Re: zookeeper error message - nifi 1.11.1/zookeeper 3.5.6

[dan young]

Thank you for your email. Looking at the zookeeper docs, with 3.5.0 it
looks like the format may have changed to support the dynamic
configuration. It may seem that zookeeper is sending back a format that
NiFi isn't expecting??? I.e the :participant

https://zookeeper.apache.org/doc/r3.5.6/zookeeperReconfig.html



On Wed, Feb 12, 2020, 5:53 PM 노대호Daeho Ro  wrote:

> In my memory,
>
> zookeepr 3.5.6 needs the new form of zookeeper string such as
>
> server.1=0.0.0.0:2888:3888;2181
>
>
> where the ip is yours.
>
> Hope this help you.
>
>
> 2020년 2월 13일 (목) 오전 1:55, dan young 님이 작성:
>
>> Sorry Joe,
>>
>> Yes, I'll file a JIRA...here's the email again
>>
>> We're seeing the following messages in nifi logs on our cluster nodes.
>> Using
>> Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6
>>
>> Functionality seems not to be impacted, but wondering if there's
>> something else
>> going on or the version of zookeeper we're using is causing this.
>>
>> 2020-02-12 15:36:43,959 ERROR [main-EventThread]
>> o.a.c.framework.imps.EnsembleTracker Invalid config event received:
>> {server.1=10.190.3.170:2888:3888:participant, version=0,
>> server.3=10.190.3.91:2888:3888:participant, server.2=10.190.3.172:2888
>> :3888:participant}
>>
>> Regards,
>>
>> Dano
>>
>> On Wed, Feb 12, 2020 at 9:49 AM Joe Witt  wrote:
>>
>>> Dan,
>>>
>>> Not sure what others see but for me your email cuts off in the middle of
>>> a line.
>>>
>>> You might want to file a JIRA with your observation/logs.
>>>
>>> Thanks
>>>
>>> On Wed, Feb 12, 2020 at 11:46 AM dan young  wrote:
>>>
 Hello,

 We're seeing the following messages in nifi logs on our cluster nodes.  
 Using
 Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6

 Functionality seems not to be impacted, but wondering if there's something 
 else
 going on or the version of zookeeper we're using is causing this.

 2020-02-12 15:36:43,959 ERROR [main-EventThread] 
 o.a.c.framework.imps.EnsembleTracker Invalid config event received: 
 {server.1=10.190.3.170:2888:3888:participant, version=0, 
 server.3=10.190.3.91:2888:3888:participant, 
 server.2=10.190.3.172:2888:3888:participant}

 Regards,

 Dano

Re: zookeeper error message - nifi 1.11.1/zookeeper 3.5.6

[노대호Daeho Ro]

In my memory,

zookeepr 3.5.6 needs the new form of zookeeper string such as

server.1=0.0.0.0:2888:3888;2181


where the ip is yours.

Hope this help you.


2020년 2월 13일 (목) 오전 1:55, dan young 님이 작성:

> Sorry Joe,
>
> Yes, I'll file a JIRA...here's the email again
>
> We're seeing the following messages in nifi logs on our cluster nodes.
> Using
> Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6
>
> Functionality seems not to be impacted, but wondering if there's something
> else
> going on or the version of zookeeper we're using is causing this.
>
> 2020-02-12 15:36:43,959 ERROR [main-EventThread]
> o.a.c.framework.imps.EnsembleTracker Invalid config event received:
> {server.1=10.190.3.170:2888:3888:participant, version=0,
> server.3=10.190.3.91:2888:3888:participant, server.2=10.190.3.172:2888
> :3888:participant}
>
> Regards,
>
> Dano
>
> On Wed, Feb 12, 2020 at 9:49 AM Joe Witt  wrote:
>
>> Dan,
>>
>> Not sure what others see but for me your email cuts off in the middle of
>> a line.
>>
>> You might want to file a JIRA with your observation/logs.
>>
>> Thanks
>>
>> On Wed, Feb 12, 2020 at 11:46 AM dan young  wrote:
>>
>>> Hello,
>>>
>>> We're seeing the following messages in nifi logs on our cluster nodes.  
>>> Using
>>> Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6
>>>
>>> Functionality seems not to be impacted, but wondering if there's something 
>>> else
>>> going on or the version of zookeeper we're using is causing this.
>>>
>>> 2020-02-12 15:36:43,959 ERROR [main-EventThread] 
>>> o.a.c.framework.imps.EnsembleTracker Invalid config event received: 
>>> {server.1=10.190.3.170:2888:3888:participant, version=0, 
>>> server.3=10.190.3.91:2888:3888:participant, 
>>> server.2=10.190.3.172:2888:3888:participant}
>>>
>>> Regards,
>>>
>>> Dano
>>>
>>>
>>>

Re: NiFi user and access rights

[Andy LoPresto]

You could use MiNiFi agents on each external resource to consume data in a 
siloed manner and transmit it to a central NiFi instance over Site-to-site 
protocol. This would allow each producer of data to remain isolated (either 
physically disconnected or each using a distinct OS user for ACL with the 
respective MiNiFi agents running as that user) and communicate the necessary 
data back to a central processing instance. 


Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 12, 2020, at 6:54 AM, Tomislav Novosel  wrote:
> 
> Hi guys,
> 
> I'm having this situation inside my company projects. We are using NiFi as 
> DataFlow platform and there are multiple projects.
> Every project has files on shared disk/folder from which one Nifi 
> instance(standalone instance) is reading data.
> NiFi instance service is running under one generic user which has read rights 
> for every shared folder/project and that is fine.
> 
> As there will be more and more projects and only one generic user will need 
> to have read rights on all shared disks/folders of all projects. So which is 
> better solution:
> 
> To have one NiFi instance running with one generic user which has read rights 
> on all shared disks/folders. From security standpoint it is not ok. Shared 
> folders are from various customers. Data volume and load is not too big for 
> only one standalone NiFi instance.
> To have Multiple NiFi instances on one server each running under different 
> generic user and every generic user belongs to one customer shared folder 
> regarding read rights, 1:1 relationship.
> In the future there will be need to scure NiFi instances with SSL, maybe to 
> add more nodes and to establish multi-tenancy.
> 
> Is there maybe some other third solution for this situation? How to setup 
> that kind of data flow where are multiple data sources and security is 
> important?
> 
> Thanks in advance and best regards.
> 
> Tom

Re: zookeeper error message - nifi 1.11.1/zookeeper 3.5.6

[dan young]

Sorry Joe,

Yes, I'll file a JIRA...here's the email again

We're seeing the following messages in nifi logs on our cluster nodes.
Using
Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6

Functionality seems not to be impacted, but wondering if there's something
else
going on or the version of zookeeper we're using is causing this.

2020-02-12 15:36:43,959 ERROR [main-EventThread]
o.a.c.framework.imps.EnsembleTracker Invalid config event received:
{server.1=10.190.3.170:2888:3888:participant, version=0,
server.3=10.190.3.91:2888:3888:participant, server.2=10.190.3.172:2888
:3888:participant}

Regards,

Dano

On Wed, Feb 12, 2020 at 9:49 AM Joe Witt  wrote:

> Dan,
>
> Not sure what others see but for me your email cuts off in the middle of a
> line.
>
> You might want to file a JIRA with your observation/logs.
>
> Thanks
>
> On Wed, Feb 12, 2020 at 11:46 AM dan young  wrote:
>
>> Hello,
>>
>> We're seeing the following messages in nifi logs on our cluster nodes.  Using
>> Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6
>>
>> Functionality seems not to be impacted, but wondering if there's something 
>> else
>> going on or the version of zookeeper we're using is causing this.
>>
>> 2020-02-12 15:36:43,959 ERROR [main-EventThread] 
>> o.a.c.framework.imps.EnsembleTracker Invalid config event received: 
>> {server.1=10.190.3.170:2888:3888:participant, version=0, 
>> server.3=10.190.3.91:2888:3888:participant, 
>> server.2=10.190.3.172:2888:3888:participant}
>>
>> Regards,
>>
>> Dano
>>
>>
>>

Re: zookeeper error message - nifi 1.11.1/zookeeper 3.5.6

[Joe Witt]

Dan,

Not sure what others see but for me your email cuts off in the middle of a
line.

You might want to file a JIRA with your observation/logs.

Thanks

On Wed, Feb 12, 2020 at 11:46 AM dan young  wrote:

> Hello,
>
> We're seeing the following messages in nifi logs on our cluster nodes.  Using
> Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6
>
> Functionality seems not to be impacted, but wondering if there's something 
> else
> going on or the version of zookeeper we're using is causing this.
>
> 2020-02-12 15:36:43,959 ERROR [main-EventThread] 
> o.a.c.framework.imps.EnsembleTracker Invalid config event received: 
> {server.1=10.190.3.170:2888:3888:participant, version=0, 
> server.3=10.190.3.91:2888:3888:participant, 
> server.2=10.190.3.172:2888:3888:participant}
>
> Regards,
>
> Dano
>
>
>

zookeeper error message - nifi 1.11.1/zookeeper 3.5.6

[dan young]

Hello,

We're seeing the following messages in nifi logs on our cluster nodes.  Using
Nifi 1.11.1 and zookeeper (not embedded) version 3.5.6

Functionality seems not to be impacted, but wondering if there's something else
going on or the version of zookeeper we're using is causing this.

2020-02-12 15:36:43,959 ERROR [main-EventThread]
o.a.c.framework.imps.EnsembleTracker Invalid config event received:
{server.1=10.190.3.170:2888:3888:participant, version=0,
server.3=10.190.3.91:2888:3888:participant,
server.2=10.190.3.172:2888:3888:participant}

Regards,

Dano

NiFi user and access rights

[Tomislav Novosel]

Hi guys,

I'm having this situation inside my company projects. We are using NiFi as
DataFlow platform and there are multiple projects.
Every project has files on shared disk/folder from which one Nifi
instance(standalone instance) is reading data.
NiFi instance service is running under one generic user which has read
rights for every shared folder/project and that is fine.

As there will be more and more projects and only one generic user will need
to have read rights on all shared disks/folders of all projects. So which
is better solution:


   1. To have one NiFi instance running with one generic user which has
   read rights on all shared disks/folders. From security standpoint it is not
   ok. Shared folders are from various customers. Data volume and load is not
   too big for only one standalone NiFi instance.
   2. To have Multiple NiFi instances on one server each running under
   different generic user and every generic user belongs to one customer
   shared folder regarding read rights, 1:1 relationship.

In the future there will be need to scure NiFi instances with SSL, maybe to
add more nodes and to establish multi-tenancy.

Is there maybe some other third solution for this situation? How to setup
that kind of data flow where are multiple data sources and security is
important?

Thanks in advance and best regards.

Tom

Re: Unable to load the authorizer configuration file

[Josh Friberg-Wyckoff]

For the sake of testing I have just been running everything as root.
Permissions look good to me.

[root@wvllab-lnx-nifi conf]# ls -la
total 116
drwxr-xr-x  3 root root  4096 Feb 12 00:13 .
drwxr-xr-x 16 root root   328 Feb 11 23:36 ..
drwxr-xr-x  2 root root86 Feb 12 00:02 archive
-rw-r--r--  1 root root  1813 Feb 11 23:36 authorizations.xml
-rw-rw-r--  1 root root 22076 Feb 12 00:01 authorizers.xml
-rw-rw-r--  1 root root  4026 Jan  5 11:24 bootstrap.conf
-rw-rw-r--  1 root root  2326 Jan  5 11:24
bootstrap-notification-services.xml
-rw-r--r--  1 root root   282 Feb 12 00:02 flow.xml.gz
-rw---  1 root root  3105 Feb 11 23:25 keystore.jks
-rw-rw-r--  1 root root  8666 Jan  5 11:24 logback.xml
-rw-rw-r--  1 root root  6506 Feb 11 23:32 login-identity-providers.xml
-rw---  1 root root  1200 Feb 11 23:25 nifi-cert.pem
-rw---  1 root root  1675 Feb 11 23:25 nifi-key.key
-rw-rw-r--  1 root root 12373 Feb 11 23:27 nifi.properties
-rw-rw-r--  1 root root  8669 Jan  5 11:24 state-management.xml
-rw---  1 root root   911 Feb 11 23:25 truststore.jks
-rw-r--r--  1 root root   382 Feb 11 23:36 users.xml
-rw-rw-r--  1 root root  1718 Jan  5 11:24 zookeeper.properties
[root@wvllab-lnx-nifi conf]# pwd
/apps/nifi-test/conf

On Wed, Feb 12, 2020 at 7:55 AM Bryan Bende  wrote:

> Hello,
>
> It looks like basically the same error you had for authorizers.xml,
> but now for login-identity-providers.xml.
>
> It is saying the file does not exist at
> /apps/nifi-test/./conf/login-identity-providers.xml
>
> Can you verify the file exists and it is readable by whatever OS user
> NiFi is running as.
>
> Thanks,
>
> Bryan
>
> On Wed, Feb 12, 2020 at 12:55 AM Josh Friberg-Wyckoff
>  wrote:
> >
> > I restarted from scratch and tried again.  This time it is complaining
> about the Login Identity Provider xml
> > https://gist.github.com/SquashBuckler/96d23ebd1652908c0b00db0a06198a13
> >
> > On Tue, Feb 11, 2020 at 10:26 PM Pierre Villard <
> pierre.villard...@gmail.com> wrote:
> >>
> >> There should be more lines below the ERROR log you gave in your initial
> email. The full stack trace here will definitely help. If too long and not
> sensitive, you can put in a public gist [1] and give us the link.
> >>
> >> [1] https://gist.github.com/
> >>
> >> Le mar. 11 févr. 2020 à 19:30, Josh Friberg-Wyckoff <
> j...@thefribergs.com> a écrit :
> >>>
> >>> So is that the entire file or just part of it.  Over 2300 lines in it.
> >>>
> >>> On Tue, Feb 11, 2020 at 8:42 PM Pierre Villard <
> pierre.villard...@gmail.com> wrote:
> 
>  Hi Josh,
> 
>  The full stack trace from nifi-app.log would probably provide more
> information. This is likely a configuration issue.
> 
>  Thanks,
>  Pierre
> 
>  Le mar. 11 févr. 2020 à 15:44, Josh Friberg-Wyckoff <
> j...@thefribergs.com> a écrit :
> >
> > I followed a tutorial from the Mint Ops Blog on how to setup NiFi
> with LDAP.
> >
> > I am getting the following error when trying to start Nifi.  Would
> be helpful if anyone could point me in the right direction.
> >
> > 2020-02-11 16:04:59,398 ERROR [NiFi logging handler]
> org.apache.nifi.StdErr Failed to start web server: Error creating bean with
> name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression
> parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is java.lang.Exception: Unable to load the
> authorizer configuration file at: /apps/nifi/./conf/authorizers.xml
> >
> >
>

Re: Machines for NiFi: general purpose or memory intensive

[Mike Thomsen]

Most of your pain points with performance will be either CPU or disk I/O
unless you happen to have a particularly memory-intensive flow (most
aren't). I'd start with a heap of about 4GB of RAM/node and scale up from
there as needed while testing. Odds are pretty good that you'll find that
adding cores, not a lot of memory, will be the source of most improvements.
Start smallish like that and figure out how performant the process must be.
My main client, for example, prefers to spend less on cloud resources and
accept the longer wait as a way of saving money since there's no business
rush to get the data in really fast.

On Wed, Feb 12, 2020 at 3:09 AM Anurag Sharma 
wrote:

> Hi All,
>
> We use  Digital Ocean, just wish to check with the community if we should
> go for general purpose machines or memory-intensive machines for our NiFi
> cluster?
>
> Regards
> Anurag
>

Re: Unable to load the authorizer configuration file

[Bryan Bende]

Hello,

It looks like basically the same error you had for authorizers.xml,
but now for login-identity-providers.xml.

It is saying the file does not exist at
/apps/nifi-test/./conf/login-identity-providers.xml

Can you verify the file exists and it is readable by whatever OS user
NiFi is running as.

Thanks,

Bryan

On Wed, Feb 12, 2020 at 12:55 AM Josh Friberg-Wyckoff
 wrote:
>
> I restarted from scratch and tried again.  This time it is complaining about 
> the Login Identity Provider xml
> https://gist.github.com/SquashBuckler/96d23ebd1652908c0b00db0a06198a13
>
> On Tue, Feb 11, 2020 at 10:26 PM Pierre Villard  
> wrote:
>>
>> There should be more lines below the ERROR log you gave in your initial 
>> email. The full stack trace here will definitely help. If too long and not 
>> sensitive, you can put in a public gist [1] and give us the link.
>>
>> [1] https://gist.github.com/
>>
>> Le mar. 11 févr. 2020 à 19:30, Josh Friberg-Wyckoff  a 
>> écrit :
>>>
>>> So is that the entire file or just part of it.  Over 2300 lines in it.
>>>
>>> On Tue, Feb 11, 2020 at 8:42 PM Pierre Villard 
>>>  wrote:

 Hi Josh,

 The full stack trace from nifi-app.log would probably provide more 
 information. This is likely a configuration issue.

 Thanks,
 Pierre

 Le mar. 11 févr. 2020 à 15:44, Josh Friberg-Wyckoff  
 a écrit :
>
> I followed a tutorial from the Mint Ops Blog on how to setup NiFi with 
> LDAP.
>
> I am getting the following error when trying to start Nifi.  Would be 
> helpful if anyone could point me in the right direction.
>
> 2020-02-11 16:04:59,398 ERROR [NiFi logging handler] 
> org.apache.nifi.StdErr Failed to start web server: Error creating bean 
> with name 
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
>  Unsatisfied dependency expressed through method 
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is 
> org.springframework.beans.factory.BeanExpressionException: Expression 
> parsing failed; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied 
> dependency expressed through method 'setJwtAuthenticationProvider' 
> parameter 0; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating 
> bean with name 'jwtAuthenticationProvider' defined in class path resource 
> [nifi-web-security-context.xml]: Cannot resolve reference to bean 
> 'authorizer' while setting constructor argument; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating 
> bean with name 'authorizer': FactoryBean threw exception on object 
> creation; nested exception is java.lang.Exception: Unable to load the 
> authorizer configuration file at: /apps/nifi/./conf/authorizers.xml
>
>

Machines for NiFi: general purpose or memory intensive

[Anurag Sharma]

Hi All,

We use  Digital Ocean, just wish to check with the community if we should
go for general purpose machines or memory-intensive machines for our NiFi
cluster?

Regards
Anurag