Support Questions

Find answers, ask questions, and share your expertise

error nifi connecting as cluster

avatar
Explorer

Hi everyone,

I'm setting up nifi to run in cluster, I have 3 instances configured, but when I start them I get this error.

2024-04-10 20:42:59,080 INFO [main] o.a.n.c.c.n.LeaderElectionNodeProtocolSender Determined that Cluster Coordinator is located at myip3:11443; will use this address for sending heartbeat messages
2024-04-10 20:42:59,081 INFO [main] o.a.n.c.p.AbstractNodeProtocolSender Cluster Coordinator is located at myip3/<unresolved>:11443. Will send Cluster Connection Request to this address


2024-04-10 20:42:59,165 WARN [main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

 

 

Has anyone already ever faced this issue?

2 ACCEPTED SOLUTIONS

avatar

@dan_lucas  Still not much info here to be more helpful.   Have you gotten a single nifi node cluster working before trying 3?    Getting the default truststore/keystore setup with the right host certs could be the issue still.   


What version are you using?    These things are much easier in newest versions.

View solution in original post

avatar
Explorer

Hi Steven,

I'm using nifi version 1.24. I follow your advice and change to hostname now and follow this tutorial to config new trustore and keystore https://blog.opstree.com/2023/11/14/securing-nifi-cluster-with-tls-toolkit/

Everything seems to be working. Thank you.

View solution in original post

6 REPLIES 6

avatar
Community Manager

@dan_lucas Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our NiFi expert @steven-matison  who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar

@dan_lucas  Not much to go on here, but it seems like you are having some issues resolving the networking for host/hostnames and ports.  Particularly: 

myip3/<unresolved>:11443

 

You may want to work on providing true host names and ips and trying nifi again.

avatar
Explorer

Edit: Hi @steven-matison.

I changed to host ip and also config a trustore.jks and a keystore.jks.

node 2 and 3

127 INFO [main] o.a.n.c.p.AbstractNodeProtocolSender Cluster Coordinator is located at 172.21.139.137/<unresolved>:11443. Will send Cluster Connection Request to this address
2024-04-11 17:49:23,131 WARN [main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

 

node 1

 

INFO [Clustering Tasks Thread-3] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2024-04-11 17:50:44,334 and sent to 172.21.139.137:11443 at 2024-04-11 17:50:44,443; determining Cluster Coordinator took 2 millis; DNS lookup for coordinator took 0 millis; connecting to coordinator took 1 millis; sending heartbeat took 45 millis; receiving first byte from response took 60 millis; receiving full response took 60 millis; total time was 109 millis
2024-04-11 17:50:46,787 INFO [Heartbeat Monitor Thread-1] o.a.n.c.c.h.AbstractHeartbeatMonitor Finished processing 1 heartbeats in 11368 nanos
2024-04-11 17:50:47,962 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile Repository
2024-04-11 17:50:47,962 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile Repository with 0 records in 0 milliseconds
2024-04-11 17:50:49,503 INFO [Process Cluster Protocol Request-1] o.a.n.c.p.impl.SocketProtocolListener Finished processing request c83e0c54-a47d-4944-b48d-c32354b016ad (type=HEARTBEAT, length=2343 bytes) from 172.21.139.137:8443 in 54 millis
2024-04-11 17:50:49,504 INFO [Clustering Tasks Thread-3] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2024-04-11 17:50:49,444 and sent to 172.21.139.137:11443 at 2024-04-11 17:50:49,504; determining Cluster Coordinator took 1 millis; DNS lookup for coordinator took 0 millis; connecting to coordinator took 1 millis; sending heartbeat took 11 millis; receiving first byte from response took 46 millis; receiving full response took 47 millis; total time was 60 millis

avatar

@dan_lucas  Still not much info here to be more helpful.   Have you gotten a single nifi node cluster working before trying 3?    Getting the default truststore/keystore setup with the right host certs could be the issue still.   


What version are you using?    These things are much easier in newest versions.

avatar
Explorer

Hi Steven,

I'm using nifi version 1.24. I follow your advice and change to hostname now and follow this tutorial to config new trustore and keystore https://blog.opstree.com/2023/11/14/securing-nifi-cluster-with-tls-toolkit/

Everything seems to be working. Thank you.

avatar
New Contributor

Thank you very much. It is indeed possible to use the hostname method according to the method in the URL you provided. I used the same method before, but it didn't work when I used the IP directly.