@rafy  Each node in a NiFi Cluster has its own copy of the dataflow and executes independently of the other nodes.  Some NiFi components are capable of writing cluster state to zookeeper to avoid data duplication across nodes.  Those NiFi ingest type components that support this should be configured to execute on primary node only.  In a NiFi cluster, one node will be elected as the primary node (which node is elected can change at any time).  So if a primary node change happens, the same component on a different node will now get scheduled and will retrieve cluster state to avoid ingesting same data again.  Often in these types of components, the one that records sate does not typically retrieve the content.  It simply generates metadata/attributes necessary to later get the content with the expectation that in your flow design you distribute those FlowFiles across all nodes before content retrieval.  For example: - ListSFTP (primary node execution) --> success connection (with round robin LB configuration) --> FetchSFTP (all node execution) The ListSFTP creates a 0 byte FlowFIle for each source file that will be fetched.  The FetchSFTP processor uses that metadata/attributes to get the actual source content and add it to the FlowFile.  Another example your query might be: GenerateTableFetch (primary node execution)  --> LB connection --> ExecuteSQL   The goal with these dataflows is to void having one node ingest all the content (added network and Disk I/O) only to then add more network and disk I/O to spread that content across all nodes.  So instead we simply get details about the data to be fetched so that can be distributed across all nodes, so each nodes gets only specific portions of the source data. If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt   ... View more

@arshahin  NiFi is a pure java application. What version of Java is your NiFi using (NiFi does not include Java JDK, so it must be installed on the host). NiFi will also not start of Java is not installed, so your host has java installed somewhere. NiFi supports Java JDK 8 and Java JDK 11 (in newer releases), and Java JDK 17 (in latest 1.16 releases). So perhaps your issue is related to the Java version you are using in conjunction with the NiFi version? Looking closely at you stack trace you see the snappy library issues is related to the PutHiveStreaming processor:  at org.apache.nifi.processors.hive.PutHiveStreaming https://issues.apache.org/jira/browse/NIFI-9282 https://issues.apache.org/jira/browse/NIFI-9527 Try upgrading to Apache NiFi 1.16 latest. If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt ... View more

@ThongPham  There is no such thing as a permanent Bearer token.  How long a Bearer token stays valid is set in the provider that issuing that bearer token.  In you case the ldap-provider.  Also keep in mind that a bearer token is issued by a specific node in the NiFi cluster and can not be used to authenticate with every node in the NiFi cluster. Since a secured NiFi will always attempt mutual TLS authentication first. I suggest you instead you generate and use a client certificate to interact with the NiFi API.  Mutual TLS based authentication does not use bearer tokens and the authentication will be successful until that client certificate expires which is configurable when generating the certificate.  But generally speaking certificates are often valid for 12 or months.  Since there is no bearer token, a client certificate can be used with any node in the cluster. Your other option is to build a flow within your NiFi to get a new bearer token automatically and store that token in maybe a distributedMapCache.  Then in your other flow you fetch that bearer token before calling the rest-api endpoint.  A failure should loop back to the FetchDistrubutedMapCache just in case you have a scenario where the bearer token expires between fetch and call. Out of curiosity, what rest-api endpoint are you calling every 20 seconds and why?  If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt ... View more

@Techie123  When you say " Cooperates Linux Machine", are you referring to  http://www.colinux.org/ installation? If so, this does not sound like an ideal place to try and run a NiFi instance or NiFi cluster as it appears to isolate that linux to a single core on the host hardware.  NiFi can be a resource intensive application, especially when setup as a cluster. When NiFi is started, you can tail the nifi-app.log to observe the complete startup process. NiFi has completed its startup once you see the following lines:   2022-06-15 13:52:52,727 INFO org.apache.nifi.web.server.JettyServer: NiFi has started. The UI is available at the following URLs: 2022-06-15 13:52:52,727 INFO org.apache.nifi.web.server.JettyServer: https://nifi-node1:8443/nifi 2022-06-15 13:52:52,730 INFO org.apache.nifi.BootstrapListener: Successfully initiated communication with Bootstrap   At this time the NiFi URL should be reachable.  If not, I would be making sure a firewall or some issue with your " Cooperates Linux Machine" setup is not blocking access to the port on which the NiFi is bound. The latter error you shared:   o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors   implies that your NiFi cluster has been setup to start secured over HTTPS. Secured NiFi nodes must have a configured keystore and truststore.  The above error is telling you that node's truststore does not contain the TrustedCertEntry(s) needed to trust the client certificate presented by another node (in this case the elected cluster coordinator node). The NiFi configured keystore must meet these requirements: 1. Contain only ONE PrivateKeyEntry. (this private key is typically unique per node) 2. That Private key must support both ClientAuth and ServerAuth EKUs 3. That PrivateKey must contain a SAN entry for the NiFI host on which it is being used.  That SAN must mach the hostname of the host. The NiFi configured truststore must contain the complete trust chain for the nodes private keys. You can use the keytool command to inspect the contents of either the keystore or truststore and verify above requirements are satisfied,   keytool -v -list -keystore <keystore or truststore>   A certificate (private "PrivateKeyEntry" or public "TrustedCertEntry") will have an owner an issuer.  The issuer is the authority for that key.  A self-signed certificate will have the same owner and issuer. The truststore needs to have a TrustedCertEntry for each public certificate in the trusts chain. For example: Assume you have a PrivateKey in your keystore with:   owner: cn=nifi-node1, ou=nifi Issuer: cn=intermediate-ca, ou=trust   Your Truststore would then need to have a TrustedCertEntry for the public key for:   owner: cn=intermediate-ca, ou=trust issuer: cn=root-ca, ou=trust   and:   owner: cn=root-ca, ou=trust issuer: cn=root-ca, ou=trust   You know you have the complete trust chain once you reach the public cert where owner and issuer have the same value. If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt ... View more

@Vapper  Maybe I am not 100% clear on your question here.. When you say new "flow file" I assume you are talking about the flow.xml.gz file? In NiFi, a "FlowFile" is what you see being queued on connections between processor components and consists of FlowFile content and FlowFile Metadata/Attributes. In a NiFi cluster, all nodes must be running the exact same flow.xml.gz.  If the dataflows loaded from the flow.xml.gz do not match the node will not be allowed to join the cluster.  In the latest releases of NiFi, Nodes joining a cluster will inherit the cluster dataflow if the local dataflow does not match. Once a cluster is established, a cluster dataflow is elected. That becomes the clusters dataflow. Joining a node to that established cluster will require that joining nodes is using same flow.xm.gz as existing cluster and if not inherit the cluster elected dataflow over the existing flow on the joining node. NiFi will not assume that a joining nodes flow.xml.gz is "newer" or "desired" over the elected cluster dataflow and replace the elected cluster dataflow with that new dataflow. If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt ... View more