sure! I'm listing the log folder from inside the docker container.
logback.xml is attached.
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$ ls -al logs
total 162720
drwxr-xr-x 2 nifi nifi 4096 Dec 8 01:03 .
drwxr-xr-x 15 nifi nifi 4096 Dec 8 22:02 ..
-rw-r--r-- 1 nifi nifi 0 Nov 30 15:25 .gitkeep
-rw-r--r-- 1 nifi nifi 602301 Dec 8 22:02 nifi-bootstrap.log
-rw-r--r-- 1 nifi nifi 63400 Dec 7 16:35 nifi-bootstrap_2017-12-07.log
-rw-r--r-- 1 nifi nifi 164964352 Dec 8 23:45 nifi-user.log
-rw-r--r-- 1 nifi nifi 970005 Dec 7 23:59 nifi-user_2017-12-07.log
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$
Regarding the error, the truststore is in a folder where nifi user has read
access:
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$ ls -al ../assets
total 176
drwxr-xr-x 2 nifi nifi 4096 Dec 8 17:49 .
drwxr-xr-x 9 nifi nifi 4096 Dec 8 22:02 ..
-rw-r--r-- 1 nifi nifi 0 Dec 1 01:37 .gitkeep
-rw-r--r-- 1 nifi nifi 2255 Dec 8 02:04 mandril-send.json
-rw-r--r-- 1 nifi nifi 302 Dec 7 02:41 sample.html
-rw-r--r-- 1 nifi nifi 163706 Dec 8 17:50 truststore.p12
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$
Am I required to set keystore together or can I use just the truststore?
regards,
2017-12-08 20:53 GMT-02:00 Andy LoPresto <alopre...@apache.org>:
> That error could be thrown if the file does not have OS level permissions
> that allow the user running NiFi to read it. I’m a little surprised there
> is no nifi-app.log file, as that gets written to as soon as the application
> starts up. If you are able to configure a processor or controller service
> through the API / UI, that file should exist.
>
> Can you provide the contents of your $NIFI_HOME/conf/logback.xml file and
> a directory listing of $NIFI_HOME/logs?
>
>
> Andy LoPresto
> alopre...@apache.org
> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>*
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
>
> On Dec 8, 2017, at 2:11 PM, Eric Chaves <e...@uolet.com> wrote:
>
> Hi Andy,
>
> The log from bulletin board is:
>
> PostHTTP[id=3253a78a-0160-1000-b7cf-6d7878f13efa] Unable to communicate
> with destination https://mandrillapp.com/api/1.0/messages/send.json to
> determine whether or not it can accept flowfiles/gzip; routing
> StandardFlowFileRecord[uuid=cffc2f1d-97cb-423f-9296-5e796fd49a99,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1512770613805-1,
> container=default, section=1], offset=15244, length=2260],offset=0,name=emails
> sample.csv,size=2260] to failure due to javax.net.ssl.SSLException:
> java.lang.RuntimeException: Unexpected error: java.security.
> InvalidAlgorithmParameterException: the trustAnchors parameter must be
> non-empty: java.lang.RuntimeException: *Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty*
>
> For some reason that I couldn't investigate yet my current nifi setup is
> not generating the nifi-app.log.
>
> Googling the error message the reason would be lacking of a truststore
> file but I have the exported file in place so I really dont know where else
> to look.
>
> Do you have any idea?
>
> Regards,
>
> Eric
>
> 2017-12-08 19:31 GMT-02:00 Andy LoPresto <alopre...@apache.org>:
>
>> Hi Eric,
>>
>> The truststore is a collection of trusted public key certificates. As you
>> noted, the /etc/ssl/ directory contains pre-loaded CA certificates to be
>> used for this. You can also use the JVM cacerts file, which is already in
>> JKS format.
>>
>> If this isn’t sufficient, can you provide an error from the log or a
>> further description of the issue you’re encountering? Thanks.
>>
>> Andy LoPresto
>> alopre...@apache.org
>> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>*
>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
>>
>> On Dec 8, 2017, at 10:21 AM, Eric Chaves <e...@uolet.com> wrote:
>>
>> Hi,
>>
>> I'd like to make an HTTPS request to an internet public service but I'm
>> failing to to setup the SSL Context Service. I tried to export my system
>> certs to be used as truststore.
>>
>> openssl pkcs12 -export -nokeys -in /etc/ssl/certs/ca-certificates.crt
>> -out ./assets/truststore.p12
>>
>> Can someone help me out with a step-by-step?
>>
>> Thanks
>>
>>
>>
>
>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration scan="true" scanPeriod="30 seconds">
<contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
<resetJUL>true</resetJUL>
</contextListener>
<appender name="APP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${org.apache.nifi.bootstrap.config.log.dir}/nifi-app.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<!--
For daily rollover, use 'app_%d.log'.
For hourly rollover, use 'app_%d{yyyy-MM-dd_HH}.log'.
To GZIP rolled files, replace '.log' with '.log.gz'.
To ZIP rolled files, replace '.log' with '.log.zip'.
-->
<fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/nifi-app_%d.log</fileNamePattern>
<!-- keep 10 log files worth of history -->
<maxHistory>10</maxHistory>
<maxFileSize>100MB</maxFileSize>
</rollingPolicy>
<immediateFlush>true</immediateFlush>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
</encoder>
</appender>
<appender name="USER_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${org.apache.nifi.bootstrap.config.log.dir}/nifi-user.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!--
For daily rollover, use 'user_%d.log'.
For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
To GZIP rolled files, replace '.log' with '.log.gz'.
To ZIP rolled files, replace '.log' with '.log.zip'.
-->
<fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/nifi-user_%d.log</fileNamePattern>
<!-- keep 5 log files worth of history -->
<maxHistory>10</maxHistory>
<maxFileSize>10MB</maxFileSize>
</rollingPolicy>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
</encoder>
</appender>
<appender name="BOOTSTRAP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${org.apache.nifi.bootstrap.config.log.dir}/nifi-bootstrap.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!--
For daily rollover, use 'user_%d.log'.
For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
To GZIP rolled files, replace '.log' with '.log.gz'.
To ZIP rolled files, replace '.log' with '.log.zip'.
-->
<fileNamePattern>${org.apache.nifi.bootstrap.config.log.dir}/nifi-bootstrap_%d.log</fileNamePattern>
<!-- keep 5 log files worth of history -->
<maxHistory>5</maxHistory>
</rollingPolicy>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
</encoder>
</appender>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
</encoder>
</appender>
<!-- valid logging levels: TRACE, DEBUG, INFO, WARN, ERROR -->
<logger name="org.apache.nifi" level="INFO"/>
<logger name="org.apache.nifi.processors" level="WARN"/>
<logger name="org.apache.nifi.processors.standard.LogAttribute" level="INFO"/>
<logger name="org.apache.nifi.processors.standard.LogMessage" level="INFO"/>
<logger name="org.apache.nifi.controller.repository.StandardProcessSession" level="WARN" />
<logger name="org.apache.zookeeper.ClientCnxn" level="ERROR" />
<logger name="org.apache.zookeeper.server.NIOServerCnxn" level="ERROR" />
<logger name="org.apache.zookeeper.server.NIOServerCnxnFactory" level="ERROR" />
<logger name="org.apache.zookeeper.server.quorum" level="ERROR" />
<logger name="org.apache.zookeeper.ZooKeeper" level="ERROR" />
<logger name="org.apache.zookeeper.server.PrepRequestProcessor" level="ERROR" />
<logger name="org.apache.calcite.runtime.CalciteException" level="OFF" />
<logger name="org.apache.curator.framework.recipes.leader.LeaderSelector" level="OFF" />
<logger name="org.apache.curator.ConnectionState" level="OFF" />
<!-- Logger for managing logging statements for nifi clusters. -->
<logger name="org.apache.nifi.cluster" level="INFO"/>
<!-- Logger for logging HTTP requests received by the web server. -->
<logger name="org.apache.nifi.server.JettyServer" level="INFO"/>
<!-- Logger for managing logging statements for jetty -->
<logger name="org.eclipse.jetty" level="INFO"/>
<!-- Suppress non-error messages due to excessive logging by class or library -->
<logger name="com.sun.jersey.spi.container.servlet.WebComponent" level="ERROR"/>
<logger name="com.sun.jersey.spi.spring" level="ERROR"/>
<logger name="org.springframework" level="ERROR"/>
<!-- Suppress non-error messages due to known warning about redundant path annotation (NIFI-574) -->
<logger name="com.sun.jersey.spi.inject.Errors" level="ERROR"/>
<!--
Logger for capturing user events. We do not want to propagate these
log events to the root logger. These messages are only sent to the
user-log appender.
-->
<logger name="org.apache.nifi.web.security" level="INFO" additivity="false">
<appender-ref ref="USER_FILE"/>
</logger>
<logger name="org.apache.nifi.web.api.config" level="INFO" additivity="false">
<appender-ref ref="USER_FILE"/>
</logger>
<logger name="org.apache.nifi.authorization" level="INFO" additivity="false">
<appender-ref ref="USER_FILE"/>
</logger>
<logger name="org.apache.nifi.cluster.authorization" level="INFO" additivity="false">
<appender-ref ref="USER_FILE"/>
</logger>
<logger name="org.apache.nifi.web.filter.RequestLogger" level="INFO" additivity="false">
<appender-ref ref="USER_FILE"/>
</logger>
<!--
Logger for capturing Bootstrap logs and NiFi's standard error and standard out.
-->
<logger name="org.apache.nifi.bootstrap" level="INFO" additivity="false">
<appender-ref ref="BOOTSTRAP_FILE" />
</logger>
<logger name="org.apache.nifi.bootstrap.Command" level="INFO" additivity="false">
<appender-ref ref="CONSOLE" />
<appender-ref ref="BOOTSTRAP_FILE" />
</logger>
<!-- Everything written to NiFi's Standard Out will be logged with the logger org.apache.nifi.StdOut at INFO level -->
<logger name="org.apache.nifi.StdOut" level="INFO" additivity="false">
<appender-ref ref="BOOTSTRAP_FILE" />
</logger>
<!-- Everything written to NiFi's Standard Error will be logged with the logger org.apache.nifi.StdErr at ERROR level -->
<logger name="org.apache.nifi.StdErr" level="ERROR" additivity="false">
<appender-ref ref="BOOTSTRAP_FILE" />
</logger>
<!-- Use this to log your script work -->
<logger name="org.apache.nifi.processors.script.InvokeScriptedProcessor" level="INFO">
<appender-ref ref="USER_FILE" />
</logger>
<root level="INFO">
<appender-ref ref="APP_FILE"/>
</root>
</configuration>
