I'm running 3 node docker cluster on a single host lets say dev.example.com
I have followed https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#creating-and-securing-a-nifi-cluster-w... but added every node into a seperate docker container
nifi-node1 0.0.0.0:8096 -> 8080/tcp
nifi-node2 0.0.0.0:8097 -> 8080/tcp
nifi-node3 0.0.0.0:8098 -> 8080/tcp
I'm accessing using https://dev.example.com:8096/nifi . I have imported client cert on my browser, I'm able to access everything from Chrome.
I want to use python to start/stop/manipulate the processors using nipyapi
import os
import nipyapi
SSL_DIR = '/home/ubuntu/ssl'
nipyapi.config.nifi_config.host = 'https://dev.example.com:8096/nifi-api'
ca_file = os.path.join(SSL_DIR, 'nifi-cert.pem')
client_cert_file = os.path.join(SSL_DIR, 'CN=nifi-node1_OU=NIFI.pem')
client_key_file = os.path.join(SSL_DIR, 'CN=nifi-node1_OU=NIFI_key.pem')
client_key_password = 'Random_Password'
nipyapi.security.set_service_ssl_context(service='nifi', ca_file=ca_file, client_cert_file=client_cert_file, client_key_file=client_key_file, client_key_password=client_key_password)
nipyapi.canvas.get_root_pg_id()
I'm receiving the following error
WARNING:urllib3.connection:Certificate did not match expected hostname: dev.example.com. Certificate: {'subject': ((('organizationalUnitName', 'NIFI'),), (('commonName', 'nifi-node1'),)), 'issuer': ((('organizationalUnitName', 'NIFI'),), (('commonName', 'localhost'),)), 'version': 3, 'serialNumber': '017745358C8500000000', 'notBefore': 'Jan 27 18:57:53 2021 GMT', 'notAfter': 'May 2 18:57:53 2023 GMT', 'subjectAltName': (('DNS', 'nifi-node1'),)}
MaxRetryError: HTTPSConnectionPool(host='dev.example.com', port=8096): Max retries exceeded with url: /nifi-api/flow/process-groups/root/status (Caused by SSLError(CertificateError("hostname 'dev.example.com' doesn't match 'nifi-node1'",),))
