Hi Evgeniya, Thanks for your reply. We are setting our nifi cluster in a private Cloud with OpenSatck. All the instances (VMs) have internal IP like ‘192.168.x.x` and OpenStack manager what is called ‘floating IPs’ allowing to reach the VMs from outside the Cloud, sort of public IPs. So from outside the network cloud, we cannot reach internal IPs (192.168.x.x) from our computure, we need to use ‘public IPs’ (10.99.x.x). But the thing is the VMs do not have any knowledge of these public IPs. So if I set nifi.web.https.host to the internal IP, I won’t be able to access the nifi UI using the public IP. The same, if I set nifi.web.https.host to the public IP, nifi will refuse to start as it can’t bind the external IP, it doesn’t know it or can access it. The only work around I found is to set nifi.web.https.host to 0.0.0.0.
Is it clearer with this explanation? Thanks Emmanuel C2 - Restricted De : Евгения А. Панкова <[email protected]> Envoyé : mardi 1 juin 2021 13:40 À : [email protected] Objet : RE: Failed to replicate request GET /nifi-api/flow/current-user Why did you set nifi.web.https.host to 0.0.0.0? I usually specify each node’s hostname/ip address in this parameter. Evgeniya Pankova Mob.: +7 (926) 327 44 05 | e-mail: [email protected]<mailto:[email protected]> From: QUEVILLON EMMANUEL - EXT-SAFRAN ENGINEERING SERVICES (SAFRAN) <[email protected]<mailto:[email protected]>> Sent: Tuesday, June 1, 2021 10:47 AM To: [email protected]<mailto:[email protected]> Subject: Failed to replicate request GET /nifi-api/flow/current-user Dear list, I’m trying to set up a nifi cluster (3 nodes) secured with https. The cluster is able to start correctly, each node is able to communicate with each other, the primary/coordinator is well elected (reading the logs). I’m able to connect using my TLS certificates generated with tls-toolkit.sh script. So far so good. However, when I try to connect to the UI, this is where the problems appear. From the UI, I get an error message like: ‘java.net.SocketTimeoutException: timeout’ From the log of the corresponding node I’ve tried to connect to, I can see such error: “o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/flow/current-user to 0.0.0.0:8443 due to java.net.SocketTimeoutException: timeout” …… Caused by: java.net.SocketException: Socket closed” Strange thing is that, if I connect to the primary node UI, no such error is displayed on the UI. I can access the cluster menu and all other menu without problems. Only none coordinator and primary nodes throw these errors. From the logs of the coordinator node, I can see (log level set to DEBUG) that heartbeat messages are well transmitted from other nodes. Regarding nifi properties file, each nodes have this common configuration: Nifi.remote.input.host=hostname-node(1 or 2 or 3) # based on which node we are running on Nifi.web.https.host=0.0.0.0 Nifi.web.https.port=8443 Nifi.web.proxy.host=ip-of-node1:8443,ip-of-node2:8443,ip-of-node3:8443,hostname-node1:8443,hostname-node2:8443,hostname-node3:8443 … Nifi.cluster.protocol.is.secure=true Nifi.cluster.is.node=true Nifi.cluster.node.address=hostname-node(1 or 2 or 3) # based on which node we are running on Nifi.cluster.node.protocol.port=11443 … Nifi.zookeeper.connect.string=hostname-node1:2181,hostname-node2:2181,hostname-node3:2181 Each nodes have their /etc/hosts file set as follow: 192.168.136.15 nifi-node1 192.168.136.30 nifi-node2 192.168.136.5 nifi-node3 Could someone light my lantern? Is there something misconfigured? Thanks for any help. Regards Emmanuel C2 - Restricted # " Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés." ****** " This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." # # " Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés." ****** " This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." #
