Have you granted the global "retrieve site-to-site details" policy[1] to your ClusterMembers group in the target instance?
This is needed so the sending instance/cluster members can obtain a list of target instances. The "Receive Site-to-Site" policy (which you've already set) is then set on individual Remote Ports to allow data to be received from the same instance(s). Don't think you need to grant "View Component" to your group (but I might be wrong). [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#global-access-policies Cheers, Chris Sampson On Tue, 18 May 2021, 20:35 Mr. Spock, <[email protected]> wrote: > Hi Pierre, I did configure site 2 site properties, but I'm using HTTP > protocol. > My nifi-user.log doesn't shows nothing but my user logged on the UI. > But, the error is present on nifi-app.log: > 2021-05-18 16:33:16,659 WARN [Http Site-to-Site PeerSelector] > o.a.n.r.util.SiteToSiteRestApiClient Failed to get controller from > https://g100603sv23e.cencosud.corp:8443/nifi-api due to > org.apache.nifi.remote.util.SiteToSiteRestApiClient$HttpGetFailedException: > response code 403:Forbidden with explanation: null > > I'm running a nifi cluster runs at 1.12.1 version. > > Best Regards! > > On Tue, May 18, 2021 at 2:45 PM Pierre Villard < > [email protected]> wrote: > >> Hi, >> >> Transport protocol would need to be HTTP most likely unless you >> configured the right properties for S2S over RAW. >> Then did you make sure the input port is for site to site (not sure what >> version of NiFi you're using)? >> Also you can check in the nifi-user.log file, that's usually useful for >> any 403 HTTP error. >> The port would need to be started. >> >> HTH, >> Pierre >> >> Le mar. 18 mai 2021 à 19:20, Mr. Spock <[email protected]> a écrit : >> >>> Hi All! >>> I'm trying to develop a process group to capture & and process >>> bulletins, but I'm receiving this error: >>> >>> Unable to refresh remote group peers due to: response code 403:Forbidden >>> with explanation: null >>> >>> What I've done so far: >>> >>> * Created the Restricted SSL context, using the keystore + truststore that >>> I'm using at cluster level. It works properly. >>> >>> [image: Screenshot from 2021-05-18 12-33-02.png] >>> * Created the S2SBulletinReportingTask >>> [image: Screenshot from 2021-05-18 13-58-10.png] >>> ( I've also tried with HTTP transport protocol). >>> >>> I also did: >>> * Created a security group which contains every cluster node (group >>> name: ClusterMembers). >>> * At Canvas Root Level, give "view component" permission. >>> * At ProcessGroup Level, I've created the Remote Input Port. >>> * At Remote Input Port, set the "Receive Site to Site Permission" to my >>> ClusterMembers group. >>> >>> Any Idea of what I'm missing? >>> >>> Thanks in advance! >>> >>> >>>
