Glad that you implemented. The reference in nifi.properties is something like nifi-kv/default/nifi.security.keystorePasswd. Inside Vault, the secret must have the password under the correct key name (usually value by default for KV v1 in NiFi's client). If you stored it under a different key (e.g., password, secret, or custom), it won't pull the right value. Extra spaces, newlines, or character encoding differences when the value was stored in Vault vs. the original plaintext password For many PKCS12 keystores, nifi.security.keyPasswd must match nifi.security.keystorePasswd. If only one is protected and they differ slightly, or if one resolves and the other doesn't, this error appears. Need to check the above. @TechStream  ... View more

Apache NiFi 2.8.0 fully supports retrieving sensitive startup properties such as: nifi.security.keystorePasswd nifi.security.keyPasswd nifi.security.truststorePasswd directly from HashiCorp Vault KV during bootstrap/startup, so these values do not need to be stored in plain text in nifi.properties. HASHICORP_VAULT_KV Sensitive Property Provider This uses the bootstrap-level Vault integration, which resolves secrets very early in the startup process Configure conf/bootstrap-hashicorp-vault.conf (Vault URI, KV path, authentication method — e.g., Token, AppRole, or Certificate). Link it in bootstrap.conf nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf Store the passwords in Vault KV (v1) using paths like nifi-kv/default/nifi.security.keystorePasswd Use the NiFi Toolkit encrypt-config tool with the HASHICORP_VAULT_KV protection scheme to replace plaintext values in nifi.properties with Vault references Start NiFi — the bootstrap process will fetch the secrets from Vault https://docs.cloudera.com/cfm/4.11.0/nifi-components-cfm/nifi-docs/toolkit-guide.html Search for HASHICORP_VAULT_KV — explicitly lists it as a supported scheme with bootstrap config details. @TechStream  ... View more

1. Cloudera Operational Database backup guide: https://docs.cloudera.com/operational-database/cloud/managing-database/topics/cod-backing-up-table.html https://docs.cloudera.com/cdp-public-cloud/cloud/requirements-azure/topics/mc-az-minimal-setup-for-cloud-storage.html HBase snapshot export also covered in Runtime HBase backup docs. 2. Default backup location: Mainly stores cluster-level backups (Data Lake, FreeIPA, logs/telemetry). Not HBase table data. 3. Different container for manual backups: Use --snapshot-location abfss://othercontainer@account.dfs.core.windows.net/path in snapshot/export command. No direct Hadoop config edit needed in CDP Public Cloud. 4. Give HBase rights Assign Storage Blob Delegator role to HBase Managed Identity (at Storage Account level). Grant Storage Blob Data Owner/Contributor on target container. Set POSIX ACLs (Execute + Read/Write) on root and target path via Storage Explorer. Verify IDBroker mapping for HBase user. Test access with hdfs dfs -ls on target path. Enable "Allow trusted Microsoft services" if option available. @MintberryCrunch  ... View more

@APentyala  This error is not caused by the SCD Type-2 logic or the MERGE syntax itself. The message “Ambiguous column reference deal_yearnumber in tgt” usually indicates that the column exists more than once in the target table metadata. Please check whether deal_yearnumber (or the partition column) is defined both as a regular column and in the PARTITIONED BY section. Run DESCRIBE FORMATTED and SHOW CREATE TABLE to verify the schema. If the column appears twice or was altered previously, Hive may treat it as ambiguous during MERGE compilation. Recreating the table with a clean schema (ensuring the partition column is defined only once) typically resolves the issue. ... View more

@MarlinGomez For that CCA175 streaming scenario with inconsistent formats, cleansing/transforming to HDFS, better to go with Spark Structured Streaming + schema evolution as the most exam-realistic pick. It handles real-time ingestion efficiently via micro-batches, infers/evolves schemas on the fly (especially with JSON/Avro), and lets you apply transformations like filter/map before writing Parquet to HDFS. Separate ETL pipelines per format add too much complexity/overhead for exam constraints, and pure schema-on-read skips proactive cleansing. ​QuickStart with Kafka source, schema merging enabled: .option("mergeSchema", "true").writeStream... to HDFS.This nails the "perform ETL on data using Spark API" objective perfectly. Good luck on your prep. ​ ... View more

  In NiFi 2.4 and above, the built-in Jython (Python 2 interpreter) for ExecuteScript has been removed, so the traditional approach using inline Python is no longer supported. There is, however, a modern and robust alternative using NiFi's first-class Python processor support for attribute manipulation, or using Groovy/Clojure in ExecuteScript, or simply leveraging UpdateAttribute for simple logic. https://nifi.apache.org/nifi-docs/python-developer-guide.html https://nifi.apache.org/components/org.apache.nifi.processors.script.ExecuteScript/ ... View more

Hi, @Hadoop16  The error Zookeeper connection string cannot be null means the Router process is expecting ZooKeeper configs for token management but isn’t finding them. Even if you already have a ZooKeeper quorum set in core-site.xml, the Router Federation requires its own configs in hdfs-rbf-site.xml. Specifically, you need to set hadoop.kms.authentication.zk-dt-secret-manager.zkConnectionString (or in some versions hadoop.security.token.service.use_ip + hadoop.zk.address) depending on your setup. Please double-check that hdfs-rbf-site.xml contains the federation and router related properties, including ZooKeeper connection string and Kerberos settings. Ensure the file is deployed to all Router nodes and included in the classpath. Also verify that the Router service user has Kerberos credentials and permissions to connect to ZooKeeper. Once the ZK connection string is set properly, the Router daemon should start without this error. ... View more