Created 11-12-2018 10:23 AM
I want to invoke remote rest service from my nifi flow, but when i try to make this operation i got this error:
here is my nifi flow:ex1.xml
what should i change to get rid of this error?
(P.S i have changed connection timeout time but nothing has changed)
2018-11-12 14:15:25,387 ERROR [Timer-Driven Process Thread-7] o.a.nifi.processors.standard.InvokeHTTP InvokeHTTP[id=0ba0b02b-bc72-492d-657f-372061ab1dce] Routing to Failure due to exception: java.net.ConnectException: Failed to connect to reqres.in/184.108.40.206:443: java.net.ConnectException: Failed to connect to reqres.in/220.127.116.11:443 java.net.ConnectException: Failed to connect to reqres.in/18.104.22.168:443 at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:225) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149) at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:195) at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) at okhttp3.RealCall.execute(RealCall.java:69) at org.apache.nifi.processors.standard.InvokeHTTP.onTrigger(InvokeHTTP.java:791) at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1165) at org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:203) at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.net.ConnectException: Connection timed out: connect at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at okhttp3.internal.platform.Platform.connectSocket(Platform.java:124) at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:223) ... 29 common frames omitted
Created 11-12-2018 12:21 PM
The ERROR shows that the endpoint you are try to connect to is a secured https connection to port 443.
This means that some form of SSL handshake is going to need to take place which means you will need to enable your invokeHTTP processor to use a SSLContextService.
Does this endpoint require user authentication?
If yes, your SSLContextService will require both a keystore and a truststore.
If no, your SSLContextService will only require a truststore.
The keystore would contain you client certificate (PrivateKeyEntry) which the endpoint must be able to trust to authenticate your client user who is connecting. If a client certificate is not provided most endpoints will just close the connection.
The truststore is used by your client (NiFi is your client in this scenario) to verify trust of the server certificate present from your endpoint. This truststore must contain the complete certificate trust chain for your target endpoint. You can use the following openssl client command to get output that shows the complete certificate trust chain for your target:
openssl s_client -connect 22.214.171.124:443
You will see a lot of output, but look for a section for the certificate chain. You may see one or more certificates in the chain. Each certificate will have an owner(o) and issuer(i). Your truststore must contain a "trustedCertEntry" for every one of those issuers.
If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link.
Created 11-13-2018 03:53 PM
The invokeHTTP processor can be configured to utilize a SSLContextService controller service. It is in this Controller Service where you would define the location of keystore (if needed by server endpoint) and truststore. You need to make sure that this keystore and truststore files are owned by the same user that owns the NiFi java process.
Do you even know if you need client authentication for this endpoint? Do you know what form of user authentication is required (meaning, does endpoint support TLS user authentication via user certificate)?
when you say "when I run this code in cmd", are you talking about the command provided via the Oracle link you shared?
I don't know what exact command you are trying to run, but Windows is reporting FileNotFoundException for some file referenced in your command.
Created 11-13-2018 09:47 AM
Hi @Matt Clarke thank you for your answer,
by the way do you know where should i add this trustore or jks?
I have used keytool for generating jks file here is a link https://docs.oracle.com/cd/E19798-01/821-1751/ghlgv/index.html
but wheni run this code in cmd ( i use windows os) i got this error: Access denied FileNotFoundException.
what should i change to make this process properly?
Created 11-13-2018 03:46 PM
*** Community Forum Tip: Try to avoid starting a new answer in response to an existing answer. Instead use comments to respond to existing answers. There is no guaranteed order to different answer which can make it hard following a discussion.
Created 11-14-2018 05:00 AM
Created 11-14-2018 02:46 PM
I think you may have misunderstood me?
Below an existing "Answer" in this existing HCC thread you will see a "Add comment" link you can click on to respond to that existing answer. Just as I have done here.
I noticed you started an entirely new question in HCC with your response above about the truststore.