У меня есть Nifi Registry 0.5.0, установленный вместе с моим Nifi 1.9.2 Кластером и контролем версий, работающим правильно. Однако когда дело доходит до отправки реестра в репозиторий git, мы видим следующее:
2020-03-02 10:19:53,183 ERROR [GitFlowMetaData Push thread] o.a.n.r.p.flow.git.GitFlowMetaData Failed to push commits to origin due to org.eclipse.jgit.api.errors.TransportException: https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git: Secure connection to https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git could not be stablished because of SSL problems
org.eclipse.jgit.api.errors.TransportException: https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git: Secure connection to https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git could not be stablished because of SSL problems
at org.eclipse.jgit.api.PushCommand.call(PushCommand.java:180)
at org.apache.nifi.registry.provider.flow.git.GitFlowMetaData.lambda$startPushThread$1(GitFlowMetaData.java:225)
at org.apache.nifi.registry.provider.flow.git.GitFlowMetaData$$Lambda$370/853913427.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.eclipse.jgit.errors.TransportException: https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git: Secure connection to https://svc_nifi@gitlab.intranet.net/gitlab/nifi/flows.git could not be stablished because of SSL problems
at org.eclipse.jgit.transport.TransportHttp.handleSslFailure(TransportHttp.java:617)
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:567)
at org.eclipse.jgit.transport.TransportHttp.openPush(TransportHttp.java:435)
at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:160)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1344)
at org.eclipse.jgit.api.PushCommand.call(PushCommand.java:169)
... 9 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at org.eclipse.jgit.transport.http.JDKHttpConnection.getResponseCode(JDKHttpConnection.java:108)
at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:205)
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:498)
... 13 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 30 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 36 common frames omitted
Я попытался добавить сертификат SSL как в хранилище ключей, так и в хранилища доверенных сертификатов (те, которые настроены в nifi). registry.properties). Я знаю, что могу работать с репозиторием git на сервере, так как я смог клонировать его локально. Сервер git также использует тот же Root CA, который находится в хранилище доверенных сертификатов.
Мои провайдеры. xml config:
<flowPersistenceProvider>
<class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
<property name="Flow Storage Directory">/home/nifi/flows</property>
<property name="Remote To Push">origin</property>
<property name="Remote Access User">svc_nifi</property>
<property name="Remote Access Password"><password></property>
</flowPersistenceProvider>