Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

tls-toolkit.sh client error: "Service client error: null"

Solved Go to solution
Highlighted

tls-toolkit.sh client error: "Service client error: null"

New Contributor

Hello,

I'm trying to configure an AWS AMI as a preconfigured NiFi node which is ready to join my existing 3 node NiFi cluster.

I took an image of a working node, where I have successfully ran the tls-toolkit.sh in client mode to point to one of the nodes which is running tls-toolkit in server mode. I've been able to use the toolkit on all 3 working nodes to get a secure cluster up and running.

On a new instance which was deployed using the image of the working node, I'm now trying to run the tls-toolkit in client mode to get a signed cert from the CA node (nifi-01), and am getting the following error:

root@ip-10-20-100-82:/etc/nifi/pki# bash /etc/nifi/nifi-toolkit-1.5.0/bin/tls-toolkit.sh client -c nifi-01 -t mytoken -p 10000
Service client error: null
Usage: tls-toolkit service [-h] [args]
Services:
   standalone: Creates certificates and config files for nifi cluster.
   server: Acts as a Certificate Authority that can be used by clients to get Certificates
   client: Generates a private key and gets it signed by the certificate authority.
   status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.

Since this is an image of a working node, everything regarding Java, JAVA_HOME, etc is all exactly the same.

I verified that this new node can resolve and connect to nifi-01 on port 10000. I used tcpdump to watch for traffic between the 2 when running the toolkit, and there is no traffic generated.

Please help!

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: tls-toolkit.sh client error: "Service client error: null"

New Contributor

I figured it out.

The system that runs tls-toolkit in client mode first attempts to resolve it's hostname. If it receives a SERVFAIL in response, you get the error above.

You can resolve it by either adding a new A record to the DNS server(s), or as a workaround, add an entry to the /etc/hosts file for that system's hostname and IP.

1 REPLY 1

Re: tls-toolkit.sh client error: "Service client error: null"

New Contributor

I figured it out.

The system that runs tls-toolkit in client mode first attempts to resolve it's hostname. If it receives a SERVFAIL in response, you get the error above.

You can resolve it by either adding a new A record to the DNS server(s), or as a workaround, add an entry to the /etc/hosts file for that system's hostname and IP.