Closed maykiwo closed 3 years ago
sushilkm
commented
4 years ago Thank you @maykiwo for trying this chart. I apologize you got the error. So, the issue is latest changes to NiFi 1.12.0 had breaking changes to setup secured server using certificates generated via toolkit. This is known to community and is fixed in RC1 1.12.1 I have pinned chart to use 1.11.4 where everything works. Please try again and let me know, if it works for you. Thank you
maykiwo
commented
4 years ago @sushilkm : thanks you very much. It is worked perfectly. Thanks also for the quick response.
maykiwo
commented
4 years ago @sushilkm : one another thing.. it seems not working when i try 3 replicas, I got this message for the last nifi:
`* Server certificate:
GET /nifi-api/controller/cluster HTTP/1.1 Host: cluster1-nifi-2.cluster1-nifi-headless.nifi.svc.cluster.local:8443 User-Agent: curl/7.64.0 Accept: /
{ [5 bytes data] < HTTP/1.1 403 Forbidden < Date: Tue, 15 Sep 2020 09:05:03 GMT < X-Frame-Options: SAMEORIGIN < Content-Security-Policy: frame-ancestors 'self' < X-XSS-Protection: 1; mode=block < Strict-Transport-Security: max-age=31540000 < Server: Jetty(9.4.19.v20190610) < X-ProxiedEntitiesDetails: Untrusted proxy CN=cluster1-nifi-2.cluster1-nifi-headless.nifi.svc.cluster.local, OU=NIFI < Content-Type: text/plain;charset=iso-8859-1 < Vary: Accept-Encoding < Content-Length: 90 < { [90 bytes data] 100 90 100 90 0 0 1406 0 --:--:-- --:--:-- --:--:-- 1406
Have you got the same issue ?
thanks
sushilkm
commented
4 years ago did you scale up to 3 replicas, after creating a cluster which had <3 nodes in the initial setup
sushilkm
commented
4 years ago @maykiwo If you were trying that with scaling up and you saw those errors in the logs, then I have put changes that fixes the readiness check and you should not see those error log anymore.
maykiwo
commented
4 years ago I retry. Thanks
sushilkm
commented
3 years ago Closing because of inactivity. Feel free to reopen if you encounter the issue again.
Hello,
I have been trying your chart but it seems not working with CA Certificate.
Have you already seen this error ?
2020-09-14 13:21:51,090 WARN [Replicate Request Thread-3] o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/controller/cluster to cluster1-nifi-0.cluster1-nifi-headless.nifi.svc.cluster.local:8443 due to javax.net.ssl.SSLPeerUnverifiedException: Hostname cluster1-nifi-0.cluster1-nifi-headless.nifi.svc.cluster.local not verified: certificate: sha256/rB5rSviXrSLTwAjhNRAg9FJbeZ0EdAQ7v9Cg4JEoJZM= DN: CN=cluster1-nifi-0.cluster1-nifi-headless.nifi.svc.cluster.local, OU=NIFI subjectAltNames: [] 2020-09-14 13:21:51,092 WARN [Replicate Request Thread-3] o.a.n.c.c.h.r.ThreadPoolRequestReplicator javax.net.ssl.SSLPeerUnverifiedException: Hostname cluster1-nifi-0.cluster1-nifi-headless.nifi.svc.cluster.local not verified: certificate: sha256/rB5rSviXrSLTwAjhNRAg9FJbeZ0EdAQ7v9Cg4JEoJZM= DN: CN=cluster1-nifi-0.cluster1-nifi-headless.nifi.svc.cluster.local, OU=NIFI subjectAltNames: [] at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:350) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88) at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229) at okhttp3.RealCall.execute(RealCall.java:81) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:133) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:127) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:647) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:839) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)