Re: [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Scott Aslan]

Congrats!

On Tue, Jun 5, 2018 at 9:28 PM, Andrew Psaltis 
wrote:

> Congratulations Sivaprasanna!
>
> On Tue, Jun 5, 2018 at 12:25 PM, Pierre Villard <
> pierre.villard...@gmail.com
> > wrote:
>
> > Congrats, well deserved!
> >
> > 2018-06-05 18:14 GMT+02:00 Mike Thomsen :
> >
> > > Congratulations, Sivaprasanna!
> > >
> > > On Tue, Jun 5, 2018 at 10:22 AM Bryan Bende  wrote:
> > >
> > > > Congrats! and thank you for your contributions to the NiFi community.
> > > >
> > > > On Tue, Jun 5, 2018 at 10:16 AM, Kevin Doran 
> > wrote:
> > > > > Congrats, Sivaprasanna!
> > > > >
> > > > > On 6/5/18, 10:09, "Tony Kurc"  wrote:
> > > > >
> > > > > On behalf of the Apache NiFI PMC, I am very pleased to announce
> > > that
> > > > > Sivaprasanna has accepted the PMC's invitation to become a
> > > committer
> > > > on the
> > > > > Apache NiFi project. We greatly appreciate all of
> Sivaprasanna's
> > > > hard work
> > > > > and generous contributions to the project. We look forward to
> > > > continued
> > > > >  involvement in the project.
> > > > >
> > > > > Sivaprasanna has been working with the community on the mailing
> > > > lists, and
> > > > > has a big mix of code and feature contributions to include
> > features
> > > > and
> > > > > improvements to cloud service integrations like Azure, AWS, and
> > > > Google
> > > > > Cloud.
> > > > >
> > > > > Welcome and congratulations!
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>

Re: [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Andrew Psaltis]

Congratulations Sivaprasanna!

On Tue, Jun 5, 2018 at 12:25 PM, Pierre Villard  wrote:

> Congrats, well deserved!
>
> 2018-06-05 18:14 GMT+02:00 Mike Thomsen :
>
> > Congratulations, Sivaprasanna!
> >
> > On Tue, Jun 5, 2018 at 10:22 AM Bryan Bende  wrote:
> >
> > > Congrats! and thank you for your contributions to the NiFi community.
> > >
> > > On Tue, Jun 5, 2018 at 10:16 AM, Kevin Doran 
> wrote:
> > > > Congrats, Sivaprasanna!
> > > >
> > > > On 6/5/18, 10:09, "Tony Kurc"  wrote:
> > > >
> > > > On behalf of the Apache NiFI PMC, I am very pleased to announce
> > that
> > > > Sivaprasanna has accepted the PMC's invitation to become a
> > committer
> > > on the
> > > > Apache NiFi project. We greatly appreciate all of Sivaprasanna's
> > > hard work
> > > > and generous contributions to the project. We look forward to
> > > continued
> > > >  involvement in the project.
> > > >
> > > > Sivaprasanna has been working with the community on the mailing
> > > lists, and
> > > > has a big mix of code and feature contributions to include
> features
> > > and
> > > > improvements to cloud service integrations like Azure, AWS, and
> > > Google
> > > > Cloud.
> > > >
> > > > Welcome and congratulations!
> > > >
> > > >
> > > >
> > >
> >
>

Restrict WebUI Access based on IP

[Ruben Barrios]

Hello NiFi team,

My name is Ruben, I'm working with NiFi 1.6.0 in Stand Alone mode.

I have a question about WebUI access, it's possible to block incoming
connections to 8080 port based on specific IP's or a Subnet?

For Example:
  Dev team is on IPs 172.0.1.5 to 172.0.1.10,
  Testing team is on 172.0.1.11 to 172.0.1.20

Is any option to allow access only to IPs from Dev Team?

Thank you!

Rubén Barrios

Re: [DISCUSS] Release candidate timeframe for Apache NiFi 1.7.0

[Andy LoPresto]

To add to that, I plan to cut the release candidate on 6/12 (one week from 
today). Issues that are successfully merged to master at that time will be 
included. Thanks. 

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 5, 2018, at 13:40, Andy LoPresto  wrote:
> 
> As a reminder to the community, please only set a fix version once the commit 
> has been merged. The only exception to this is blocker issues which prevent 
> the release. As we have a frequent release cadence, any item that is not 
> included in this release can go in the next. Thank you. 
> 
> Andy LoPresto
> alopre...@apache.org
> alopresto.apa...@gmail.com
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
> 
>> On Jun 5, 2018, at 13:07, Mark Bean  wrote:
>> 
>> I updated NIFI-4907 to have a fix version of 1.7.0.
>> 
>> -Mark
>> 
>> 
>>> On Tue, Jun 5, 2018 at 3:09 PM, Andy LoPresto  wrote:
>>> 
>>> Sending out an update. I am using the following search query to take a
>>> look at what is still outstanding for 1.7.0. Currently I have visibility on
>>> the following issues:
>>> 
>>> project = "Apache NiFi" AND (fixVersion = "1.7.0" OR (status = "Patch
>>> Available" AND updated > '2018-05-28')) AND status in (Open, "In Progress",
>>> "Reopened", "Patch Available")
>>> 
>>> Patch Available (i.e. committers, please review these):
>>> * NIFI-5241 When calculating stats for components, use synchronized
>>> methods instead of atomic variables — Mark Payne
>>> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
>>> closed — Mark Payne
>>> * NIFI-5209 Remove toolkit migration without password functionality — Andy
>>> LoPresto
>>> * NIFI-5166 Create deep learning classification and regression processor —
>>> Mans Singh (Marked as In Progress but there is a PR with some comments)
>>> * NIFI-5226 Implement a Record API based PutInfluxDB processor —
>>> Unassigned (Marked as Open but there is a PR with some comments)
>>> * NIFI-5102 MarkLogic DB Processors — Unassigned (Marked as Open but there
>>> is a PR with some comments)
>>> * NIFI-5268 JoltTransformJSON specification property fails with EL — Koji
>>> Kawamura
>>> * NIFI-5266 PutElasticsearchHttp processors should sanitize parameters —
>>> Matt Burgess
>>> * NIFI-5263 Address auditing of Controller Service Referencing Components
>>> — Matt Gilman
>>> * NIFI-5260 Regression in nifi-processor-bundle-archetype — Bryan Bende
>>> * NIFI-5257 Expand Couchbase Server integration as a cache storage — Koji
>>> Kawamura
>>> * NIFI-5237 Wrong redirect from login behind a context path when using
>>> OpenID authentication — Matt Gilman
>>> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
>>> closed — Mark Payne
>>> * NIFI-5192 Allow expression language in ‘Schema File’ property for
>>> ValidateXML processor — Unassigned
>>> * NIFI-5059 MongoDBLookupService should be able to determine a schema or
>>> have one provided — Mike Thomsen
>>> * NIFI-5054 NiFi Couchbase Processors do not support User Authentication —
>>> Koji Kawamura
>>> * NIFI-5022 Create an AWS Gateway Web API version of InvokeHTTP — Otto
>>> Fowler
>>> * NIFI-4930 Nar-Dependency-Version - timestamped snapshot version problem
>>> — Bryan Bende
>>> * NIFI-1321 Support appending files in PutFile — Unassigned
>>> 
>>> Reopened (i.e. Jeff, Mike, what do you need from the community to get
>>> these in?):
>>> * NIFI-5145 MockPropertyValue.evaluateExpressionLanguage(FlowFile) cannot
>>> handle null inputs — Mike Thomsen
>>> * NIFI-5175 NiFi built with Java 1.8 needs to run on Java 1.9 — Jeff Storck
>>> 
>>> Open (i.e. can someone please do an s/2017/2018/ on the docs?):
>>> * NIFI-5106 Update docs to reflect 2018 where applicable — Aldrin Piri
>>> 
>>> If anyone has other work that they are in the process of doing, please
>>> reply here and update the Jira appropriately. I’ll send out another summary
>>> on Friday. Thanks.
>>> 
>>> Andy LoPresto
>>> alopre...@apache.org
>>> *alopresto.apa...@gmail.com *
>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>>> 
>>> On Jun 1, 2018, at 10:28 AM, Andy LoPresto  wrote:
>>> 
>>> Hi folks,
>>> 
>>> It’s been a little bit since 1.6.0 was released, and there have been a ton
>>> of new features and bug fixes that have made it in to master. With all this
>>> great work, I think it’s a good time to consider the next release. I
>>> volunteer to RM for this one.
>>> 
>>> I’m thinking the next couple weeks are a good timeframe, and I wanted to
>>> put this out there early so anyone who is working on something they want in
>>> can be aware of the approaching release and communicate on the list to keep
>>> everyone apprised. Thanks for all your hard work.
>>> 
>>> Andy LoPresto
>>> alopre...@apache.org
>>> *alopresto.apa...@gmail.com *
>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>>> 
>>> 
>>> 

Re: [DISCUSS] Release candidate timeframe for Apache NiFi 1.7.0

[Andy LoPresto]

As a reminder to the community, please only set a fix version once the commit 
has been merged. The only exception to this is blocker issues which prevent the 
release. As we have a frequent release cadence, any item that is not included 
in this release can go in the next. Thank you. 

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 5, 2018, at 13:07, Mark Bean  wrote:
> 
> I updated NIFI-4907 to have a fix version of 1.7.0.
> 
> -Mark
> 
> 
>> On Tue, Jun 5, 2018 at 3:09 PM, Andy LoPresto  wrote:
>> 
>> Sending out an update. I am using the following search query to take a
>> look at what is still outstanding for 1.7.0. Currently I have visibility on
>> the following issues:
>> 
>> project = "Apache NiFi" AND (fixVersion = "1.7.0" OR (status = "Patch
>> Available" AND updated > '2018-05-28')) AND status in (Open, "In Progress",
>> "Reopened", "Patch Available")
>> 
>> Patch Available (i.e. committers, please review these):
>> * NIFI-5241 When calculating stats for components, use synchronized
>> methods instead of atomic variables — Mark Payne
>> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
>> closed — Mark Payne
>> * NIFI-5209 Remove toolkit migration without password functionality — Andy
>> LoPresto
>> * NIFI-5166 Create deep learning classification and regression processor —
>> Mans Singh (Marked as In Progress but there is a PR with some comments)
>> * NIFI-5226 Implement a Record API based PutInfluxDB processor —
>> Unassigned (Marked as Open but there is a PR with some comments)
>> * NIFI-5102 MarkLogic DB Processors — Unassigned (Marked as Open but there
>> is a PR with some comments)
>> * NIFI-5268 JoltTransformJSON specification property fails with EL — Koji
>> Kawamura
>> * NIFI-5266 PutElasticsearchHttp processors should sanitize parameters —
>> Matt Burgess
>> * NIFI-5263 Address auditing of Controller Service Referencing Components
>> — Matt Gilman
>> * NIFI-5260 Regression in nifi-processor-bundle-archetype — Bryan Bende
>> * NIFI-5257 Expand Couchbase Server integration as a cache storage — Koji
>> Kawamura
>> * NIFI-5237 Wrong redirect from login behind a context path when using
>> OpenID authentication — Matt Gilman
>> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
>> closed — Mark Payne
>> * NIFI-5192 Allow expression language in ‘Schema File’ property for
>> ValidateXML processor — Unassigned
>> * NIFI-5059 MongoDBLookupService should be able to determine a schema or
>> have one provided — Mike Thomsen
>> * NIFI-5054 NiFi Couchbase Processors do not support User Authentication —
>> Koji Kawamura
>> * NIFI-5022 Create an AWS Gateway Web API version of InvokeHTTP — Otto
>> Fowler
>> * NIFI-4930 Nar-Dependency-Version - timestamped snapshot version problem
>> — Bryan Bende
>> * NIFI-1321 Support appending files in PutFile — Unassigned
>> 
>> Reopened (i.e. Jeff, Mike, what do you need from the community to get
>> these in?):
>> * NIFI-5145 MockPropertyValue.evaluateExpressionLanguage(FlowFile) cannot
>> handle null inputs — Mike Thomsen
>> * NIFI-5175 NiFi built with Java 1.8 needs to run on Java 1.9 — Jeff Storck
>> 
>> Open (i.e. can someone please do an s/2017/2018/ on the docs?):
>> * NIFI-5106 Update docs to reflect 2018 where applicable — Aldrin Piri
>> 
>> If anyone has other work that they are in the process of doing, please
>> reply here and update the Jira appropriately. I’ll send out another summary
>> on Friday. Thanks.
>> 
>> Andy LoPresto
>> alopre...@apache.org
>> *alopresto.apa...@gmail.com *
>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>> 
>> On Jun 1, 2018, at 10:28 AM, Andy LoPresto  wrote:
>> 
>> Hi folks,
>> 
>> It’s been a little bit since 1.6.0 was released, and there have been a ton
>> of new features and bug fixes that have made it in to master. With all this
>> great work, I think it’s a good time to consider the next release. I
>> volunteer to RM for this one.
>> 
>> I’m thinking the next couple weeks are a good timeframe, and I wanted to
>> put this out there early so anyone who is working on something they want in
>> can be aware of the approaching release and communicate on the list to keep
>> everyone apprised. Thanks for all your hard work.
>> 
>> Andy LoPresto
>> alopre...@apache.org
>> *alopresto.apa...@gmail.com *
>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>> 
>> 
>> 

Re: [DISCUSS] Release candidate timeframe for Apache NiFi 1.7.0

[Mark Bean]

I updated NIFI-4907 to have a fix version of 1.7.0.

-Mark


On Tue, Jun 5, 2018 at 3:09 PM, Andy LoPresto  wrote:

> Sending out an update. I am using the following search query to take a
> look at what is still outstanding for 1.7.0. Currently I have visibility on
> the following issues:
>
> project = "Apache NiFi" AND (fixVersion = "1.7.0" OR (status = "Patch
> Available" AND updated > '2018-05-28')) AND status in (Open, "In Progress",
> "Reopened", "Patch Available")
>
> Patch Available (i.e. committers, please review these):
> * NIFI-5241 When calculating stats for components, use synchronized
> methods instead of atomic variables — Mark Payne
> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
> closed — Mark Payne
> * NIFI-5209 Remove toolkit migration without password functionality — Andy
> LoPresto
> * NIFI-5166 Create deep learning classification and regression processor —
> Mans Singh (Marked as In Progress but there is a PR with some comments)
> * NIFI-5226 Implement a Record API based PutInfluxDB processor —
> Unassigned (Marked as Open but there is a PR with some comments)
> * NIFI-5102 MarkLogic DB Processors — Unassigned (Marked as Open but there
> is a PR with some comments)
> * NIFI-5268 JoltTransformJSON specification property fails with EL — Koji
> Kawamura
> * NIFI-5266 PutElasticsearchHttp processors should sanitize parameters —
> Matt Burgess
> * NIFI-5263 Address auditing of Controller Service Referencing Components
> — Matt Gilman
> * NIFI-5260 Regression in nifi-processor-bundle-archetype — Bryan Bende
> * NIFI-5257 Expand Couchbase Server integration as a cache storage — Koji
> Kawamura
> * NIFI-5237 Wrong redirect from login behind a context path when using
> OpenID authentication — Matt Gilman
> * NIFI-5200 Nested ProcessSession.read resulting in outer stream being
> closed — Mark Payne
> * NIFI-5192 Allow expression language in ‘Schema File’ property for
> ValidateXML processor — Unassigned
> * NIFI-5059 MongoDBLookupService should be able to determine a schema or
> have one provided — Mike Thomsen
> * NIFI-5054 NiFi Couchbase Processors do not support User Authentication —
> Koji Kawamura
> * NIFI-5022 Create an AWS Gateway Web API version of InvokeHTTP — Otto
> Fowler
> * NIFI-4930 Nar-Dependency-Version - timestamped snapshot version problem
> — Bryan Bende
> * NIFI-1321 Support appending files in PutFile — Unassigned
>
> Reopened (i.e. Jeff, Mike, what do you need from the community to get
> these in?):
> * NIFI-5145 MockPropertyValue.evaluateExpressionLanguage(FlowFile) cannot
> handle null inputs — Mike Thomsen
> * NIFI-5175 NiFi built with Java 1.8 needs to run on Java 1.9 — Jeff Storck
>
> Open (i.e. can someone please do an s/2017/2018/ on the docs?):
> * NIFI-5106 Update docs to reflect 2018 where applicable — Aldrin Piri
>
> If anyone has other work that they are in the process of doing, please
> reply here and update the Jira appropriately. I’ll send out another summary
> on Friday. Thanks.
>
> Andy LoPresto
> alopre...@apache.org
> *alopresto.apa...@gmail.com *
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>
> On Jun 1, 2018, at 10:28 AM, Andy LoPresto  wrote:
>
> Hi folks,
>
> It’s been a little bit since 1.6.0 was released, and there have been a ton
> of new features and bug fixes that have made it in to master. With all this
> great work, I think it’s a good time to consider the next release. I
> volunteer to RM for this one.
>
> I’m thinking the next couple weeks are a good timeframe, and I wanted to
> put this out there early so anyone who is working on something they want in
> can be aware of the approaching release and communicate on the list to keep
> everyone apprised. Thanks for all your hard work.
>
> Andy LoPresto
> alopre...@apache.org
> *alopresto.apa...@gmail.com *
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>
>
>

Re: [DISCUSS] Release candidate timeframe for Apache NiFi 1.7.0

[Andy LoPresto]

Sending out an update. I am using the following search query to take a look at 
what is still outstanding for 1.7.0. Currently I have visibility on the 
following issues:

project = "Apache NiFi" AND (fixVersion = "1.7.0" OR (status = "Patch 
Available" AND updated > '2018-05-28')) AND status in (Open, "In Progress", 
"Reopened", "Patch Available")

Patch Available (i.e. committers, please review these):
* NIFI-5241 When calculating stats for components, use synchronized methods 
instead of atomic variables — Mark Payne
* NIFI-5200 Nested ProcessSession.read resulting in outer stream being closed — 
Mark Payne
* NIFI-5209 Remove toolkit migration without password functionality — Andy 
LoPresto
* NIFI-5166 Create deep learning classification and regression processor — Mans 
Singh (Marked as In Progress but there is a PR with some comments)
* NIFI-5226 Implement a Record API based PutInfluxDB processor — Unassigned 
(Marked as Open but there is a PR with some comments)
* NIFI-5102 MarkLogic DB Processors — Unassigned (Marked as Open but there is a 
PR with some comments)
* NIFI-5268 JoltTransformJSON specification property fails with EL — Koji 
Kawamura
* NIFI-5266 PutElasticsearchHttp processors should sanitize parameters — Matt 
Burgess
* NIFI-5263 Address auditing of Controller Service Referencing Components — 
Matt Gilman
* NIFI-5260 Regression in nifi-processor-bundle-archetype — Bryan Bende
* NIFI-5257 Expand Couchbase Server integration as a cache storage — Koji 
Kawamura
* NIFI-5237 Wrong redirect from login behind a context path when using OpenID 
authentication — Matt Gilman
* NIFI-5200 Nested ProcessSession.read resulting in outer stream being closed — 
Mark Payne
* NIFI-5192 Allow expression language in ‘Schema File’ property for ValidateXML 
processor — Unassigned
* NIFI-5059 MongoDBLookupService should be able to determine a schema or have 
one provided — Mike Thomsen
* NIFI-5054 NiFi Couchbase Processors do not support User Authentication — Koji 
Kawamura
* NIFI-5022 Create an AWS Gateway Web API version of InvokeHTTP — Otto Fowler
* NIFI-4930 Nar-Dependency-Version - timestamped snapshot version problem — 
Bryan Bende
* NIFI-1321 Support appending files in PutFile — Unassigned

Reopened (i.e. Jeff, Mike, what do you need from the community to get these 
in?):
* NIFI-5145 MockPropertyValue.evaluateExpressionLanguage(FlowFile) cannot 
handle null inputs — Mike Thomsen
* NIFI-5175 NiFi built with Java 1.8 needs to run on Java 1.9 — Jeff Storck

Open (i.e. can someone please do an s/2017/2018/ on the docs?):
* NIFI-5106 Update docs to reflect 2018 where applicable — Aldrin Piri

If anyone has other work that they are in the process of doing, please reply 
here and update the Jira appropriately. I’ll send out another summary on 
Friday. Thanks.

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 1, 2018, at 10:28 AM, Andy LoPresto  wrote:
> 
> Hi folks,
> 
> It’s been a little bit since 1.6.0 was released, and there have been a ton of 
> new features and bug fixes that have made it in to master. With all this 
> great work, I think it’s a good time to consider the next release. I 
> volunteer to RM for this one.
> 
> I’m thinking the next couple weeks are a good timeframe, and I wanted to put 
> this out there early so anyone who is working on something they want in can 
> be aware of the approaching release and communicate on the list to keep 
> everyone apprised. Thanks for all your hard work.
> 
> Andy LoPresto
> alopre...@apache.org 
> alopresto.apa...@gmail.com 
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Issue securing nifi with ca-server.

[Andy LoPresto]

Henk,

I understand if you don’t want to share the value of your CA hostname, but can 
you please double check that it doesn’t contain any spaces or other characters 
that would need to be escaped? Using double quotes is usually recommended for 
these arguments, especially as the single quotes are only wrapping the internal 
shell command to be executed as the “linux-user”. I see in your original client 
log output that it appears to be successful in parsing, but it doesn’t hurt to 
be sure.

Frustrating though it may be, I would recommend enabling remote debugging on 
the toolkit server application and putting a breakpoint at 
TlsCertificateAuthorityServiceHandler.java line 99 where you can catch the 
actual exception that is being thrown and examine it. Once we have more 
information (or we have sufficient input & scenario such that we can reproduce 
this issue locally), we can open a Jira to improve the error handling here. 
Sorry the tool is not more helpful.

To enable remote debugging:

Modify tis-toolkit.sh line 114 to look like the following:

exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} 
-agentlib:jdwp=transport=dt_socket,server=y,address=8000,suspend=y 
org.apache.nifi.toolkit.tls.TlsToolkitMain "$@"

That will pause the running application until you can start debugging in your 
IDE, and then you can resume operation on the shell.

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 5, 2018, at 9:39 AM, Henk Reder  wrote:
> 
> Hey Peter!
> 
> in response to this
> 
> .
> 
> Thanks for being quick on your response. I added that -c 
> parameter to the CA server setup, same issue occurs.
> That "&" is actually an artifact of linux, it just means "run whatever this
> line is on its own thread." I verified that it wasn't polluting the
> arguments.
> I also removed the --dn option from the server configuration and the issue
> was consistent, response is still a 500.
> 
> I'm thinking a rollback to 1.5.0 should fix this, but it would appear that
> whatever changes happened in the transition between versions broke that
> existing configuration.
> 
> Any additional ideas or should I go ahead and roll it back?
> 
> Thanks again,
> Henk
> 
> 
> On Mon, Jun 4, 2018 at 8:34 PM, Henk Reder  wrote:
> 
>> Hello!
>> 
>> My names Henk. I'm a web developer working on getting a nifi instance
>> setup for some integrations.
>> 
>> Long story short, I setup this nifi deployment configuration back when
>> 1.5.0 was the latest version. Now that its 1.6.0 everything works!
>> ...except one thing.
>> 
>> I'm currently using tls-toolkit to setup each nodes identity in the
>> cluster. In order to do this, I've followed the guidelines from this post
>> 
>>  back
>> from 2016. heres a brief overview of my previously working configuration.
>> 
>> *CA serverside:*
>> 
>> 
>> 
>> runuser -l  -c '/home/nifica/bin/tls-toolkit.sh server -t
>>  -D CN=,OU=NIFI&'
>> 
>> *Nifi-client side:*
>> 
>> 
>> 
>> ./nifi-toolkit/bin/tls-toolkit.sh client -c  -t
>>  --subjectAlternativeNames ',' -D
>> 'CN=,OU=NIFI' -T PKCS12
>> 
>> I expect the actual certs and json config to comeback after the call to
>> the tls-toolkit server. I can verify the request is going through but I get
>> these obtuse messages that tell me very little.
>> 
>> 
>> 
>> *Nifi-client side: *
>> 2018/06/05 00:23:43 INFO [main] org.apache.nifi.toolkit.tls.
>> service.client.TlsCertificateAuthorityClient: Requesting new certificate
>> from :8443
>> 2018/06/05 00:23:44 INFO [main] org.apache.nifi.toolkit.tls.
>> service.client.TlsCertificateSigningRequestPerformer: Requesting
>> certificate with dn CN=,OU=NIFI from :8443
>> Service client error: Received response code 500 with payload
>> 
>> *CA serverside: *
>> 
>> 2018/06/04 22:55:50 WARN [qtp1108924067-13] 
>> org.eclipse.jetty.server.HttpChannel:
>> /
>> javax.servlet.ServletException: Server error
>>at org.apache.nifi.toolkit.tls.service.server.
>> TlsCertificateAuthorityServiceHandler.handle(
>> TlsCertificateAuthorityServiceHandler.java:99)
>>at org.eclipse.jetty.server.handler.HandlerWrapper.handle(
>> HandlerWrapper.java:132)
>>at org.eclipse.jetty.server.Server.handle(Server.java:564)
>>at org.eclipse.jetty.server.HttpChannel.handle(
>> HttpChannel.java:369)
>>at org.eclipse.jetty.server.HttpConnection.onFillable(
>> HttpConnection.java:251)
>>at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
>> AbstractConnection.java:279)
>>at org.eclipse.jetty.io.FillInterest.fillable(
>> FillInterest.java:110)
>>at org.eclipse.jetty.io.ssl.SslConnection.onFillable(
>> SslConnection.java:258)
>>at 

Re: [EXT] Re: URL configuration for the remote process group in Nifi 1.3

[Paresh Shah]

Mark,

Wanted to make sure you did see my response. Looking forward to yours.

Thanks
Paresh

On 6/4/18, 10:24 AM, "Paresh Shah"  wrote:

Mark

Want some more clarity. Let me see if I understand this. Just to be clear 
we are using RPG purely for load balancing on the same cluster.

Step 1: When it initially connects to Node1, it would fetch all the cluster 
details i.e it would know all the nodes that exist in my cluster which are
Node1
Node2
Node3

Question: Where is this information persisted and does it resolve this 
every time there are flow files sent to the RPG( remote process group ). 

Step 2: Now when Node1 goes down it would try to establish communication 
with one of the following nodes which it had retrieved and stored initially or 
as a background task.
Node2
Node3

Question: Does this update the persisted information in Step1. Is there any 
way to update the actual URL for the RPG. Basically we do not want every 
incoming flow file on the RPG to end up selecting the target node. 

Thanks
Paresh

On 6/3/18, 9:09 AM, "Mark Payne"  wrote:

Paresh,

When NiFi establishes a connection to the remote instance, it will 
request information from the remote instance about all nodes in the cluster. It 
then persists this information in case nifi is restarted. So whichever node you 
use in your URL is only important for the initial connection. Additionally, 
NiFi will periodically reach out to the remote nifi instances to determine 
which nodes are in the cluster, in case nodes are added to or removed from the 
cluster.

Does that all make sense?

Thanks
-Mark

Sent from my iPhone

> On Jun 3, 2018, at 11:15 AM, Paresh Shah  
wrote:
> 
> I have a cluster with 3 nodes. We are using RPG for load balancing
> 
> Node1 ( primary and cluster coordinator ).
> Node2
> Node3
> 
> When configuring the RPG is use Node1 as the target URL. My question 
is what happens to this RPG when the Node1 goes down or is offline. At this 
point how does the RPG keep functioning, since we cannot update the URL once 
its created.
> 
> Thanks
> Paresh
> 

Re: Issue securing nifi with ca-server.

[Henk Reder]

Hey Peter!

in response to this

.

Thanks for being quick on your response. I added that -c 
parameter to the CA server setup, same issue occurs.
That "&" is actually an artifact of linux, it just means "run whatever this
line is on its own thread." I verified that it wasn't polluting the
arguments.
I also removed the --dn option from the server configuration and the issue
was consistent, response is still a 500.

I'm thinking a rollback to 1.5.0 should fix this, but it would appear that
whatever changes happened in the transition between versions broke that
existing configuration.

Any additional ideas or should I go ahead and roll it back?

Thanks again,
Henk


On Mon, Jun 4, 2018 at 8:34 PM, Henk Reder  wrote:

> Hello!
>
> My names Henk. I'm a web developer working on getting a nifi instance
> setup for some integrations.
>
> Long story short, I setup this nifi deployment configuration back when
> 1.5.0 was the latest version. Now that its 1.6.0 everything works!
> ...except one thing.
>
> I'm currently using tls-toolkit to setup each nodes identity in the
> cluster. In order to do this, I've followed the guidelines from this post
> 
>  back
> from 2016. heres a brief overview of my previously working configuration.
>
> *CA serverside:*
>
> 
> 
> runuser -l  -c '/home/nifica/bin/tls-toolkit.sh server -t
>  -D CN=,OU=NIFI&'
>
> *Nifi-client side:*
>
> 
> 
> ./nifi-toolkit/bin/tls-toolkit.sh client -c  -t
>  --subjectAlternativeNames ',' -D
> 'CN=,OU=NIFI' -T PKCS12
>
> I expect the actual certs and json config to comeback after the call to
> the tls-toolkit server. I can verify the request is going through but I get
> these obtuse messages that tell me very little.
>
>
>
> *Nifi-client side: *
> 2018/06/05 00:23:43 INFO [main] org.apache.nifi.toolkit.tls.
> service.client.TlsCertificateAuthorityClient: Requesting new certificate
> from :8443
> 2018/06/05 00:23:44 INFO [main] org.apache.nifi.toolkit.tls.
> service.client.TlsCertificateSigningRequestPerformer: Requesting
> certificate with dn CN=,OU=NIFI from :8443
> Service client error: Received response code 500 with payload
>
> *CA serverside: *
>
> 2018/06/04 22:55:50 WARN [qtp1108924067-13] 
> org.eclipse.jetty.server.HttpChannel:
> /
> javax.servlet.ServletException: Server error
> at org.apache.nifi.toolkit.tls.service.server.
> TlsCertificateAuthorityServiceHandler.handle(
> TlsCertificateAuthorityServiceHandler.java:99)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(
> HandlerWrapper.java:132)
> at org.eclipse.jetty.server.Server.handle(Server.java:564)
> at org.eclipse.jetty.server.HttpChannel.handle(
> HttpChannel.java:369)
> at org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:251)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:279)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at org.eclipse.jetty.io.ssl.SslConnection.onFillable(
> SslConnection.java:258)
> at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(
> SslConnection.java:147)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(
> ChannelEndPoint.java:124)
> at org.eclipse.jetty.util.thread.Invocable.invokePreferred(
> Invocable.java:122)
> at org.eclipse.jetty.util.thread.strategy.
> ExecutingExecutionStrategy.invoke(ExecutingExecutionStrategy.java:58)
> at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.
> produceConsume(ExecuteProduceConsume.java:201)
> at org.eclipse.jetty.util.thread.strategy.
> ExecuteProduceConsume.run(ExecuteProduceConsume.java:133)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
> QueuedThreadPool.java:672)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(
> QueuedThreadPool.java:590)
> at java.lang.Thread.run(Thread.java:748)
> 2018/06/04 22:55:50 WARN [qtp1108924067-13] org.eclipse.jetty.server.
> HttpChannel:
> java.lang.IllegalStateException: Error already set
> at org.eclipse.jetty.server.HttpChannelState.onError(
> HttpChannelState.java:743)
> at org.eclipse.jetty.server.HttpChannel.handleException(
> HttpChannel.java:514)
> at org.eclipse.jetty.server.HttpChannelOverHttp.handleException(
> HttpChannelOverHttp.java:463)
> at org.eclipse.jetty.server.HttpChannel.handle(
> HttpChannel.java:448)
> at org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:251)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:279)
> at org.eclipse.jetty.io.FillInterest.fillable(

Re: [EXT] Re: URL configuration for the remote process group in Nifi 1.3

[Bryan Bende]

Paresh,

Mark can correct me if I'm wrong, but I believe the information
fetched in step 1 is persisted in-memory on each node where the RPG is
running. This information is then periodically refreshed in a
background thread.

When data is flowing through it is distributing the data to the nodes
in a round robin manner in batches according to the batch size
configuration. If it knows a node is down, I believe it will not send
any data to that node until it is back up, and if it thinks the node
is up, but it fails to send data to it, then it will try another node.

The URL in the RPG should accept a comma-separated list of multiple
URLs, but as Mark mentioned this would only be used the first time you
start the RPG, of if a node restarted. For example, say you entered
the URL as "node1,node2" and then node 3 restarts while node1 is down,
it would try node1 to get cluster info and fail, then try node2 and
succeed.

-Bryan


On Mon, Jun 4, 2018 at 1:24 PM, Paresh Shah  wrote:
> Mark
>
> Want some more clarity. Let me see if I understand this. Just to be clear we 
> are using RPG purely for load balancing on the same cluster.
>
> Step 1: When it initially connects to Node1, it would fetch all the cluster 
> details i.e it would know all the nodes that exist in my cluster which are
> Node1
> Node2
> Node3
>
> Question: Where is this information persisted and does it resolve this every 
> time there are flow files sent to the RPG( remote process group ).
>
> Step 2: Now when Node1 goes down it would try to establish communication with 
> one of the following nodes which it had retrieved and stored initially or as 
> a background task.
> Node2
> Node3
>
> Question: Does this update the persisted information in Step1. Is there any 
> way to update the actual URL for the RPG. Basically we do not want every 
> incoming flow file on the RPG to end up selecting the target node.
>
> Thanks
> Paresh
>
> On 6/3/18, 9:09 AM, "Mark Payne"  wrote:
>
> Paresh,
>
> When NiFi establishes a connection to the remote instance, it will 
> request information from the remote instance about all nodes in the cluster. 
> It then persists this information in case nifi is restarted. So whichever 
> node you use in your URL is only important for the initial connection. 
> Additionally, NiFi will periodically reach out to the remote nifi instances 
> to determine which nodes are in the cluster, in case nodes are added to or 
> removed from the cluster.
>
> Does that all make sense?
>
> Thanks
> -Mark
>
> Sent from my iPhone
>
> > On Jun 3, 2018, at 11:15 AM, Paresh Shah  
> wrote:
> >
> > I have a cluster with 3 nodes. We are using RPG for load balancing
> >
> > Node1 ( primary and cluster coordinator ).
> > Node2
> > Node3
> >
> > When configuring the RPG is use Node1 as the target URL. My question is 
> what happens to this RPG when the Node1 goes down or is offline. At this 
> point how does the RPG keep functioning, since we cannot update the URL once 
> its created.
> >
> > Thanks
> > Paresh
> >
>
>

Re: Commit to nifi-site

[Sivaprasanna]

To all,

If anyone who has been given committers privilege but haven't got their
name added to the NiFi project's people page. Let me know, if you want to
have your name added, the setup process is somewhat time consuming and if
you don't want to go through the hassle of setting up a whole lot of things
which you may not be actually using, I can help since I set them up
recently.

Thanks,
Sivaprasanna

On Tue, Jun 5, 2018 at 11:07 PM, Sivaprasanna 
wrote:

> Thank you so much, Aldrin. I was able to deploy it. Having one's name on
> an Apache projects' site is an honor!
>
> Thanks once again.
>
> -
> Sivaprasanna
>
> On Tue, Jun 5, 2018 at 10:00 PM, Sivaprasanna 
> wrote:
>
>> Aldrin,
>>
>> Thanks for the quick response. I'm going to try that now. I'll update
>> this thread if I'm stuck somewhere.
>>
>> Thanks,
>> Sivaprasanna
>>
>> On Tue, Jun 5, 2018 at 9:41 PM, Aldrin Piri  wrote:
>>
>>> Hi Sivaprasanna,
>>>
>>> You will need to perform a deploy via grunt as outlined here:
>>> https://github.com/apache/nifi-site#grunt-tasks
>>>
>>> You can configure your environment via
>>> https://github.com/apache/nifi-site#setting-up-build-environment.
>>>
>>> Let us know if you hit any issues.
>>>
>>> On Tue, Jun 5, 2018 at 12:04 PM, Sivaprasanna >> >
>>> wrote:
>>>
>>> > Hi
>>> >
>>> > I cloned http://git-wip-us.apache.org/repos/asf/nifi-site
>>> >  and made a
>>> change
>>> > and committed it (#8bd32db0
>>> > >> > a=commitdiff;h=8bd32db0>).
>>> > Is that the correct way to do it? The reason why I'm asking this is
>>> because
>>> > I see this (https://svn.apache.org/viewvc/nifi/site/trunk/) doesn't
>>> > include
>>> > the commit I made. I'm sorry if I did it the wrong way. Appreciate your
>>> > inputs.
>>> >
>>> > -
>>> > Sivaprasanna
>>> >
>>>
>>
>>
>

Re: Commit to nifi-site

[Sivaprasanna]

Thank you so much, Aldrin. I was able to deploy it. Having one's name on an
Apache projects' site is an honor!

Thanks once again.

-
Sivaprasanna

On Tue, Jun 5, 2018 at 10:00 PM, Sivaprasanna 
wrote:

> Aldrin,
>
> Thanks for the quick response. I'm going to try that now. I'll update this
> thread if I'm stuck somewhere.
>
> Thanks,
> Sivaprasanna
>
> On Tue, Jun 5, 2018 at 9:41 PM, Aldrin Piri  wrote:
>
>> Hi Sivaprasanna,
>>
>> You will need to perform a deploy via grunt as outlined here:
>> https://github.com/apache/nifi-site#grunt-tasks
>>
>> You can configure your environment via
>> https://github.com/apache/nifi-site#setting-up-build-environment.
>>
>> Let us know if you hit any issues.
>>
>> On Tue, Jun 5, 2018 at 12:04 PM, Sivaprasanna 
>> wrote:
>>
>> > Hi
>> >
>> > I cloned http://git-wip-us.apache.org/repos/asf/nifi-site
>> >  and made a
>> change
>> > and committed it (#8bd32db0
>> > > > a=commitdiff;h=8bd32db0>).
>> > Is that the correct way to do it? The reason why I'm asking this is
>> because
>> > I see this (https://svn.apache.org/viewvc/nifi/site/trunk/) doesn't
>> > include
>> > the commit I made. I'm sorry if I did it the wrong way. Appreciate your
>> > inputs.
>> >
>> > -
>> > Sivaprasanna
>> >
>>
>
>

Re: Commit to nifi-site

[Sivaprasanna]

Aldrin,

Thanks for the quick response. I'm going to try that now. I'll update this
thread if I'm stuck somewhere.

Thanks,
Sivaprasanna

On Tue, Jun 5, 2018 at 9:41 PM, Aldrin Piri  wrote:

> Hi Sivaprasanna,
>
> You will need to perform a deploy via grunt as outlined here:
> https://github.com/apache/nifi-site#grunt-tasks
>
> You can configure your environment via
> https://github.com/apache/nifi-site#setting-up-build-environment.
>
> Let us know if you hit any issues.
>
> On Tue, Jun 5, 2018 at 12:04 PM, Sivaprasanna 
> wrote:
>
> > Hi
> >
> > I cloned http://git-wip-us.apache.org/repos/asf/nifi-site
> >  and made a
> change
> > and committed it (#8bd32db0
> >  > a=commitdiff;h=8bd32db0>).
> > Is that the correct way to do it? The reason why I'm asking this is
> because
> > I see this (https://svn.apache.org/viewvc/nifi/site/trunk/) doesn't
> > include
> > the commit I made. I'm sorry if I did it the wrong way. Appreciate your
> > inputs.
> >
> > -
> > Sivaprasanna
> >
>

Re: [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Mike Thomsen]

Congratulations, Sivaprasanna!

On Tue, Jun 5, 2018 at 10:22 AM Bryan Bende  wrote:

> Congrats! and thank you for your contributions to the NiFi community.
>
> On Tue, Jun 5, 2018 at 10:16 AM, Kevin Doran  wrote:
> > Congrats, Sivaprasanna!
> >
> > On 6/5/18, 10:09, "Tony Kurc"  wrote:
> >
> > On behalf of the Apache NiFI PMC, I am very pleased to announce that
> > Sivaprasanna has accepted the PMC's invitation to become a committer
> on the
> > Apache NiFi project. We greatly appreciate all of Sivaprasanna's
> hard work
> > and generous contributions to the project. We look forward to
> continued
> >  involvement in the project.
> >
> > Sivaprasanna has been working with the community on the mailing
> lists, and
> > has a big mix of code and feature contributions to include features
> and
> > improvements to cloud service integrations like Azure, AWS, and
> Google
> > Cloud.
> >
> > Welcome and congratulations!
> >
> >
> >
>

Re: Commit to nifi-site

[Aldrin Piri]

Hi Sivaprasanna,

You will need to perform a deploy via grunt as outlined here:
https://github.com/apache/nifi-site#grunt-tasks

You can configure your environment via
https://github.com/apache/nifi-site#setting-up-build-environment.

Let us know if you hit any issues.

On Tue, Jun 5, 2018 at 12:04 PM, Sivaprasanna 
wrote:

> Hi
>
> I cloned http://git-wip-us.apache.org/repos/asf/nifi-site
>  and made a change
> and committed it (#8bd32db0
>  a=commitdiff;h=8bd32db0>).
> Is that the correct way to do it? The reason why I'm asking this is because
> I see this (https://svn.apache.org/viewvc/nifi/site/trunk/) doesn't
> include
> the commit I made. I'm sorry if I did it the wrong way. Appreciate your
> inputs.
>
> -
> Sivaprasanna
>

Commit to nifi-site

[Sivaprasanna]

Hi

I cloned http://git-wip-us.apache.org/repos/asf/nifi-site
 and made a change
and committed it (#8bd32db0
).
Is that the correct way to do it? The reason why I'm asking this is because
I see this (https://svn.apache.org/viewvc/nifi/site/trunk/) doesn't include
the commit I made. I'm sorry if I did it the wrong way. Appreciate your
inputs.

-
Sivaprasanna

Re: [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Bryan Bende]

Congrats! and thank you for your contributions to the NiFi community.

On Tue, Jun 5, 2018 at 10:16 AM, Kevin Doran  wrote:
> Congrats, Sivaprasanna!
>
> On 6/5/18, 10:09, "Tony Kurc"  wrote:
>
> On behalf of the Apache NiFI PMC, I am very pleased to announce that
> Sivaprasanna has accepted the PMC's invitation to become a committer on 
> the
> Apache NiFi project. We greatly appreciate all of Sivaprasanna's hard work
> and generous contributions to the project. We look forward to continued
>  involvement in the project.
>
> Sivaprasanna has been working with the community on the mailing lists, and
> has a big mix of code and feature contributions to include features and
> improvements to cloud service integrations like Azure, AWS, and Google
> Cloud.
>
> Welcome and congratulations!
>
>
>

Re: [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Kevin Doran]

Congrats, Sivaprasanna!

On 6/5/18, 10:09, "Tony Kurc"  wrote:

On behalf of the Apache NiFI PMC, I am very pleased to announce that
Sivaprasanna has accepted the PMC's invitation to become a committer on the
Apache NiFi project. We greatly appreciate all of Sivaprasanna's hard work
and generous contributions to the project. We look forward to continued
 involvement in the project.

Sivaprasanna has been working with the community on the mailing lists, and
has a big mix of code and feature contributions to include features and
improvements to cloud service integrations like Azure, AWS, and Google
Cloud.

Welcome and congratulations!

RE: [EXT] [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Peter Wicks (pwicks)]

Congratulations Sivaprasanna!

-Original Message-
From: Tony Kurc [mailto:tk...@apache.org] 
Sent: Tuesday, June 05, 2018 08:09
To: dev@nifi.apache.org
Subject: [EXT] [ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

On behalf of the Apache NiFI PMC, I am very pleased to announce that 
Sivaprasanna has accepted the PMC's invitation to become a committer on the 
Apache NiFi project. We greatly appreciate all of Sivaprasanna's hard work and 
generous contributions to the project. We look forward to continued  
involvement in the project.

Sivaprasanna has been working with the community on the mailing lists, and has 
a big mix of code and feature contributions to include features and 
improvements to cloud service integrations like Azure, AWS, and Google Cloud.

Welcome and congratulations!

[ANNOUNCE] New Apache NiFi Committer Sivaprasanna Sethuraman

[Tony Kurc]

On behalf of the Apache NiFI PMC, I am very pleased to announce that
Sivaprasanna has accepted the PMC's invitation to become a committer on the
Apache NiFi project. We greatly appreciate all of Sivaprasanna's hard work
and generous contributions to the project. We look forward to continued
 involvement in the project.

Sivaprasanna has been working with the community on the mailing lists, and
has a big mix of code and feature contributions to include features and
improvements to cloud service integrations like Azure, AWS, and Google
Cloud.

Welcome and congratulations!

Re: Issue securing nifi with ca-server.

[Peter Wilcsinszky]

Hey Henk!

On Tue, Jun 5, 2018 at 2:34 AM, Henk Reder  wrote:

> Hello!
>
> My names Henk. I'm a web developer working on getting a nifi instance setup
> for some integrations.
>
> Long story short, I setup this nifi deployment configuration back when
> 1.5.0 was the latest version. Now that its 1.6.0 everything works!
> ...except one thing.
>
> I'm currently using tls-toolkit to setup each nodes identity in the
> cluster. In order to do this, I've followed the guidelines from this post
>  secured-cluster-setup/>
> back
> from 2016. heres a brief overview of my previously working configuration.
>
> *CA serverside:*
>
> 
> 
> runuser -l  -c '/home/nifica/bin/tls-toolkit.sh server -t
>  -D CN=,OU=NIFI&'
>

You are missing -c  which defaults to localhost if not
provided:
 -c,--certificateAuthorityHostnameHostname of NiFi Certificate
Authority (default: localhost)

Also I beleive you don't have to set -D for the default case, because it
will use just what you would like to set by default:
 -D,--dn  The dn to use for the CA
certificate (default: CN=YOUR_CA_HOSTNAME,OU=NIFI)

Finally: is that "&" just a copy paste error in your command, right?


>
> *Nifi-client side:*
>
> 
> 
> ./nifi-toolkit/bin/tls-toolkit.sh client -c  -t
> 
> --subjectAlternativeNames ',' -D
> 'CN=,OU=NIFI' -T PKCS12
>
> I expect the actual certs and json config to comeback after the call to the
> tls-toolkit server. I can verify the request is going through but I get
> these obtuse messages that tell me very little.
>
>
>
> *Nifi-client side: *
> 2018/06/05 00:23:43 INFO [main]
> org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient:
> Requesting new certificate from :8443
> 2018/06/05 00:23:44 INFO [main]
> org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPe
> rformer:
> Requesting certificate with dn CN=,OU=NIFI from
> :8443
> Service client error: Received response code 500 with payload
>
> *CA serverside: *
>
> 2018/06/04 22:55:50 WARN [qtp1108924067-13]
> org.eclipse.jetty.server.HttpChannel: /
> javax.servlet.ServletException: Server error
> at
> org.apache.nifi.toolkit.tls.service.server.TlsCertificateAuthorityService
> Handler.handle(TlsCertificateAuthorityServiceHandler.java:99)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(
> HandlerWrapper.java:132)
> at org.eclipse.jetty.server.Server.handle(Server.java:564)
> at org.eclipse.jetty.server.HttpChannel.handle(
> HttpChannel.java:369)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:251)
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:279)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:258)
> at
> org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:147)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at
> org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
> at
> org.eclipse.jetty.util.thread.Invocable.invokePreferred(
> Invocable.java:122)
> at
> org.eclipse.jetty.util.thread.strategy.ExecutingExecutionStrategy.invoke(
> ExecutingExecutionStrategy.java:58)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.
> produceConsume(ExecuteProduceConsume.java:201)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(
> ExecuteProduceConsume.java:133)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
> QueuedThreadPool.java:672)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(
> QueuedThreadPool.java:590)
> at java.lang.Thread.run(Thread.java:748)
> 2018/06/04 22:55:50 WARN [qtp1108924067-13]
> org.eclipse.jetty.server.HttpChannel:
> java.lang.IllegalStateException: Error already set
> at
> org.eclipse.jetty.server.HttpChannelState.onError(
> HttpChannelState.java:743)
> at
> org.eclipse.jetty.server.HttpChannel.handleException(HttpChannel.java:514)
> at
> org.eclipse.jetty.server.HttpChannelOverHttp.handleException(
> HttpChannelOverHttp.java:463)
> at org.eclipse.jetty.server.HttpChannel.handle(
> HttpChannel.java:448)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:251)
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:279)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:258)
> at
> org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:147)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:110)
> at
>