Created 01-14-2021 09:19 AM
Hello,
Created 01-15-2021 06:06 AM
The NiFi client (NiFi or MiNiFi instance running the Remote Process Group (RPG)) has not control over the connection with the server (NiFi configured with Remote input or Output ports).
The RPG is provided with a http or https address of one or more target NiFi nodes in a NiFi cluster).
A background thread connects to that target NiFi to fetch Site-To-Site (S2S) details. If the target is https enabled, a mutual TLS handshake will happen. This means the client must have a keystore and truststore configured in the nifi.properties (NiFi) or config.yaml (MiNiFi) that can successfully be used to mutually authenticate with the target NiFi server.
The server side NiFi must have the properties you listed configured:
nifi.remote.input.host=<must be set to hostname of NiFi on which you are configuring this property. This is the hostname returned to client in the S2S details.  Be careful that what ever you set heer does not resolve to localhost.>
nifi.remote.input.secure=false (this tells client if connection is secure or unsecure. If false, the "nifi.web.http.port" property must be set and the URL used in the RPG must be  "http://<target nifi>:<http port>/nifii".  If set to true, the "nifi.web.https.port" property must be set and the URL used in the RPG must be  "https://<target nifi>:<https port>/nifii"
nifi.remote.input.socket.port=<This is the RAW port that will be used to actually send or receive the FlowFiles from remote Input or Output ports on target NiFi node(s).  If this property is not set on the target NiFi node(s), RAW transport protocol will not be supported. (S2S details are always fetched over HTTP)>
nifi.remote.input.http.enabled=true. <This properties states whether the "http" transport protocol can be used for sending the FlowFiles.>
nifi.remote.input.http.transaction.ttl=30 sec
nifi.remote.contents.cache.expiration=30 secs
Based on the log output shared it sounds like above properties were not set on the Target NiFi node(s). Did you set them on client NiFi (NiFi actually running the RPG)?
In addition to the Target NiFi S2S details above for each target NiFi node being returned to client, the details will also include the FlowFile load on each node, Remote input ports that client has been authorized to use, and Remote Output ports that the client has been authorized to use.  If the target server side NiFi node(s) are unsecured then there will be no authorization set for ports, all clients would have access to all remote input/output ports.
Also keep in mind that any changes to NiFi's/MiNiFi's configuration files would require a restart of the service before they would be applied.
Aside from above, I would need to see screenshots and nifi.properties/config.yaml configs of both your  client and server side of this S2S connection to help further.
Hope this helps,
Matt
Created 01-15-2021 06:55 AM
Hi Matt,
Thank you for the details. Let me go over your reply and the settings one more time and get back to you. Thanks again.
Lee
Created 01-15-2021 06:06 AM
The NiFi client (NiFi or MiNiFi instance running the Remote Process Group (RPG)) has not control over the connection with the server (NiFi configured with Remote input or Output ports).
The RPG is provided with a http or https address of one or more target NiFi nodes in a NiFi cluster).
A background thread connects to that target NiFi to fetch Site-To-Site (S2S) details. If the target is https enabled, a mutual TLS handshake will happen. This means the client must have a keystore and truststore configured in the nifi.properties (NiFi) or config.yaml (MiNiFi) that can successfully be used to mutually authenticate with the target NiFi server.
The server side NiFi must have the properties you listed configured:
nifi.remote.input.host=<must be set to hostname of NiFi on which you are configuring this property. This is the hostname returned to client in the S2S details.  Be careful that what ever you set heer does not resolve to localhost.>
nifi.remote.input.secure=false (this tells client if connection is secure or unsecure. If false, the "nifi.web.http.port" property must be set and the URL used in the RPG must be  "http://<target nifi>:<http port>/nifii".  If set to true, the "nifi.web.https.port" property must be set and the URL used in the RPG must be  "https://<target nifi>:<https port>/nifii"
nifi.remote.input.socket.port=<This is the RAW port that will be used to actually send or receive the FlowFiles from remote Input or Output ports on target NiFi node(s).  If this property is not set on the target NiFi node(s), RAW transport protocol will not be supported. (S2S details are always fetched over HTTP)>
nifi.remote.input.http.enabled=true. <This properties states whether the "http" transport protocol can be used for sending the FlowFiles.>
nifi.remote.input.http.transaction.ttl=30 sec
nifi.remote.contents.cache.expiration=30 secs
Based on the log output shared it sounds like above properties were not set on the Target NiFi node(s). Did you set them on client NiFi (NiFi actually running the RPG)?
In addition to the Target NiFi S2S details above for each target NiFi node being returned to client, the details will also include the FlowFile load on each node, Remote input ports that client has been authorized to use, and Remote Output ports that the client has been authorized to use.  If the target server side NiFi node(s) are unsecured then there will be no authorization set for ports, all clients would have access to all remote input/output ports.
Also keep in mind that any changes to NiFi's/MiNiFi's configuration files would require a restart of the service before they would be applied.
Aside from above, I would need to see screenshots and nifi.properties/config.yaml configs of both your  client and server side of this S2S connection to help further.
Hope this helps,
Matt
Created 01-15-2021 06:55 AM
Hi Matt,
Thank you for the details. Let me go over your reply and the settings one more time and get back to you. Thanks again.
Lee
 
					
				
				
			
		
