About chhaya_vishwaka

chhaya_vishwaka · ‎02-11-2020

@MattWho ill try to delete local state directory and restart nodes , is there anything else I should look into ?

chhaya_vishwaka · ‎02-10-2020

@MattWho thanks for the inputs I was able to resolve user certificate issue, but my UI is stuck with below issue. I' m not sure why its still referring to http port. It's kind of weird , can you please advise ? java.net.ConnectException: Failed to connect to hostname/ip:8080

chhaya_vishwaka · ‎02-09-2020

@MattWho I added client certificate in my browser . Below are steps i followed I setup initial admin indentity in nifi conf as "Admin" Got client cert for "Admin" from IT team added cert in my browser. Below is logline from my nifi-user.log. "2020-02-10 11:18:54,677 INFO [main] o.a.n.a.FileAccessPolicyProvider Populating authorizations for Initial Admin: Admin 2020-02-10 11:18:54,693 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Mon Feb 10 11:18:54 SGT 2020 2020-02-10 11:19:12,609 INFO [NiFi Web Server-48] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. 2020-02-10 11:19:12,641 INFO [NiFi Web Server-36] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response." 2020-02-10 11:19:12,666 INFO [NiFi Web Server-48] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifi-host1, OU=nifi, O=Liongate, L=nifi, ST=SG, C=SG) GET https://localhost:8443/nifi-api/flow/current-user (source ip: <ip>) 2020-02-10 11:19:12,673 INFO [NiFi Web Server-48] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifi-host1, OU=nifi, O=nifi, L=SG, ST=SG, C=SG 2020-02-10 11:19:12,738 INFO [NiFi Web Server-48] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[CN=nifi-host1, OU=nifi, O=nifi, L=SG, ST=SG, C=SG], groups[] does not have permission to access the requested resource. Unable to view the user interface. Returning Forbidden response. 2020-02-10 11:22:11,245 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Mon Feb 10 11:22:11 SGT 2020

chhaya_vishwaka · ‎02-06-2020

I'm stuck user certificate step if someone can help to understand on how to get these certs my nifi UI give "Insufficient Permissions"

chhaya_vishwaka · ‎02-06-2020

Hi @justin_brock Believe you were able to fix certificate issue ? I'm have enables ssl for NIFI in CDF but facing "ERR_BAD_SSL_CLIENT_AUTH_CERT" here is link to my question of community https://community.cloudera.com/t5/Support-Questions/Unable-to-open-NIFI-web-UI-after-TLS/m-p/289190#M214098 could you please help me with steps you followed to resolve issue ?

chhaya_vishwaka · ‎02-06-2020

Hi @MattWho I have checked configurations as mentioned by you but still I'm stuck at same issue, can you advise ?

chhaya_vishwaka · ‎02-05-2020

Hi All, I enabled TLS for NIFI web UI ( CDF ) , while services are running fine on cluster I'm unable to access NIFI web UI from my browser. Below are the steps I followed please suggest what might be causing issue ? I repeated below steps for all the machines in my nifi cluster 1. Received signed host certificate from IT team ( <hostname>.pem ) , also rootca (root.pem) 2. Copy the JDK cacerts file to jssecacerts as follows: sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/jssecacerts 3. import rootca cert into JKS store sudo $JAVA_HOME/bin/keytool -importcert -alias rootca -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file /opt/cloudera/security/pki/root.pem 4. Created JKS and imported host certificate in keystore. $JAVA_HOME/bin/keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keystore /opt/cloudera/security/pki/$(hostname -f).jks -keysize 2048 -dname "CN=$(hostname -f),OU=Engineering,O=Cloudera,L=Singapore,ST=Singapore,C=Singapore" -ext san=dns:$(hostname -f) sudo $JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks 5. creating symlinks sudo ln -s /opt/cloudera/security/pki/$(hostname -f).pem /opt/cloudera/security/pki/agent.pem sudo ln -s /opt/cloudera/security/pki/$(hostname -f).jks /opt/cloudera/security/pki/server.jks 6. Enabled TLS from Cloudera Manager for NIFI 7. Restarted services from Cloudera manager 8. Unable to access from Browser

chhaya_vishwaka · ‎02-05-2020

thanks @paras

chhaya_vishwaka · ‎01-30-2020

Hi All, I'm trying to enable TLS for Cloudera Manager admin console , below are the commands I followed. 1. Received signed host certificate from IT team ( <hostname>.pem ) , also rootca (root.pem) 2. Copy the JDK cacerts file to jssecacerts as follows: sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/jssecacerts 3. import rootca cert into JKS store sudo $JAVA_HOME/bin/keytool -importcert -alias rootca -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file /opt/cloudera/security/pki/root.pem 4. Created JKS and imported host certificate in keystore. $JAVA_HOME/bin/keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keystore /opt/cloudera/security/pki/$(hostname -f).jks -keysize 2048 -dname "CN=$(hostname -f),OU=Engineering,O=Cloudera,L=Singapore,ST=Singapore,C=Singapore" -ext san=dns:$(hostname -f) sudo $JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks 5. creating symlinks sudo ln -s /opt/cloudera/security/pki/$(hostname -f).pem /opt/cloudera/security/pki/agent.pem sudo ln -s /opt/cloudera/security/pki/$(hostname -f).jks /opt/cloudera/security/pki/server.jks 6. Enabled TLS from Cloudera Manager admin console Property Description Cloudera Manager TLS/SSL Server JKS Keystore File Location The complete path to the keystore file. For example: /opt/cloudera/security/pki/server.jks Cloudera Manager TLS/SSL Server JKS Keystore File Password The password for the /opt/cloudera/security/jks/server.jks keystore. Use TLS Encryption for Admin Console Check this box to enable TLS encryption for Cloudera Manager. 7. Restart Cloudera Manager server Cloudera manager starting successfully however I'm not able to open admin console from browser sudo netstat -tulpn | grep 7183 tcp 0 0 0.0.0.0:7183 0.0.0.0:* LISTEN 4664/java I'm getting below error on browser page This site can’t provide a secure connection 1.1.1.1 uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite. Can someone please suggest what am I missing here ?

chhaya_vishwaka · ‎09-02-2019

@adelgacem can you share sample for how you invoked Oozie using InvokHttp processor? I'm trying to run Oozie workflow from NIFI it will be a great help if you can share NIFI processor configuration details.

Online	Offline
Last Visited	‎08-02-2022 05:01 AM

Member Since	‎06-30-2019 11:40 PM
Last Visited	‎08-02-2022 05:01 AM
Posts	41

Cloudera Community

Re: Unable to open NIFI web UI after TLS

Re: Unable to open NIFI web UI after TLS

Re: Unable to open NIFI web UI after TLS

Re: Unable to open NIFI web UI after TLS

Re: Truststore Keystore Certificate error when usi...

Re: Unable to open NIFI web UI after TLS

Unable to open NIFI web UI after TLS

Re: Enabling TLS for Cloudera Manager admin consol...

Enabling TLS for Cloudera Manager admin console

Re: How to use NiFi to launch a Oozie workflow job...