nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: Migrate NiFi 1.5 to 1.8 Error - A Blank Sensitive Properties Key Was Provided
Date Thu, 24 Jan 2019 17:43:56 GMT
Ryan,

I added that warning [1], and Joe’s right, it should have been at a WARN severity. However,
it definitely isn’t blocking the access to the canvas (intentionally). Like Joe said, if
you can provide a full stacktrace, and possibly your config files (redacting sensitive information
as necessary), we can try to diagnose.  

[1] https://github.com/apache/nifi/commit/744b15b4a7a7533ef81fc2333df0cd212c3779eb#diff-c12a63700e2b9a86823209f49e04dd04R216

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jan 24, 2019, at 9:38 AM, Ryan H <ryan.howell.development@gmail.com> wrote:
> 
> Hi Joe,
> 
> Yes here are the only logs that I am seeing here as of now (I will probably turn on DEBUG
levels to get more):
> 
> ***nifi-app.log***
> 2019-01-24 17:32:51,583 ERROR [main] org.apache.nifi.encrypt.StringEncryptor ********************************************************************************
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
         A blank sensitive properties key was provided                 *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
            Specify a unique key in nifi.properties                    *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                  for nifi.sensitive.props.key                         *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                                                                       *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
     The Encrypt Config Tool in NiFi Toolkit can be used to            *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                migrate the flow to the new key                        *
> 2019-01-24 17:32:51,586 ERROR [main] org.apache.nifi.encrypt.StringEncryptor ********************************************************************************
> 2019-01-24 17:32:53,283 ERROR [main] org.apache.nifi.encrypt.StringEncryptor ********************************************************************************
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
         A blank sensitive properties key was provided                 *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
            Specify a unique key in nifi.properties                    *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                  for nifi.sensitive.props.key                         *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                                                                       *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
     The Encrypt Config Tool in NiFi Toolkit can be used to            *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor *      
                migrate the flow to the new key                        *
> 2019-01-24 17:32:53,284 ERROR [main] org.apache.nifi.encrypt.StringEncryptor ********************************************************************************
> 2019-01-24 17:32:53,589 INFO [main] org.wali.MinimalLockingWriteAheadLog org.wali.MinimalLockingWriteAheadLog@7ee45cbe
finished recovering records. Performing Checkpoint to ensure proper state of Partitions before
updates
> 2019-01-24 17:32:53,667 INFO [main] org.wali.MinimalLockingWriteAheadLog Successfully
recovered 0 records in 81 milliseconds
> 2019-01-24 17:32:53,678 INFO [main] org.wali.MinimalLockingWriteAheadLog org.wali.MinimalLockingWriteAheadLog@7ee45cbe
checkpointed with 0 Records and 0 Swap Files in 10 milliseconds (Stop-the-world time = 3 milliseconds,
Clear Edit Logs time = 2 millis), max Transaction ID -1
> 2019-01-24 17:33:06,286 INFO [main] o.a.c.f.imps.CuratorFrameworkImpl Starting
> 2019-01-24 17:33:06,410 INFO [main-EventThread] o.a.c.f.state.ConnectionStateManager
State change: CONNECTED
> 2019-01-24 17:33:06,467 INFO [Curator-Framework-0] o.a.c.f.imps.CuratorFrameworkImpl
backgroundOperationsLoop exiting
> 2019-01-24 17:33:06,485 INFO [main] o.a.c.f.imps.CuratorFrameworkImpl Starting
> 2019-01-24 17:33:06,501 INFO [main-EventThread] o.a.c.f.state.ConnectionStateManager
State change: CONNECTED
> 
> ***nifi-bootstrap.log***
> 2019-01-24 17:33:08,476 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to
start web server: Unable to start Flow Controller.
> 2019-01-24 17:33:08,479 ERROR [NiFi logging handler] org.apache.nifi.StdErr Shutting
down...
> 
> 
> -Ryan H
> 
> On Thu, Jan 24, 2019 at 11:48 AM Joe Witt <joe.witt@gmail.com <mailto:joe.witt@gmail.com>>
wrote:
> ryan
> 
> right...i think you are facing something else.  We have locked down on some headers,
etc..  They are mentioned in the migration guide.
> 
> Can you share the logs from a full startup run?
> 
> thanks
> 
> On Thu, Jan 24, 2019, 11:21 AM Ryan H <ryan.howell.development@gmail.com <mailto:ryan.howell.development@gmail.com>
wrote:
> Hi Joe,
> 
> Thanks for the reply. Agreed on the secure setup and we will definitely look to add value(s)
for these properties. The issue we hit was that we weren't able to access the UI, and I was
thinking that this error was preventing this. You think that this error shouldn't block accessing
the canvas though?
> 
> -Ryan
> 
> On Thu, Jan 24, 2019 at 10:39 AM Joe Witt <joe.witt@gmail.com <mailto:joe.witt@gmail.com>>
wrote:
> Ryan,
> 
> That block of text that shows up in the log could arguably said "WARN" because the flow
will continue to function as it did before.
> 
> However, the reason it is an error is that you really should follow its advice and specifically
follow the secure nifi configuration guidance.
> 
> By not following that you have a setup which is not secure.
> 
> We're doing all we can as a community to move to 'secure by default' configurations which
will take time.  It requires improved tooling out of the box and we want the 'initial up and
running experience' to be as smooth as possible and similar to how it works now.
> 
> Anyway, hopefully that helps explain.
> 
> Thanks
> Joe
> 
> On Thu, Jan 24, 2019 at 10:11 AM Ryan H <ryan.howell.development@gmail.com <mailto:ryan.howell.development@gmail.com>>
wrote:
> Hi All,
> 
> We are currently in the process of upgrading from NiFi 1.5 to 1.8. After making the binary
changes and restarting the cluster (a secure cluster setup), we are getting the following
error:
> 
> ERROR [main] org.apache.nifi.encrypt.StringEncryptor *  A blank sensitive properties
key was provided Specify a unique key in nifi.properties for nifi.sensitive.props.key
> The Encrypt Config Tool in NiFi Toolkit can be used to migrate the flow to the new key.
> 
> We are using all the same config that was in the 1.5 setup, including a blank key for
nifi.sensitive.props.key which wasn't an issue before, but now it seems that it is. I didn't
see this as a known issue in any of the migration guides or release notes. Can anyone provide
any insight on this? Steps to remediate? Is the cause exactly what the error message says,
having a blank value for this config prop?
> 
> 
> Cheers,
> 
> Ryan H


Mime
View raw message