Yes @MattWho, you are awesome, adding the node resolved the issue ... View more

@MattWho  I am able to add the SSL registry to nifi [nifi controller settings -> Registry Clients -> added registry URL ] but when i am trying to version a PG, encountering the below error, screenshot attached   please advice      ... View more

@MattWho i have added both nifi nodes identities, still same error    2020-03-28 03:01:45,150 INFO [NiFi Registry Web Server-12] o.a.n.r.w.s.NiFiRegistrySecurityConfig Identity in proxy chain not trusted to act as a proxy: org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException: Untrusted proxy [CN=nifi-node1, OU=NIFI]. Returning 403 response.       ... View more

exactly, for some reason though my nifi is 2 nodes secured cluster when I logged in it shows 4 nodes . two with secured and two with unsecured ports. stopped and followed the shared process. It came up clean.   ... View more

@MattWho  i also noticed below error message from nifi-user.log     2020-03-26 14:48:14,119 INFO [NiFi Web Server-20] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. 2020-03-26 14:48:14,576 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifiadmin, OU=NIFI) GET https://lpappnifi001.xxxx:9091/nifi-api/flow/current-user (source ip: 72.191.44.165) 2020-03-26 14:48:14,577 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifiadmin, OU=NIFI 2020-03-26 14:48:14,586 INFO [NiFi Web Server-16] o.a.n.w.a.c.IllegalClusterStateExceptionMapper org.apache.nifi.cluster.manager.exception.IllegalClusterStateException: Cannot replicate request to Node lpappnifi001.xxx:8080 because the node is not connected. Returning Conflict response. ... View more

found quote in node identities, update and restarted the Nifi   now i am seeing different issue on node 1 though user.xml & auth.xml have data now with ssl cert intial admin    cert generate as below : sh /usr/hdf/current/nifi-toolkit/bin/tls-toolkit.sh standalone -B test12456@1234 -C 'CN=nifiadmin, OU=NIFI' -n 'lpappnifi002.node2.com,lpappnifi001.node1.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_ssl/ -K test12456@1234 -P test12456@1234 -S test12456@1234   ERROR: NIFI GUI from both UI's : Cannot replicate request to Node lpappnifi001.node1.com:8080 because the node is not connected     2020-03-26 07:14:48,604 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-03-26 07:14:48,469 and sent to lpappnifi001.node1.com:9088 at 2020-03-26 07:14:48,604; send took 134 millis 2020-03-26 07:14:50,892 INFO [Process Cluster Protocol Request-22] o.a.n.c.p.impl.SocketProtocolListener Finished processing request 09618070-4644-4e7e-b377-bb065453642d (type=HEARTBEAT, length=4880 bytes) from lpappnifi002.slower.ai:9091 in 128 millis 2020-03-26 07:14:53,740 INFO [Process Cluster Protocol Request-23] o.a.n.c.p.impl.SocketProtocolListener Finished processing request e4388aba-d0f1-4bcc-9fc4-11787f2ccea9 (type=HEARTBEAT, length=4881 bytes) from lpappnifi001.node1.com:9091 in 133 millis 2020-03-26 07:14:53,741 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-03-26 07:14:53,604 and sent to lpappnifi001.node1.com:9088 at 2020-03-26 07:14:53,741; send took 136 millis       Is this a cert issue? where the node 2 is unable to trust node 1? ... View more

Authorization.xml and user.xml are empty   cat authorizations.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies/> </authorizations>   cat users.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users/> </tenants> ... View more