Cloudera Community
Tra
user rank
Contributor

Issue with NIFI extracting Attribute from flow fil...

by Contributor in Support Questions
‎04-25-2022 09:52 AM
‎04-25-2022 09:52 AM
I need to get the sys_id into an attribute and have tried the following:   1. SplitJSON and EvaluateJSONPath but SplitJSON ends gets an EDT error based on the contents of the JSON.   1.1 SplitJSON   1.2 EvaluateJSONPath     2. Now I'm trying to cleanse the content in hopes I can just throw the one thing I need over to EvaluateJSONPath.  Currently having problems getting regex expression to function on flowfile to select all but one line and replace it with null.     Regex expression tried:  ^(?!.*sys_id).*$       Flowfile content (sanitized and shortened) {   "result" : {     "start_date" : "",     "sla_due" : "UNKNOWN",     "escalation" : "Normal",     "sys_id" : "3614ce021b030d10c3598512f54bcb2d",     "upon_approval" : "Proceed to Next Task",     "correlation_id" : "",     "made_sla" : "true",     "backout_plan" : "",     "conflict_status" : "Not Run",     "sys_created_on" : "2022-04-25 09:36:27",     "on_hold_task" : "",     "display_value" : "global"   } } ... View more
Labels:

Re: Unable to save flow controller configuration

by Contributor in Support Questions
‎04-25-2022 05:39 AM
‎04-25-2022 05:39 AM
Appreciate the help and confirmation, I came to the same conclusion separately as well.   ... View more

Unable to save flow controller configuration

by Contributor in Support Questions
‎04-21-2022 07:44 AM
‎04-21-2022 07:44 AM
NIFI Version 1.15.3 Java Version 8.0.72   2 node cluster   2022-04-21 10:33:08,447 ERROR [Flow Service Tasks Thread-1] o.a.nifi.controller.StandardFlowService Unable to save flow controller configuration due to: org.apache.nifi.encrypt.EncryptionException: Failed to get Cipher for Algorithm [AES/GCM/NoPadding] org.apache.nifi.encrypt.EncryptionException: Failed to get Cipher for Algorithm [AES/GCM/NoPadding] ... View more
Labels:

Re: Insufficient Permissions - Untrusted proxy CN=...

by Contributor in Support Questions
‎03-31-2022 04:28 AM
‎03-31-2022 04:28 AM
Deleted users and authorizations allowing all to be rebuilt.  Also needed to enable VIP persistence.   ... View more

Insufficient Permissions - Untrusted proxy CN=w-ni...

by Contributor in Support Questions
‎03-25-2022 10:03 AM
‎03-25-2022 10:03 AM
Insufficient Permissions - Untrusted proxy CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company   -New 2-Node Cluster -SAML is working fine -Cluster is communicating fine -I have checked the user log and the DN is exactly the same as the authorizers below: <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">user1</property> <property name="Initial User Identity 2">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property> <property name="Initial User Identity 3">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">user1</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property> <property name="Node Identity 2">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers> ... View more
Labels:

Re: Tried other resolutions but no luck for Unable...

by Contributor in Support Questions
‎03-24-2022 05:54 AM
1 Kudo
‎03-24-2022 05:54 AM
1 Kudo
Replaced authorizers file with one from System Admin Guide   <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">johnsmith@NIFI.APACHE.ORG</property> <property name="Initial User Identity 2">cn=nifi-1,ou=people,dc=example,dc=com</property> <property name="Initial User Identity 3">cn=nifi-2,ou=people,dc=example,dc=com</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">johnsmith@NIFI.APACHE.ORG</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">cn=nifi-1,ou=people,dc=example,dc=com</property> <property name="Node Identity 2">cn=nifi-2,ou=people,dc=example,dc=com</property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers>   ... View more

Re: Tried other resolutions but no luck for Unable...

by Contributor in Support Questions
‎03-22-2022 10:04 AM
‎03-22-2022 10:04 AM
We are building a two server secure cluster.   To get here: [1] Setup first server as secure and configured for SAML and successfully tested [2] Tested single server and worked fine [3]Configured ZooKeeper and StateManagement on both servers [4]Opened firewall ports [5]Tried deleting authorizers and users but server will not start and says unable to locate node to seed policies.   Config:   # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements.  See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License.  You may obtain a copy of the License at # #     http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Core Properties # nifi.flow.configuration.file=./conf/flow.xml.gz nifi.flow.configuration.archive.enabled=true nifi.flow.configuration.archive.dir=./conf/archive/ nifi.flow.configuration.archive.max.time=30 days nifi.flow.configuration.archive.max.storage=500 MB nifi.flow.configuration.archive.max.count= nifi.flowcontroller.autoResumeState=true nifi.flowcontroller.graceful.shutdown.period=10 sec nifi.flowservice.writedelay.interval=500 ms nifi.administrative.yield.duration=30 sec # If a component has no work to do (is "bored"), how long should we wait before checking again for work? nifi.bored.yield.duration=10 millis nifi.queue.backpressure.count=10000 nifi.queue.backpressure.size=1 GB nifi.authorizer.configuration.file=./conf/authorizers.xml #nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml nifi.templates.directory=./conf/templates nifi.ui.banner.text= nifi.ui.autorefresh.interval=30 sec nifi.nar.library.directory=./lib nifi.nar.library.autoload.directory=./extensions nifi.nar.working.directory=./work/nar/ nifi.documentation.working.directory=./work/docs/components #################### # State Management # #################### nifi.state.management.configuration.file=./conf/state-management.xml # The ID of the local state provider nifi.state.management.provider.local=local-provider # The ID of the cluster-wide state provider. This will be ignored if NiFi is not clustered but must be populated if running in a cluster. nifi.state.management.provider.cluster=zk-provider # Specifies whether or not this instance of NiFi should run an embedded ZooKeeper server nifi.state.management.embedded.zookeeper.start=true # Properties file that provides the ZooKeeper properties to use if <nifi.state.management.embedded.zookeeper.start> is set to true nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties # H2 Settings nifi.database.directory=./database_repository nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE # Repository Encryption properties override individual repository implementation properties nifi.repository.encryption.protocol.version= nifi.repository.encryption.key.id= nifi.repository.encryption.key.provider= nifi.repository.encryption.key.provider.keystore.location= nifi.repository.encryption.key.provider.keystore.password= # FlowFile Repository nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository nifi.flowfile.repository.wal.implementation=org.apache.nifi.wali.SequentialAccessWriteAheadLog nifi.flowfile.repository.directory=./flowfile_repository nifi.flowfile.repository.checkpoint.interval=20 secs nifi.flowfile.repository.always.sync=false nifi.flowfile.repository.retain.orphaned.flowfiles=true nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager nifi.queue.swap.threshold=20000 # Content Repository nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository nifi.content.claim.max.appendable.size=1 MB nifi.content.repository.directory.default=./content_repository nifi.content.repository.archive.max.retention.period=7 days nifi.content.repository.archive.max.usage.percentage=50% nifi.content.repository.archive.enabled=true nifi.content.repository.always.sync=false nifi.content.viewer.url=../nifi-content-viewer/ # Provenance Repository Properties nifi.provenance.repository.implementation=org.apache.nifi.provenance.WriteAheadProvenanceRepository # Persistent Provenance Repository Properties nifi.provenance.repository.directory.default=./provenance_repository nifi.provenance.repository.max.storage.time=30 days nifi.provenance.repository.max.storage.size=10 GB nifi.provenance.repository.rollover.time=10 mins nifi.provenance.repository.rollover.size=100 MB nifi.provenance.repository.query.threads=2 nifi.provenance.repository.index.threads=2 nifi.provenance.repository.compress.on.rollover=true nifi.provenance.repository.always.sync=false # Comma-separated list of fields. Fields that are not indexed will not be searchable. Valid fields are: # EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, Relationship, Details nifi.provenance.repository.indexed.fields=EventType, FlowFileUUID, Filename, ProcessorID, Relationship # FlowFile Attributes that should be indexed and made searchable.  Some examples to consider are filename, uuid, mime.type nifi.provenance.repository.indexed.attributes= # Large values for the shard size will result in more Java heap usage when searching the Provenance Repository # but should provide better performance nifi.provenance.repository.index.shard.size=500 MB # Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from # the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved. nifi.provenance.repository.max.attribute.length=65536 nifi.provenance.repository.concurrent.merge.threads=2 # Volatile Provenance Respository Properties nifi.provenance.repository.buffer.size=100000 # Component and Node Status History Repository nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository # Volatile Status History Repository Properties nifi.components.status.repository.buffer.size=1440 nifi.components.status.snapshot.frequency=1 min # QuestDB Status History Repository Properties nifi.status.repository.questdb.persist.node.days=14 nifi.status.repository.questdb.persist.component.days=3 nifi.status.repository.questdb.persist.location=./status_repository # Site to Site properties nifi.remote.input.host= nifi.remote.input.secure=false nifi.remote.input.socket.port= nifi.remote.input.http.enabled=false nifi.remote.input.http.transaction.ttl=30 sec nifi.remote.contents.cache.expiration=30 secs # web properties # ############################################# # For security, NiFi will present the UI on 127.0.0.1 and only be accessible through this loopback interface. # Be aware that changing these properties may affect how your instance can be accessed without any restriction. # We recommend configuring HTTPS instead. The administrators guide provides instructions on how to do this. nifi.web.http.host= nifi.web.http.port= nifi.web.http.network.interface.default= ############################################# nifi.web.https.host=w-nifi-inf-wf02.dev.Company.com nifi.web.https.port=9443 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 nifi.web.max.header.size=16 KB nifi.web.proxy.context.path= nifi.web.proxy.host=ds-nifi.dev.Company.com:9443 nifi.web.max.content.size= nifi.web.max.requests.per.second=30000 nifi.web.max.access.token.requests.per.second=25 nifi.web.request.timeout=60 secs nifi.web.request.ip.whitelist= nifi.web.should.send.server.version=true # Include or Exclude TLS Cipher Suites for HTTPS nifi.web.https.ciphersuites.include= nifi.web.https.ciphersuites.exclude= # security properties # nifi.sensitive.props.key=55MiiQS7efV0LR7C7SDpkMNP/2Hj4ASJ nifi.sensitive.props.key.protected= nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.sensitive.props.additional.keys= nifi.security.autoreload.enabled=false nifi.security.autoreload.interval=10 secs nifi.security.keystore=./conf/w-nifi-inf-wf02.dev-PRIVATE.pfx nifi.security.keystoreType=PKCS12 nifi.security.keystorePasswd=abc123 nifi.security.keyPasswd=abc123 nifi.security.truststore=./conf/truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=abc123 #nifi.security.user.authorizer=single-user-authorizer nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false #nifi.security.user.login.identity.provider=single-user-provider nifi.security.user.login.identity.provider= nifi.security.user.jws.key.rotation.period=PT1H nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= # OpenId Connect SSO Properties # nifi.security.user.oidc.discovery.url= nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.client.id= nifi.security.user.oidc.client.secret= nifi.security.user.oidc.preferred.jwsalgorithm= nifi.security.user.oidc.additional.scopes= nifi.security.user.oidc.claim.identifying.user= nifi.security.user.oidc.fallback.claims.identifying.user= # Apache Knox SSO Properties # nifi.security.user.knox.url= nifi.security.user.knox.publicKey= nifi.security.user.knox.cookieName=hadoop-jwt nifi.security.user.knox.audiences= # SAML Properties # #nifi.security.user.saml.idp.metadata.url=https://auth-preview.Company.com/app/exk2jl211r89OP6bw1d7/sso/saml/metadata nifi.security.user.saml.idp.metadata.url=file://d:/nifi-1.15.3/conf/okta_metadata nifi.security.user.saml.sp.entity.id=https://ds-nifi.dev.Company.com:9443/nifi nifi.security.user.saml.identity.attribute.name=uid nifi.security.user.saml.group.attribute.name= nifi.security.user.saml.metadata.signing.enabled=false nifi.security.user.saml.request.signing.enabled=false nifi.security.user.saml.want.assertions.signed=true nifi.security.user.saml.signature.algorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 nifi.security.user.saml.signature.digest.algorithm=http://www.w3.org/2001/04/xmlenc#sha256 nifi.security.user.saml.message.logging.enabled=false nifi.security.user.saml.authentication.expiration=12 hours nifi.security.user.saml.single.logout.enabled=true nifi.security.user.saml.http.client.truststore.strategy=JDK nifi.security.user.saml.http.client.connect.timeout=30 secs nifi.security.user.saml.http.client.read.timeout=30 secs # Identity Mapping Properties # # These properties allow normalizing user identities such that identities coming from different identity providers # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing # DNs from certificates and principals from Kerberos into a common identity string: # # nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ # nifi.security.identity.mapping.value.dn=$1@$2 # nifi.security.identity.mapping.transform.dn=NONE # nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$ # nifi.security.identity.mapping.value.kerb=$1@$2 # nifi.security.identity.mapping.transform.kerb=UPPER # Group Mapping Properties # # These properties allow normalizing group names coming from external sources like LDAP. The following example # lowercases any group name. # # nifi.security.group.mapping.pattern.anygroup=^(.*)$ # nifi.security.group.mapping.value.anygroup=$1 # nifi.security.group.mapping.transform.anygroup=LOWER # cluster common properties (all nodes must have same values) # nifi.cluster.protocol.heartbeat.interval=5 sec nifi.cluster.protocol.heartbeat.missable.max=8 nifi.cluster.protocol.is.secure=true # cluster node properties (only configure for cluster nodes) # nifi.cluster.is.node=true nifi.cluster.node.address=w-nifi-inf-wf02.dev.Company.com nifi.cluster.node.protocol.port=7474 nifi.cluster.node.protocol.max.threads=50 nifi.cluster.node.event.history.size=25 nifi.cluster.node.connection.timeout=5 sec nifi.cluster.node.read.timeout=5 sec nifi.cluster.node.max.concurrent.requests=100 nifi.cluster.firewall.file= nifi.cluster.flow.election.max.wait.time=5 mins nifi.cluster.flow.election.max.candidates= # cluster load balancing properties # nifi.cluster.load.balance.host=w-nifi-inf-wf02.dev.Company.com nifi.cluster.load.balance.port=6342 nifi.cluster.load.balance.connections.per.node=1 nifi.cluster.load.balance.max.thread.count=8 nifi.cluster.load.balance.comms.timeout=30 sec ... View more

Tried other resolutions but no luck for Unable to ...

by Contributor in Support Questions
‎03-21-2022 09:40 AM
‎03-21-2022 09:40 AM
Version 1.15.3   Error: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company to seed policies.   Authorizers.xml: <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">user1</property> <property name="Initial User Identity 2">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property> <property name="Initial User Identity 3">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">user1</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">CN=w-nifi-inf-wf02.dev.Company.com, OU=OCIO, O=Company</property> <property name="Node Identity 2">CN=w-nifi-inf-wf03.dev.Company.com, OU=OCIO, O=Company</property> <property name="Node Group"></property> </accessPolicyProvider>   <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> ... View more
Labels:

Re: Newly Built NIFI Cluster starts but has error

by Contributor in Support Questions
‎03-18-2022 09:19 AM
‎03-18-2022 09:19 AM
Found out all of my ports were not open ... View more

Newly Built NIFI Cluster starts but has error

by Contributor in Support Questions
‎03-18-2022 06:42 AM
‎03-18-2022 06:42 AM
Version 1.15.3 Windows Server 2019 Standard   After GUI login receive the following error:   Invalid State The Flow Controller is initializing the Data Flow. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎05-11-2022 09:32 AM
Community Statistics
Member Since ‎03-17-2022 12:42 PM
Last Visited ‎05-11-2022 09:32 AM
Posts 13
Kudos received 1