The instructions by Pierre that I mentioned were linked at the bottom of my email as [1] (for 1.1.0) and [2] (for 1.0.0).
Changing the ZK connect strings was just to isolate the issue during debugging. You should not have to make that change now. The error you listed is incomplete and I need more information (preferably a full stacktrace) to debug it. I don’t know if it’s a true SSL/TLS error or if it’s an authorization error because you didn’t add the CN of each server as an authorized user in the users.xml and authorizations.xml. Please provide the complete output of logs/nifi-app.log and logs/nifi-user.log as well as conf/users.xml and conf/authorizations.xml. [1] https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/ <https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/> [2] https://pierrevillard.com/2016/08/13/apache-nifi-1-0-0-cluster-setup/ <https://pierrevillard.com/2016/08/13/apache-nifi-1-0-0-cluster-setup/> Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jan 23, 2017, at 4:14 AM, bmichaud <[email protected]> wrote: > > Andy LoPresto-2 wrote >> Is your deployment secured with certificates or running in plaintext? >> Pierre Villiard has written step-by-step instructions for a secured >> cluster on 1.1.0 [1] and default cluster on 1.0.0 [2]. I don’t believe >> anything changed in the configuration of ZK between 1.0.0 and 1.1.1. > > certificates. Where are these instructions? in the admin part of the manual, > because I followed those instructions back when we went to 1.0.0. > > > Andy LoPresto-2 wrote >> Which of these nodes (none, 1, 2, all?) are running embedded ZooKeeper >> nodes? If it’s more than one, you’ll need to set the ZK myid value (see >> [2] for instructions). > > All nodes run Zookeeper. I had already set the myid values. > > > Andy LoPresto-2 wrote >> I’ve included the relevant sections of my last cluster configs. > > thanks > > > Andy LoPresto-2 wrote >> Note that while the nifi.cluster.node.address in each nifi.properties must >> be the name of the server running it, the nifi.zookeeper.connect.string >> should be the embedded ZK host. > > I have the connect string pointing to all three, but I tried this change and > got the same result as before. Then I checked the zookeeper.properties files > and found that they had not been configured by my configuration script. Now > the configurations have all three zookeeper servers as I had before. The > servers are all clustered, but I am getting an SSL error (see below) > > Do you recommend I still make this change? Do I also need to change the > zookeeper.properties to only include the local node address? > > > Andy LoPresto-2 wrote >> You could also try changing your nifi.zookeeper.connect.string to just >> point to one instance of ZK and see if that works (no, this is not normal, >> but AIOOBE usually means something’s not getting parsed correctly). > > So all three nodes' nifi.properties file points to the same Zookeeper, even > though all three servers have a zookeeper running? Does this instruction > contradict the one just above? > > > Andy LoPresto-2 wrote >> Hope this helps. Please let us know what results you achieve or if you >> have further questions. > > Thanks it did, because it forced me to check all the files and see that my > zookeeper.properties was not configured in my script to include node > addresses. > > Now I am getting another error. The certificate I have has over twenty > servers in it, and it is apparently not trusted. Its CN is named for a > server that is not even in this cluster I am upgrading now. Should I create > a new issue? > > Error > Untrusted proxy CN=server15, O=My Company Inc., L=Main, ST=State, C=US > Untrusted proxy CN=server15, O=My Company Inc., L=Main, ST=State, C=US > > > > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-1-1-1-can-t-start-as-a-cluster-OverlappingFileLockException-tp14486p14494.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
