[ 
https://issues.apache.org/jira/browse/NIFI-7467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy LoPresto updated NIFI-7467:
--------------------------------
    Status: Patch Available  (was: In Progress)

> Improve S2S peer retrieval process
> ----------------------------------
>
>                 Key: NIFI-7467
>                 URL: https://issues.apache.org/jira/browse/NIFI-7467
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Security
>    Affects Versions: 1.11.4
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: cluster, peer, security, site-to-site, subjectAltName
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> During investigation for NIFI-7407, [~thenatog] and I discovered a scenario 
> where site to site peer retrieval was sub-optimal. Some of this was related 
> to hosting a secure cluster with multiple nodes on the same physical/virtual 
> server, introducing hostname and SAN resolution problems. In other instances, 
> the retrieval has a nested {{NullPointerException}}. 
> {code}
> 2020-05-14 18:44:39,140 INFO [Clustering Tasks Thread-2] 
> o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 
> 18:44:39,124 and sent to node3.nifi:11443 at 2020-05-14 18:44:39,140; send 
> took 15 millis
> 2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector Could not communicate with 
> node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, 
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> 
> doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector 
> org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote 
> Group's peers due to Unable to communicate with remote NiFi cluster in order 
> to determine which nodes exist in the remote cluster
> 2020-05-14 18:44:44,159 INFO [Clustering Tasks Thread-2] 
> o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 
> 18:44:44,146 and sent to node3.nifi:11443 at 2020-05-14 18:44:44,159; send 
> took 13 millis
> 2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] 
> o.apache.nifi.remote.client.PeerSelector Could not communicate with 
> node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, 
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> 
> doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] 
> o.apache.nifi.remote.client.PeerSelector 
> org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote 
> Group's peers due to Unable to communicate with remote NiFi cluster in order 
> to determine which nodes exist in the remote cluster
> 2020-05-14 18:44:46,791 INFO [Timer-Driven Process Thread-10] 
> o.a.nifi.remote.client.http.HttpClient Couldn't find a valid peer to 
> communicate with.
> 2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector Could not communicate with 
> node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, 
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> 
> doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector 
> org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote 
> Group's peers due to Unable to communicate with remote NiFi cluster in order 
> to determine which nodes exist in the remote cluster
> 2020-05-14 18:44:49,178 INFO [Clustering Tasks Thread-2] 
> o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 
> 18:44:49,164 and sent to node3.nifi:11443 at 2020-05-14 18:44:49,178; send 
> took 13 millis
> 2020-05-14 18:44:51,332 INFO [Timer-Driven Process Thread-6] 
> o.a.n.remote.StandardRemoteProcessGroup Successfully refreshed Flow Contents 
> for RemoteProcessGroup[https://node1.nifi:9441/nifi]; updated to reflect 1 
> Input Ports [InputPort[name=From Self, 
> targetId=15f64e5b-0172-1000-ffff-fffff134169a]] and 0 Output Ports 
> [OutputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]]
> 2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector Could not communicate with 
> node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, 
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> 
> doesn't match any of the subject alternative names: [node3.nifi]
> 2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] 
> o.apache.nifi.remote.client.PeerSelector 
> org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote 
> Group's peers due to Unable to communicate with remote NiFi cluster in order 
> to determine which nodes exist in the remote cluster
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to