nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Witt <joe.w...@gmail.com>
Subject Re: InvokeHTTP processor loses SSL Context after NiFi restart
Date Thu, 06 Aug 2015 14:50:11 GMT
Thanks john.  We will get this sorted asap.

Thanks for headsup on likely issue adam.
On Aug 6, 2015 10:27 AM, "John Titus" <john.titus@trustedconcepts.com>
wrote:

> I believe this is it. Not sure how useful it is. If there's something else
> I should search the log for, please let me know.
>
> 2015-08-06 14:23:06,727 ERROR [Timer-Driven Process Thread-6]
> o.a.nifi.processors.standard.InvokeHTTP
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> ~[na:1.8.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
> ~[na:1.8.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> ~[na:1.8.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
> ~[na:1.8.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> ~[na:1.8.0_45]
>         at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
> ~[na:1.8.0_45]
>         at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
> ~[na:1.8.0_45]
>         at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> ~[na:1.8.0_45]
>         at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)
> ~[na:1.8.0_45]
>         at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)
> ~[na:1.8.0_45]
>         at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
> ~[na:1.8.0_45]
>         at
> org.apache.nifi.processors.standard.InvokeHTTP$Transaction.sendRequest(InvokeHTTP.java:434)
> ~[nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.processors.standard.InvokeHTTP$Transaction.process(InvokeHTTP.java:356)
> ~[nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.processors.standard.InvokeHTTP.onTrigger(InvokeHTTP.java:148)
> [nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
> [nifi-api-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1077)
> [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:127)
> [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:49)
> [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:119)
> [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [na:1.8.0_45]
>         at
> java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_45]
>         at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_45]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_45]
>         at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
>         at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
> ~[na:1.8.0_45]
>         at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
> ~[na:1.8.0_45]
>         at sun.security.validator.Validator.validate(Validator.java:260)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> ~[na:1.8.0_45]
>         at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
> ~[na:1.8.0_45]
>         ... 27 common frames omitted
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>         at
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
> ~[na:1.8.0_45]
>         at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
> ~[na:1.8.0_45]
>         at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> ~[na:1.8.0_45]
>         at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
> ~[na:1.8.0_45]
>         ... 33 common frames omitted
>
>
> ----- Original Message -----
> From: "Adam Taft" <adam@adamtaft.com>
> To: users@nifi.apache.org
> Sent: Thursday, August 6, 2015 10:13:07 AM
> Subject: Re: InvokeHTTP processor loses SSL Context after NiFi restart
>
>
>
> This might be related to the "old" way of finding the SSLContext from the
> controller service. I believe InvokeHTTP doesn't use the updated
> asControllerService() style. Might be where this is breaking down.
> Definitely a stack trace would help.
>
>
> Adam
>
>
>
> On Thu, Aug 6, 2015 at 10:01 AM, Joe Witt < joe.witt@gmail.com > wrote:
>
>
>
>
> I would say not a known issue. Can you possibly provide the stack
> trace/logs?
>
> That sounds super annoying though. We def want to fix.
>
> Thanks
> Joe
>
>
> On Aug 6, 2015 9:51 AM, "John Titus" < john.titus@trustedconcepts.com >
> wrote:
>
>
> Several of our flows use InvokeHTTP with a "SSL Context Service". If we
> need to restart NiFi, those processors start throwing errors. To fix it, we
> have to modify the config to have no SSL context, Apply the changes, then
> modify the config back to the correct SSL context.
>
> Is this a known issue, or do we perhaps some config wrong somewhere?
>
> John
>
>

Mime
View raw message