@sagar gaikwad Difference between templating the entire NiFi canvas and copying the actual flow.xml.* files. When you generate a template it is saved as and xml and contains all the configuration from the canvas with the EXCEPTION of sensitive property values (passwords). Sensitive processor properties are encrypted using the sensitive props key configured in the nifi.properties file. So by removing these values when a template is created the templates to be loaded into any other NiFi successfully. If you capture the flow.xml.* files directly from NiFi, you will also need to save/reserve the value set for the sensitive props key in order to use them on another system. The above is true no matter which version of NiFi you are using. NiFi 0.x /HDF 1.x versions: With these versions of NiFi you have a NiFi Cluster Manager (NCM) and NiFi nodes. The Nodes all have identical flow.xml.gz files and an identical list of templates inside the /templates directory. The NCM has a flow.tar file. This file is not the same as what is on the nodes. The flow.tar consists of numerous files important to the NCM only. (NCM specific controller services, primary node designator, etc..) The flow.tar also includes a flow.xml file. It is from this flow.xml file on the NCM that the flow.xml.gz and templates inside the /templates dir on the nodes are derived from. You can build a new cluster if you have the flow.tar file as it contains everything new nodes need plus what ta new NCM needs. The flow.tar cannot be used on a standalone install of NiFi nor can it be used by the nodes directly themselves. It is intended for an NCM only. The flow.xml.gz file from any of the nodes can be used to stand-up a standalone NiFi instance. You may choose to keep a backup of both. NiFi 1.x /HDF 2.x versions: These versions of NiFi have eliminated the need for a NCM (zero-master clustering). As a result every instance of Nifi is a node and they all have identical flow.xml.gz files. These flow.xml.gz files do not contain the exact same content as the nodes from 0.x versions of NiFi. The templates have all been moved into the flow.xml.gz file and there is no longer a need for a separate /templates dir. With this version you can keep a backup or flow.xml.gz from any node. The flow.xml.gz file can be used to buidl another cluster or a standalone NiFi instance. Thanks, Matt ... View more

@Rajkumar Singh @Iyappan Gopalakrishnan The link here references an administration-guide for NIFI 1.x baseline. The NIFI 0.x baseline is very different. I suggest reading the administration-guide that was bundled with your download version for more accurate information on adding and setting up new users. Thanks, Matt ... View more

@Karthik Narayanan The link you reference is good for troubleshooting adding new nodes in NiFi 0.x and HDF 1.x versions of NiFi which had an NCM. NiFi 1.x and HDF 2.x version are very different now and do not have an NCM. ... View more

@Saikrishna Tarapareddy S2S will not use LDAP for authentication. It uses the DN from the client side cert you created/obtained. If the Identity mapping properties @Koji Kamimura mentioned above are configured on the receiving side NiFi, they will be applied against that client side certificate DN that is presented. The resulting mapped value is what will need to be authorized to access S2S details and any input ports you wish to post to. If the identity mapping stuff is not configured, the full DN will need to authorized. Thanks, Matt ... View more

Only the NiFi 0.x or HDF 1.x versions of NiFi use a NCM. NiFI 1.x or HDF 2.x versions have moved to zero master clustering and do not have an NCM anymore (HA control plane). The routing of data you are referring to is specific to data being sent to your NiFi cluster via Site-to-Site (S2S). S2S does make sure that data continues to route to only the available destination nodes. Matt ... View more

I believe the process you have is spot on and keeps the number of processors to a minimum. Matt ... View more

@Saikrishna Tarapareddy S2S does not use LDAP for server authentication. S2S uses the keystore and truststore provided in the nifi.properties file to establish a secured mutual authenticated connection between two secured NiFi instances/clusters. The destination NiFi dictate whether the S2S connection will be secure or not. If you have secured your destination NiFi, then only a source NiFi (one with the RPG) that has been configured with its own server keystore and truststore will be able to connect. Since S2S relies on certificates for mutual authentication. The user authentication you choose to use can be different on each NiFi installation. LDAP on one, certs on another, etc... Thanks, Matt ... View more