Hello Mark, thanks for the update. I tried running master from github but unfortunately I now get a segmentation fault:
Thread 1 "minifi" received signal SIGSEGV, Segmentation fault. 0x00007ffff777420a in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (gdb) bt full #0 0x00007ffff777420a in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 No symbol table info available. #1 0x00007ffff7799681 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 No symbol table info available. #2 0x00007ffff777f2f6 in SSL_CTX_use_certificate () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 No symbol table info available. #3 0x00007ffff777f6c0 in SSL_CTX_use_certificate_file () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 No symbol table info available. #4 0x0000555555ef91cb in org::apache::nifi::minifi::controllers::SSLContextService::configure_ssl_context (this=0x5555569948b0, ctx=0x555556a28430) at /usr/local/src/nifi-minifi-cpp/extensions/http-curl/../../libminifi/include/controllers/SSLContextService.h:165 retp = 1 #5 0x0000555555ef9be4 in org::apache::nifi::minifi::utils::HTTPClient::configure_ssl_context (curl=0x555556a149e0, ctx=0x555556a28430, param=0x5555569948b0) at /usr/local/src/nifi-minifi-cpp/extensions/http-curl/client/HTTPClient.h:177 ssl_context_service = 0x5555569948b0 Any idea what the problem might be? My full config.yml: Flow Controller: name: MiNiFi Flow Controller Services: - name: SSLServiceName id: 2438e3c8-015a-1000-79ca-83af40ec1974 class: SSLContextService Properties: Client Certificate: /opt/minifi/conf/client.pem Private Key: /opt/minifi/conf/client.key Passphrase: secret CA Certificate: /opt/minifi/conf/nifi-cert.pem Processors: - id: cecb1868-9e5a-3e6c-0000-000000000000 name: TailFile class: org.apache.nifi.processors.standard.TailFile max concurrent tasks: 1 scheduling strategy: TIMER_DRIVEN scheduling period: 0 sec penalization period: 30 sec yield period: 1 sec run duration nanos: 0 auto-terminated relationships list: [] Properties: File Location: Local File to Tail: /tmp/test.log Initial Start Position: Beginning of File Rolling Filename Pattern: tail-base-directory: tail-mode: Single file tailfile-lookup-frequency: 10 minutes tailfile-maximum-age: 24 hours tailfile-recursive-lookup: 'false' Connections: - id: 76ad4bc4-6557-3e23-0000-000000000000 name: TailFile/success/56ae5abc-0161-1000-aa9e-c340d726e043 source id: cecb1868-9e5a-3e6c-0000-000000000000 source relationship names: - success destination id: 56ae5abc-0161-1000-aa9e-c340d726e043 max work queue size: 10000 max work queue data size: 1 GB flowfile expiration: 0 sec queue prioritizer class: '' Remote Processing Groups: - id: 3a25e1a3-c1b2-3e78-0000-000000000000 name: '' url: https://w.x.y.z:8443/nifi comment: '' timeout: 30 sec yield period: 10 sec transport protocol: RAW proxy host: '' proxy port: '' proxy user: '' proxy password: '' local network interface: '' Input Ports: - id: 56ae5abc-0161-1000-aa9e-c340d726e043 name: Minifi comment: '' max concurrent tasks: 1 use compression: false Properties: Port: 10443 SSL Context Service: SSLServiceName Host Name: w.x.y.z Output Ports: [] Provenance Reporting: On 09/02/2018 20:18, Marc wrote: > Arne, > I submitted a PR https://github.com/apache/nifi-minifi-cpp/pull/263 > to address these issues. > > On Fri, Feb 9, 2018 at 8:38 AM, Marc <[email protected] > <mailto:[email protected]>> wrote: > > Arne, > Evidently the HTTPClient relies on an SSL Context Service. Try > the following configuration in the config.yml file, where you > define the context service and reference it from the RPG. Let me > know if that works for you! > > Additionally, I think you pointed out an inconsistency where we > can improve the configuration and documentation. I've > created https://issues.apache.org/jira/browse/MINIFICPP-396 > <https://issues.apache.org/jira/browse/MINIFICPP-396> and will > take care of that ASAP. Thanks > very much for identifying this! > > Remote Processing Groups: > - name: NiFi Flow > id: 2438e3c8-015a-1000-79ca-83af40ec1998 > url: https://127.0.0.1:8383/nifi > timeout: 30 secs > yield period: 5 sec > Input Ports: > - id: 2438e3c8-015a-1000-79ca-83af40ec1999 > name: fromnifi > max concurrent tasks: 1 > Properties: > Port: 10443 > SSL Context Service: SSLMe > Host Name: 127.0.0.1 > Output Ports: > - id: ac82e521-015c-1000-2b21-41279516e19a > name: tominifi > max concurrent tasks: 2 > Properties: > Port: 10443 > SSL Context Service: SSLMe > Host Name: 127.0.0.1 > > Controller Services: > - name: SSLMe > id: 2438e3c8-015a-1000-79ca-83af40ec1974 > class: SSLContextService > Properties: > Client Certificate: /opt/minifi/conf/client.pem > Private Key: /opt/minifi/conf/client.key > Passphrase: /opt/minifi/conf/password > CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem > > On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo > <[email protected] <mailto:[email protected]>> wrote: > > Hello, > > I'm trying to set up secure communication between minifi-cpp > 0.4.0 and > nifi, but unfortunately it fails with the following errors: > > [org::apache::nifi::minifi::utils::HTTPClient] [error] > curl_easy_perform() failed SSL connect error > [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error] > ProcessGroup::refreshRemoteSite2SiteInfo -- > curl_easy_perform() failed > > I looked quickly at the code and it seems the problem is that > HTTPClient > never calls configure_secure_connection and therefor never > presents a > client certificate to nifi. > > The config.yml file defines a TailFail that send data directly > to a > remote process group. > > My minifi.properties file: > nifi.version=0.1.0 > nifi.flow.configuration.file=/opt/minifi/conf/config.yml > nifi.administrative.yield.duration=30 sec > nifi.bored.yield.duration=10 millis > > nifi.provenance.repository.directory.default=/opt/minifi/provenance_repository > nifi.provenance.repository.max.storage.time=1 MIN > nifi.provenance.repository.max.storage.size=1 MB > nifi.remote.input.secure=true > nifi.https.need.ClientAuth=true > nifi.https.client.certificate=/opt/minifi/conf/client.pem > nifi.https.client.private.key=/opt/minifi/conf/client.key > nifi.https.client.pass.phrase=/opt/minifi/conf/password > nifi.https.client.ca > > <http://nifi.https.client.ca>.certificate=/opt/minifi/conf/nifi-cert.pem > controller.socket.host=localhost > controller.socket.port=9998 > > Certificates and key are correct and have been verified using > curl from > the command line. Are there any other things I need to do to > get minifi > to set up a secure connection? As far as I understand the > "Security > Properties:" in config.yml is only used by the java version of > minifi? > > Thanks, > Arne > > >
