Trying to get NiFi working in Openshift (as Docker containers) but struggling
with the networking. For those who don't know Openshift well, the hostname
of the container is NOT routable from other containers. The 'proper' way to
route traffic is to create an "Openshift Service", which is a load-balancer
across the nodes in the cluster. It provides a FQDN that will port-forward
to the containers themselves. For instance, if I have a 3-node cluster
(nifi-0, nifi-1, nifi-2) and an Openshift service (nifi.infrastructure.svc),
the 3 nodes are routable from other nodes via the FQDNs:
- nifi-0.nifi.infrastructure.svc
- nifi-1.nifi.infrastructure.svc
- nifi-2.nifi.infrastructure.svc
The IPs of the containers ARE routable from other containers, but it's not
the recommended approach and will NOT work when using secure comms since the
IPs change and can't be packaged into the certs/keystores.
With all that, I can get NiFi working fine in Openshift if I use the
container IPs in the configs, for instance, the relevant parts of the
configs:
nifi.remote.input.secure=false
nifi.remote.input.socket.port=8081
nifi.remote.input.http.enabled=true
nifi.remote.input.host=10.131.5.15
nifi.web.http.port=8080
nifi.web.http.host=10.131.5.15
nifi.web.http.network.interface.default=eth0
nifi.cluster.node.address=10.131.5.15
nifi.cluster.node.protocol.port=8082
This works fine. I can create objects in the UI, no problems.
However, when I try to use the routable Openshift services (aka, this
example config), I have issues:
nifi.remote.input.secure=false
nifi.remote.input.socket.port=8081
nifi.remote.input.http.enabled=true
nifi.remote.input.host=nifi-0.nifi.infrastructure.svc
nifi.web.http.port=8080
nifi.web.http.host=nifi-0.nifi.infrastructure.svc
nifi.web.http.network.interface.default=eth0
nifi.cluster.node.address=nifi-0.nifi.infrastructure.svc
nifi.cluster.node.protocol.port=8082
The UI will load just fine, but when I try to make a modification (update
user, create process group, etc), I get a 'Transaction in Progress'
exception 90% of the time. Occasionally, the modification WILL take place,
but the other 2 nodes will immediately disconnect from the cluster because
the flow file is out of sync and will not rejoin.
On my Openshift service, I have the following ports open and forwarding into
the containers: 8080, 8081, 8082
It SEEMS that for whatever reason, even though the above service
hostname:ports are routable for each node, Openshift is having connectivity
problems with the other nodes, but I have no idea why. There are no errors
showing in the logs besides the flow file getting out of sync after I try to
make a modification.
Any ideas what could be going on here?
--
Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
