Member since 
    
	
		
		
		09-03-2017
	
	
	
	
	
	
	
	
	
	
	
	
	
	
			
      
                55
            
            
                Posts
            
        
                0
            
            
                Kudos Received
            
        
                0
            
            
                Solutions
            
        
			
    
	
		
		
		12-26-2018
	
		
		07:19 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @Aditya Sirna   Can you please suggest how to remove params. As I tried but unable to save the configuration and restart storm.    
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		05-08-2018
	
		
		06:17 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Hello,    Certificates were not created properly. I have compared another working certificate with this certificate and found mismatch.   I have verified certificate through openssl command and then I have copied required certificates from other working application server to issued one. Issue is resolved now but still unable find why below commands doesn't works on server  sudo /usr/jdk64/jdk1.8.0_112/bin/keytool -import -trustcacerts -noprompt -storepass xxxx -alias abc-sha2 -file /home/ec2-user/abc-sha2.cer -keystore /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		04-25-2018
	
		
		07:27 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @JZ   I have replaced keystore/truststore with below commands. Where Ab-ssl-sha2.cer is a certificate used to convert to keystore/truststore.   /usr/jdk64/jdk1.8.0_112/bin/keytool -import -file /home/Ab-ssl-sha2.cer -keystore /etc/nifi/3.0.1.1-5/0/keystore.jks -alias keystore_internal
/usr/jdk64/jdk1.8.0_112/bin/keytool -import -file /home/Ab-ssl-sha2.cer -keystore /etc/nifi/3.0.1.1-5/0/truststore.jks -alias truststore_internal
    Can you please suggest, where need to do changes? 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		04-24-2018
	
		
		02:35 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @JZ   I'm facing similar error.  I am using Nifi 1.2.0. with HTTPS and LDAPS. Recently I have updated the certificated and started facing below error.   I can access Nifi webgui.   When I'm trying to copy files from Nifi gui to S3, I'm getting the below errors.  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 50 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
<br>  I have kept, cacert files in java path  /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts<br>   and keystore/trustore files   /etc/nifi/3.0.1.1-5/0/keystore.jks
/etc/nifi/3.0.1.1-5/0/truststore.jks<br>  I not getting clear, where exactly valid certification path is located. If you know, please suggest. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		04-24-2018
	
		
		07:37 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 I Have faced similar error. In my case Nifi was running fine but in cluster, nodes was not connected. In nifi-app.log found below errors.   ERROR [Curator-Framework-0] o.a.c.f.imps.CuratorFrameworkImpl Background retry gave up
org.apache.curator.CuratorConnectionLossException: KeeperErrorCode = ConnectionLoss
  Solution - ZK services was not running. I have started first then started Nifi cluster. Now Nifi nodes are connected properly in a cluster and cluster is  running fine. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		04-18-2018
	
		
		09:31 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @JZ  Can you please suggest - as per https://community.hortonworks.com/questions/167502/nifi-ssl-unable-to-find-valid-certification-path-t.html 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		04-17-2018
	
		
		11:26 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Hi Team,  When I'm trying put a file in S3 through Nifi Web UI, getting below error.   Whether through Aws CLI, I can copy files to S3 from Nifi servers.   I have updated the cacerts file in below paths  /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts  /usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 50 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 56 common frames omitted
2018-04-17 01:33:54,624 ERROR [Timer-Driven Process Thread-3] o.a.nifi.processors.aws.s3.PutS3Object PutS3Object[id=9d2034-02b3e9b22] Error checking S3 Multipart Upload list for non-prod-on-prem-dropoff: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-04-17 01:33:54,694 ERROR [Timer-Driven Process Thread-3] o.a.nifi.processors.aws.s3.PutS3Object PutS3Object[id=9d202b3e9b22] Failed to put StandardFlowFileRecord[uuid=be294f52-c,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1523871738280-1, container=default, section=1], offset=50440, length=10088],offset=0,name=test3,size=10088] to Amazon S3 due to com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: {}
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
       
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
		
			
				
						
							Labels:
						
						
		
			
	
					
			
		
	
	
	
	
				
		
	
	
- Labels:
- 
						
							
		
			Apache NiFi
			
    
	
		
		
		12-14-2017
	
		
		02:28 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 I followed the steps given above but getting below error. 8080 port is not listening as ambari-server service is not running. I tried to start the service but it fails. Please suggest  curl -H "X-Requested-By: ambari" -X POST -u admin:admin http://192.168.10.10:8080/api/v1/blueprints/single-node-hdp-cluster -d @cluster_configuration.json
curl: (7) Failed connect to 192.168.10.10:8080; Connection refused
   
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		12-13-2017
	
		
		12:32 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @Kuldeep Kulkarni  Can you please elaborate step 4?  How do you created blueprint?  Where need to put this file "api/v1/blueprints" from this url "http://<ambari-hostname>:8080/api/v1/blueprints/<blueprint-name" ? 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		11-17-2017
	
		
		07:32 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 I found the solution. Issue is fixed now.   In my case, one of LDAP username is 'dvteam' but in LDAP database there was full description of username as 'architecture dev team, locations, team details, etc'.   Error messages I found in nifi-user.log. is 'architecture dev team' user was trying to authenticate with nifi nodes. Authentication was successful but authorizations not happening.   The username which I've mentioned in initial admin identity was 'dvteam'.(cn=dvteam,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) Then as per logs, I changed it to (cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com)   Also there was some mismatch about host names in node identities section. 'hostname -f' shows a hostname ip-zz-xx-ec2-internal. So, I have given 'ip-zz-xx-ec2-internal' in node identities section but that was not working. Then I have changed the hostnames to 'nifi1.abc.local' and mentioned in node identities.   In 'Template for login-identity-providers.xml' I've made some changes. Earlier I had set 'use_username' in '<property name="Identity Strategy">USE_DN</property>' this section.  later I've changed to use_dn. because as per nifi-user log authentication is happening with LDAP user 'architecture dev team'.   So in my case user_username was not working for authentications.  Every configurations changes I used to remove authorizations.xml and users.xml file from my all nifi nodes.   Also There was confusion on about 'OU' in Node identities section.   What does it mean OU in node identities section? I don't know yet.  Later I've mentioned 'OU=nifi' and also gave host names as 'nifi1.abc.local' , 'nifi2.abc.local', etc.  I have added AD/LDAP user in Initial Admin Identity(cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com)   After setting above all, I was facing an error about setting nifi.security.identity.mapping.pattern.dn.   There was a challenge about the pattern definition.   There was 4 'ou' I have defined in initial admin identities and login-identity-providers.xml.   So I've used below pattern and it worked well.   ^cn=(.?),ou=(.?),ou=(.?),ou=(.?),ou=(.?),dc=(.?),dc=(.?)$  Note: I have removed Ranger completely.   Thanks,  Suraj 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		 
        






