Cloudera Community
suraj_lawand
user rank
Explorer

Re: Storm - Supervisor and Nimbus dropping immedia...

by Explorer in Support Questions
‎12-26-2018 07:19 AM
‎12-26-2018 07:19 AM
@Aditya Sirna Can you please suggest how to remove params. As I tried but unable to save the configuration and restart storm. ... View more

Re: NiFi SSL - unable to find valid certification ...

by Explorer in Support Questions
‎05-08-2018 06:17 AM
‎05-08-2018 06:17 AM
Hello, Certificates were not created properly. I have compared another working certificate with this certificate and found mismatch. I have verified certificate through openssl command and then I have copied required certificates from other working application server to issued one. Issue is resolved now but still unable find why below commands doesn't works on server sudo /usr/jdk64/jdk1.8.0_112/bin/keytool -import -trustcacerts -noprompt -storepass xxxx -alias abc-sha2 -file /home/ec2-user/abc-sha2.cer -keystore /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts ... View more

Re: NiFi SSL - unable to find valid certification ...

by Explorer in Support Questions
‎04-25-2018 07:27 AM
‎04-25-2018 07:27 AM
@JZ I have replaced keystore/truststore with below commands. Where Ab-ssl-sha2.cer is a certificate used to convert to keystore/truststore. /usr/jdk64/jdk1.8.0_112/bin/keytool -import -file /home/Ab-ssl-sha2.cer -keystore /etc/nifi/3.0.1.1-5/0/keystore.jks -alias keystore_internal /usr/jdk64/jdk1.8.0_112/bin/keytool -import -file /home/Ab-ssl-sha2.cer -keystore /etc/nifi/3.0.1.1-5/0/truststore.jks -alias truststore_internal Can you please suggest, where need to do changes? ... View more

Re: NiFi SSL - unable to find valid certification ...

by Explorer in Support Questions
‎04-24-2018 02:35 PM
‎04-24-2018 02:35 PM
@JZ I'm facing similar error. I am using Nifi 1.2.0. with HTTPS and LDAPS. Recently I have updated the certificated and started facing below error. I can access Nifi webgui. When I'm trying to copy files from Nifi gui to S3, I'm getting the below errors. Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 50 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) <br> I have kept, cacert files in java path /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts<br> and keystore/trustore files /etc/nifi/3.0.1.1-5/0/keystore.jks /etc/nifi/3.0.1.1-5/0/truststore.jks<br> I not getting clear, where exactly valid certification path is located. If you know, please suggest. ... View more

Re: NiFi Cluster : Startup exception "Cluster is s...

by Explorer in Support Questions
‎04-24-2018 07:37 AM
‎04-24-2018 07:37 AM
I Have faced similar error. In my case Nifi was running fine but in cluster, nodes was not connected. In nifi-app.log found below errors. ERROR [Curator-Framework-0] o.a.c.f.imps.CuratorFrameworkImpl Background retry gave up org.apache.curator.CuratorConnectionLossException: KeeperErrorCode = ConnectionLoss Solution - ZK services was not running. I have started first then started Nifi cluster. Now Nifi nodes are connected properly in a cluster and cluster is running fine. ... View more

Re: PKIX path building failed. unable to find vali...

by Explorer in Support Questions
‎04-18-2018 09:31 AM
‎04-18-2018 09:31 AM
@JZ Can you please suggest - as per https://community.hortonworks.com/questions/167502/nifi-ssl-unable-to-find-valid-certification-path-t.html ... View more

PKIX path building failed. unable to find valid ce...

by Explorer in Support Questions
‎04-17-2018 11:26 AM
‎04-17-2018 11:26 AM
Hi Team, When I'm trying put a file in S3 through Nifi Web UI, getting below error. Whether through Aws CLI, I can copy files to S3 from Nifi servers. I have updated the cacerts file in below paths /usr/jdk64/jdk1.8.0_112/jre/lib/security/cacerts /usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 50 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 56 common frames omitted 2018-04-17 01:33:54,624 ERROR [Timer-Driven Process Thread-3] o.a.nifi.processors.aws.s3.PutS3Object PutS3Object[id=9d2034-02b3e9b22] Error checking S3 Multipart Upload list for non-prod-on-prem-dropoff: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2018-04-17 01:33:54,694 ERROR [Timer-Driven Process Thread-3] o.a.nifi.processors.aws.s3.PutS3Object PutS3Object[id=9d202b3e9b22] Failed to put StandardFlowFileRecord[uuid=be294f52-c,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1523871738280-1, container=default, section=1], offset=50440, length=10088],offset=0,name=test3,size=10088] to Amazon S3 due to com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: {} com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ... View more
Labels:

Re: Automate HDP installation using Ambari Bluepri...

by Explorer in Community Articles
‎12-14-2017 02:28 PM
‎12-14-2017 02:28 PM
I followed the steps given above but getting below error. 8080 port is not listening as ambari-server service is not running. I tried to start the service but it fails. Please suggest curl -H "X-Requested-By: ambari" -X POST -u admin:admin http://192.168.10.10:8080/api/v1/blueprints/single-node-hdp-cluster -d @cluster_configuration.json curl: (7) Failed connect to 192.168.10.10:8080; Connection refused ... View more

Re: Automate HDP installation using Ambari Bluepri...

by Explorer in Community Articles
‎12-13-2017 12:32 PM
‎12-13-2017 12:32 PM
@Kuldeep Kulkarni Can you please elaborate step 4? How do you created blueprint? Where need to put this file "api/v1/blueprints" from this url "http://<ambari-hostname>:8080/api/v1/blueprints/<blueprint-name" ? ... View more

Re: How to give permissions to users to access Nif...

by Explorer in Support Questions
‎11-17-2017 07:32 AM
‎11-17-2017 07:32 AM
I found the solution. Issue is fixed now. In my case, one of LDAP username is 'dvteam' but in LDAP database there was full description of username as 'architecture dev team, locations, team details, etc'. Error messages I found in nifi-user.log. is 'architecture dev team' user was trying to authenticate with nifi nodes. Authentication was successful but authorizations not happening. The username which I've mentioned in initial admin identity was 'dvteam'.(cn=dvteam,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) Then as per logs, I changed it to (cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) Also there was some mismatch about host names in node identities section. 'hostname -f' shows a hostname ip-zz-xx-ec2-internal. So, I have given 'ip-zz-xx-ec2-internal' in node identities section but that was not working. Then I have changed the hostnames to 'nifi1.abc.local' and mentioned in node identities. In 'Template for login-identity-providers.xml' I've made some changes. Earlier I had set 'use_username' in '<property name="Identity Strategy">USE_DN</property>' this section. later I've changed to use_dn. because as per nifi-user log authentication is happening with LDAP user 'architecture dev team'. So in my case user_username was not working for authentications. Every configurations changes I used to remove authorizations.xml and users.xml file from my all nifi nodes. Also There was confusion on about 'OU' in Node identities section. What does it mean OU in node identities section? I don't know yet. Later I've mentioned 'OU=nifi' and also gave host names as 'nifi1.abc.local' , 'nifi2.abc.local', etc. I have added AD/LDAP user in Initial Admin Identity(cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) After setting above all, I was facing an error about setting nifi.security.identity.mapping.pattern.dn. There was a challenge about the pattern definition. There was 4 'ou' I have defined in initial admin identities and login-identity-providers.xml. So I've used below pattern and it worked well. ^cn=(.?),ou=(.?),ou=(.?),ou=(.?),ou=(.?),dc=(.?),dc=(.?)$ Note: I have removed Ranger completely. Thanks, Suraj ... View more
Contact Me
Online
Offline
Last Visited
‎12-26-2018 10:25 AM
Community Statistics
Member Since ‎09-03-2017 09:51 AM
Last Visited ‎12-26-2018 10:25 AM
Posts 55