[jira] [Comment Edited] (NIFI-3098) Investigate possible issues with cluster flow synchronization when encryption key has been migrated multiple times

Mon, 28 Nov 2016 15:25:21 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-3098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15703478#comment-15703478
 ] 

Bryan Rosander edited comment on NIFI-3098 at 11/28/16 11:23 PM:
-----------------------------------------------------------------

Attaching shell script and flow file that are unable to reproduce issue.  They 
run through multiple invocations of the encrypt script and restart the cluster 
each time.  Usage is as follows:

./run.sh NUM_NODES NIFI_ZIP_ARCHIVE NIFI_TOOLKIT_ARCHIVE

Note: last comment is misleading script actually changes sensitive prop on all 
nodes.


was (Author: [email protected]):
Attaching shell script and flow file that are unable to reproduce issue.  They 
run through multiple invocations of the encrypt script and restart the cluster 
each time.  Usage is as follows:

./run.sh NUM_NODES NIFI_ZIP_ARCHIVE NIFI_TOOLKIT_ARCHIVE

> Investigate possible issues with cluster flow synchronization when encryption 
> key has been migrated multiple times
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-3098
>                 URL: https://issues.apache.org/jira/browse/NIFI-3098
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Tools and Build
>    Affects Versions: 1.1.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: cluster, encryption, migration, security
>         Attachments: flow.xml.gz, run.sh
>
>
> [~YolandaMDavis] encountered an issue when running a 3 node cluster and using 
> the {{encrypt-config.sh}} tool to migrate the {{nifi.sensitive.props.key}} 
> used to encrypt the {{flow.xml.gz}} contents *more than once*. Running the 
> tool once was fine and the cluster started up without any issue. Stopping the 
> cluster and running the tool again generated a {{pad block corrupted}} error, 
> which almost always indicates that the cipher text is being decrypted by the 
> wrong key. 
> She can offer more details, including the exact steps to reproduce, but I 
> wanted to capture this issue (much of it documented on [PR 
> 1261|https://github.com/apache/nifi/pull/1261]) for further investigation. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to