y_i
Explorer
My Accepted Solutions
Show All

Minifi-NiFi remote process group fails to connect

by Explorer in Support Questions
‎04-08-2020 02:54 AM
‎04-08-2020 02:54 AM
Hi,   I have a minifi-0.5.0 configured as a service in a pi to send data to a nifi  1.9.2 in an aws node via 4G module.   I am observing that on almost 50% of the time that the service starts, data does not flow to nifi via a remote PG.   In the log the issue is shown as below:   2020-04-08 14:39:42,917 WARN [Timer-Driven Process Thread-1] o.a.nifi.remote.client.http.HttpClient Penalizing a peer Peer[url=<my URL>] due to java.io.IOException: Unexpected response code: 404 errCode:Abort errMessage:Unable to find port with id '01e59779-016e-1000-29f6-b28702b9d511'. 2020-04-08 14:39:42,919 INFO [Timer-Driven Process Thread-1] o.a.nifi.remote.client.http.HttpClient Couldn't find a valid peer to communicate with.   I can see that the issue is something to do with the input port of the RPG, configured in config.yml here:    MiNiFi Config Version: 3 Flow Controller: name: <name>V0.02 comment: '' Core Properties: flow controller graceful shutdown period: 10 sec flow service write delay interval: 500 ms administrative yield duration: 30 sec bored yield duration: 10 millis max concurrent threads: 1 variable registry properties: '' FlowFile Repository: partitions: 256 checkpoint interval: 2 mins always sync: false Swap: threshold: 20000 in period: 5 sec in threads: 1 out period: 5 sec out threads: 4 Content Repository: content claim max appendable size: 10 MB content claim max flow files: 100 always sync: false Provenance Repository: provenance rollover time: 1 min implementation: org.apache.nifi.provenance.MiNiFiPersistentProvenanceRepository Component Status Repository: buffer size: 1440 snapshot frequency: 1 min Security Properties: keystore: '' keystore type: '' keystore password: '' key password: '' truststore: '' truststore type: '' truststore password: '' ssl protocol: '' Sensitive Props: key: algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL provider: BC Processors: - id: 1c28bf57-3237-39d3-0000-000000000000 name: ListenUDP:5555 class: org.apache.nifi.processors.standard.ListenUDP max concurrent tasks: 1 scheduling strategy: TIMER_DRIVEN scheduling period: 0 sec penalization period: 30 sec yield period: 1 sec run duration nanos: 0 auto-terminated relationships list: [] Properties: Character Set: UTF-8 Local Network Interface: Max Batch Size: '1' Max Size of Message Queue: '10000' Max Size of Socket Buffer: 1 MB Message Delimiter: \n Port: '5555' Receive Buffer Size: 65507 B Sending Host: Sending Host Port: Controller Services: [] Process Groups: [] Input Ports: [] Output Ports: [] Funnels: [] Connections: - id: ce64ed58-820f-3467-0000-000000000000 name: ListenUDP:5555/success/01e59779-016e-1000-29f6-b28702b9d511 source id: 1c28bf57-3237-39d3-0000-000000000000 source relationship names: - success destination id: 01e59779-016e-1000-29f6-b28702b9d511 max work queue size: 10000 max work queue data size: 1 GB flowfile expiration: 0 sec queue prioritizer class: '' Remote Process Groups: - id: 56c5ff5a-aba7-3fbd-0000-000000000000 name: '' url: <My URL> comment: '' timeout: 30 sec yield period: 10 sec transport protocol: HTTP proxy host: '' proxy port: '' proxy user: '' proxy password: '' local network interface: '' Input Ports: - id: 01e59779-016e-1000-29f6-b28702b9d511 name: ship-data comment: '' max concurrent tasks: 1 use compression: false Output Ports: [] NiFi Properties Overrides: {}     When the WARN occurs, it just keeps repeating the warning and never recovers. The pi itself has internet access - I can SSH in via WiFi and ping google for example. Restarting the minifi service fixes the issue, but not every time - I have to restart it a few times sometimes.   Could I please ask for some advice on this issue. TIA. ... View more

NiFi queues drop dramatically when rebooted

by Explorer in Support Questions
‎05-24-2019 01:17 AM
‎05-24-2019 01:17 AM
Hi, Running NiFi 1.7.1 on Ubuntu 18.04. I have a nifi instance on a physical laptop on one site sending SCADA and local resource monitoring data via S2S to another nifi instance in AWS. Every day I have the laptop rebooting using cronjob. I have noticed that the queue size drops about 10MB when the reboot occurs. I thought nifi keeps the contents of the queue even when rebooted. Can I please ask for advice on how I can diagnose this, and to make sure there is no data being lost. I am trending the data on the AWS side and there doesn't seem to be any breaks... Below are trends of the resource monitoring on the laptop. The reboot occurs at 0400. Thank you ... View more
Labels:

Re: NiFi does not function properly when Ubuntu OS...

by Explorer in Support Questions
‎05-24-2019 12:00 AM
‎05-24-2019 12:00 AM
Worked it out - Ubuntu wired setting "Make Available to Other Users" was not set which was disabling the network when logged out. ... View more

NiFi does not function properly when Ubuntu OS is ...

by Explorer in Support Questions
‎01-22-2019 08:57 AM
‎01-22-2019 08:57 AM
Hi, I have NiFi 1.7.1 running as a service on Ubuntu 18.04. The service is running under root. The instance is set up to gather modbus data on a network using a custom processor, and send the data via S2S to another instance on a separate machine. The instance is also gathering other data such as nifi resources and sending them via S2S as well. My issue is that for some reason, when there is no user logged in to ubuntu, the flow of modbus data stops. Either via the ubuntu GUI or SSH. when I log back in, the flow starts back up. I cannot check if the service is running directly as I would need to log in for that, but the non modbus data continues to flow via S2S so I think the service is running. There doesn't seem to be anything obvious in the nifi-app.log, or bootstrap logs. Has anybody encountered unusual behaviour when the OS is not logged in? Thank you ... View more
Labels:

Difference between Ambari Reporting task and Site ...

by Explorer in Support Questions
‎10-05-2018 12:52 AM
‎10-05-2018 12:52 AM
Hi, NIFI 1.4.0/1.5.0. Is there a difference in what gets sent via Ambari Reporting Task and Site to Site Reporting tasks? Thanks ... View more

Monitoring NiFi: Alternatives to Ambari?

by Explorer in Support Questions
‎09-27-2018 06:26 AM
‎09-27-2018 06:26 AM
Hello, I have multiple NiFi instances in separate AWS EC2 instances. I'd like to monitor them all in one dashboard or location. As these guys were not deployed by Ambari, that option may not be the best. Could I please request suggestions on how I should monitor the instances? Thank you ... View more

Re: Connecting existing standalone NiFi to Ambari

by Explorer in Support Questions
‎09-27-2018 06:23 AM
‎09-27-2018 06:23 AM
Hi Akhil, It was helpful but I still do not have a solution for monitoring my NIFI instances. I will post a separate query. Thanks ... View more

Re: Connecting existing standalone NiFi to Ambari

by Explorer in Support Questions
‎09-25-2018 01:06 AM
‎09-25-2018 01:06 AM
Also, I am only after monitoring, not management. ... View more

Re: Connecting existing standalone NiFi to Ambari

by Explorer in Support Questions
‎09-25-2018 12:59 AM
‎09-25-2018 12:59 AM
Hi Akhil, Thanks for the prompt response. Is it possible to channel metrics from a standalone NiFi through an Ambari deployed Nifi to the Ambari dashboard? Thank you ... View more

Connecting existing standalone NiFi to Ambari

by Explorer in Support Questions
‎09-21-2018 06:36 AM
‎09-21-2018 06:36 AM
Hi, I am keen to use Ambari to monitor my NiFi instances. I am running multiple standalone nifi instances on AWS EC2 machines. NiFi 1.5.0. However there doesn't seem to be any steps outlined to connect existing multiple nifi instances to a single Ambari. Could I please request some guidance on this? Thank you ... View more

NiFi ListenTCP 1.4.0 "Rejecting Connections from x...

by Explorer in Support Questions
‎05-18-2018 06:54 AM
‎05-18-2018 06:54 AM
Hi there, I am using a ListenTCP to capture data coming from an Arduino on a TCP port over WiFi. When there is a loss of comms over wifi for various reasons (loss of signal, power cut), the Arduino is programmed to attempt to connect back when connection is restored. I am seeing at times the max connections warning as the arduino attemps to reconnect, and it is unable to regain data flow for a long time - it seems to be a random amount of time from a few minutes up to half an hour. I have had a look at this article https://community.hortonworks.com/questions/90478/how-to-release-occupied-connections-in-listentcp-p.html which suggests that the Arduino side should close the connection, however during an abrupt connection loss, NiFi would not be able to detect a closure. Does anybody know if there is a set timeout period on the max connections condition? Is there a way to control how the max connection warning is triggered? Thank you ... View more
Labels:

Re: Securing S2S between two secured NiFi instance...

by Explorer in Support Questions
‎03-15-2018 12:35 AM
‎03-15-2018 12:35 AM
Hi Andy, Just letting you know that I got this working. Thank you for your help. What I did was to exchange the two nifi-cert.pem files between the two nifi instances and import them in the opposing truststores. At that point the RPG's status became "Forbidden". I then looked at the nifi-users.log file on the target Nifi, and I could see that the there was a user with DN (CN=<Nifi Instance 1 IP>, OU=NIFI) that was trying to authenticate. So I added that user in the target nifi, added to the global S2S policy and the individual port policies and voila! cheers ... View more

Re: Securing S2S between two secured NiFi instance...

by Explorer in Support Questions
‎02-22-2018 06:47 AM
‎02-22-2018 06:47 AM
Hi Andy, thanks for your persistence. Made the change to the URL to look at port 8443. Still same warning about the trust anchors. I don't think I am importing the private key to the truststore of either instances. The .p12 file that the TLS Toolkit produces should be a certificate with the public key. It's the same file I import to a browser for it to access the Nifi UI. I don't understand why the nifi instances themselves have trouble authenticating. is the root public key the .pem file that is created by the toolkit? the .key file appears to be the private key. Thank you ... View more

Re: Securing S2S between two secured NiFi instance...

by Explorer in Support Questions
‎02-18-2018 09:29 AM
‎02-18-2018 09:29 AM
Because the error message was referencing a previous instance IP, I have re-done the keystore and truststore on both instances using the TLS Toolkit. The commands I used on each instance were /data/download/nifi-toolkit-1.4.0/bin/tls-toolkit.sh standalone -n '<Nifi Instance 1 IP>' -C 'CN=Admin1,OU=DevOU' -O -o /data/security /data/download/nifi-toolkit-1.4.0/bin/tls-toolkit.sh standalone -n '<Nifi Instance 2 IP>' -C 'CN=Admin2,OU=DevOU' -O -o /data/security This produced the standard files on each instance, which I have incorporated to the conf folder. The .p12 files I imported to my browser, and I can securely access the UI of the instances as Admin1 or Admin2 after modifying the authorizers.xml and authorzed-users.xml. (port 8443). The S2S comms however is still giving me a headache. The S2S properties are as follows. The difference between the two instances is the IP number. I understand that you shouldn't need to have the IP number on the RPG instance side, but it seemed to work with the numbers on both sides when I had Nifi unsecured, so i have left them in. nifi.remote.input.host=<Nifi instance IP> nifi.remote.input.secure=true nifi.remote.input.socket.port=8899 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec # web properties # nifi.web.war.directory=./lib nifi.web.http.host= nifi.web.http.port=8080 nifi.web.http.network.interface.default= nifi.web.https.host= nifi.web.https.port=8443 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 I am using the 8899 port to have secure RAW protocol. On instance 1 the RPG I have set the URL to be https://<instance 2 IP>:8899/nifi/ with RAW protocol. I then imported the .p12 generated on each instance to the truststore of the other, using the keytool command keytool -v -importkeystore -srckeystore CN=Admin1_OU=DevOU.p12 -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS I now have an error on the RPG as follows: I'm pretty sure the issue is authentication. My thinking is that the truststore of instance 1 needs the private key of instance 2 imported and vice versa. I had thought if I imported the .p12 files this would do the trick but it has failed. I thought about the tutorial by Bryan and added users on both instances "CN=Admin1, OU=DevOU", "CN=Admin2, OU=DevOU" and even the one in the tutorial "CN=localhost, OU=NIFI" and gave each user policies for the site to site retrieval and added the users to the port policies too, but the error remains. I've tried different combination of RAW and HTTPS in the S2S properties but they don't seem to help. If I can get any further guidance, that would be appreciated. Thank you ... View more

Re: Securing S2S between two secured NiFi instance...

by Explorer in Support Questions
‎02-15-2018 07:07 AM
‎02-15-2018 07:07 AM
Hi I have just had a go at the tutorial but there's a few aspects that is confusing me. The toolkit will generate nifi.property files for the two instances but their S2S properties are as follows: # Site to Site properties instance 1 nifi.remote.input.host=localhost nifi.remote.input.secure=true nifi.remote.input.socket.port=10443 nifi.remote.input.http.enabled=true ifi.remote.input.http.transaction.ttl=30 sec # Site to Site properties instance 2 nifi.remote.input.host=localhost nifi.remote.input.secure=true nifi.remote.input.socket.port=10444 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec Would I be correct in saying if I set up an RPG on instance 2 to point to Instance 1, I'd have to set it up with https://<Instance 1 IP>:10443/nifi ? How does the instance know which user to use, to access the ports etc? if I set up more users with less privileges, how would the instance know which one to use? I am guessing that because the nifi.remote.input.secure is set to true, it is not possible to secure a RAW protocol? Thank you ... View more

Re: Securing S2S between two secured NiFi instance...

by Explorer in Support Questions
‎02-15-2018 06:15 AM
‎02-15-2018 06:15 AM
Hi Andy thanks for the response, I'll try to adapt the Bryan's tutorial to my application and report back. His tutorial seems to be for two NiFi instances running on one machine. My application is two NiFis running on separate cloud machines. Not sure if it makes a big difference. In the meantime here's the errors I get on my RPG. It's interesting that it seems to be referencing the 5... IP address. That was used on an EC2 instance that I created an image from, and I created this instance from that image. Thank you ... View more

Securing S2S between two secured NiFi instances on...

by Explorer in Support Questions
‎02-14-2018 07:36 AM
‎02-14-2018 07:36 AM
Hi, I am trying to set up two NiFis (v1.4.0) on separate AWS EC2 instances and have them communicate securely. I have secured each NiFi so you need SSL authentication to access the UI on a browser. However I am not able to have the two instances communicate S2S. I have had success with UNSECURED NiFi instances with them communicating on RAW protocol. However I don't think it's secure so would like to lock down the S2S comms, as well as NiFi UI access as well. I'm pretty sure the properties nifi.remote.input.* and nifi.web.* are the ones to modify, but am confused as I can't seem find an example on the web for securing both the UI browser access and S2S comms. Could somebody please point me in the right direction? Thank you ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎04-08-2020 09:20 PM
Public Statistics
Date Registered ‎02-14-2018 07:23 AM
Last Visited ‎04-08-2020 09:20 PM
Total Messages Posted 17