-
Notifications
You must be signed in to change notification settings - Fork 228
[cetic/nifi] multi-node Cluster nifi web ui shows up intermittently (BadJOSEException: Signed JWT rejected) #271
Comments
Can some one provide actual "values.yaml" file for the multi-node cluster? or at least which properties to make a change for. |
I've been battling with the same problem for several months. The cause lies in the cluster deployment, with a single node the problem does not exist. I also verified that with Firefox everything works fine, while with chrome the problem is systematic. |
Hello, I'm facing the same problem, in my case i can't use nginx ingress but traefik. |
I had the same issue with GKE until I added the sessionAffinity for the BackendConfig as follows:
|
@cf250024 thank you very much, before I close the issue I'd like to update the doc, woud you mind doing a PR with a new FAQ item? https://github.com/cetic/helm-nifi/blob/master/doc/FAQ.md |
I am experiencing a similar issue when trying to configure an ingress path that is not /, however the above configuration doesn't help. Error message from the user-log container is the same. I have tried setting up sessionAffinity as shown in my values.yaml, but with no luck. What am I missing? Any help would be greatly appreciated. |
@ThanosKarousos I’m assuming you’re using GKE. Why the request path isn’t “/“ ? |
@cf250024 this is on AKS. The request path is not "/", since I want to configure a different path (in this case, I want my cluster to be accessible under my.host.com/mynifi) |
I believe you can have your domain name but not have path “mynifi” for this helm chart or for NiFi application itself. |
Based on this issue, it should be possible to change the path to "/mynifi". However, when trying the suggested configuration, I end up with the error message mentioned in the current issue. This is the case only when trying to have a cluster with 2 or more nodes. When there is only 1 node, I am able to connect properly via ingress. |
Describe the bug
A clear and concise description of what the bug is.
The result of "kubectl logs [pod name] user-log"
RROR [NiFi Web Server-377] o.a.nifi.web.api.config.ThrowableMapper An unexpected error has occurred: org.springframework.security.oauth2.server.resource.InvalidBearerTokenException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found. Returning Internal Server Error response.
org.springframework.security.oauth2.server.resource.InvalidBearerTokenException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Caused by: org.springframework.security.oauth2.jwt.BadJwtException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Caused by: com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Version of Helm, Kubernetes and the Nifi chart:
Helm - Version:"v3.9.3"
Kubernetes - Major:"1", Minor:"24", GitVersion:"v1.24.2"
Nifi chart - 1.1.1
What happened:
When I approach nifi web ui, sometimes I got normal page like this.
But, after few minutes, disconnection occurs.
This keeps repeating.
What you expected to happen:
Can approach nifi web ui normally and use without disconnection interruptions .
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
Here are some information that help troubleshooting:
values.yaml
or the changes made to the default one (after removing sensitive information)Check if a pod is in error:
Inspect the pod, check the "Events" section at the end for anything suspicious.
Events:
Get logs on a failed container inside the pod (here the
server
one):Bootstrap Config File: /opt/nifi/nifi-current/conf/bootstrap.conf
2022-09-21 05:23:03,553 INFO [main] org.apache.nifi.bootstrap.Command Starting Apache NiFi...
2022-09-21 05:23:03,554 INFO [main] org.apache.nifi.bootstrap.Command Working Directory: /opt/nifi/nifi-current
2022-09-21 05:23:03,554 INFO [main] org.apache.nifi.bootstrap.Command Command: /usr/local/openjdk-8/bin/java -classpath /opt/nifi/nifi-current/./conf:/opt/nifi/nifi-current/./lib/javax.servlet-api-3.1.0.jar:/opt/nifi/nifi-current/./lib/jcl-over-slf4j-1.7.36.jar:/opt/nifi/nifi-current/./lib/jetty-schemas-5.2.jar:/opt/nifi/nifi-current/./lib/jul-to-slf4j-1.7.36.jar:/opt/nifi/nifi-current/./lib/log4j-over-slf4j-1.7.36.jar:/opt/nifi/nifi-current/./lib/logback-classic-1.2.11.jar:/opt/nifi/nifi-current/./lib/logback-core-1.2.11.jar:/opt/nifi/nifi-current/./lib/nifi-api-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-framework-api-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-nar-utils-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-properties-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-property-utils-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-runtime-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-server-api-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-stateless-api-1.16.3.jar:/opt/nifi/nifi-current/./lib/nifi-stateless-bootstrap-1.16.3.jar:/opt/nifi/nifi-current/./lib/slf4j-api-1.7.36.jar -Dorg.apache.jasper.compiler.disablejsr199=true -Xmx2g -Xms2g -Djava.security.egd=file:/dev/urandom -Dsun.net.http.allowRestrictedHeaders=true -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -Djava.protocol.handler.pkgs=sun.net.www.protocol -Dnifi.properties.file.path=/opt/nifi/nifi-current/./conf/nifi.properties -Dnifi.bootstrap.listen.port=35063 -Dapp=NiFi -Dorg.apache.nifi.bootstrap.config.log.dir=/opt/nifi/nifi-current/logs org.apache.nifi.NiFi
2022-09-21 05:23:03,578 INFO [main] org.apache.nifi.bootstrap.Command Launched Apache NiFi with Process ID 11
The text was updated successfully, but these errors were encountered: