search

cetic / helm-nifi

Helm Chart for Apache Nifi
Apache License 2.0
215 stars 225 forks source link

[cetic/nifi] error when scaling past 1 secure node #33

Closed ceastman-ibm closed 4 years ago

ceastman-ibm commented 4 years ago

Describe the bug when 2nd replica of the statefulset starts up i get errors in the app-log after i try to log into the ui. with a single replica everything works fine.

[apache-nifi-0 app-log] 2019-12-04 13:15:00,250 WARN [Process Cluster Protocol Request-10] o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message from 172-30-147-92.apache-nifi.observability.svc.cluster.local due to javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown [apache-nifi-1 app-log] 2019-12-04 13:15:05,264 WARN [main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors [apache-nifi-0 app-log] 2019-12-04 13:15:05,273 WARN [Process Cluster Protocol Request-2] o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message from 172-30-147-92.apache-nifi.observability.svc.cluster.local due to javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown [apache-nifi-1 app-log] 2019-12-04 13:15:10,277 WARN [main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

Version of Helm and Kubernetes:

kube 1.14.9 helm 3.0.0

What happened: i get this after entering my userid/password:

Unable to continue login sequence

home

Purposed state does not match the stored state. Unable to continue login process.

What you expected to happen:

to be redirected to the nifi canvas ui

How to reproduce it (as minimally and precisely as possible): I added this to the command section in the statefulset.yaml

      # setup tls
      /opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh standalone -n ${FQDN} -f /opt/nifi/nifi-current/conf/nifi.properties -P {{ .Values.nifi.trustStorePassword }} -S {{ .Values.nifi.keyStorePassword }} || true
      mv /opt/nifi/nifi-current/${FQDN}/* /opt/nifi/nifi-current/conf

Anything else we need to know: This setup works fine with a single node, it stops working when i scale the statefulset to greater than 1 node

alexnuttinck commented 4 years ago

resolved by #76.