Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-3098

Investigate possible issues with cluster flow synchronization when encryption key has been migrated multiple times

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Yolanda M. Davis encountered an issue when running a 3 node cluster and using the encrypt-config.sh tool to migrate the nifi.sensitive.props.key used to encrypt the flow.xml.gz contents more than once. Running the tool once was fine and the cluster started up without any issue. Stopping the cluster and running the tool again generated a pad block corrupted error, which almost always indicates that the cipher text is being decrypted by the wrong key.

      She can offer more details, including the exact steps to reproduce, but I wanted to capture this issue (much of it documented on PR 1261) for further investigation.

      Attachments

        1. run.sh
          3 kB
          Bryan Rosander
        2. flow.xml.gz
          1 kB
          Bryan Rosander

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            alopresto Andy LoPresto
            alopresto Andy LoPresto

            Dates

              Created:
              Updated:

              Issue deployment