Member since
11-11-2020
6
Posts
0
Kudos Received
0
Solutions
02-09-2021
06:00 AM
hi using NiFi 1.12.1 in docker, getting below error for ListenSyslog for incoming syslog items via TCP with SSL: ERROR [pool-29-thread-5] o.a.n.processors.standard.ListenSyslog ListenSyslog[] Error reading from channel due to Input record too big: max = 16709 len = 51563: javax.net.ssl.SSLProtocolException: Input record too big: max = 16709 len = 51563
javax.net.ssl.SSLProtocolException: Input record too big: max = 16709 len = 51563
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:546)
at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
ERROR [pool-31-thread-10] o.a.n.processors.standard.ListenSyslog ListenSyslog[] Error reading from channel due to bad record MAC: javax.net.ssl.SSLException: bad record MAC
javax.net.ssl.SSLException: bad record MAC
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at java.base/javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:568)
at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:546)
at org.apache.nifi.processor.util.listen.handler.socket.SSLSocketChannelHandler.run(SSLSocketChannelHandler.java:76)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: javax.crypto.BadPaddingException: bad record MAC
at java.base/sun.security.ssl.SSLCipher.checkCBCMac(Unknown Source)
at java.base/sun.security.ssl.SSLCipher$T11BlockReadCipherGenerator$BlockReadCipher.decrypt(Unknown Source)
at java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(Unknown Source)
at java.base/sun.security.ssl.SSLEngineInputRecord.decode(Unknown Source)
at java.base/sun.security.ssl.SSLEngineInputRecord.decode(Unknown Source)
... 12 common frames omitted see below settings for ListenSyslog: TLSv1.3 enabled in StandardRestrictedSSLContextService 1.12.1 : please help
... View more
Labels:
11-22-2020
04:55 AM
also just small clarification, I regenerated cert and tried 'CN=root, OU=ApacheNiFi' instead 'CN=admin, OU=ApacheNiFi' but still an issue, same errors in logs, please help
... View more
11-21-2020
10:38 AM
hi found in user logs, no errors, just warns: 2020-11-21 18:36:48,717 INFO [NiFi Web Server-19] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=root, OU=ApacheNiFi 2020-11-21 18:36:53,172 WARN [NiFi Web Server-23] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi. at org.apache.nifi.web.api.AccessResource.createAccessTokenFromTicket(AccessResource.java:644) 2020-11-21 18:36:53,317 WARN [NiFi Web Server-24] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. java.lang.IllegalStateException: OpenId Connect is not configured. at org.apache.nifi.web.api.AccessResource.oidcExchange(AccessResource.java:301) how to fix that ?
... View more
11-20-2020
02:00 AM
hi under authorizations.xml I have: cat authorizations.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizations> <policies> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W"> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7"/> </policy> </policies> </authorizations> under user.xml: cat users.xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <tenants> <groups/> <users> <user identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7" identity="CN=admin, OU=ApacheNiFi"/> </users> </tenants> so user identity="CN=admin, OU=ApacheNiFi" with identifier="6a74eaf1-1cb9-341d-be5b-ec95d3ee0ba7" is present in authorizations.xml please let me know if you can see any issues or additional info needed
... View more
11-11-2020
07:02 AM
hi, please help with access to NIfi functionality based on docker image. 1. I generated certs with nifi-toolkit-1.12.1: ./bin/tls-toolkit.sh standalone -n "acsca094a01" -C "CN=admin, OU=ApacheNiFi" -o target 2. Created Nifi docker instance with steps from https://hub.docker.com/r/apache/nifi, for this case 'Standalone Instance, Two-Way SSL'. 2. 1 Run docker with below command from link above: docker run --name nifi \ -v /home/nifi/docker:/opt/certs \ -p 8443:8443 \ -e AUTH=tls \ -e KEYSTORE_PATH=/opt/certs/keystore.jks \ -e KEYSTORE_TYPE=JKS \ -e KEYSTORE_PASSWORD=1L929SNVaMK2HINaF+6aaOaXxNzYkhCvP9F+USSPwEg \ -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \ -e TRUSTSTORE_PASSWORD=3J/m5eAAJcNasdasdsasdyW7TeHH1pGkT+kEasdasda \ -e TRUSTSTORE_TYPE=JKS \ -e INITIAL_ADMIN_IDENTITY='CN=admin, OU=ApacheNiFi' \ -d \ --hostname acsca094a01 \ apache/nifi:latest and I am able to reach NIFI UI with admin cert but not able to create anything, all buttons inactive/grey, see below, please help.
... View more
Labels: