-----------------------------------------

Thanks for reporting this issue [~john.wise].

Can you provide some additional details about the NiFi deployment? In particular, the NiFi version would be helpful to know, as well as the value used for nifi.sensitive.props.algorithm. If you have any steps to reproduce, that would also be helpful to know.

> NiFi fails to start due to (likely) corrupted encrypted value(s) in flow.xml.gz
> -------------------------------------------------------------------------------
>
>                 Key: NIFI-10911
>                 URL: https://issues.apache.org/jira/browse/NIFI-10911
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: John Wise
>            Priority: Major
>              Labels: decrypt, failure, startup
>
> Over the past 2-3 weeks, a couple of our clusters have failed to start due to a decryption failure.  nifi-app.log displays "{{{}o.a.n.c.serialization.FlowFromDOMFactory There was a problem decrypting a sensitive flow configuration value.  Check that the nifi.sensitive.props.key value in nifi.properties matches the value used to encrypt the flow.xml.gz file{}}}"
> In both cases, none of the encryption key values in {{bootstrap.conf}} and {{nifi.properties}} have changed.  The issue appears to be that one, or more, of the "{{{}enc{}}}{}" values in flow.xml.gz have become corrupted.
> The issue doesn't present itself until a node is restarted, at which point, NiFi continually fails to start due to the service being configured to auto-restart.  Ideally, rather than just failing to start, NiFi would still complete the startup & alert the user to any decryption issues, so that they can be fixed.
> In the interim, I've been removing the "{{{}enc{}}}{}" values from the flowfile, which allows NiFi to restart & give us the opportunity to manually re-enter the removed values.  It's not ideal, but it does allow us to get our nodes back online.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)