Hello Mark,

thanks for the update. I tried running master from github but
unfortunately I now get a segmentation fault:

Thread 1 "minifi" received signal SIGSEGV, Segmentation fault.
0x00007ffff777420a in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
(gdb) bt full
#0  0x00007ffff777420a in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
No symbol table info available.
#1  0x00007ffff7799681 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
No symbol table info available.
#2  0x00007ffff777f2f6 in SSL_CTX_use_certificate () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
No symbol table info available.
#3  0x00007ffff777f6c0 in SSL_CTX_use_certificate_file () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
No symbol table info available.
#4  0x0000555555ef91cb in
org::apache::nifi::minifi::controllers::SSLContextService::configure_ssl_context
(this=0x5555569948b0, ctx=0x555556a28430) at
/usr/local/src/nifi-minifi-cpp/extensions/http-curl/../../libminifi/include/controllers/SSLContextService.h:165
        retp = 1
#5  0x0000555555ef9be4 in
org::apache::nifi::minifi::utils::HTTPClient::configure_ssl_context
(curl=0x555556a149e0, ctx=0x555556a28430, param=0x5555569948b0) at
/usr/local/src/nifi-minifi-cpp/extensions/http-curl/client/HTTPClient.h:177
        ssl_context_service = 0x5555569948b0

Any idea what the problem might be?

My full config.yml:

Flow Controller:
  name: MiNiFi Flow
Controller Services:
- name: SSLServiceName
  id: 2438e3c8-015a-1000-79ca-83af40ec1974
  class: SSLContextService
  Properties:
      Client Certificate: /opt/minifi/conf/client.pem
      Private Key: /opt/minifi/conf/client.key
      Passphrase: secret
      CA Certificate: /opt/minifi/conf/nifi-cert.pem
Processors:
- id: cecb1868-9e5a-3e6c-0000-000000000000
  name: TailFile
  class: org.apache.nifi.processors.standard.TailFile
  max concurrent tasks: 1
  scheduling strategy: TIMER_DRIVEN
  scheduling period: 0 sec
  penalization period: 30 sec
  yield period: 1 sec
  run duration nanos: 0
  auto-terminated relationships list: []
  Properties:
    File Location: Local
    File to Tail: /tmp/test.log
    Initial Start Position: Beginning of File
    Rolling Filename Pattern:
    tail-base-directory:
    tail-mode: Single file
    tailfile-lookup-frequency: 10 minutes
    tailfile-maximum-age: 24 hours
    tailfile-recursive-lookup: 'false'
Connections:
- id: 76ad4bc4-6557-3e23-0000-000000000000
  name: TailFile/success/56ae5abc-0161-1000-aa9e-c340d726e043
  source id: cecb1868-9e5a-3e6c-0000-000000000000
  source relationship names:
  - success
  destination id: 56ae5abc-0161-1000-aa9e-c340d726e043
  max work queue size: 10000
  max work queue data size: 1 GB
  flowfile expiration: 0 sec
  queue prioritizer class: ''
Remote Processing Groups:
- id: 3a25e1a3-c1b2-3e78-0000-000000000000
  name: ''
  url: https://w.x.y.z:8443/nifi
  comment: ''
  timeout: 30 sec
  yield period: 10 sec
  transport protocol: RAW
  proxy host: ''
  proxy port: ''
  proxy user: ''
  proxy password: ''
  local network interface: ''
  Input Ports:
  - id: 56ae5abc-0161-1000-aa9e-c340d726e043
    name: Minifi
    comment: ''
    max concurrent tasks: 1
    use compression: false
    Properties:
      Port: 10443
      SSL Context Service: SSLServiceName
      Host Name: w.x.y.z
  Output Ports: []
Provenance Reporting:


On 09/02/2018 20:18, Marc wrote:
> Arne,
>   I submitted a PR https://github.com/apache/nifi-minifi-cpp/pull/263
> to address these issues. 
>
> On Fri, Feb 9, 2018 at 8:38 AM, Marc <phroc...@apache.org
> <mailto:phroc...@apache.org>> wrote:
>
>     Arne,
>        Evidently the HTTPClient relies on an SSL Context Service. Try
>     the following configuration in the config.yml file, where you
>     define the context service and reference it from the RPG. Let me
>     know if that works for you!
>
>       Additionally, I think you pointed out an inconsistency where we
>     can improve the configuration and documentation. I've
>     created https://issues.apache.org/jira/browse/MINIFICPP-396
>     <https://issues.apache.org/jira/browse/MINIFICPP-396> and will
>     take care of that ASAP. Thanks 
>       very much for identifying this!
>
>     Remote Processing Groups:
>         - name: NiFi Flow
>           id: 2438e3c8-015a-1000-79ca-83af40ec1998
>           url: https://127.0.0.1:8383/nifi
>           timeout: 30 secs
>           yield period: 5 sec
>           Input Ports:
>               - id: 2438e3c8-015a-1000-79ca-83af40ec1999
>                 name: fromnifi
>                 max concurrent tasks: 1
>                 Properties:
>                     Port: 10443
>                     SSL Context Service: SSLMe
>                     Host Name: 127.0.0.1
>           Output Ports:
>               - id: ac82e521-015c-1000-2b21-41279516e19a
>                 name: tominifi
>                 max concurrent tasks: 2
>                 Properties:
>                     Port: 10443
>                     SSL Context Service: SSLMe
>                     Host Name: 127.0.0.1
>
>     Controller Services:
>         - name: SSLMe
>           id: 2438e3c8-015a-1000-79ca-83af40ec1974
>           class: SSLContextService
>           Properties:
>               Client Certificate: /opt/minifi/conf/client.pem
>               Private Key: /opt/minifi/conf/client.key
>               Passphrase: /opt/minifi/conf/password
>               CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem
>
>     On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo
>     <arne.osl...@uninett.no <mailto:arne.osl...@uninett.no>> wrote:
>
>         Hello,
>
>         I'm trying to set up secure communication between minifi-cpp
>         0.4.0 and
>         nifi, but unfortunately it fails with the following errors:
>
>         [org::apache::nifi::minifi::utils::HTTPClient] [error]
>         curl_easy_perform() failed SSL connect error
>         [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error]
>         ProcessGroup::refreshRemoteSite2SiteInfo --
>         curl_easy_perform() failed
>
>         I looked quickly at the code and it seems the problem is that
>         HTTPClient
>         never calls configure_secure_connection and therefor never
>         presents a
>         client certificate to nifi.
>
>         The config.yml file defines a TailFail that send data directly
>         to a
>         remote process group.
>
>         My  minifi.properties file:
>         nifi.version=0.1.0
>         nifi.flow.configuration.file=/opt/minifi/conf/config.yml
>         nifi.administrative.yield.duration=30 sec
>         nifi.bored.yield.duration=10 millis
>         
> nifi.provenance.repository.directory.default=/opt/minifi/provenance_repository
>         nifi.provenance.repository.max.storage.time=1 MIN
>         nifi.provenance.repository.max.storage.size=1 MB
>         nifi.remote.input.secure=true
>         nifi.https.need.ClientAuth=true
>         nifi.https.client.certificate=/opt/minifi/conf/client.pem
>         nifi.https.client.private.key=/opt/minifi/conf/client.key
>         nifi.https.client.pass.phrase=/opt/minifi/conf/password
>         nifi.https.client.ca
>         
> <http://nifi.https.client.ca>.certificate=/opt/minifi/conf/nifi-cert.pem
>         controller.socket.host=localhost
>         controller.socket.port=9998
>
>         Certificates and key are correct and have been verified using
>         curl from
>         the command line. Are there any other things I need to do to
>         get minifi
>         to set up a secure connection? As far as I understand the
>         "Security
>         Properties:" in config.yml is only used by the java version of
>         minifi?
>
>         Thanks,
>         Arne
>
>
>

Reply via email to