The tihdedg11 URL would be my failed attempt to mask all the hostnames ;) Oh well. That'd be host1.foo.com.
The certificates I am using were generated using the below documentation [1] as a guide back on NiFi 0.6 -- but we're using the Kerberos provider and not the LDAP provider. I've used the same certs from 0.6 to 1.0 and now to 1.1 and I've never had a problem with them. This is a single-node cluster (for now, soon to be two if I can get it working with one) and it is failing to replicate the request to itself. I'm far from a security buff and don't really know where to begin troubleshooting this. If there is a more up-to-date guide on how to get security setup, I'd be happy to start over and work through that. I've tried [2] just now and that also didn't pan out since there is no longer an authorizer-users.xml file (and I can't make a new one since I've already upgraded my old users.xml to the new model). Thank you, --Adam [1] https://community.hortonworks.com/articles/7341/nifi-user-authentication-with-ldap.html [2] https://community.hortonworks.com/articles/886/securing-nifi-step-by-step.html On Sun, Dec 4, 2016 at 7:57 PM, Andre <[email protected]> wrote: > Adam, > > Is the X509 certificate of host1.foo.com reflecting the correct Subject > Name? > > Would you know where the URL tihdedg11.troweprice.com:8080 come from? > > Cheers > > On Mon, Dec 5, 2016 at 10:34 AM, Adam J. Shook <[email protected]> > wrote: > >> Hello all, >> >> I am trying to enable clustering on my NiFi instance, starting with the >> original single-node instance which uses Kerberos and HTTPS. I've been >> following the Clustering Configuration section in the admin guide, and I >> see in the logs that the node takes over as the Coordinator and elects the >> dataflow. When I try to connect to the UI I receive the below error -- it >> looks like there is no hostname in the GET request when it tries to >> replicate it? I started up the second node and I see it join the cluster, >> but accessing the UI throws the same erro -- failing to replicate the >> request to both nodes. >> >> Any ideas? >> >> Thank you, >> --Adam >> >> >> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1] >> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request >> GET /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to >> {} >> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: >> HTTPS hostname wrong: should be <host1.foo.com> >> >>
