devs,
I may be missing something but for some reason I am unable to use RAW
protocol in secure mode.
As par documentation I've set:
nifi.remote.input.host=node1.textbed.internal
nifi.remote.input.secure=true
nifi.remote.input.socket.port=54321
nifi.remote.input.http.enabled=false
nifi.remote.input.http.transaction.ttl=30 sec
I then add the RPG to canvas. Ports get detected.
However when I try to enable transmission the whole thing fails. Due to
timing and content I suspect the following messages are related:
2016-12-09 00:15:26,306 DEBUG [Site-to-Site Worker Thread-145]
o.a.n.r.p.s.SocketFlowFileServerProtocol
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
Got Request Type REQUEST_PEER_LIST from
Peer[url=nifi://producer.textbed.internal:35868]
2016-12-09 00:15:26,306 DEBUG [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener Request type from
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
is REQUEST_PEER_LIST
2016-12-09 00:15:26,308 INFO [Site-to-Site Worker Thread-145]
o.a.n.c.c.n.LeaderElectionNodeProtocolSender Determined that Cluster
Coordinator is located at node1.textbed.internal:1221; will use this
address for sending heartbeat messages
2016-12-09 00:15:26,450 ERROR [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener Unable to communicate with remote
instance Peer[url=nifi://producer.textbed.internal:35868]
(SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744])
due to java.lang.NullPointerException; closing connection
2016-12-09 00:15:26,456 ERROR [Site-to-Site Worker Thread-145]
o.a.nifi.remote.SocketRemoteSiteListener
java.lang.NullPointerException: null
at
org.apache.nifi.remote.SocketRemoteSiteListener$1$1.run(SocketRemoteSiteListener.java:280)
~[nifi-site-to-site-1.1.0.jar:1.1.0]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
2016-12-09 00:15:26,456 DEBUG [Site-to-Site Worker Thread-145]
o.a.n.r.p.s.SocketFlowFileServerProtocol
SocketFlowFileServerProtocol[CommsID=6f1db517-7094-4500-9ad9-b511b6494744]
Shutting down with Peer[url=nifi://producer.textbed.internal:35868]
2016-12-09 00:15:28,591 INFO [Clustering Tasks Thread-3]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2016-12-09
00:15:28,483 and sent to node2.textbed.internal:1221 at 2016-12-09
00:15:28,591; send took 108 millis
2016-12-09 00:15:29,573 WARN [NiFi Web Server-280]
org.eclipse.jetty.http.HttpParser Illegal character 0x0 in state=METHOD for
buffer
HeapByteBuffer@5c3ed51[p=5,l=32,c=17408,r=27]={NiFi\x00<<<\x16SocketFlowFileProtocol\x00\x00\x00\x06>>>1.1\r\nAccept:
appl...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
On the client side (I am using MiNiFi as it is faster to debug) I can see
(with debugging enabled):
2016-12-09 00:17:23,664 DEBUG [NiFi Site-to-Site Connection Pool
Maintenance] o.apache.nifi.remote.client.PeerSelector
java.io.IOException: Unable to communicate with remote NiFi cluster in
order to determine which nodes exist in the remote cluster
at
org.apache.nifi.remote.client.PeerSelector.fetchRemotePeerStatuses(PeerSelector.java:392)
at
org.apache.nifi.remote.client.PeerSelector.refreshPeers(PeerSelector.java:346)
at
org.apache.nifi.remote.client.socket.EndpointConnectionPool$2.run(EndpointConnectionPool.java:127)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Suppressed: java.io.IOException: Channel is closed
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.read(SSLSocketChannel.java:573)
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannelInputStream.read(SSLSocketChannelInputStream.java:46)
at
org.apache.nifi.stream.io.ByteCountingInputStream.read(ByteCountingInputStream.java:51)
at
org.apache.nifi.stream.io.BufferedInputStream.fill(BufferedInputStream.java:206)
at
org.apache.nifi.stream.io.BufferedInputStream.read(BufferedInputStream.java:227)
at java.io.DataInputStream.readInt(DataInputStream.java:387)
at
org.apache.nifi.remote.protocol.socket.SocketClientProtocol.getPeerStatuses(SocketClientProtocol.java:225)
at
org.apache.nifi.remote.client.socket.EndpointConnectionPool.fetchRemotePeerStatuses(EndpointConnectionPool.java:404)
at
org.apache.nifi.remote.client.PeerSelector.fetchRemotePeerStatuses(PeerSelector.java:379)
... 9 common frames omitted
I have run openssl s_client and the TLS connection itself seems to proceed
New, TLSv1/SSLv3, Cipher ...
Verify return code: 0 (ok)
---
GET / HTTP/1.0
...
Note about the HTTP request.
This is on purpose:
Since I know HTTP S2S works, I tried it by entering into what should be a
violation of the protocol and it seems to work:
2016-12-08 23:01:28,142 ERROR [Site-to-Site Worker Thread-297]
o.a.nifi.remote.SocketRemoteSiteListener Unable to communicate with remote
instance null due to org.apache.nifi.remote.exception.HandshakeException:
Handshake with nifi://producer.testbed.internal:12345 failed because the
Magic Header was not present; closing connection
I noticed from the trace above that a NPE happens when
SocketRemoteSiteListener makes a call to
https://github.com/apache/nifi/blob/master/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java#L412
public Integer getRemoteInputHttpPort() {
if (!isSiteToSiteHttpEnabled()) {
return null;
}
Is this expected?
