Cloudera Community
MattWho
user rank
user rank
Master Mentor

Re: SSLError CertificateError - hostname 'dev.exam...

by New Contributor in Support Questions
‎02-02-2021 11:57 PM
‎02-02-2021 11:57 PM
@tusharkathpal @MattWho    Thanks, Guys for the help.   I have tried it out the same using following command   ``` ./tls-toolkit.sh standalone -n 'nifi-node1,nifi-node2,nifi-node3' -C 'CN=admin, OU=NIFI' --nifiDnPrefix 'CN=' --nifiDnSuffix ', C=IN' -K randompassword -P randompassword -S randompassword -B randompassword -o /tmp/5/certs/ssl --subjectAlternativeNames 'dev.example.com' ```   While deployment, It's giving me following error and killing the containers     2021-02-03 07:52:41,921 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down. java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)   -----------------  Update -----------------   Above issue was introduced in the latest version (1.12.x): https://issues.apache.org/jira/browse/NIFI-7730   Issue resolved by adding 'dev.example.com' as an additional SAN entry and by upgrading the NiFi version to nifi-1.13.0 (dev)   ... View more

Re: MiNiFi to NiFi S2S load balancing does not wor...

by Master Mentor Master Mentor in Support Questions
‎02-02-2021 06:41 AM
1 Kudo
‎02-02-2021 06:41 AM
1 Kudo
@Arash    In your 4 node NiFi cluster, what value do you have set in the "nifi.remote.input.host" property in the nifi.properties file for each of the 4 nodes?  It should be the FQDN for each node and not be the same value on all 4 nodes. Form the host where MiNiFi is running, can all 4 of those FQDNs be resolved and reachable over the network?  If not, MiNiFI RPG is only going to be able to send successfully to one FQDN it can reach. When the RPG is started it reaches out to the URL configured in the RPG to obtain S2S details from the target host.  That target host collects the host details for all currently connected nodes in the cluster and communicates that back to the client (MiNiFi).   If all 4 nodes report the same configured FQDN in the "nifi.remote.input.host" property, then client only knows of one FQDN to which it can send FlowFiles over Site-To-Site (S2S). To improve redundancy in the RPG, you can provide a comma separated list of URLS in the RPG configuration so if any one node is down, the RPG can try fetch S2S details from the next host in the comma separated list. Hope this helps, Matt ... View more

Re: Failed to connect node to cluster because loca...

by Master Mentor Master Mentor in Support Questions
‎02-02-2021 06:28 AM
‎02-02-2021 06:28 AM
@Abdullah    If the sensitive props key value is obscured in the globals.xml file, you are running a newer version fo CFM then 1.0.0 where the bug existed where each node in the NiFi cluster ended up with a different random sensitive props key.  In CFM 1.0.1 and newer, the user is required to set this property (it is not longer set to a random value when left blank).  So perhaps you are having a different issue here? Did you change the sensitive props key in your CFM NiFi configs and then had an issue with starting your NiFi?  I suggest starting a new question in the community since you are having a different issue than what is described in this thread. ... View more

Re: Nifi simple authentication NOT SSL with Openld...

by Master Mentor Master Mentor in Support Questions
‎02-01-2021 01:13 PM
1 Kudo
‎02-01-2021 01:13 PM
1 Kudo
@JorgeO    Looking at your nifi-user.log output we see the caused by line as: Caused by: org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 2   This means that your LDAP/AD returned two results instead of only one.  NiFi then has not idea which of those returns is the correct one it should be using. So this either an issue within your LDAP/AD or an issue within your current login-identity-providers.xml filters.  But your last shared file looks fine to me. I would suggest using the ldapsearch command to run a ldap query outside of NiFi to see what returns you get for your admin user (cn=<admin user>) Hope this helps, Matt ... View more

Re: Nifi Expression language ifelse in ReplaceText...

by Master Mentor Master Mentor in Support Questions
‎01-25-2021 06:19 AM
‎01-25-2021 06:19 AM
@adhishankarit  The issues is being caused by the line returns used in the middle of the NiFi NiFiExpression Language (EL) ifElse() function you are using. The text box where you enter your NiFi EL uses a NiFi editor that highlights to show proper EL format.  You'll notice your EL stops highlighting once you reach first line return. So you'll notice character 32 is the first single quote character.  Since EL breaks at this point it fails to find the matching second expected single quote. This leaves you with two options: 1. Create flat json without the line returns. 2. Looking at result you are trying to achieve, design your NiFi EL differently: Note proper NiFi EL highlighting above. Hope this helps, Matt ... View more

Re: NiFi Load balancing, internal or external

by Explorer in Support Questions
‎01-21-2021 08:50 AM
‎01-21-2021 08:50 AM
Thank Matt,   Stunningly detailed replay and very much appreciated.   Dave ... View more

Re: AttributesToJson into Elasticsearch doesn't wo...

by Master Mentor Master Mentor in Support Questions
‎01-21-2021 07:06 AM
‎01-21-2021 07:06 AM
@Lallagreta  Make sure you do not have any line returns in the values for your dynamic properties added in the UpdateAttribute processor.  When you click on the value field for each property you should not see a line "2". For example: Above would result in the value assigned to the FlowFile Attribute having a line return.  If this is the case, edit the properties value(s) to remove the line returns so you only see one line (1). Hope this helps, Matt ... View more

Re: Nifi Site To Site Input port not seen by RPG

by New Contributor in Support Questions
‎01-15-2021 06:55 AM
‎01-15-2021 06:55 AM
Hi Matt,   Thank you for the details. Let me go over your reply and the settings one more time and get back to you. Thanks again.   Lee ... View more

Re: ExecuteSQL does not let go of threads

by Explorer in Support Questions
‎01-05-2021 09:47 PM
1 Kudo
‎01-05-2021 09:47 PM
1 Kudo
Thank you Matt! Altering the "Max Wait Time" value was a game-changing move. I still need to improve it. But the thread problem is fixed now. ... View more

Re: Could not connect to Distributed Map Cache ser...

by Master Mentor Master Mentor in Support Questions
‎01-05-2021 10:49 AM
‎01-05-2021 10:49 AM
@kiranps11    Did you add and start a "DistributedMapCacheServer" controller service running on port 4557? The "DistributedMapCacheClientService" controller service only creates a client that is used to connect to a server you must also create.  Keep in mind that the DistributedMapCacheServer does not offer High Availability (HA). Enabling this controller services will start a DistributedMapCacheServer on each node in your NiFi cluster, but each of those servers do not talk to each other.  This is important to understand since you have configured your DMC Client to use localhost.  This means that each node in your cluster would be using its own DMC server rather than a single DMC server. For a HA solution you should be using an external map cache via one of the other client offerings like "HBase_2_ClientMapCacheService " or "RedisDistributedMapCacheClientService", but this would require you to setup that external HBAs or Redis server with HA yourself. Hope this helps, Matt ... View more
Contact Me
Online
Offline
Last Visited
‎06-10-2026 07:25 PM
Community Statistics
Member Since ‎07-30-2019 10:41 AM
Last Visited ‎06-10-2026 07:25 PM
Posts 3,471
Kudos received 1638