Andy LoPresto created NIFI-7467:
-----------------------------------
Summary: Improve S2S peer retrieval process
Key: NIFI-7467
URL: https://issues.apache.org/jira/browse/NIFI-7467
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework, Security
Affects Versions: 1.11.4
Reporter: Andy LoPresto
Assignee: Andy LoPresto
During investigation for NIFI-7407, [~thenatog] and I discovered a scenario
where site to site peer retrieval was sub-optimal. Some of this was related to
hosting a secure cluster with multiple nodes on the same physical/virtual
server, introducing hostname and SAN resolution problems. In other instances,
the retrieval has a nested {{NullPointerException}}.
{code}
2020-05-14 18:44:39,140 INFO [Clustering Tasks Thread-2]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14
18:44:39,124 and sent to node3.nifi:11443 at 2020-05-14 18:44:39,140; send took
15 millis
2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster
2020-05-14 18:44:44,159 INFO [Clustering Tasks Thread-2]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14
18:44:44,146 and sent to node3.nifi:11443 at 2020-05-14 18:44:44,159; send took
13 millis
2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster
2020-05-14 18:44:46,791 INFO [Timer-Driven Process Thread-10]
o.a.nifi.remote.client.http.HttpClient Couldn't find a valid peer to
communicate with.
2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster
2020-05-14 18:44:49,178 INFO [Clustering Tasks Thread-2]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14
18:44:49,164 and sent to node3.nifi:11443 at 2020-05-14 18:44:49,178; send took
13 millis
2020-05-14 18:44:51,332 INFO [Timer-Driven Process Thread-6]
o.a.n.remote.StandardRemoteProcessGroup Successfully refreshed Flow Contents
for RemoteProcessGroup[https://node1.nifi:9441/nifi]; updated to reflect 1
Input Ports [InputPort[name=From Self,
targetId=15f64e5b-0172-1000-ffff-fffff134169a]] and 0 Output Ports
[OutputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]]
2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi>
doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
