[
https://issues.apache.org/jira/browse/NIFI-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-10911.
-------------------------------------
Resolution: Information Provided
Thanks for the update [~john.wise], glad to hear that the issue has not come up
again recently.
Although the initial issue summary suggested the option to start NiFi, that
could introduce other unexpected behavior due to flows not working without the
required sensitive values.
The reference to Puppet configuration is interesting to note, particularly if
it could be changing values unexpectedly.
I will close this issue for now, but if it happens again and you can provide
any additional details on the steps to reproduce, feel free to reopen.
> NiFi fails to start due to (likely) corrupted encrypted value(s) in
> flow.xml.gz
> -------------------------------------------------------------------------------
>
> Key: NIFI-10911
> URL: https://issues.apache.org/jira/browse/NIFI-10911
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: John Wise
> Priority: Major
> Labels: decrypt, failure, startup
>
> Over the past 2-3 weeks, a couple of our clusters have failed to start due to
> a decryption failure. nifi-app.log displays
> "{{{}o.a.n.c.serialization.FlowFromDOMFactory There was a problem decrypting
> a sensitive flow configuration value. Check that the
> nifi.sensitive.props.key value in nifi.properties matches the value used to
> encrypt the flow.xml.gz file{}}}".
> In both cases, none of the encryption key values in {{bootstrap.conf}} and
> {{nifi.properties}} have changed. The issue appears to be that one, or more,
> of the "{{{}enc{}}}{}" values in flow.xml.gz have become corrupted. The
> issue doesn't present itself until a node is restarted, at which point, NiFi
> continually fails to start due to the service being configured to
> auto-restart.
> Ideally, rather than just failing to start, NiFi would still complete the
> startup & alert the user to any decryption issues, so that they can be fixed.
> Also, the log should indicate *which* configuration value(s) it failed to
> decrypt, to help narrow down where the issue is occurring.
> In the interim, I've been removing the "{{{}enc{}}}{}" values from the
> flowfile, which allows NiFi to restart & give us the opportunity to manually
> re-enter the removed values. It's not ideal, but it does allow us to get our
> nodes back online.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
