nifi-dev mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Andy LoPresto <alopre...@apache.org>
Subject	Re: NiFi cannot start due to log permissions error
Date	Tue, 10 Jan 2017 04:04:26 GMT
The illegal key size error is almost certainly due to the length of the keystore/truststore password, but the ideal solution is not to decrease the password length, but rather to either install the Unlimited Strength Jurisdiction Policy files if possible, and/or switch to using a JKS keystore rather than PKCS12. PKCS12 without the USJ policies limit the keystore password length to 7 characters, which is not sufficiently strong against modern computing capability. Andy LoPresto alopresto@apache.org alopresto.apache@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jan 9, 2017, at 11:43 AM, bmichaud <ben_michaud@optum.com> wrote: > > Aldrin Piri wrote >> Currently, NIFI_HOME is determined via the physical location of the script >> and thus the reason why it is picking up the other path. Typically, the >> bin directory is not one that is suggested to be configured external to >> the >> distribution in the interest of facilitating upgrade processes. > > I can see that in the nifi.sh script. > > > Aldrin Piri wrote >> I see throughout the logs and final stacktrace that the path >> /app_2/software/nifi/nifi-1.1.0/ is listed, but do not see that in either >> of the listings you provided. Could you please provide how that >> relates to /app_2/software/nifi/latest? >> Another symlink? > > Yes, "latest" is a symlink pointing to the latest nifi-1.. directory > installed in the /app_2/software/nifi directory. > > > Aldrin Piri wrote >> Does explicitly setting your NIFI_HOME (/app_2/runtime/nifi) in >> nifi-env.sh >> resolve this issue for you? > > I did not try that, but, when I tried to change the nifi.sh to take the > PHYS_DIR variable to be the dirname of $0, but that did not work. However, > my current work-around is to have a copy of the bin directory in the > runtime/nifi directory. > > I would prefer not to do this, as it does make upgrades messier, but I am > currently more concerned about the next error I got: > > InvalidKeyException: Illegal key size > > and I am trying to resolve that with a smaller password on my keystore and > truststore files. (https://issues.apache.org/jira/browse/NIFI-3062) > > > > > > -- > View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-cannot-start-due-to-log-permissions-error-tp14413p14416.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
Mime	Unnamed multipart/signed (inline, None, 0 bytes) Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, Quoted Printable, 2504 bytes) Unnamed text/html (inline, Quoted Printable, 5103 bytes) signature.asc (application/pgp-signature) (attachment, 7-Bit, 843 bytes)
	View raw message