I have secure nifi and nifi -registry with ldap working fine running on the same machine.
Nifi is running with alb listening on 443 and forwarding to 9999 -- same isntance.
Nifi -registry running with alb listening on 443 and forwarding to 8443 -- same instance.
Dns for nifi -- dev.nifi-test.------------
Dns for nifi -registry - dev.nifi-registry.--------
Imported the nifi-registry cert chain into trustore used by nifi , so no issues with ssl handshake between nifi and nifi-registry.
Intial admin user loaded from LDAP have full access in nifi and was given all access to bucket and can proxy user requests and bucket policies set to full access for this user.
In nifi controller settings are pointed https://dev.nifi-registry...........
But available buckets are not showing up . Please help with this issue.
@Chada Can you share more details regarding any specific errors?
This post may have the solution you are looking for:
If this answer resolves your issue or allows you to move forward, please choose to ACCEPT this solution and close this topic. If you have further dialogue on this topic please comment here or feel free to private message me. If you have new questions related to your Use Case please create separate topic and feel free to tag me in your post.
@stevenmatison I tried those earlier. Few things that i checked.making sure user has privileges to the bucket and added hostname in users in nifi -registry with CN=<dns for nifi>,OU=NIFI and made sure that access to bucket and can proxy requests.
Intial user is coming from LDAP provider on both nifi and nifi-registry and hashed userid in both users.xml in nifi and nifi-registry are matching.
Even the public buckets are not loading in nifi.
The nifi-registry url given in the controller settings https://dev.<<<>>.aws.<<<>>.<<>>
If this is given no ssl errors but not able to load any available buckets including public buckets.
I tried adding https://dev.<<<>>.aws.<<<>>.<<>>/nifi-registry in the url here. But throws 404 page not found error and nifi is trying to access /nifi-registry/nifi-registry-api/buckets which is not correct url.
Unable to obtain listing of buckets: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving all buckets: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 404 Not Found</title> </head> <body><h2>HTTP ERROR 404</h2> <p>Problem accessing /nifi-registry/nifi-registry-api/buckets. Reason: <pre> Not Found</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.19.v20190610</a><hr/> </body> </html>
Is there a setting or config in nifi that needs to be changed to look for correct path or no path needed just refer to url https://dev.<<<>>.aws.<<<>>.<<>> without any context path?
Nothing from the logs to post. No errors in both nifi and nifi-registry logs
Make sure your PrivateKeyEntry being used by your NiFi has both "clientAuth" and "serverAuth" extended key usage.
The NiFi-Registry URL configured in NiFi --> global menu --> controller settings --> registry clients tab will be:
Your NiFi node(s) will need to exist in NiFi-Registry and be assigned the following special privileges:
Read allow your NiFi nodes to read all buckets to see if new versions of existing version controlled flows exist.
Proxy allows is needed because a NiFi node may proxy requests on behalf of the user authenticated in to NiFi and making NiFi-Registry requests.
Your NiFi authenticated user in NIFi will need to exist in NiFi-Registry (exact string match) and be authorized for a bucket you must first create via the NiFi-Registry's UI as follows:
If your NiFi user has not been authorized to any buckets you will see below error in NiFi when you try version control a process group:
Once the user is properly given authorization to a bucket in NiFi-Registry, you will instead see:
Only buckets for which your user is authorized will show in the bucket pull-down menu.
Hope this helps,