The second error message on bulletin indicating that any Hadoop configuration file could not be found. Please check file path configured at 'Hadoop Configuration Resources' of ListHDFS. It should point at core-site.xml and hdfs-site.xml, and should be accessible by the user running NiFi. ... View more

Hello @mayki wogno Yes, a VIP should work as an URL of RPG. A load balancer such as HAProxy can also be used in front of a NiFi cluster and use its host:port as RPG URL. After RPG got cluster information from the such URL (propagating the request to one of NiFi node), it will access each node with its IP or hostname directly to transfer data. Also, there's an ongoing effort to allow multiple URLs as RPG URL to avoid making it a SPOF: https://issues.apache.org/jira/browse/NIFI-3026 ... View more

@Saikrishna Tarapareddy I hadn't read this comment when I wrote a reply few seconds ago. Glad to hear that it worked! ... View more

Hi @Saikrishna Tarapareddy Please double check the 'CN=nifistos, OU=nestle' user has right policy settings to use Site-to-Site. The user needs 'retrieve site-to-site details' in global policies (top-right menu) 'receive data via site-to-site' policy of the Input Port (select the Input Port and click the key icon on the operation palette on the left) Once the user got authenticated, the all authorization checks the user has to pass are above two policies. ... View more

Hi @Saikrishna Tarapareddy Did you add the remote NiFi's cert or its CA cert to local NiFi's truststore? You also need to add the local NiFi cert or its CA cert to the remote NiFi's truststore. The error message usually indicates that the cert is not trusted because it was unable to find valid certification path. Please use keytool command looks like below, to add certs into a truststore: keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias" Thanks, Koji ... View more

@Matt Thanks for the clarification! @Saikrishna Tarapareddy I tried setup a secured NiFi instance configured with LDAP and access it from a unsecured NiFi instance. It worked as expected. I wrote up a summary in this blog. http://ijokarumawak.github.io/nifi/2016/11/15/nifi-auth/ Please let us know if you need further assistance. Thanks, Koji ... View more

@Saikrishna Tarapareddy Hi, 1. No, different keystore and truststore can be used. 2. Yes, you have to grant the user access to 'retrieve site-to-site' and 'receive data via site-to-site'. The remote NiFi will authenticate the local NiFi using local NiFi's client cert DN. You might have to map the DN to a LDAP user if LDAP is used to authorization. You can find following settings to map user identities among different authentication mechanisms: # Identity Mapping Properties # # These properties allow normalizing user identities such that identities coming from different identity providers # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing # DNs from certificates and principals from Kerberos into a common identity string: # # nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ # nifi.security.identity.mapping.value.dn=$1@$2 I haven't tried LDAP into the mix, so when I have time, I'll try to confirm it works as expected. Regards, Koji ... View more

Hello, First of all, excuse me if I'm wrong, but HHTP is HTTP? I couldn't find resources with HHTP if it's another protocol. But for HTTP, NiFi has a lot. If it's simple GET or POST requests, I'd recommend GetHTTP, PostHTTP, or InvokeHTTP. Or if you need to do some processing after receiving HTTP request and before returning response, HandleHttpRequest and HandleHttpResponse can be helpful. Thanks! ... View more