Search
Documentation
ODP 3.3.6.4-1
Release Notes
What is ODP
Installation
Component User guide and Installation Instructions
Upgrade Instructions
Downgrade Instructions
Reference Guide
Security Guide
Troubleshooting Guide
Uninstall ODP
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
3-Node NiFi 2.7.2 Standalone Cluster Setup Guide
Summarize Page
Copy Markdown
Open in ChatGPT
Open in Claude
Connect to Cursor
Connect to VS Code
ODP NiFi 2.7.2
All hostnames, IPs, paths, and credentials shown below are placeholders. Replace them with the values for your own environment before running any command.
| Item | Example Used in this Guide |
|---|---|
| Node hostnames | nifi-node1.example.com, nifi-node2.example.com, nifi-node3.example.com |
| Node IPs | 10.0.0.11, 10.0.0.12, 10.0.0.13 |
| NiFi mirror | [Index of /ODP/standalone/3.3.6.4-1/](Index of /ODP/standalone/3.3.6.4-1/) |
| SSH user | nifiuser |
| SSH key path | ~/.ssh/nifi-cluster-key |
| Admin credentials | admin / ChangeMe@123 |
Cluster Topology
| Host name | IP |
|---|---|
nifi-node1.example.com | 10.0.0.11 |
nifi-node2.example.com | 10.0.0.12 |
nifi-node3.example.com | 10.0.0.13 |
NiFi version: 2.7.2.3.3.6.4-1
Mirror: Index of /ODP/standalone/3.3.6.4-1/
Prerequisites (run on ALL 3 nodes)
1. Populate /etc/hosts
Bash
xxxxxxxxxxcat >> /etc/hosts <<EOF10.0.0.11 nifi-node1.example.com10.0.0.12 nifi-node2.example.com10.0.0.13 nifi-node3.example.comEOF2. Install JDK 21
Bash
xxxxxxxxxxsudo yum install -y java-21-openjdk-devells -d /usr/lib/jvm/java-21*/usr/lib/jvm/java-21-openjdk/bin/java -version3. Set JAVA_HOME
Bash
xxxxxxxxxxecho 'export JAVA_HOME=/usr/lib/jvm/java-21-openjdk' >> ~/.bashrcsource ~/.bashrcNiFi 2.x requires Java 21. Java 8 and 11 will not work.
Step 1 — Download and extract tarballs (ALL 3 nodes)
Bash
xxxxxxxxxxmkdir -p /root/nifi-setup && cd /root/nifi-setup MIRROR=http://mirror.odp.acceldata.dev/ODP/standalone/3.3.6.4-1 # Download the outer bundle (contains NiFi, NiFi Toolkit, and NiFi Registry)wget ${MIRROR}/nifi-2.7.2.3.3.6.4-1.tar.gz # Extract the outer bundle — this yields three inner tarballstar -xf nifi-2.7.2.3.3.6.4-1.tar.gz # Extract each componenttar -xf nifi-2.7.2.3.3.6.4-1-bin.tar.gztar -xf nifi-toolkit-2.7.2.3.3.6.4-1-bin.tar.gztar -xf nifi-registry-2.7.2.3.3.6.4-1-bin.tar.gzSet NIFI_HOME for convenience (ALL 3 nodes):
Bash
xxxxxxxxxxexport NIFI_HOME=/root/nifi-setup/nifi-2.7.2.3.3.6.4-1Step 2 — Set JAVA_HOME in bootstrap.conf (ALL 3 nodes)
Edit ${NIFI_HOME}/conf/bootstrap.conf and add the Java path as the first property:
Bash
xxxxxxxxxx# Java command to use when running NiFijava=/usr/lib/jvm/java-21-openjdk/bin/javaStep 3 — Configure NiFi for clustering (ALL 3 nodes)
Edit ${NIFI_HOME}/conf/nifi.properties on each node.
3a. Sensitive properties key (SAME on all 3 nodes
NiFi 2.x in cluster mode requires a shared sensitive properties key. Generate one once and use the same value on every node:
Bash
xxxxxxxxxxopenssl rand -hex 16Bash
xxxxxxxxxxnifi.sensitive.props.key=<your-generated-hex-key>All cluster nodes must share the same nifi.sensitive.props.key. If they differ, nodes will fail to join.
3b. Web properties (different on each node)
Bash
xxxxxxxxxx# On NODE1:nifi.web.https.host=nifi-node1.example.comnifi.web.https.port=8443 # On NODE2:nifi.web.https.host=nifi-node2.example.comnifi.web.https.port=8443 # On NODE3:nifi.web.https.host=nifi-node3.example.comnifi.web.https.port=84433c. Cluster properties
SAME on all 3 nodes:
Bash
xxxxxxxxxxnifi.cluster.is.node=truenifi.cluster.node.protocol.port=11443nifi.cluster.flow.election.max.wait.time=1 minnifi.cluster.flow.election.max.candidates=3Per-node — set to each node's own FQDN:
Bash
xxxxxxxxxx# On NODE1:nifi.cluster.node.address=nifi-node1.example.com # On NODE2:nifi.cluster.node.address=nifi-node2.example.com # On NODE3:nifi.cluster.node.address=nifi-node3.example.com3d. Embedded ZooKeeper (SAME on all 3 nodes)
Bash
xxxxxxxxxxnifi.state.management.embedded.zookeeper.start=truenifi.zookeeper.connect.string=nifi-node1.example.com:2181,nifi-node2.example.com:2181,nifi-node3.example.com:2181Step 4 — Configure embedded ZooKeeper (ALL 3 nodes)
4a. Edit ${NIFI_HOME}/conf/zookeeper.properties
Add the server list (SAME on all nodes):
Bash
xxxxxxxxxxserver.1=nifi-node1.example.com:2888:3888;2181server.2=nifi-node2.example.com:2888:3888;2181server.3=nifi-node3.example.com:2888:3888;21814b. Create the ZooKeeper myid file
Bash
xxxxxxxxxx# On NODE1:mkdir -p ${NIFI_HOME}/state/zookeeperecho 1 > ${NIFI_HOME}/state/zookeeper/myid # On NODE2:mkdir -p ${NIFI_HOME}/state/zookeeperecho 2 > ${NIFI_HOME}/state/zookeeper/myid # On NODE3:mkdir -p ${NIFI_HOME}/state/zookeeperecho 3 > ${NIFI_HOME}/state/zookeeper/myidThe myid number must match the server.N entry for that node.
Step 5 — Configure State Management (ALL 3 nodes)
Edit ${NIFI_HOME}/conf/state-management.xml. Find the zk-provider cluster-provider section and set the connect string:
Bash
<cluster-provider> <id>zk-provider</id> <class>org.apache.nifi.controller.state.providers.zookeeper.ZooKeeperStateProvider</class> <property name="Connect String">nifi-node1.example.com:2181,nifi-node2.example.com:2181,nifi-node3.example.com:2181</property> <property name="Root Node">/nifi</property> <property name="Session Timeout">10 seconds</property> <property name="Access Control">CreatorOnly</property></cluster-provider>Step 6 — Cross-import TLS Certificates for Cluster Communication
NiFi 2.x auto-generates a self-signed certificate per node on first start. Since each node has its own CA, the nodes don't trust each other by default. You must export each node's certificate and import it into every node's truststore.
6a. Initial start to generate certificates (ALL 3 nodes)
Start NiFi once on each node so it generates keystore.p12 and truststore.p12:
Bash
xxxxxxxxxxcd ${NIFI_HOME}./bin/nifi.sh start# Wait ~30 seconds for certs to generate, then stop./bin/nifi.sh stopVerify the certs were created:
Bash
xxxxxxxxxxls -la ${NIFI_HOME}/conf/keystore.p12 ${NIFI_HOME}/conf/truststore.p126b. Export each node's certificate (run on each respective node)
Bash
xxxxxxxxxx# On NODE1:keytool -exportcert -keystore ${NIFI_HOME}/conf/keystore.p12 \ -storepass $(grep nifi.security.keystorePasswd ${NIFI_HOME}/conf/nifi.properties | cut -d= -f2) \ -alias generated -file /tmp/node1.der # On NODE2:keytool -exportcert -keystore ${NIFI_HOME}/conf/keystore.p12 \ -storepass $(grep nifi.security.keystorePasswd ${NIFI_HOME}/conf/nifi.properties | cut -d= -f2) \ -alias generated -file /tmp/node2.der # On NODE3:keytool -exportcert -keystore ${NIFI_HOME}/conf/keystore.p12 \ -storepass $(grep nifi.security.keystorePasswd ${NIFI_HOME}/conf/nifi.properties | cut -d= -f2) \ -alias generated -file /tmp/node3.der6c. Distribute certificates across all nodes
Run from NODE1 (assumes the SSH key at ~/.ssh/nifi-cluster-key is authorized for nifiuser on the other nodes):
Bash
xxxxxxxxxxchmod 600 ~/.ssh/nifi-cluster-key # Send NODE1's cert to the other two nodesscp -i ~/.ssh/nifi-cluster-key /tmp/node1.der nifiuser@nifi-node2.example.com:/tmp/scp -i ~/.ssh/nifi-cluster-key /tmp/node1.der nifiuser@nifi-node3.example.com:/tmp/ # Pull the other two certs to NODE1scp -i ~/.ssh/nifi-cluster-key nifiuser@nifi-node2.example.com:/tmp/node2.der /tmp/scp -i ~/.ssh/nifi-cluster-key nifiuser@nifi-node3.example.com:/tmp/node3.der /tmp/ # Send NODE3's cert to NODE2scp -i ~/.ssh/nifi-cluster-key /tmp/node3.der nifiuser@nifi-node2.example.com:/tmp/ # Send NODE2's cert to NODE3scp -i ~/.ssh/nifi-cluster-key /tmp/node2.der nifiuser@nifi-node3.example.com:/tmp/Verify all 3 .der files exist on each node:
Bash
xxxxxxxxxxls -la /tmp/node1.der /tmp/node2.der /tmp/node3.der6d. Import all Certificates into Each Node's Truststore (ALL 3 nodes)
Bash
xxxxxxxxxxTS_PASS=$(grep nifi.security.truststorePasswd ${NIFI_HOME}/conf/nifi.properties | cut -d= -f2) keytool -importcert -keystore ${NIFI_HOME}/conf/truststore.p12 \ -storepass ${TS_PASS} -alias node1 -file /tmp/node1.der -noprompt keytool -importcert -keystore ${NIFI_HOME}/conf/truststore.p12 \ -storepass ${TS_PASS} -alias node2 -file /tmp/node2.der -noprompt keytool -importcert -keystore ${NIFI_HOME}/conf/truststore.p12 \ -storepass ${TS_PASS} -alias node3 -file /tmp/node3.der -nopromptImporting a node's own cert may warn about a duplicate — that's fine.
6e. Verify Truststores
Bash
xxxxxxxxxxTS_PASS=$(grep nifi.security.truststorePasswd ${NIFI_HOME}/conf/nifi.properties | cut -d= -f2)keytool -list -keystore ${NIFI_HOME}/conf/truststore.p12 -storepass ${TS_PASS}You should see entries for node1, node2, and node3 (plus the original generated entry).
Step 7 — Set login credentials (ALL 3 nodes)
Bash
xxxxxxxxxxcd ${NIFI_HOME}./bin/nifi.sh set-single-user-credentials admin ChangeMe@123Use the same username/password on all nodes. In single-user mode with a cluster, credentials must match.
Step 8 — Start the NiFi cluster (ALL 3 nodes)
Start all three nodes around the same time so cluster election can proceed:
Bash
xxxxxxxxxxcd ${NIFI_HOME}./bin/nifi.sh startStep 9 — Verify the cluster
Check NiFi status on each node:
Bash
xxxxxxxxxx./bin/nifi.sh statusCheck port 8443 is listening:
Bash
xxxxxxxxxxss -tlnp | grep 8443Check logs for cluster join:
Bash
xxxxxxxxxxtail -200f ${NIFI_HOME}/logs/nifi-app.log | grep -iE "cluster|connected|coordinator|elected"Look for messages like Node connected and Cluster coordinator elected
Access the Web UI:
Bash
xxxxxxxxxxhttps://nifi-node1.example.com:8443/nifihttps://nifi-node2.example.com:8443/nifihttps://nifi-node3.example.com:8443/nifiLogin with admin / ChangeMe@123. Once in, open the hamburger menu (top-left) → Cluster to confirm all 3 nodes appear with status CONNECTED.
Summary — what differs per node
| Setting | Node 1 | Node 2 | Node 3 |
|---|---|---|---|
nifi.web.https.host | nifi-node1.example.com | nifi-node2.example.com | nifi-node3.example.com |
nifi.cluster.node.address | nifi-node1.example.com | nifi-node2.example.com | nifi-node3.example.com |
state/zookeeper/myid | 1 | 2 | 3 |
keystore.p12 / truststore.p12 passwords | auto-generated per node | auto-generated per node | auto-generated per node |
Everything else (sensitive props key, ZK connect string, cluster settings, login credentials) is identical across all three nodes.
Troubleshooting
nifi.sensitive.props.keyerror. NiFi 2.x requires this in cluster mode. Generate withopenssl rand -hex 16and use the same value on all nodes.certificate_unknown/ PKIX path validation errors. Each node auto-generates its own self-signed cert. Cross-import all certs into each node's truststore (Step 6).- TLS toolkit missing. NiFi 2.x removed the TLS toolkit. Use the manual cert export/import approach above.
- ZooKeeper issues. Check
logs/nifi-app.logfor ZK errors. Verifymyidfiles match theserver.Nentries. - Flow election timeout. If nodes start at very different times, increase
nifi.cluster.flow.election.max.wait.time(e.g.5 mins). - "Already running" after a crash. Remove the PID file:
rm -f ${NIFI_HOME}/run/nifi.pid, then start again. - Browser TLS warning. NiFi 2.x uses self-signed certs by default — accept the browser warning to proceed, or replace the auto-generated keystore with a CA-signed cert.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on May 15, 2026
Was this page helpful?
Next to read:
Ozonenull
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
On This Page
3-Node NiFi 2.7.2 Standalone Cluster Setup GuideCluster TopologyPrerequisites (run on ALL 3 nodes)Step 1 — Download and extract tarballs (ALL 3 nodes)Step 2 — Set JAVA_HOME in bootstrap.conf (ALL 3 nodes)Step 3 — Configure NiFi for clustering (ALL 3 nodes)Step 4 — Configure embedded ZooKeeper (ALL 3 nodes)Step 5 — Configure State Management (ALL 3 nodes)Step 6 — Cross-import TLS Certificates for Cluster CommunicationStep 7 — Set login credentials (ALL 3 nodes)Step 8 — Start the NiFi cluster (ALL 3 nodes)Step 9 — Verify the clusterSummary — what differs per nodeTroubleshooting1. Populate /etc/hosts2. Install JDK 213. Set JAVA_HOME3a. Sensitive properties key (SAME on all 3 nodes3b. Web properties (different on each node)3c. Cluster properties3d. Embedded ZooKeeper (SAME on all 3 nodes)4a. Edit ${NIFI_HOME}/conf/zookeeper.properties4b. Create the ZooKeeper myid file6a. Initial start to generate certificates (ALL 3 nodes)6b. Export each node's certificate (run on each respective node)6c. Distribute certificates across all nodes6d. Import all Certificates into Each Node's Truststore (ALL 3 nodes)6e. Verify Truststores