Hello Adam, This Exception indicates that the node's certificate didn't match with the requested hostname. It seems when a node replicated a request to another node in the cluster using the 'host1.foo.com', the target node responded with a server certificate which was generated for other hostname.
Would you double check the keystore is configured with correct server cert on each NiFi node? (nifi.security.keystore) Thanks, Koji > Caused by: java.io.IOException: HTTPS hostname wrong: should be > <host1.foo.com> > at > sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649) > ~[na:1.8.0_60] > at On Mon, Dec 5, 2016 at 8:34 AM, Adam J. Shook <[email protected]> wrote: > Hello all, > > I am trying to enable clustering on my NiFi instance, starting with the > original single-node instance which uses Kerberos and HTTPS. I've been > following the Clustering Configuration section in the admin guide, and I see > in the logs that the node takes over as the Coordinator and elects the > dataflow. When I try to connect to the UI I receive the below error -- it > looks like there is no hostname in the GET request when it tries to > replicate it? I started up the second node and I see it join the cluster, > but accessing the UI throws the same erro -- failing to replicate the > request to both nodes. > > Any ideas? > > Thank you, > --Adam > > > 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET > /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to {} > com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS > hostname wrong: should be <host1.foo.com> > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155) > ~[jersey-client-1.19.jar:1.19] > at com.sun.jersey.api.client.Client.handle(Client.java:652) > ~[jersey-client-1.19.jar:1.19] > at > com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123) > ~[jersey-client-1.19.jar:1.19] > at > com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) > ~[jersey-client-1.19.jar:1.19] > at > com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) > ~[jersey-client-1.19.jar:1.19] > at > com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509) > ~[jersey-client-1.19.jar:1.19] > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:578) > ~[nifi-framework-cluster-1.1.0.jar:1.1.0] > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:770) > ~[nifi-framework-cluster-1.1.0.jar:1.1.0] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > [na:1.8.0_60] > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > [na:1.8.0_60] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [na:1.8.0_60] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [na:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60] > Caused by: java.io.IOException: HTTPS hostname wrong: should be > <host1.foo.com> > at > sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649) > ~[na:1.8.0_60] > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:573) > ~[na:1.8.0_60] > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > ~[na:1.8.0_60] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) > ~[na:1.8.0_60] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) > ~[na:1.8.0_60] > at > java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) > ~[na:1.8.0_60] > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) > ~[na:1.8.0_60] > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253) > ~[jersey-client-1.19.jar:1.19] > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) > ~[jersey-client-1.19.jar:1.19] > ... 12 common frames omitted > 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator > > Relevant configuration items: > > nifi.remote.input.host= > nifi.remote.input.secure=false > nifi.remote.input.socket.port= > nifi.remote.input.http.enabled=false > nifi.remote.input.http.transaction.ttl=30 sec > > nifi.web.http.host= > nifi.web.http.port= > nifi.web.https.host=host1.foo.com > nifi.web.https.port=8080 > > nifi.cluster.protocol.is.secure=true > nifi.cluster.is.node=true > nifi.cluster.node.address=host1.foo.com > nifi.cluster.node.protocol.port=45354 > > nifi.security.keystore=/export/appl/pkgs/nifi/conf/cert.p12 > nifi.security.keystoreType=PKCS12 > nifi.security.keystorePasswd=******** > nifi.security.keyPasswd=******** > nifi.security.truststore=/export/appl/pkgs/nifi/conf/cacert.jks > nifi.security.truststoreType=JKS > nifi.security.truststorePasswd=******** > nifi.security.needClientAuth= > nifi.security.user.authorizer=file-provider > nifi.security.user.login.identity.provider=kerberos-provider > > nifi.zookeeper.connect.string=host1.foo.com:2181,host2.foo.com:2181,host3.foo.com:2181 > nifi.zookeeper.connect.timeout=3 secs > nifi.zookeeper.session.timeout=3 secs > nifi.zookeeper.root.node=/nifi/team/dev
