Thank you David. I tried the new setting, but no go. I'm sure this is
user error on my end; my old flow file was not encrypted with 1.13.2,
but not sure how to bring it over.
Can Nifi 1.14.x run in the same cluster as 1.13.x?
If I delete the flow file, NiFi runs, but doesn't join the cluster.
"Failed marshalling 'CONNECTION_REQUEST' protocol message due to:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake"
When I try to connect via a browser (now port 8443), the browser
presents a list of certificates. Where can I find the 60 day
self-signed certificate to import?
-Joe
On 7/19/2021 8:15 PM, David Handermann wrote:
Hi Joe,
Thanks for providing the stack trace associated with the startup
failure. The problem is related to decryption of sensitive property
values stored in the flow.xml.gz configuration.
Can you provide the value of the following property from your
nifi.properties file?
nifi.sensitive.props.algorithm
In version 1.13.2, the default value was
PBEWITHMD5AND256BITAES-CBC-OPENSSL. In version 1.14.0 the new default
value is NIFI_PBKDF2_AES_GCM_256.
Based on the error message, the configured value appears to be
NIFI_PBKDF2_AES_GCM_256, or one of the other AES_GCM options. However,
when upgrading from an existing flow.xml.gz, this property needs to be
the exact same value used prior to upgrading.
Can you try changing nifi.sensitive.props.algorithm to
PBEWITHMD5AND256BITAES-CBC-OPENSSL?
Regards,
David Handermann
On Mon, Jul 19, 2021 at 6:50 PM Joe Obernberger
<joseph.obernber...@gmail.com> wrote:
Trying to go from 1.13.2 to 1.14.0, but am getting this error:
2021-07-19 19:47:36,953 WARN [main]
org.apache.nifi.web.server.JettyServer Failed to start web server...
shutting down.
org.apache.nifi.encrypt.EncryptionException: Decryption Failed with
Algorithm [AES/GCM/NoPadding]
at
org.apache.nifi.encrypt.CipherPropertyEncryptor.decrypt(CipherPropertyEncryptor.java:78)
at
org.apache.nifi.fingerprint.FingerprintFactory.decrypt(FingerprintFactory.java:935)
at
org.apache.nifi.fingerprint.FingerprintFactory.getLoggableRepresentationOfSensitiveValue(FingerprintFactory.java:550)
at
org.apache.nifi.fingerprint.FingerprintFactory.access$200(FingerprintFactory.java:71)
at
org.apache.nifi.fingerprint.FingerprintFactory$6.compare(FingerprintFactory.java:837)
at
org.apache.nifi.fingerprint.FingerprintFactory$6.compare(FingerprintFactory.java:830)
at java.base/java.util.TimSort.binarySort(TimSort.java:296)
at java.base/java.util.TimSort.sort(TimSort.java:239)
at java.base/java.util.Arrays.sort(Arrays.java:1515)
at java.base/java.util.ArrayList.sort(ArrayList.java:1750)
at java.base/java.util.Collections.sort(Collections.java:179)
at
org.apache.nifi.fingerprint.FingerprintFactory.sortElements(FingerprintFactory.java:879)
at
org.apache.nifi.fingerprint.FingerprintFactory.addFlowFileProcessorFingerprint(FingerprintFactory.java:486)
at
org.apache.nifi.fingerprint.FingerprintFactory.addProcessGroupFingerprint(FingerprintFactory.java:368)
at
org.apache.nifi.fingerprint.FingerprintFactory.addProcessGroupFingerprint(FingerprintFactory.java:396)
at
org.apache.nifi.fingerprint.FingerprintFactory.addFlowControllerFingerprint(FingerprintFactory.java:226)
at
org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:168)
at
org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:142)
at
org.apache.nifi.controller.inheritance.FlowFingerprintCheck.checkInheritability(FlowFingerprintCheck.java:45)
at
org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:206)
at
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1469)
at
org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:89)
at
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:810)
at
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:458)
at
org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1206)
at org.apache.nifi.NiFi.<init>(NiFi.java:159)
at org.apache.nifi.NiFi.<init>(NiFi.java:71)
at org.apache.nifi.NiFi.main(NiFi.java:303)
Caused by: javax.crypto.AEADBadTagException: mac check in GCM failed
at
java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at
org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown
Source)
at
org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown
Source)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
at
org.apache.nifi.encrypt.CipherPropertyEncryptor.decrypt(CipherPropertyEncryptor.java:74)
... 27 common frames omitted
2021-07-19 19:47:36,953 INFO [Thread-0] org.apache.nifi.NiFi
Initiating
shutdown of Jetty web server...
Any ideas?
Thank you!
-Joe
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
Virus-free. www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>