Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-7467

Improve S2S peer retrieval process

    XMLWordPrintableJSON

Details

    Description

      During investigation for NIFI-7407, thenatog and I discovered a scenario where site to site peer retrieval was sub-optimal. Some of this was related to hosting a secure cluster with multiple nodes on the same physical/virtual server, introducing hostname and SAN resolution problems. In other instances, the retrieval has a nested NullPointerException. 

      2020-05-14 18:44:39,140 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 18:44:39,124 and sent to node3.nifi:11443 at 2020-05-14 18:44:39,140; send took 15 millis
2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:41,789 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster
2020-05-14 18:44:44,159 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 18:44:44,146 and sent to node3.nifi:11443 at 2020-05-14 18:44:44,159; send took 13 millis
2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] o.apache.nifi.remote.client.PeerSelector Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:46,791 WARN [Timer-Driven Process Thread-10] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster
2020-05-14 18:44:46,791 INFO [Timer-Driven Process Thread-10] o.a.nifi.remote.client.http.HttpClient Couldn't find a valid peer to communicate with.
2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:46,817 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster
2020-05-14 18:44:49,178 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2020-05-14 18:44:49,164 and sent to node3.nifi:11443 at 2020-05-14 18:44:49,178; send took 13 millis
2020-05-14 18:44:51,332 INFO [Timer-Driven Process Thread-6] o.a.n.remote.StandardRemoteProcessGroup Successfully refreshed Flow Contents for RemoteProcessGroup[https://node1.nifi:9441/nifi]; updated to reflect 1 Input Ports [InputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]] and 0 Output Ports [OutputPort[name=From Self, targetId=15f64e5b-0172-1000-ffff-fffff134169a]]
2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with node1.nifi:9443 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <node1.nifi> doesn't match any of the subject alternative names: [node3.nifi]
2020-05-14 18:44:51,833 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@57dfcccd Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-7407 Change cluster communication protocol listener

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #4289

          Activity

            People

              alopresto Andy LoPresto
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 10m
                  2h 10m