nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Marciniak <s...@beamery.com>
Subject Re: Deploying flows securely over rest api
Date Wed, 21 Feb 2018 14:25:30 GMT
Jorge,

The error I am currently getting from NiFi is this:

Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at
org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:557)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)
at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:515)
at groovyx.net.http.RESTClient.get(RESTClient.java:119)
at groovyx.net.http.RESTClient$get.call(Unknown Source)
at NiFiDeploy.loadProcessGroups(NiFiDeploy:346)
at NiFiDeploy.loadProcessGroups(NiFiDeploy)
at NiFiDeploy.handleGracefulShutdown(NiFiDeploy:87)
at NiFiDeploy.run(NiFiDeploy:724)

I am currently using the nifi node's truststore.jks to connect to it.

Thanks,

Sean.

On Wed, Feb 21, 2018 at 2:10 PM, Sean Marciniak <sean@beamery.com> wrote:

> Hi Joe,
>
> I am trying to do in an automated fashion so using the UI doesn't help me
> in this case.
> I already have a working groovy script that will upload these templates
> when NiFi is not secure but can not when it is.
> I am trying to understand what is required in order to make this work for
> secure mode.
>
> I am glad that the host header issue has been addressed in NiFi 1.6 as
> this will help us with securely deploying NiFi into Kubernetes.
>
> I am not fully convinced that nifi registries are the way to go as they
> are an additional service that aims to replace other VCS such as git, svn.
> I am sure it has its purpose but it is not the correct fit for me.
>
> Sean.
>
> On Wed, Feb 21, 2018 at 1:50 PM, Joe Witt <joe.witt@gmail.com> wrote:
>
>> Sean
>>
>> It is certainly possible and you could do this manually via the UI and
>> your browser and use the browsers dev tools to learn more about the
>> requests.  We have the REST API docs but those aren't always very helpful
>> to understand the recipe of taking a series of actions.
>>
>> With NiFi 1.5 host header we made it harder to configure in some cases
>> which we've relaxed and will arrive in 1.6.0 but i'm not aware of it not
>> allowing proper functions and of course it was a change made to address a
>> security concern which since you're running in secure mode I'm guessing
>> you'll find important.
>>
>> With regard to the registry I will say that it was designed to be a far
>> better answer to what templates could never do.  So what you'll work to
>> learn more about now with templates and a workflow to get you closer the
>> registry already does very well.  With 1.6.0 you'll also have access to a
>> nice CLI to use between NiFi and Registry instances for versioned
>> flows/flow management as well.
>>
>> Thanks
>>
>> On Wed, Feb 21, 2018 at 8:42 AM, Jorge Machado <jomach@me.com> wrote:
>>
>>> Hi Sean,
>>>
>>> Which error are u getting. It the API has the option for it It should
>>> work.
>>> may be this helps: https://github.com/hermannpencole/nifi-config
>>>
>>> Jorge Machado
>>>
>>>
>>>
>>>
>>>
>>> On 21 Feb 2018, at 13:40, Sean Marciniak <sean@beamery.com> wrote:
>>>
>>> Hey Team,
>>>
>>> We are currently trying to deploy flow templates to NiFi while its
>>> running in secure mode over https.
>>> Do we know if this is possible?
>>> Is there any documentation about doing this?
>>>
>>> I am able to deploy the flow templates when it is running in non secure
>>> mode, but when we enforce secure mode, we are unable to do it.
>>>
>>> We are currently stuck with using NiFiv1.4 due host header issues
>>> introduced in NiFi 1.5 and nifi registry is a unneeded risk we don't want
>>> to take.
>>>
>>>
>>> --
>>> <https://www.beamery.com/>
>>>
>>> Sean Marciniak
>>>
>>> sean@beamery.com
>>>
>>>
>>> www.beamery.com
>>>
>>> Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams
>>> <https://beamery.com/academy/gdpr-for-recruiting-teams>*
>>>
>>>
>>>
>>
>
>
> --
> <https://www.beamery.com>
>
> Sean Marciniak
>
> sean@beamery.com
>
> www.beamery.com
>
> Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams
> <https://beamery.com/academy/gdpr-for-recruiting-teams>*
>



-- 
<https://www.beamery.com>

Sean Marciniak

sean@beamery.com

www.beamery.com

Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams
<https://beamery.com/academy/gdpr-for-recruiting-teams>*

Mime
View raw message