Vapper
Vapper
Explorer

NiFi ListenSyslog: Error reading from channel due...

by Explorer Vapper in Support Questions
‎02-09-2021 06:00 AM
‎02-09-2021 06:00 AM
hi   using NiFi 1.12.1 in docker,    getting below error for ListenSyslog for incoming syslog items via TCP with SSL:     ERROR [pool-29-thread-5] o.a.n.processors.standard.ListenSyslog ListenSyslog[] Error reading from channel due to Input record too big: max = 16709 len = 51563: javax.net.ssl.SSLProtocolException: Input record too big: max = 16709 len = 51563 javax.net.ssl.SSLProtocolException: Input record too big: max = 16709 len = 51563 at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:546) at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) ERROR [pool-31-thread-10] o.a.n.processors.standard.ListenSyslog ListenSyslog[] Error reading from channel due to bad record MAC: javax.net.ssl.SSLException: bad record MAC javax.net.ssl.SSLException: bad record MAC at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl.decode(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) at java.base/javax.net.ssl.SSLEngine.unwrap(Unknown Source) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:568) at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:546) at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) Caused by: javax.crypto.BadPaddingException: bad record MAC at java.base/sun.security.ssl.SSLCipher.checkCBCMac(Unknown Source) at java.base/sun.security.ssl.SSLCipher$T11BlockReadCipherGenerator$BlockReadCipher.decrypt(Unknown Source) at java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(Unknown Source) at java.base/sun.security.ssl.SSLEngineInputRecord.decode(Unknown Source) at java.base/sun.security.ssl.SSLEngineInputRecord.decode(Unknown Source) ... 12 common frames omitted     see below settings for ListenSyslog: TLSv1.3 enabled in  StandardRestrictedSSLContextService 1.12.1 : please help ... View more

Re: NIFI docker ssl issue

by Explorer Vapper in Support Questions
‎11-22-2020 04:55 AM
‎11-22-2020 04:55 AM
also just small clarification, I regenerated cert and tried  'CN=root, OU=ApacheNiFi'  instead 'CN=admin, OU=ApacheNiFi'  but still an issue, same errors in logs, please help ... View more

Re: NIFI docker ssl issue

by Explorer Vapper in Support Questions
‎11-21-2020 10:38 AM
‎11-21-2020 10:38 AM
hi    found in user logs, no errors, just warns:   2020-11-21 18:36:48,717 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=root, OU=ApacheNiFi 2020-11-21 18:36:53,172 WARN [NiFi Web Server-23] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi. at org.apache.nifi.web.api.AccessResource.createAccessTokenFromTicket(AccessResource.java:644) 2020-11-21 18:36:53,317 WARN [NiFi Web Server-24] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. java.lang.IllegalStateException: OpenId Connect is not configured. at org.apache.nifi.web.api.AccessResource.oidcExchange(AccessResource.java:301)   how to fix that ? ... View more

Re: NIFI docker ssl issue

by Explorer Vapper in Support Questions
‎11-20-2020 02:00 AM
‎11-20-2020 02:00 AM
hi   under authorizations.xml I have:    cat authorizations.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> </policies> </authorizations>   under user.xml:   cat users.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7" identity="CN=admin, OU=ApacheNiFi"/> </users> </tenants>   so user identity="CN=admin, OU=ApacheNiFi" with  identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7" is present in authorizations.xml   please let me know if you can see any issues or additional info needed ... View more

NIFI docker ssl issue

by Explorer Vapper in Support Questions
‎11-11-2020 07:02 AM
‎11-11-2020 07:02 AM
hi,    please help with access to NIfi functionality based on docker image.   1. I generated certs with nifi-toolkit-1.12.1:   ./bin/tls-toolkit.sh standalone -n "acsca094a01" -C "CN=admin, OU=ApacheNiFi" -o target   2. Created Nifi docker instance with steps from https://hub.docker.com/r/apache/nifi,  for this case 'Standalone Instance, Two-Way SSL'.   2. 1 Run docker with below command from link above:   docker run --name nifi \ -v /home/nifi/docker:/opt/certs \ -p 8443:8443 \ -e AUTH=tls \ -e KEYSTORE_PATH=/opt/certs/keystore.jks \ -e KEYSTORE_TYPE=JKS \ -e KEYSTORE_PASSWORD=1L929SNVaMK2HINaF+6aaOaXxNzYkhCvP9F+USSPwEg \ -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \ -e TRUSTSTORE_PASSWORD=3J/m5eAAJcNasdasdsasdyW7TeHH1pGkT+kEasdasda \ -e TRUSTSTORE_TYPE=JKS \ -e INITIAL_ADMIN_IDENTITY='CN=admin, OU=ApacheNiFi' \ -d \ --hostname acsca094a01 \ apache/nifi:latest   and I am able to reach NIFI UI with admin cert but not able to create anything, all buttons inactive/grey, see below, please help. ... View more
Contact Me
Online
Offline
Last Visited
‎02-10-2021 05:57 AM
Public Statistics
Date Registered ‎11-11-2020 06:59 AM
Last Visited ‎02-10-2021 05:57 AM
Total Messages Posted 6