Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Integrate NIFI , NIFI Registry

avatar
Explorer

Hello all,

I have HDF 3.4 cluster A with nifi and nifi registry integrated, cluster B with NIFI. both are tls/ssl secured. now I'm trying to use the cluster A NIFI registry for NIFI running on cluster B.

 

noticing below error when trying to version a flow from cluster B NIFI  integrated with cluster A registry 

DivyaKaki_0-1596559594694.png

 

I have added cluster B nifi node cert to registry users list but still same error

CN=its-nifi-node-dev-nifipoc1-01, OU=NIFI

 

@alim @MattWho @sunile_manjee please advice 

1 ACCEPTED SOLUTION

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
4 REPLIES 4

avatar
Master Guru
Do you have the ssl context service setup properly?

avatar
Explorer

Thanks @sunile_manjee 

 cluster A NIfi & Registry are managed by Ranger, working well.

hence I added cluster B nifi node cert to cluster A Ranger user and then added to Registry policy.

 

clusterB nifi user logs:

2020-08-04 21:40:37,824 INFO [NiFi Web Server-333] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for divya
2020-08-04 21:40:37,833 INFO [NiFi Web Server-333] o.a.n.w.a.config.NiFiCoreExceptionMapper org.apache.nifi.web.NiFiCoreException: Unable to obtain listing of buckets: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors. Returning Conflict response.

 

NIFI GUI exception:

DivyaKaki_0-1596577319783.png

 

 

any advice 

 

 

avatar
Explorer

@sunile_manjee 

i have generated certs for bothe cluster nifi, nifi registrty using below commands

 

do i need to add jks from cluster A nifi to cluster B registry

sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B  myTokenTouse -C 'CN=nifiadmin, OU=NIFI' -n 'nifi-pb-amb-01.its-streaming,nifi-pb-nifi-01.its-streaming,nifi-pb-nifi-02.its-streaming,nifi-pb-nifi-03.its-streaming,nifi-pb-nreg-01.its-streaming'  --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /data/nifi_certs/ -K myTokenTouse -P myTokenTouse -S myTokenTouse

avatar
Super Mentor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login