Im having some rather odd behavior on clustering, working on trying to set up
my first cluster (of three nodes).
Im running nifi 1.17.0
everything over ssl, ad I'm using the embedded zookeeper My certs are all
signed by my org, and my truststore DOES have my org's root cert in it. My
cert has bothe the IP address AND the FQDN as the SANs. (Though not the host
name)
When it first comes up, the gui says,
"javax.net.ssl.SSLPeerUnverifiedException: Hostname nifi-node3.mydomain not
verified (no certificates).
If I refresh it will say nifi-node2mydomain not verifiedIf I
If I refresh AGAIN, it will even say nifi-node1.mydomain not verified. (the
node I'm on)
The NEXT refresh (the fourth). It WORKS. All three nodes show connected.
As I manipulate the gui, goes back to the disconnected state, and I have to
refresh 4 times again.
The log says things like:
2023-11-03 04:17:54,256 WARN [Replicate Request Thread-211]
o.a.n.c.c.h.r.ThreadPoolRequestReplicator
javax.net.ssl.SSLPeerUnverifiedException: Hostname nifi-node3.mydomain not
verified (no certificates)
at
okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:396)
at
okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
at
okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
at
okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
at
okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
at
okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
at
okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at
org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:136)
at
org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:130)
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:612)
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:810)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
2023-11-03 04:17:55,248 INFO [Clustering Tasks Thread-3]
o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2023-11-03
04:17:55,180 and sent to nifi-node3.mydomain:8333 at 2023-11-03 04:17:55,248;
determining Cluster Coordinator took 1 millis; DNS lookup for coordinator took
0 millis; connecting to coordinator took 5 millis; sending heartbeat took 57
millis; receiving first byte from response took 2 millis; receiving full
response took 3 millis; total time was 67 millis
So it CAN connect, if I read it right.
Any thoughts? I was debating going to a non-ssl external zookeeper. Or maybe
upgrading to the newer 1.23.
Any thoughts?
Thanks!
Geoff
