NiFi 1.11.4 -- "Unable to access lib/bootstrap to create bootstrap classloader"
Hello! I'm trying to deploy NiFi 1.11.4 to a new environment. After configuring all the necessary files and trying to start the service, I see the following message in the nifi-app.log file: INFO [main] org.apache.nifi.NiFi Launching NiFi... WARN [main] org.apache.nifi.NiFi Unable to access lib/bootstrap to create bootstrap classloader Java.nio.file.NoSuchFileException: lib/bootstrap ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.lang.IllegalArgumentException: Unable to access properties loader in the expected manner - apparent classpath or build issue I found a bug report with this exact issue (https://issues.apache.org/jira/browse/NIFI-4685) but it was a few years ago and is still marked as Open/Unresolved. Anybody seen this issue / have a solution? I'm running this on RHEL7. r/ JW
NiFi to NiFi Registry error: "Untrusted proxy ... for write operation"
Hello! I am having issues getting NiFi Registry to work properly. I have NiFi and NiFi Registry running, both configured to use SSL, both using the same keystore.jks and truststore.jks files, and both with user accounts mapped to PKI certificate FQDNs. I have no issue logging into the interfaces for either NiFi or NiFi Registry. I have added the NiFi registry URL in NiFi under nifi settings -> Registry Clients. I have created a bucket in nifi registry. It is set to be publicly visible and has a policy created that gives the user group (which I created in nifi registry and has all users in it) all permission options. In Nifi, I have a user group created with all users in it that have maximum permissions for all options in Nifi and on the particular nifi flow we're working on. The issue I have is: 1.) I log in to NiFi, right-click a process group (doesn't seem to matter which one) and click Version -> Start version control. 2.) The Save Flow Version wizard pops up, automatically populated with the registry name and the bucket name I created in nifi-registry. I enter random characters in the 3 empty fields and click Save. 3.) Error message appears: "Failed to register flow with Flow Registry due to Error creating flow: Untrusted proxy [**] for write operation. Contact the system administrator." In the nifi-registry-app.log, I see this message: 2020-03-05 18:16:11,272 INFO [NiFi Registry Web Server-17] o.a.n.r.w.m.AccessDeniedExceptionMapper identity[**], groups[*]* does not have permission to access the requested resource. Untrusted proxy [**] for write operation. Returning Forbidden response. However, my account has every permission available in both Nifi and Nifi-registry. Any idea where to start?
Certificates in Truststore
Hello, I apologize if this is a simple/stupid question, but reading through the administration guide and copious amounts of googling have returned very little regarding this. I'm looking into utilizing only client certificates for authentication to our Apache NiFi server. I want to avoid having to add another software package (e.g. LDAP, Kerberos, etc.) to the server. After spending the last few days working on this and getting an understanding of how to get new users created, I'm running into an issue: a user's client certificate has to be added to the truststore on the server in order for it to be allowed to access the NiFi web server, and NiFi doesn't seem to recognize changes to the truststore while it's running. While I don't expect to need to add a ton of new users, I am imagining a scenario where my program managers need a new user added immediately while one of our lead developers is in the process of doing something in the web app that he can't lose due to a service restart. Is there a way to make NiFi recognize changes to the truststore without requiring the service to be restarted? If not, is there a way to have NiFi trust all certs from a certain CA? They still wouldn't actually be able to access anything without having a user account tied to their cert's DN... Thanks! r/ Joseph Wheeler