Re: How to integrate Secured Ragistry with Secured Nifi
Hi Tom, If you ping nifi-registry from nifi using "localhost", then localhost is the the hostname you should use when adding the Registry client to NiFi. Let me know if this does not work for you. Kevin On February 19, 2019 at 03:33:51, Tomislav Novosel (to.novo...@gmail.com) wrote: > Hi again, > > @Kevin, I chacked all you mentioned, containers are on the same docker > network and I can ping from the Nifi container host where is Nifi registry, > although they are on the > same server, it is then localhost I believe. > When adding nifi registry client I'm using hostname from the > nifi-registry.properties whisch is the same as hostname where the registry > and nifi instance are (because I added flag --hostname > while running containers and hostname is the same as the server hostname > where the containers are running). > > I also checked yours and Mike's docker-compose files and everything is > preety much the same regarding, hosts and ports. > > BR, > Tom > > On Tue, 19 Feb 2019 at 06:51, Tomislav Novosel wrote: > > > Hi Mike, Kevin > > > > Thank you for your answers, I appreciate it. > > > > @Mike, why are you setting WEB_HTTP_HOST and WEB_HTTP_PORT when you are > > using secured nifi? Shouldnt that be empty and only HTTPS host and port > > used? > > > > BR, > > Tom > > > > On Mon, 18 Feb 2019, 23:56 Mike Thomsen > > > >> Tom, > >> > >> > Note: both Registry and Nifi are in Docker containers on the same node. > >> I tried with IP address, but nothing. > >> > >> Each docker container has its own IP address. You need to link the two > >> containers. I always use Docker Compose, so I can't help you on how to set > >> it up manually. That said, I did a sample last year connecting a few > >> different NiFi nodes and a registry w/ SSL here: > >> > >> > >> https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml > >> > >> > >> I can't remember if I kept the LDAP docker container referenced in it, > >> but you should be able to look at it and figure out how to link everything > >> up from that with Docker Compose. > >> > >> Mike > >> > >> On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: > >> > >>> > >>> Hi Tom, > >>> > >>> Given that you are getting a Connection refused exception and not an > >>> HTTP 401 or 403, I suspect that the problem is networking related and not > >>> authentication/authorization. > >>> > >>> Are the two docker containers on the same docker network? Can you > >>> resolve/ping the Registry container from the NiFi container, and when you > >>> create the Registry client in NiFi, are you using the hostname that the > >>> NiFi server/container would use to address Registry (ie, not the host a > >>> REgistry UI use might use if you are using port mapping to the docker > >>> container with the host). > >>> > >>> Here is an example repo in which I have an example of connecting NiFi > >>> and Registry and docker conatiners using docker-compose: > >>> > >>> https://github.com/kevdoran/flowops > >>> > >>> Hope this helps, > >>> Kevin > >>> > >>> > >>> On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) > >>> wrote: > >>> > Hi all, > >>> > > >>> > I generated standalone certificate with nifi-toolkit for my two Nifi > >>> > instances and for Nifi registry instance. All are on the same domain > >>> so I > >>> > used one certificate and its credentials for properties file (trustore > >>> > path, keystore path, keystore passw, trustore passw). > >>> > > >>> > Auth is configured through domain LDAP server and everything works. > >>> > > >>> > On both Nifi node and Registry node I configured authorizers.xml file > >>> on > >>> > property "Node Identity 1" with value from keystore.jks on "Owner" > >>> > attribute. > >>> > > >>> > Owner: <> > >>> > In Nifi registry I added that as user and gave rights to read and > >>> modify > >>> > buckets. > >>> > > >>> > When I add Registry Client on Nifi node and Hit Start version control > >>> on > >>> > process group I got error: > >>> > > >>> > Error > >>> > > >>> > Unable to obtain listing of buckets: java.net.ConnectException: > >>> Connection > >>> > refused (Connection refused) > >>> > > >>> > > >>> > I missed something in configuration, please help me. > >>> > > >>> > Note: both Registry and Nifi are in Docker containers on the same > >>> node. I > >>> > tried with IP address, but nothing. > >>> > > >>> > > >>> > Thank you, > >>> > > >>> > Tom > >>> > > >>> > >>> >
Re: How to integrate Secured Ragistry with Secured Nifi
Any ideas? Tom On Tue, 19 Feb 2019 at 11:08, Mike Thomsen wrote: > Copy pasta. > > On Tue, Feb 19, 2019 at 12:51 AM Tomislav Novosel > wrote: > >> Hi Mike, Kevin >> >> Thank you for your answers, I appreciate it. >> >> @Mike, why are you setting WEB_HTTP_HOST and WEB_HTTP_PORT when you are >> using secured nifi? Shouldnt that be empty and only HTTPS host and port >> used? >> >> BR, >> Tom >> >> On Mon, 18 Feb 2019, 23:56 Mike Thomsen > >>> Tom, >>> >>> > Note: both Registry and Nifi are in Docker containers on the same >>> node. I tried with IP address, but nothing. >>> >>> Each docker container has its own IP address. You need to link the two >>> containers. I always use Docker Compose, so I can't help you on how to set >>> it up manually. That said, I did a sample last year connecting a few >>> different NiFi nodes and a registry w/ SSL here: >>> >>> >>> https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml >>> >>> I can't remember if I kept the LDAP docker container referenced in it, >>> but you should be able to look at it and figure out how to link everything >>> up from that with Docker Compose. >>> >>> Mike >>> >>> On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: >>> Hi Tom, Given that you are getting a Connection refused exception and not an HTTP 401 or 403, I suspect that the problem is networking related and not authentication/authorization. Are the two docker containers on the same docker network? Can you resolve/ping the Registry container from the NiFi container, and when you create the Registry client in NiFi, are you using the hostname that the NiFi server/container would use to address Registry (ie, not the host a REgistry UI use might use if you are using port mapping to the docker container with the host). Here is an example repo in which I have an example of connecting NiFi and Registry and docker conatiners using docker-compose: https://github.com/kevdoran/flowops Hope this helps, Kevin On February 18, 2019 at 10:08:54, Tomislav Novosel ( to.novo...@gmail.com) wrote: > Hi all, > > I generated standalone certificate with nifi-toolkit for my two Nifi > instances and for Nifi registry instance. All are on the same domain so I > used one certificate and its credentials for properties file (trustore > path, keystore path, keystore passw, trustore passw). > > Auth is configured through domain LDAP server and everything works. > > On both Nifi node and Registry node I configured authorizers.xml file on > property "Node Identity 1" with value from keystore.jks on "Owner" > attribute. > > Owner: <> > In Nifi registry I added that as user and gave rights to read and modify > buckets. > > When I add Registry Client on Nifi node and Hit Start version control on > process group I got error: > > Error > > Unable to obtain listing of buckets: java.net.ConnectException: Connection > refused (Connection refused) > > > I missed something in configuration, please help me. > > Note: both Registry and Nifi are in Docker containers on the same node. I > tried with IP address, but nothing. > > > Thank you, > > Tom >
Re: How to integrate Secured Ragistry with Secured Nifi
Copy pasta. On Tue, Feb 19, 2019 at 12:51 AM Tomislav Novosel wrote: > Hi Mike, Kevin > > Thank you for your answers, I appreciate it. > > @Mike, why are you setting WEB_HTTP_HOST and WEB_HTTP_PORT when you are > using secured nifi? Shouldnt that be empty and only HTTPS host and port > used? > > BR, > Tom > > On Mon, 18 Feb 2019, 23:56 Mike Thomsen >> Tom, >> >> > Note: both Registry and Nifi are in Docker containers on the same node. >> I tried with IP address, but nothing. >> >> Each docker container has its own IP address. You need to link the two >> containers. I always use Docker Compose, so I can't help you on how to set >> it up manually. That said, I did a sample last year connecting a few >> different NiFi nodes and a registry w/ SSL here: >> >> >> https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml >> >> I can't remember if I kept the LDAP docker container referenced in it, >> but you should be able to look at it and figure out how to link everything >> up from that with Docker Compose. >> >> Mike >> >> On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: >> >>> >>> Hi Tom, >>> >>> Given that you are getting a Connection refused exception and not an >>> HTTP 401 or 403, I suspect that the problem is networking related and not >>> authentication/authorization. >>> >>> Are the two docker containers on the same docker network? Can you >>> resolve/ping the Registry container from the NiFi container, and when you >>> create the Registry client in NiFi, are you using the hostname that the >>> NiFi server/container would use to address Registry (ie, not the host a >>> REgistry UI use might use if you are using port mapping to the docker >>> container with the host). >>> >>> Here is an example repo in which I have an example of connecting NiFi >>> and Registry and docker conatiners using docker-compose: >>> >>> https://github.com/kevdoran/flowops >>> >>> Hope this helps, >>> Kevin >>> >>> >>> On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) >>> wrote: >>> > Hi all, >>> > >>> > I generated standalone certificate with nifi-toolkit for my two Nifi >>> > instances and for Nifi registry instance. All are on the same domain >>> so I >>> > used one certificate and its credentials for properties file (trustore >>> > path, keystore path, keystore passw, trustore passw). >>> > >>> > Auth is configured through domain LDAP server and everything works. >>> > >>> > On both Nifi node and Registry node I configured authorizers.xml file >>> on >>> > property "Node Identity 1" with value from keystore.jks on "Owner" >>> > attribute. >>> > >>> > Owner: <> >>> > In Nifi registry I added that as user and gave rights to read and >>> modify >>> > buckets. >>> > >>> > When I add Registry Client on Nifi node and Hit Start version control >>> on >>> > process group I got error: >>> > >>> > Error >>> > >>> > Unable to obtain listing of buckets: java.net.ConnectException: >>> Connection >>> > refused (Connection refused) >>> > >>> > >>> > I missed something in configuration, please help me. >>> > >>> > Note: both Registry and Nifi are in Docker containers on the same >>> node. I >>> > tried with IP address, but nothing. >>> > >>> > >>> > Thank you, >>> > >>> > Tom >>> > >>> >>>
Re: How to integrate Secured Ragistry with Secured Nifi
Hi again, @Kevin, I chacked all you mentioned, containers are on the same docker network and I can ping from the Nifi container host where is Nifi registry, although they are on the same server, it is then localhost I believe. When adding nifi registry client I'm using hostname from the nifi-registry.properties whisch is the same as hostname where the registry and nifi instance are (because I added flag --hostname while running containers and hostname is the same as the server hostname where the containers are running). I also checked yours and Mike's docker-compose files and everything is preety much the same regarding, hosts and ports. BR, Tom On Tue, 19 Feb 2019 at 06:51, Tomislav Novosel wrote: > Hi Mike, Kevin > > Thank you for your answers, I appreciate it. > > @Mike, why are you setting WEB_HTTP_HOST and WEB_HTTP_PORT when you are > using secured nifi? Shouldnt that be empty and only HTTPS host and port > used? > > BR, > Tom > > On Mon, 18 Feb 2019, 23:56 Mike Thomsen >> Tom, >> >> > Note: both Registry and Nifi are in Docker containers on the same node. >> I tried with IP address, but nothing. >> >> Each docker container has its own IP address. You need to link the two >> containers. I always use Docker Compose, so I can't help you on how to set >> it up manually. That said, I did a sample last year connecting a few >> different NiFi nodes and a registry w/ SSL here: >> >> >> https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml >> >> I can't remember if I kept the LDAP docker container referenced in it, >> but you should be able to look at it and figure out how to link everything >> up from that with Docker Compose. >> >> Mike >> >> On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: >> >>> >>> Hi Tom, >>> >>> Given that you are getting a Connection refused exception and not an >>> HTTP 401 or 403, I suspect that the problem is networking related and not >>> authentication/authorization. >>> >>> Are the two docker containers on the same docker network? Can you >>> resolve/ping the Registry container from the NiFi container, and when you >>> create the Registry client in NiFi, are you using the hostname that the >>> NiFi server/container would use to address Registry (ie, not the host a >>> REgistry UI use might use if you are using port mapping to the docker >>> container with the host). >>> >>> Here is an example repo in which I have an example of connecting NiFi >>> and Registry and docker conatiners using docker-compose: >>> >>> https://github.com/kevdoran/flowops >>> >>> Hope this helps, >>> Kevin >>> >>> >>> On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) >>> wrote: >>> > Hi all, >>> > >>> > I generated standalone certificate with nifi-toolkit for my two Nifi >>> > instances and for Nifi registry instance. All are on the same domain >>> so I >>> > used one certificate and its credentials for properties file (trustore >>> > path, keystore path, keystore passw, trustore passw). >>> > >>> > Auth is configured through domain LDAP server and everything works. >>> > >>> > On both Nifi node and Registry node I configured authorizers.xml file >>> on >>> > property "Node Identity 1" with value from keystore.jks on "Owner" >>> > attribute. >>> > >>> > Owner: <> >>> > In Nifi registry I added that as user and gave rights to read and >>> modify >>> > buckets. >>> > >>> > When I add Registry Client on Nifi node and Hit Start version control >>> on >>> > process group I got error: >>> > >>> > Error >>> > >>> > Unable to obtain listing of buckets: java.net.ConnectException: >>> Connection >>> > refused (Connection refused) >>> > >>> > >>> > I missed something in configuration, please help me. >>> > >>> > Note: both Registry and Nifi are in Docker containers on the same >>> node. I >>> > tried with IP address, but nothing. >>> > >>> > >>> > Thank you, >>> > >>> > Tom >>> > >>> >>>
Re: How to integrate Secured Ragistry with Secured Nifi
Hi Mike, Kevin Thank you for your answers, I appreciate it. @Mike, why are you setting WEB_HTTP_HOST and WEB_HTTP_PORT when you are using secured nifi? Shouldnt that be empty and only HTTPS host and port used? BR, Tom On Mon, 18 Feb 2019, 23:56 Mike Thomsen Tom, > > > Note: both Registry and Nifi are in Docker containers on the same node. > I tried with IP address, but nothing. > > Each docker container has its own IP address. You need to link the two > containers. I always use Docker Compose, so I can't help you on how to set > it up manually. That said, I did a sample last year connecting a few > different NiFi nodes and a registry w/ SSL here: > > > https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml > > I can't remember if I kept the LDAP docker container referenced in it, but > you should be able to look at it and figure out how to link everything up > from that with Docker Compose. > > Mike > > On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: > >> >> Hi Tom, >> >> Given that you are getting a Connection refused exception and not an HTTP >> 401 or 403, I suspect that the problem is networking related and not >> authentication/authorization. >> >> Are the two docker containers on the same docker network? Can you >> resolve/ping the Registry container from the NiFi container, and when you >> create the Registry client in NiFi, are you using the hostname that the >> NiFi server/container would use to address Registry (ie, not the host a >> REgistry UI use might use if you are using port mapping to the docker >> container with the host). >> >> Here is an example repo in which I have an example of connecting NiFi and >> Registry and docker conatiners using docker-compose: >> >> https://github.com/kevdoran/flowops >> >> Hope this helps, >> Kevin >> >> >> On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) >> wrote: >> > Hi all, >> > >> > I generated standalone certificate with nifi-toolkit for my two Nifi >> > instances and for Nifi registry instance. All are on the same domain so >> I >> > used one certificate and its credentials for properties file (trustore >> > path, keystore path, keystore passw, trustore passw). >> > >> > Auth is configured through domain LDAP server and everything works. >> > >> > On both Nifi node and Registry node I configured authorizers.xml file on >> > property "Node Identity 1" with value from keystore.jks on "Owner" >> > attribute. >> > >> > Owner: <> >> > In Nifi registry I added that as user and gave rights to read and modify >> > buckets. >> > >> > When I add Registry Client on Nifi node and Hit Start version control on >> > process group I got error: >> > >> > Error >> > >> > Unable to obtain listing of buckets: java.net.ConnectException: >> Connection >> > refused (Connection refused) >> > >> > >> > I missed something in configuration, please help me. >> > >> > Note: both Registry and Nifi are in Docker containers on the same node. >> I >> > tried with IP address, but nothing. >> > >> > >> > Thank you, >> > >> > Tom >> > >> >>
Re: How to integrate Secured Ragistry with Secured Nifi
Tom, > Note: both Registry and Nifi are in Docker containers on the same node. I tried with IP address, but nothing. Each docker container has its own IP address. You need to link the two containers. I always use Docker Compose, so I can't help you on how to set it up manually. That said, I did a sample last year connecting a few different NiFi nodes and a registry w/ SSL here: https://github.com/MikeThomsen/nifi-docker-compose/blob/master/docker-compose-registry.yml I can't remember if I kept the LDAP docker container referenced in it, but you should be able to look at it and figure out how to link everything up from that with Docker Compose. Mike On Mon, Feb 18, 2019 at 12:00 PM Kevin Doran wrote: > > Hi Tom, > > Given that you are getting a Connection refused exception and not an HTTP > 401 or 403, I suspect that the problem is networking related and not > authentication/authorization. > > Are the two docker containers on the same docker network? Can you > resolve/ping the Registry container from the NiFi container, and when you > create the Registry client in NiFi, are you using the hostname that the > NiFi server/container would use to address Registry (ie, not the host a > REgistry UI use might use if you are using port mapping to the docker > container with the host). > > Here is an example repo in which I have an example of connecting NiFi and > Registry and docker conatiners using docker-compose: > > https://github.com/kevdoran/flowops > > Hope this helps, > Kevin > > > On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) > wrote: > > Hi all, > > > > I generated standalone certificate with nifi-toolkit for my two Nifi > > instances and for Nifi registry instance. All are on the same domain so I > > used one certificate and its credentials for properties file (trustore > > path, keystore path, keystore passw, trustore passw). > > > > Auth is configured through domain LDAP server and everything works. > > > > On both Nifi node and Registry node I configured authorizers.xml file on > > property "Node Identity 1" with value from keystore.jks on "Owner" > > attribute. > > > > Owner: <> > > In Nifi registry I added that as user and gave rights to read and modify > > buckets. > > > > When I add Registry Client on Nifi node and Hit Start version control on > > process group I got error: > > > > Error > > > > Unable to obtain listing of buckets: java.net.ConnectException: > Connection > > refused (Connection refused) > > > > > > I missed something in configuration, please help me. > > > > Note: both Registry and Nifi are in Docker containers on the same node. I > > tried with IP address, but nothing. > > > > > > Thank you, > > > > Tom > > > >
Re: How to integrate Secured Ragistry with Secured Nifi
Hi Tom, Given that you are getting a Connection refused exception and not an HTTP 401 or 403, I suspect that the problem is networking related and not authentication/authorization. Are the two docker containers on the same docker network? Can you resolve/ping the Registry container from the NiFi container, and when you create the Registry client in NiFi, are you using the hostname that the NiFi server/container would use to address Registry (ie, not the host a REgistry UI use might use if you are using port mapping to the docker container with the host). Here is an example repo in which I have an example of connecting NiFi and Registry and docker conatiners using docker-compose: https://github.com/kevdoran/flowops Hope this helps, Kevin On February 18, 2019 at 10:08:54, Tomislav Novosel (to.novo...@gmail.com) wrote: > Hi all, > > I generated standalone certificate with nifi-toolkit for my two Nifi > instances and for Nifi registry instance. All are on the same domain so I > used one certificate and its credentials for properties file (trustore > path, keystore path, keystore passw, trustore passw). > > Auth is configured through domain LDAP server and everything works. > > On both Nifi node and Registry node I configured authorizers.xml file on > property "Node Identity 1" with value from keystore.jks on "Owner" > attribute. > > Owner: <> > In Nifi registry I added that as user and gave rights to read and modify > buckets. > > When I add Registry Client on Nifi node and Hit Start version control on > process group I got error: > > Error > > Unable to obtain listing of buckets: java.net.ConnectException: Connection > refused (Connection refused) > > > I missed something in configuration, please help me. > > Note: both Registry and Nifi are in Docker containers on the same node. I > tried with IP address, but nothing. > > > Thank you, > > Tom >
How to integrate Secured Ragistry with Secured Nifi
Hi all, I generated standalone certificate with nifi-toolkit for my two Nifi instances and for Nifi registry instance. All are on the same domain so I used one certificate and its credentials for properties file (trustore path, keystore path, keystore passw, trustore passw). Auth is configured through domain LDAP server and everything works. On both Nifi node and Registry node I configured authorizers.xml file on property "Node Identity 1" with value from keystore.jks on "Owner" attribute. Owner: <