Jorge, The error I am currently getting from NiFi is this:
Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:557) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165) at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:515) at groovyx.net.http.RESTClient.get(RESTClient.java:119) at groovyx.net.http.RESTClient$get.call(Unknown Source) at NiFiDeploy.loadProcessGroups(NiFiDeploy:346) at NiFiDeploy.loadProcessGroups(NiFiDeploy) at NiFiDeploy.handleGracefulShutdown(NiFiDeploy:87) at NiFiDeploy.run(NiFiDeploy:724) I am currently using the nifi node's truststore.jks to connect to it. Thanks, Sean. On Wed, Feb 21, 2018 at 2:10 PM, Sean Marciniak <[email protected]> wrote: > Hi Joe, > > I am trying to do in an automated fashion so using the UI doesn't help me > in this case. > I already have a working groovy script that will upload these templates > when NiFi is not secure but can not when it is. > I am trying to understand what is required in order to make this work for > secure mode. > > I am glad that the host header issue has been addressed in NiFi 1.6 as > this will help us with securely deploying NiFi into Kubernetes. > > I am not fully convinced that nifi registries are the way to go as they > are an additional service that aims to replace other VCS such as git, svn. > I am sure it has its purpose but it is not the correct fit for me. > > Sean. > > On Wed, Feb 21, 2018 at 1:50 PM, Joe Witt <[email protected]> wrote: > >> Sean >> >> It is certainly possible and you could do this manually via the UI and >> your browser and use the browsers dev tools to learn more about the >> requests. We have the REST API docs but those aren't always very helpful >> to understand the recipe of taking a series of actions. >> >> With NiFi 1.5 host header we made it harder to configure in some cases >> which we've relaxed and will arrive in 1.6.0 but i'm not aware of it not >> allowing proper functions and of course it was a change made to address a >> security concern which since you're running in secure mode I'm guessing >> you'll find important. >> >> With regard to the registry I will say that it was designed to be a far >> better answer to what templates could never do. So what you'll work to >> learn more about now with templates and a workflow to get you closer the >> registry already does very well. With 1.6.0 you'll also have access to a >> nice CLI to use between NiFi and Registry instances for versioned >> flows/flow management as well. >> >> Thanks >> >> On Wed, Feb 21, 2018 at 8:42 AM, Jorge Machado <[email protected]> wrote: >> >>> Hi Sean, >>> >>> Which error are u getting. It the API has the option for it It should >>> work. >>> may be this helps: https://github.com/hermannpencole/nifi-config >>> >>> Jorge Machado >>> >>> >>> >>> >>> >>> On 21 Feb 2018, at 13:40, Sean Marciniak <[email protected]> wrote: >>> >>> Hey Team, >>> >>> We are currently trying to deploy flow templates to NiFi while its >>> running in secure mode over https. >>> Do we know if this is possible? >>> Is there any documentation about doing this? >>> >>> I am able to deploy the flow templates when it is running in non secure >>> mode, but when we enforce secure mode, we are unable to do it. >>> >>> We are currently stuck with using NiFiv1.4 due host header issues >>> introduced in NiFi 1.5 and nifi registry is a unneeded risk we don't want >>> to take. >>> >>> >>> -- >>> <https://www.beamery.com/> >>> >>> Sean Marciniak >>> >>> [email protected] >>> >>> >>> www.beamery.com >>> >>> Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams >>> <https://beamery.com/academy/gdpr-for-recruiting-teams>* >>> >>> >>> >> > > > -- > <https://www.beamery.com> > > Sean Marciniak > > [email protected] > > www.beamery.com > > Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams > <https://beamery.com/academy/gdpr-for-recruiting-teams>* > -- <https://www.beamery.com> Sean Marciniak [email protected] www.beamery.com Are you ready for GDPR? *GDPR: The Complete Guide for Recruiting Teams <https://beamery.com/academy/gdpr-for-recruiting-teams>*
