nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: NiFi cannot start due to log permissions error
Date Tue, 10 Jan 2017 04:04:26 GMT
The illegal key size error is almost certainly due to the length of the keystore/truststore
password, but the ideal solution is not to decrease the password length, but rather to either
install the Unlimited Strength Jurisdiction Policy files if possible, and/or switch to using
a JKS keystore rather than PKCS12. PKCS12 without the USJ policies limit the keystore password
length to 7 characters, which is *not* sufficiently strong against modern computing capability.


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jan 9, 2017, at 11:43 AM, bmichaud <ben_michaud@optum.com> wrote:
> 
> Aldrin Piri wrote
>> Currently, NIFI_HOME is determined via the physical location of the script
>> and thus the reason why it is picking up the other path.  Typically, the
>> bin directory is not one that is suggested to be configured external to
>> the
>> distribution in the interest of facilitating upgrade processes.
> 
> I can see that in the nifi.sh script.
> 
> 
> Aldrin Piri wrote
>> I see throughout the logs and final stacktrace that the path
>> /app_2/software/nifi/nifi-1.1.0/ is listed, but do not see that in either
>> of the listings you provided.  Could you please provide how that
>> relates to /app_2/software/nifi/latest?
>> Another symlink?
> 
> Yes, "latest" is a symlink pointing to the latest nifi-1.*.* directory
> installed in the /app_2/software/nifi directory.
> 
> 
> Aldrin Piri wrote
>> Does explicitly setting your NIFI_HOME (/app_2/runtime/nifi) in
>> nifi-env.sh
>> resolve this issue for you?
> 
> I did not try that, but, when I tried to change the nifi.sh to take the
> PHYS_DIR variable to be the dirname of $0, but that did not work. However,
> my current work-around is to have a copy of the bin directory in the
> runtime/nifi directory.
> 
> I would prefer not to do this, as it does make upgrades messier, but I am
> currently more concerned about the next error I got:
> 
> InvalidKeyException: Illegal key size
> 
> and I am trying to resolve that with a smaller password on my keystore and
> truststore files. (https://issues.apache.org/jira/browse/NIFI-3062)
> 
> 
> 
> 
> 
> --
> View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-cannot-start-due-to-log-permissions-error-tp14413p14416.html
> Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.


Mime
View raw message