ADS configuration parameters

log.dirs

The directory to store the logs

/kafka-logs

listeners

Comma-separated list of URIs to listen on and the listener names.

If a non-PLAINTEXT protocol is used, then listener.security.protocol.map must also be specified.

To bind to all interfaces, specify the hostname as 0.0.0.0

PLAINTEXT://:9092

default.replication.factor

The default replication factors for automatically created topics

1

num.partitions

The default number of log partitions per topic

1

delete.topic.enable

Enables topics deletion. Topics deletion has no effect it this config is turned off

ON

log.retention.hours

The number of hours to keep a log file before deleting it

168

log.roll.hours

The maximum time before a new log segment is rolled out

168

log.cleanup.policy

Log cleanup policy

delete

log.cleanup.interval.mins

An interval that determines how often the log cleaner checks for logs to be deleted. The log file must be deleted if it has not been modified within the time specified by the log.retention.hours parameter (168 hours by default)

10

log.cleaner.min.compaction.lag.ms

The minimum time a message remains uncompacted in the log. Only applicable for logs that are being compacted (in ms)

0

log.cleaner.delete.retention.ms

The amount of time to retain delete tombstone markers for log compacted topics (in ms)

86400000

PID_DIR

The directory to store the Kafka process ID

/var/run/kafka

LOG_DIR

The directory for logs

/var/log/kafka

JMX_PORT

Port on which Kafka sends JMX metrics

9999

auto.create.topics.enable

Enables automatic topic creation

OFF

auto.leader.rebalance.enable

Enables automatic leader balancing in the background at regular intervals

ON

queued.max.requests

Number of requests in the queue before blocking network flows

500

num.network.threads

The number of threads used by the server to receive requests from the network and send responses to the network

3

num.io.threads

Sets the number of threads spawned for IO operations

8

unclean.leader.election.enable

Specifies whether to include out-of-ISR replicas and set the last resort as the leader, even if doing so may result in data loss

OFF

offsets.topic.replication.factor

The replication factor for the offsets topic (set higher to ensure availability). Internal topic creation does not occur until the cluster size meets this replication factor requirement

1

transaction.state.log.min.isr

Overrides the min.insync.replicas configuration for a transaction topic

1

transaction.state.log.replication.factor

The replication factor for the transaction topic (set higher to ensure availability). Internal topic creation fails until the cluster size meets this replication factor requirement

1

zookeeper.connection.timeout.ms

The max time that the client waits to establish a connection to ZooKeeper. If not set, the value in zookeeper.session.timeout.ms is used (in ms)

30000

zookeeper.session.timeout.ms

ZooKeeper session timeout (in ms)

30000

zookeeper.sync.time.ms

How far a ZooKeeper follower can be behind a ZooKeeper leader (in ms)

2000

security.inter.broker.protocol

Security protocol used to communicate between brokers

PLAINTEXT

ssl.keystore.location

The location of the keystore file. This is optional for client and can be used for two-way authentication for client

 — 

ssl.keystore.password

The store password for the keystore file. This is optional for client and only needed if ssl.keystore.location is configured

 — 

ssl.key.password

The password of the private key in the keystore file. This is optional for client

 — 

ssl.keystore.type

The file format of the keystore file. This is optional for client

 — 

ssl.truststore.location

The location of the truststore file

 — 

ssl.truststore.password

The store password for the truststore file. This is optional for client and only needed if ssl.truststore.location is configured

 — 

ssl.truststore.type

The file format of the truststore file

 — 

Add key,value

 — 

xasecure.audit.destination.solr.batch.filespool.dir

The directory for Solr audit spool

/srv/ranger/kafka_plugin/audit_solr_spool

xasecure.audit.destination.solr.urls

Specifies Solr URL. Not setting when using ZooKeeper to connect to Solr

 — 

xasecure.audit.destination.solr.zookeepers

Enables Audit to Solr for the Ranger plugins

 — 

Add key,value

 — 

ranger.plugin.kafka.policy.rest.url

URL to Ranger Admin

 — 

ranger.plugin.kafka.service.name

Name of the Ranger Service containing policies for this Kafka instance

 — 

ranger.plugin.kafka.policy.cache.dir

The directory where Ranger policies are cached after successful retrieval from the source

/srv/ranger/kafka/policycache

ranger.plugin.kafka.policy.pollIntervalMs

How often to poll for changes in policies (in ms)

30000

ranger.plugin.kafka.policy.rest.client.connection.timeoutMs

Kafka plugin RangerRestClient connection timeout (in ms)

120000

ranger.plugin.kafka.policy.rest.client.read.timeoutMs

Kafka plugin RangerRestClient read timeout (in ms)

30000

ranger.plugin.kafka.policy.rest.ssl.config.file

Location of the file containing SSL data for connecting to Ranger Admin

/etc/kafka/conf/ranger-policymgr-ssl.xml

Add key,value

 — 

xasecure.policymgr.clientssl.keystore

The location of the keystore file

 — 

xasecure.policymgr.clientssl.keystore.password

The keystore password

 — 

xasecure.policymgr.clientssl.truststore

The location of the truststore file

 — 

xasecure.policymgr.clientssl.truststore.password

The truststore password

 — 

xasecure.policymgr.clientssl.keystore.credential.file

Location of keystore credential file

/etc/kafka/conf/keystore.jceks

xasecure.policymgr.clientssl.truststore.credential.file

Location of the truststore credential file

/etc/kafka/conf/truststore.jceks

Add key,value

 — 

Username

User name for authentication in JMX

Password

User password for authentication in JMX

log4j.rootLogger

Setting the logging level

INFO

log4j.logger.org.apache.zookeeper

Change to adjust ZooKeeper client logging

INFO

log4j.logger.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.org.apache.kafka

INFO

log4j.logger.org.apache.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.kafka

INFO

log4j.logger.kafka.request.logger

Change to DEBUG or TRACE to enable request logging

WARN

log4j.logger.kafka.controller

Setting the controller Kafka logging level

TRACE

log4j.logger.kafka.log.LogCleaner

Setting the Kafka log cleaning level

INFO

log4j.logger.state.change.logger

Setting log status change

INFO

log4j.logger.kafka.authorizer.logger

Access denials are logged at INFO level, change to DEBUG to also log allowed accesses

INFO

log4j.rootLogger

Setting the logging level

WARN

tasks.max

The maximum number of tasks that should be created for this connector

10

offset-syncs.topic.replication.factor

Replication factor for internal offset-syncs.topic

1

checkpoint.topic.replication.factor

Replication factor used for internal checkpoint.topic

1

sync.topic.acls.enabled

Enable monitoring of the source cluster for ACL changes

OFF

KAFKA_HEAP_OPTS

Heap size allocated to the KAFKA server process

-Xms256M -Xmx2G

LOG_DIR

The directory for logs

/var/log/kafka

KAFKA_LOG4J_OPTS

Environment variable for LOG4J logging configuration

-Dlog4j.configuration=file:/etc/kafka/conf/connect-distributed-log4j.properties

group.id

A unique string that identifies a Kafka Connect group, to which this connector belongs

mm-connect

rest.port

Port for Kafka Connect REST API to work

8083

plugin.path

Path to Kafka Connect plugin

 — 

config.storage.replication.factor

Replication factor for config.storage.topic

1

offset.storage.replication.factor

Replication factor for offset.storage.topic

1

status.storage.replication.factor

Replication factor for status.storage.topic

1

offset.flush.interval.ms

Interval at which to try committing offsets for tasks

1000

key.converter

Converter class for key Connect data

org.apache.kafka.connect.converters.ByteArrayConverter

value.converter

Converter class for value Connect data

org.apache.kafka.connect.converters.ByteArrayConverter

connector.client.config.override.policy

Class name or alias of implementation of ConnectorClientConfigOverridePolicy

None

Add key,value

 — 

rootLogger

logging level

INFO

MaxBackupIndex

Maximum number of saved files

10

MaxFileSize

Maximum file size

100MB

loggers

org.apache.zookeeper

ERROR

org.I0Itec.zkclient

ERROR

org.reflections

ERROR

ssl.keystore.location

The location of the keystore file. This is optional for client and can be used for two-way authentication for client

 — 

ssl.keystore.password

The store password for the keystore file. This is optional for client and only needed if ssl.keystore.location is configured

 — 

ssl.key.password

The password of the private key in the keystore file. This is optional for client

 — 

ssl.keystore.type

The file format of the keystore file. This is optional for client

 — 

ssl.truststore.location

The location of the truststore file

 — 

ssl.truststore.password

The store password for the truststore file. This is optional for client and only needed if ssl.truststore.location is configured

 — 

ssl.truststore.type

The file format of the truststore file

 — 

Kafka-Manager port

Kafka-Manager to listen port. Specified as JAVA_OPTS in kafka-manager-env file

9000

ssl_active

Option that is used to enable SSL

OFF

play.server.https.keyStore.path

The location of the keystore file

/tmp/keystore.jks

play.server.https.keyStore.password

The store password for the keystore file

 — 

play.server.https.keyStore.type

The file format of the keystore file

JKS

kafka-manager.consumer.properties.file

The file format of the truststore file

/cmak/conf/consumer.properties

Add key,value

 — 

key.deserializer

API class used to deserialize the entry key

org.apache.kafka.common.serialization.ByteArrayDeserializer

value.deserializer

API class used to deserialize the entry value

org.apache.kafka.common.serialization.ByteArrayDeserializer

ssl.keystore.location

The location of the keystore file. This is optional for client and can be used for two-way authentication for client

/tmp/keystore.jks

ssl.keystore.password

The store password for the keystore file. This is optional for client and only needed if ssl.keystore.location is configured

 — 

ssl.key.password

The password of the private key in the keystore file. This is optional for client

 — 

ssl.keystore.type

Keystore file format. This is optional for client

JKS

ssl.truststore.location

The location of the truststore file

/tmp/truststore.jks

ssl.truststore.password

Password for accessing the truststore

 — 

ssl.truststore.type

The file format of the truststore file

JKS

Enable JMX Polling

Enables or disables the polling thread for JMX

ON

JMX Auth Username

Adding a New Username for JMX Authorization

 — 

JMX Auth Password

Adding a New User Password for JMX Authorization

 — 

JMX with SSL

Enables or disables JMX activation by SSL authentication

OFF

Poll consumer information

Poll consumer information

ON

Filter out inactive consumers

Filter out inactive consumers

ON

Enable Logkafka

Enables or disables Logkafka

OFF

Enable Active OffsetCache

Enables Active OffsetCache

ON

Display Broker and Topic Size

Defines whether to display broker and topic size

OFF

brokerViewUpdatePeriodSeconds

Broker View Cycle Update Time/Cycle

30

clusterManagerThreadPoolSize

Cluster control thread pool size

10

clusterManagerThreadPoolQueueSize

Cluster control thread pool queue size

100

kafkaCommandThreadPoolSize

Kafka command thread pool size

10

kafkaCommandThreadPoolQueueSize

Kafka command thread pool queue size

100

logkafkaCommandThreadPoolSize

Logkafka command thread pool size

10

logkafkaCommandThreadPoolQueueSize

Logkafka command thread pool queue size

100

logkafkaUpdatePeriodSeconds

Logkafka update cycle time (in seconds)

30

partitionOffsetCacheTimeoutSecs

Logkafka update cycle time (in seconds)

5

brokerViewThreadPoolSize

Broker view thread pool size

10

brokerViewThreadPoolQueueSize

Broker view thread pool queue size

1000

offsetCacheThreadPoolSize

Cache offset thread pool size

10

offsetCacheThreadPoolQueueSize

Offset cache thread pool queue size

1000

kafkaAdminClientThreadPoolSize

Kafka control client thread pool size

10

kafkaAdminClientThreadPoolQueueSize

Kafka control client thread pool queue size

1000

kafkaManagedOffsetMetadataCheckMillis

Metadata offset check time

30000

kafkaManagedOffsetGroupCacheSize

Offset Group Cache Size

1000000

kafkaManagedOffsetGroupExpireDays

Offset Group Expire

7

Security Protocol

Security Protocol

PLAINTEXT

SASL Mechanism

Enables SASL authentication mechanism

DEFAULT

jaasConfig

Configurations for JAAS Authentication

 — 

log4j_properties_template

Template for setting up the logging library log4j

rest_listener_port

REST Proxy listener port. Specified as listeners in kafka-rest.properties file

8082

LOG_DIR

The directory to store the logs

/var/log/kafka-rest

JMX_PORT

Port on which Kafka REST Proxy sends JMX metrics

9998

KAFKAREST_HEAP_OPTS

Heap size allocated to the Kafka REST Proxy process

-Xmx1024M

KAFKAREST_JMX_OPTS

JVM options in terms of JMX options (authorization, connection, ssl)

-Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.authenticate=false

-Dcom.sun.management.jmxremote.ssl=false

KAFKAREST_OPTS

Kafka REST Proxy environment variable name

-Djava.security.auth.login.config=/etc/kafka-rest/jaas_config.conf

authentication.method

Authentication method

BASIC

authentication.roles

Defines a comma-separated list of user roles. To log in to the Kafka REST Proxy server, the authenticated user must belong to at least one of these roles

admin

authentication.realm

Corresponds to a section in the jaas_config.file that defines how the server authenticates users and must be passed as a parameter to the JVM during server startup

KafkaRest

id

Unique ID for this REST server instance

kafka-rest-server

consumer.threads

The minimum number of threads to run consumer request on. You must set this value higher than the maximum number of consumers in a single consumer group

50

consumer.request.timeout.ms

The maximum total time to wait for messages for a request in the maximum request size has not yet been reached (in ms)

100

consumer.request.max.bytes

The maximum number of bytes in message keys and values returned by a single request

67108864

fetch.min.bytes

The minimum number of bytes in message keys and values returned by a single request

-1

ssl.endpoint.identification.algorithm

The endpoint identification algorithm to validate the server hostname using the server certificate

 — 

ssl.keystore.location

Used for HTTPS. Location of the keystore file to use for SSL

 — 

ssl.keystore.type

The file format of the keystore

 — 

ssl.keystore.password

Used for HTTPS. The store password for the keystore file

 — 

ssl.key.password

Used for HTTPS. The password of the private key in the keystore file

 — 

ssl.truststore.location

Used for HTTPS. Location of the truststore. Required only to authenticate HTTPS clients

 — 

ssl.truststore.type

The file format of the truststore

 — 

ssl.truststore.password

Used for HTTPS. The store password for the truststore file

 — 

client.ssl.keystore.location

The location of the SSL keystore file

 — 

client.ssl.keystore.password

The password to access the keystore

 — 

client.ssl.key.password

The password of the key contained in the keystore

 — 

client.ssl.keystore.type

The file format of the keystore

 — 

client.ssl.truststore.location

The location of the SSL truststore file

 — 

client.ssl.truststore.password

The password to access the truststore

 — 

client.ssl.truststore.type

The file format of the truststore

 — 

client.ssl.endpoint.identification.algorithm

The endpoint identification algorithm to validate the server

 — 

Add key, value

 — 

Listener port

ksqlDB server listener port. Specified as listeners in ksql-server.properties file

8088

LOG_DIR

The directory for storing logs

/var/log/ksql

JMX_PORT

Port on which ksqlDB-server sends JMX metrics

10099

KSQL_HEAP_OPTS

Heap size allocated to the ksqlDB-server process

-Xmx3g

KSQL_JVM_PERFORMANCE_OPTS

JVM options in terms of PERFORMANCE options

-server

-XX:+UseConcMarkSweepGC

-XX:+CMSClassUnloadingEnabled

-XX:+CMSScavengeBeforeRemark

-XX:+ExplicitGCInvokesConcurrent

-XX:NewRatio=1 -Djava.awt.headless=true

CLASSPATH

A setting for the Java Virtual Machine or Java compiler that specifies the location of custom classes and packages

/usr/lib/ksql/libs/*

KSQL_CLASSPATH

Path to Java deployment of ksqlDB Server and related Java classes

${CLASSPATH}

KSQL_OPTS

Environment variable that specifies the configuration settings for the ksqlDB server. Properties set with KSQL_OPTS take precedence over those specified in the ksqlDB configuration file

-Djava.security.auth.login.config=/etc/ksqldb/jaas_config.conf

authentication.method

Authentication method

BASIC

authentication.roles

Defines a comma-separated list of user roles. To log in to the ksqlDB server, the authenticated user must belong to at least one of these roles

admin

authentication.realm

Corresponds to a section in the jaas_config.file that defines how the server authenticates users and must be passed as a parameter to the JVM during server startup

KsqlServer-Props

Path to password.properties

Path to password.properties

/etc/ksqldb/password.properties

application.id

Application ID

ksql-server

ksql.internal.topic.replicas

The replication factor for the ksqlDB Servers internal topics

1

ksql.streams.state.dir

The storage directory for stateful operation

/usr/lib/ksql/state

ksql.streams.replication.factor

Underlying internal topics of Kafka Streams

1

ksql.streams.topic.min.insync.replicas

Minimum number of brokers that must have data written to synchronized replicas

2

ksql.streams.num.standby.replicas

Number of replicas for stateful operations

1

ksql.streams.producer.acks

Number of brokers that need to acknowledge receipt of a message before it is considered a successful write

all

ksql.streams.producer.delivery.timeout.ms

The batch expiry (in ms)

2147483647

ksql.streams.producer.max.block.ms

Maximum allowable time for the producer to block (in ms)

9223372036854775000

ssl.endpoint.identification.algorithm

Endpoint identification algorithm for server validation

 — 

ssl.keystore.location

Used for HTTPS. Location of the keystore file to use for SSL

 — 

ssl.keystore.type

The file format of the keystore file

 — 

ssl.keystore.password

Used for HTTPS. The store password for the keystore file

 — 

ssl.key.password

Used for HTTPS. The password of the private key in the keystore file

 — 

ssl.truststore.location

Location of the truststore file

 — 

ssl.truststore.type

File format of the truststore file

 — 

ssl.truststore.password

Used for HTTPS. The store password for the truststore file

 — 

ksql.schema.registry.ssl.keystore.location

The location of the SSL keystore file

ksql.schema.registry.ssl.keystore.password

The password to access the keystore

 — 

ksql.schema.registry.ssl.key.password

The password of the key contained in the keystore

 — 

ksql.schema.registry.ssl.keystore.type

The file format of the keystore

 — 

ksql.schema.registry.ssl.truststore.location

The location of the SSL truststore file

 — 

ksql.schema.registry.ssl.truststore.password

The password to access the truststore

 — 

ksql.schema.registry.ssl.truststore.type

The file format of the truststore

 — 

Add key, value

 — 

group.id

The group ID is a unique identifier for the set of workers

ksql-connect-cluster

key.converter

The converters specify the format of data in Kafka and how to translate it into Connect data

org.apache.kafka.connect.storage.StringConverter

key.converter.schema.registry.url

KSQL key data location

http://localhost:8081

value.converter

Converter class for value Connect data

io.confluent.connect.avro.AvroConverter

value.converter.schema.registry.url

Location of ksqlDB data values

http://localhost:8081

config.storage.topic

The name of the internal topic for storing configurations

ksql-connect-configs

offset.storage.topic

A topic to store statistics connect offsets

ksql-connect-offsets

status.storage.topic

A topic to store statistics connect status

ksql-connect-statuses

config.storage.replication.factor

Replication factor for config.storage.topic

1

offset.storage.replication.factor

Replication factor for offset.storage.topic

1

status.storage.replication.factor

Replication factor for status.storage.topic

1

internal.key.converter

A converter class for internal values with connect records

org.apache.kafka.connect.json.JsonConverter

internal.value.converter

A converter class for internal values with connect records

org.apache.kafka.connect.json.JsonConverter

internal.key.converter.schemas.enable

Schema configuration for internal statistics connect data

OFF

Add key,value

 — 

interceptor.classes

If you are not using any interceptors currently, you will need to add a new item to the Java Properties object that you use to create a new Producer

io.confluent.monitoring.clients.interceptor.MonitoringProducerInterceptor

Add key,value

 — 

log4j.rootLogger

Setting the logging level

INFO

log4j.logger.org.reflections

Setting the Reflections warning level

ERROR

log4j.logger.org.apache.kafka.streams

Setting the logging level of Kafka Streams

INFO

log4j.logger.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.org.apache.kafka

WARN

log4j.logger.org.apache.zookeeper

Change to adjust ZooKeeper client logging

WARN

log4j.logger.org.apache.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.kafka

WARN

log4j.logger.org.I0Itec.zkclient

Change to adjust ZooKeeper client logging level

WARN

log4j.logger.io.confluent.ksql.rest.server.resources.KsqlResource

Stop ksqlDB from logging out each request it receives

WARN

log4j.logger.io.confluent.ksql.util.KsqlConfig

Enable to avoid the logs being spammed with KsqlConfig values

WARN

MiNiFi C2 Server port

MiNiFi Server HTTP port

10080

nifi.minifi.notifier.ingestors.pull.http.query

Query string to pull configuration

minifi

MINIFI_HOME

The directory for installing MiNiFi

/usr/lib/minifi

MINIFI_PID_DIR

The directory to store the MiNiFi process ID

/var/run/minifi

MINIFI_LOG_DIR

The directory to store the logs

/var/log/minifi

MiNiFi Agent Heap size

Agent heap size

256m

nifi.minifi.notifier.ingestors.pull.http.period.ms

Update check period (in ms)

300000

nifi.minifi.status.reporter.log.query

nifi.minifi.status.reporter.log.level

Log level at which the status is logged

INFO

nifi.minifi.status.reporter.log.period

Delay between each request (in ms)

60000

nifi.minifi.security.keystore

The full path and name of the keystore

 — 

nifi.minifi.security.keystoreType

The keystore type

 — 

nifi.minifi.security.keystorePasswd

The keystore password

 — 

nifi.minifi.security.keyPasswd

The key password

 — 

nifi.minifi.security.truststore

The full path and name of the truststore

 — 

nifi.minifi.security.truststoreType

The truststore type

 — 

nifi.minifi.security.truststorePasswd

The truststore password

 — 

nifi.minifi.security.ssl.protocol

Security protocol

 — 

nifi.minifi.notifier.ingestors.pull.http.keystore.location

The full path and name of the keystore

 — 

nifi.minifi.notifier.ingestors.pull.http.keystore.type

The keystore type

 — 

nifi.minifi.notifier.ingestors.pull.http.keystore.password

The keystore password

 — 

nifi.minifi.notifier.ingestors.pull.http.truststore.location

The full path and name of the truststore

 — 

nifi.minifi.notifier.ingestors.pull.http.truststore.type

The truststore type

 — 

nifi.minifi.notifier.ingestors.pull.http.truststore.password

The truststore password

 — 

app_file_max_history

Maximum number of files for applications

10

boot_file_max_history

Maximum number of files for Boot

5

status_file_max_history

Maximum number of files for statuses

5

root_level

Event Level

INFO

app_loggers

org.apache.nifi

INFO

org.apache.nifi.processors

WARN

org.apache.nifi.processors.standard.LogAttribute

INFO

org.apache.nifi.controller.repository.StandardProcessSession

WARN

bootstrap_loggers

org.apache.nifi.bootstrap

INFO

org.apache.nifi.bootstrap.Command

INFO

org.apache.nifi.StdOut

INFO

org.apache.nifi.StdErr

ERROR

status_loggers

org.apache.nifi.minifi.bootstrap.status.reporters.StatusLogger

INFO

minifi.c2.server.secure

Defines whether MiNiFi C2 is secure

 — 

minifi.c2.server.keystore

The full path and name of the keystore

 — 

minifi.c2.server.keystoreType

The keystore type

 — 

minifi.c2.server.keystorePasswd

The keystore password

 — 

minifi.c2.server.keyPasswd

The key password

 — 

minifi.c2.server.truststore

The full path and name of the truststore

 — 

minifi.c2.server.truststoreType

The truststore type

 — 

minifi.c2.server.truststorePasswd

The truststore password

 — 

Add key,value

 — 

log_file_max_history

Maximum number of files for applications

10

root_level

Event Level

INFO

log_file_loggers

org.apache.nifi.minifi.c2

DEBUG

Nifi UI port

NiFi Server HTTP port. Specified as property nifi.web.http.port in the nifi.properties configuration file

9090

Nifi server Heap size

Heap size for Nifi server. Specified in bootstrap.conf configuration file

1024m

Nifi Registry UI

Nifi Registry HTTP port. Specified as the nifi.registry.web.http.port property in the nifi.properties configuration file

18080

Nifi Registry Heap size

Heap size for Nifi Registry. Specified in the bootstrap.conf configuration file

512m

nifi.queue.backpressure.count

The default value for the number of FlowFile files (underlying NiFi processing object) that can be queued before backpressure is applied, i.e. the source stops sending data. The value must be an integer

10000

nifi.queue.backpressure.size

The default value for the maximum amount of data that must be queued before backpressure is applied. The value must be the size of the data, including the unit of measure

1 GB

nifi.flowfile.repository.directory

FlowFile repository location

/usr/lib/nifi-server/flowfile_repository

nifi.content.repository.directory

Content repository location

/usr/lib/nifi-server/content_repository

nifi.provenance.repository.directory

Provenance repository location

/usr/lib/nifi-server/provenance_repository

nifi.database.directory

H2 database directory location

/usr/lib/nifi-server/database_repository

nifi.registry.db.directory

Location of the Registry database directory

/usr/lib/nifi-registry/database

nifi.nar.library.directory.lib

The parameter should be used in case of adding custom nars

 — 

xasecure.audit.destination.solr.batch.filespool.dir

The directory for Solr audit spool

/srv/ranger/nifi_plugin/audit_solr_spool

xasecure.audit.destination.solr.urls

Specifies Solr URL. Not setting when using ZooKeeper to connect to Solr

 — 

xasecure.audit.destination.solr.zookeepers

ZooKeeper connection string for the Solr destination

 — 

xasecure.audit.destination.solr.force.use.inmemory.jaas.config

ZooKeeper connections to Solr using configuration in a JAAS file

ON

xasecure.audit.jaas.Client.loginModuleControlFlag

Specifies whether the success of the module is required, requisite, sufficient, or optional

 — 

xasecure.audit.jaas.Client.loginModuleName

Class name of the authentication technology used

 — 

xasecure.audit.jaas.Client.option.keyTab

Set this to the file name of the keytab to get principal’s secret key

 — 

xasecure.audit.jaas.Client.option.serviceName

Service name

 — 

xasecure.audit.jaas.Client.option.storeKey

Enable if you want the keytab or the principal’s key to be stored in the Subject’s private credentials

ON

xasecure.audit.jaas.Client.option.useKeyTab

Enable if you want the module to get the principal’s key from the the keytab

ON

Add key,value

 — 

ranger.plugin.nifi.policy.rest.url

URL to Ranger Admin

 — 

ranger.plugin.nifi.service.name

Name of the Ranger service containing policies for this NiFi instance

 — 

ranger.plugin.nifi.policy.source.impl

Class to retrieve policies from the source

org.apache.ranger.admin.client.RangerAdminRESTClient

ranger.plugin.nifi.policy.cache.dir

Directory where Ranger policies are cached after successful retrieval from the source

/srv/ranger/nifi/policycache

ranger.plugin.nifi.policy.pollIntervalMs

How often to poll for changes in policies

30000

ranger.plugin.nifi.policy.rest.client.connection.timeoutMs

NiFi plugin RangerRestClient connection timeout in milliseconds

120000

ranger.plugin.nifi.policy.rest.client.read.timeoutMs

NiFi plugin RangerRestClient read timeout in milliseconds

30000

ranger.plugin.nifi.policy.rest.ssl.config.file

Path to the file containing SSL details to contact Ranger Admin

/etc/nifi/conf/ranger-nifi-policymgr-ssl.xml

Add key,value

 — 

xasecure.policymgr.clientssl.keystore

The location of the keystore file

 — 

xasecure.policymgr.clientssl.keystore.password

The keystore password

 — 

xasecure.policymgr.clientssl.truststore

The location of the truststore file

 — 

xasecure.policymgr.clientssl.truststore.password

The truststore password

 — 

xasecure.policymgr.clientssl.keystore.credential.file

Location of the keystore password credential file

/etc/nifi/conf/keystore.jceks

xasecure.policymgr.clientssl.truststore.credential.file

Location of the truststore password credential file

/etc/nifi/conf/truststore.jceks

Add key,value

 — 

xasecure.audit.destination.solr.batch.filespool.dir

The directory for Solr audit spool

/srv/ranger/nifi_registry_plugin/audit_solr_spool

xasecure.audit.destination.solr.urls

Specifies Solr URL

 — 

xasecure.audit.destination.solr.zookeepers

Zookeeper connection string for the Solr destination

 — 

xasecure.audit.destination.solr.force.use.inmemory.jaas.config

ZooKeeper connections to Solr using configuration in a JAAS file

 — 

xasecure.audit.jaas.Client.loginModuleControlFlag

Specifies whether the success of the module is required, requisite, sufficient, or optional

 — 

xasecure.audit.jaas.Client.loginModuleName

Class name of the authentication technology used

 — 

xasecure.audit.jaas.Client.option.keyTab

Set this to the file name of the keytab to get principal’s secret key

 — 

xasecure.audit.jaas.Client.option.serviceName

Service name

 — 

xasecure.audit.jaas.Client.option.storeKey

Set this to true to if you want the keytab or the principal’s key to be stored in the Subject’s private credentials

 — 

xasecure.audit.jaas.Client.option.useKeyTab

Set this to true if you want the module to get the principal’s key from the the keytab

 — 

Add key,value

 — 

ranger.plugin.nifi-registry.policy.rest.url

Path to the NiFi-registry variable for the Ranger service

 — 

ranger.plugin.nifi-registry.service.name

Name of the Ranger service containing policies for this NiFi-registry instance

 — 

ranger.plugin.nifi-registry.policy.source.impl

Class to retrieve policies from the source

org.apache.ranger.admin.client.RangerAdminRESTClient

ranger.plugin.nifi-registry.policy.cache.dir

The directory where Ranger policies are cached after successful retrieval from the source

/srv/ranger/nifi-registry/policycache

ranger.plugin.nifi-registry.policy.pollIntervalMs

How often to poll for changes in policies (in ms)

30000

ranger.plugin.nifi-registry.policy.rest.client.connection.timeoutMs

Nifi-registry plugin RangerRestClient connection timeout (in ms)

120000

ranger.plugin.nifi-registry.policy.rest.client.read.timeoutMs

Nifi-registrу plugin RangerRestClient read timeout (in ms)

30000

ranger.plugin.nifi-registry.policy.rest.ssl.config.file

Path to the file containing SSL details to contact Ranger Admin

/etc/nifi-registry/conf/ranger-policymgr-ssl.xml

Add key,value

 — 

xasecure.policymgr.clientssl.keystore

The location of the keystore file

 — 

xasecure.policymgr.clientssl.keystore.password

The keystore password

 — 

xasecure.policymgr.clientssl.truststore

The location of the truststore file

 — 

xasecure.policymgr.clientssl.truststore.password

The truststore password

 — 

xasecure.policymgr.clientssl.keystore.credential.file

Location of keystore password credential file

/etc/nifi-registry/conf/keystore.jceks

xasecure.policymgr.clientssl.truststore.credential.file

Location of the truststore password credential file

/etc/nifi-registry/conf/truststore.jceks

Add key,value

 — 

DN NiFi’s nodes list

List of user and system identifications to seed the User File. These are required fields to enable SSL for the first time. Must include not only the DName of the NiFi Server component, but also the DName of the NiFi Registry, as well as the DName for the MiNiFi service components. For example, for an SSL-enabled cluster consisting of only NiFi Server, when adding a MiNiFi service or Schema Registry extension, you need to supplement this list with new DNames . Example for nodes — CN=nifi_node_hostname, OU=Arenadata, O=Arenadata, L=Moscow, ST=Moscow, C=RU

 — 

NiFi Initial Admin

 — 

NiFi Initial Admin password

Initial Admin password — password of the user designated by NiFi Initial Admin

 — 

Ranger Admin Identitity

The DN of the certificate that Ranger will use to communicate with Nifi. Requires a generated SSL keystore and truststore on the Ranger host. Affected only for NiFi Ranger Plugin

 — 

Authentication Strategy

How the connection to the LDAP server is authenticated

ANONYMOUS

Manager DN

DN of a user that has an entry in the Active Directory with right to search users and groups. Will be used to bind to an LDAP server to search for users

 — 

Manager Password

The password of the manager that is used to bind to the LDAP server to search for users

 — 

TLS - Keystore

Path to the Keystore that is used when connecting to LDAP via LDAPS or START_TLS

 — 

TLS - Keystore Password

Password for the Keystore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Keystore Type

Type of the keystore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12)

 — 

TLS - Truststore

Path to the truststore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Truststore Password

Password for the truststore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Truststore Type

Type of the truststore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12)

 — 

TLS - Client Auth

Client authentication policy when connecting to LDAP using LDAPS or START_TLS. Possible values are REQUIRED, WANT, NONE

NONE

TLS - Protocol

Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, TLSv1.1, TLSv1.2, etc.)

 — 

TLS - Shutdown Gracefully

Specifies whether the TLS should be shut down gracefully before the target context is closed

False

Referral Strategy

Strategy for handling referrals

FOLLOW

Connect Timeout

Duration of connect timeout

10 secs

Read Timeout

Duration of read timeout

10 secs

LDAP URL

Space-separated list of URLs of the LDAP servers (e.g. ldap://<hostname>:<port>)

 — 

User Search Base

Base DN for searching for users (e.g. ou=users,o=nifi). Required to search users

 — 

User Search Filter

Filter for searching for users against the User Search Base (e.g. sAMAccountName={0}). The user specified name is inserted into {0}

 — 

Identity Strategy

Strategy to identify users. Possible values are USE_DN and USE_USERNAME

USE_DN

Authentication Expiration

The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration

12 hours

Authentication Strategy

How the connection to the LDAP server is authenticated

ANONYMOUS

Manager DN

DN of a user that has an entry in the Active Directory with right to search users and groups. Will be used to bind to an LDAP server to search for users

 — 

Manager Password

The password of the manager that is used to bind to the LDAP server to search for users

 — 

TLS - Keystore

Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Keystore Password

Password for the Keystore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Keystore Type

Type of the keystore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12)

 — 

TLS - Truststore

Path to the truststore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Truststore Password

Password for the truststore that is used when connecting to LDAP using LDAPS or START_TLS

 — 

TLS - Truststore Type

Type of the truststore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12)

 — 

TLS - Client Auth

Client authentication policy when connecting to LDAP using LDAPS or START_TLS. Possible values are REQUIRED, WANT, NONE

NONE

TLS - Protocol

Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, TLSv1.1, TLSv1.2, etc.)

 — 

TLS - Shutdown Gracefully

Specifies whether the TLS should be shut down gracefully before the target context is closed

 — 

Referral Strategy

Strategy for handling referrals

FOLLOW

Connect Timeout

Duration of connect timeout

10 secs

Read Timeout

Duration of read timeout

10 secs

LDAP URL

Space-separated list of URLs of the LDAP servers (e.g. ldap://<hostname>:<port>)

 — 

Page Size

Sets the page size when retrieving users and groups. If not specified, no paging is performed

 — 

Sync Interval

Duration of time between syncing users and groups. Minimum allowable value is 10 secs

30 mins

User Search Base

Base DN for searching for users (e.g. ou=users,o=nifi). Required to search users

 — 

User Object Class

Object class for identifying users (e.g. person). Required if searching users

 — 

User Search Scope

Search scope for searching users

ONE_LEVEL

User Search Filter

Filter for searching for users against the User Search Base (e.g. (memberof=cn=team1,ou=groups,o=nifi))

 — 

User Identity Attribute

Attribute to use to extract user identity (e.g. cn). Optional. If not set, the entire DN is used

 — 

User Group Name Attribute

Attribute to use to define group membership (e.g. memberof). Optional. If not set, group membership will not be calculated through the users.

 — 

User Group Name Attribute - Referenced Group Attribute

If blank, the value of the attribute defined in User Group Name Attribute is expected to be the full dn of the group. If not blank, this property will define the attribute of the group ldap entry that the value of the attribute defined in User Group Name Attribute is referencing (e.g. name)

 — 

Group Search Base

Base DN for searching for groups (e.g. ou=groups,o=nifi). Required to search groups

 — 

Group Object Class

Object class for identifying groups (e.g. groupOfNames). Required if searching groups

 — 

Group Search Scope

Search scope for user group

ONE_LEVEL

Group Search Filter

Filter for searching for groups against the Group Search Base. Optional

 — 

Group Name Attribute

Attribute to use to extract group name (e.g. cn). Optional. If not set, the entire DN is used

 — 

Group Member Attribute

Attribute to use to define group membership (e.g. member). Optional

 — 

Group Member Attribute - Referenced User Attribute

If blank, the value of the attribute defined in Group Member Attribute is expected to be the full dn of the user. If not blank, this property will define the attribute of the user ldap entry that the value of the attribute defined in Group Member Attribute is referencing (e.g. uid).

 — 

nifi.analytics.predict.interval

Time interval in which analytic predictions should be made (e.g. queue saturation)

3 мин

nifi.analytics.query.interval

The time interval to query for past observations (for example, the last 3 minutes of snapshots). The value must be at least 3 times greater than the specified value nifi.components.status.snapshot.frequency

5 мин

nifi.analytics.connection.model.implementation

Implementation class for the state analysis model used for connection predictions

Ordinary Least Squares

nifi.analytics.connection.model.score.name

Name of the scoring type to use to score the model

rSquared

nifi.analytics.connection.model.score.threshold

Threshold for the scoring value (the score model must be above the specified threshold)

.90

NIFI_HOME

The directory for NiFi installation

/usr/lib/nifi-server

NIFI_PID_DIR

The directory to store the NiFi process ID

/var/run/nifi

NIFI_LOG_DIR

The directory to store the logs

/var/log/nifi

NIFI_ALLOW_EXPLICIT_KEYTAB

Defines whether to prevent of the old free-form keytab properties that were left around for backwards compatibility

true

nifi.flow.configuration.file

The location of the XML-based flow configuration file

/etc/nifi/conf/flow.xml.gz

nifi.flow.configuration.json.file

/etc/nifi/conf/flow.json.gz

nifi.flow.configuration.archive.enabled

Enables NiFi to create a fallback schema for automatic stream updates

ON

nifi.cluster.node.connection.timeout

When connecting to another node in the cluster, specifies how long this node should wait before considering the connection a failure

5 sec

nifi.cluster.node.read.timeout

When communicating with another node in the cluster, specifies how long this node should wait to receive information from the remote node before considering the communication with the node a failure

5 sec

nifi.zookeeper.connect.timeout

How long to wait when connecting to ZooKeeper before considering the connection a failure

3 sec

nifi.zookeeper.session.timeout

How long to wait after losing a connection to ZooKeeper before the session is expired

3 sec

nifi.variable.registry.properties

Comma-separated list of file location paths for one or more custom property files

/etc/nifi/conf/extra-args.properties

nifi.remote.input.http.enabled

Specifies whether HTTP Site-to-Site should be enabled on this host

ON

nifi.remote.input.http.transaction.ttl

Specifies how long a transaction can stay alive on the server

30 sec

nifi.remote.contents.cache.expiration

Specifies how long NiFi should cache information about a remote NiFi instance when communicating via Site-to-Site

30 secs

nifi.flow.configuration.archive.max.time

The lifespan of archived flow.xml files

30 days

nifi.flow.configuration.archive.max.storage

The total data size allowed for the archived flow.xml files

500 MB

nifi.flow.configuration.archive.max.count

The number of archive files allowed

 — 

nifi.flowcontroller.autoResumeState

Indicates whether upon restart the components on the NiFi graph should return to their last state

ON

nifi.flowcontroller.graceful.shutdown.period

Indicates the shutdown period

10 sec

nifi.flowservice.writedelay.interval

When many changes are made to the flow.xml, this property specifies how long to wait before writing out the changes, so as to batch the changes into a single write

500 ms

nifi.administrative.yield.duration

If a component allows an unexpected exception to escape, it is considered a bug. As a result, the framework will pause (or administratively yield) the component for this amount of time

30 sec

nifi.bored.yield.duration

When a component has no work to do (i.e., is bored), this is the amount of time it will wait before checking to see if it has new data to work on

10 millis

nifi.ui.banner.text

The banner text that may be configured to display at the top of the User Interface

 — 

nifi.ui.autorefresh.interval

The interval at which the User Interface auto-refreshes

30 sec

nifi.state.management.provider.local

The ID of the Local State Provider to use

local-provider

nifi.state.management.provider.cluster

The ID of the Cluster State Provider to use

zk-provider

nifi.state.management.embedded.zookeeper.start

Specifies whether or not this instance of NiFi should start an embedded ZooKeeper Server

OFF

nifi.h2.url.append

Specifies additional arguments to add to the connection string for the H2 database

;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE

nifi.flowfile.repository.implementation

The FlowFile Repository implementation. To store flowfiles in memory instead of on disk (accepting data loss in the event of power/machine failure or a restart of NiFi), set this property to org.apache.nifi.controller.repository.VolatileFlowFileRepository

org.apache.nifi.controller.repository.WriteAheadFlowFileRepository

nifi.flowfile.repository.wal.implementation

If the repository implementation is configured to use the WriteAheadFlowFileRepository, this property can be used to specify which implementation of the Write-Ahead Log should be used

org.apache.nifi.wali.SequentialAccessWriteAheadLog

nifi.flowfile.repository.partitions

The number of partitions

256

nifi.flowfile.repository.checkpoint.interval

The FlowFile Repository checkpoint interval

2 mins

nifi.flowfile.repository.always.sync

If set to true, any change to the repository will be synchronized to the disk, meaning that NiFi will ask the operating system not to cache the information. This is very expensive and can significantly reduce NiFi performance. However, if it is false, there could be the potential for data loss if either there

OFF

nifi.swap.manager.implementation

The Swap Manager implementation

org.apache.nifi.controller.FileSystemSwapManager

nifi.queue.swap.threshold

The queue threshold at which NiFi starts to swap FlowFile information to disk

20000

nifi.swap.in.period

The swap in period

5 sec

nifi.swap.in.threads

The number of threads to use for swapping in

1

nifi.swap.out.period

The swap out period

5 sec

nifi.swap.out.threads

The number of threads to use for swapping out

4

nifi.content.repository.implementation

The Content Repository implementation. The default value is org.apache.nifi.controller.repository.FileSystemRepository and should only be changed with caution. To store flowfile content in memory instead of on disk (at the risk of data loss in the event of power/machine failure), set this property to org.apache.nifi.controller.repository

org.apache.nifi.controller.repository.FileSystemRepository

nifi.content.claim.max.appendable.size

The maximum size for a content claim

1 MB

nifi.content.claim.max.flow.files

The maximum number of FlowFiles to assign to one content claim

100

nifi.content.repository.archive.max.retention.period

If archiving is enabled, then this property specifies the maximum amount of time to keep the archived data

12 hours

nifi.content.repository.archive.max.usage.percentage

If archiving is enabled then this property must have a value that indicates the content repository disk usage percentage at which archived data begins to be removed. If the archive is empty and content repository disk usage is above this percentage, then archiving is temporarily disabled. Archiving will resume when disk usage is below this percentage

50%

nifi.content.repository.archive.enabled

To enable content archiving, set this to true. Content archiving enables the provenance UI to view or replay content that is no longer in a dataflow queue

ON

nifi.content.repository.always.sync

If set to true, any change to the repository will be synchronized to the disk, meaning that NiFi will ask the operating system not to cache the information. This is very expensive and can significantly reduce NiFi performance. However, if it is false, there could be the potential for data loss if either there is a sudden power loss or the operating system crashes

OFF

nifi.content.viewer.url

The URL for a web-based content viewer if one is available

../nifi-content-viewer/

nifi.provenance.repository.implementation

org.apache.nifi.provenance.WriteAheadProvenanceRepository

nifi.provenance.repository.debug.frequency

Controls the number of events processed between DEBUG statements documenting the performance metrics of the repository

1_000_000

nifi.provenance.repository.encryption.key.provider.implementation

The fully-qualified class name of the key provider

 — 

nifi.provenance.repository.encryption.key.provider.location

The path to the key definition resource

 — 

nifi.provenance.repository.encryption.key.id

The active key ID to use for encryption (e.g. Key1)

 — 

nifi.provenance.repository.encryption.key

The key to use for StaticKeyProvider

 — 

nifi.provenance.repository.max.storage.time

The maximum amount of time to keep data provenance information

24 hours

nifi.provenance.repository.max.storage.size

The maximum amount of data provenance information to store at a time

1 GB

nifi.provenance.repository.rollover.time

The amount of time to wait before rolling over the latest data provenance information so that it is available in the User Interface

30 secs

nifi.provenance.repository.rollover.size

The amount of information to roll over at a time

100 MB

nifi.provenance.repository.query.threads

The number of threads to use for Provenance Repository queries

2

nifi.provenance.repository.index.threads

The number of threads to use for indexing Provenance events so that they are searchable

2

nifi.provenance.repository.compress.on.rollover

Indicates whether to compress the provenance information when rolling it over

ON

nifi.provenance.repository.always.sync

If set to true, any change to the repository will be synchronized to the disk, meaning that NiFi will ask the operating system not to cache the information

OFF

nifi.provenance.repository.indexed.fields

A comma-separated list of the fields that should be indexed and made searchable

EventType, FlowFileUUID, Filename, ProcessorID, Relationship

nifi.provenance.repository.indexed.attributes

A comma-separated list of FlowFile Attributes that should be indexed and made searchable

 — 

nifi.provenance.repository.index.shard.size

Large values for the shard size will result in more Java heap usage when searching the Provenance Repository but should provide better performance

500 MB

nifi.provenance.repository.max.attribute.length

Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved

65536

nifi.provenance.repository.concurrent.merge.threads

Specifies the maximum number of threads that are allowed to be used for each of the storage directories

2

nifi.provenance.repository.buffer.size

The Provenance Repository buffer size

100000

nifi.components.status.repository.implementation

The Component Status Repository implementation

org.apache.nifi.controller.status.history.VolatileComponentStatusRepository

nifi.components.status.repository.buffer.size

Specifies the buffer size for the Component Status Repository

1440

nifi.components.status.snapshot.frequency

Indicates how often to present a snapshot of the components status history

1 min

nifi.web.war.directory

The location of the web.war directory

./lib

nifi.web.jetty.working.directory

The location of the Jetty working directory

./work/jetty

nifi.web.jetty.threads

The number of Jetty threads

200

nifi.web.max.header.size

The maximum size allowed for request and response headers

16 KB

nifi.web.proxy.context.path

A comma-separated list of allowed HTTP X-ProxyContextPath or X-Forwarded-Context header values to consider. By default, this value is blank meaning all requests containing a proxy context path are rejected

 — 

nifi.web.proxy.host

A comma-separated list of allowed HTTP Host header values to consider when NiFi is running securely and will be receiving requests to a different host[:port] than it is bound to. For example, when running in a Docker container or behind a proxy (e.g. localhost:18443, proxyhost:443). By default, this value is blank meaning NiFi should only allow requests sent to the host[:port] that NiFi is bound to.

 — 

nifi.sensitive.props.key

Password (source string) from which to extract the encryption key for the algorithm specified in the nifi.sensitive.props.algorithm parameter

mysensetivekey

nifi.sensitive.props.key.protected

Protected password (source string) used to obtain the encryption key for the algorithm specified in the nifi.sensitive.props.algorithm parameter

 — 

nifi.sensitive.props.algorithm

The algorithm used to encrypt sensitive properties

PBEWITHMD5AND256BITAES-CBC-OPENSSL

nifi.sensitive.props.provider

The sensitive property provider

BC

nifi.sensitive.props.additional.keys

The comma-separated list of properties to encrypt in addition to the default sensitive properties

 — 

nifi.security.user.authorizer

Specifies which of the configured Authorizers in the authorizers.xml file to use. By default, it is set to file-provider

managed-authorizer

nifi.security.ocsp.responder.url

The URL for the Online Certificate Status Protocol (OCSP) responder if one is being used

 — 

nifi.security.ocsp.responder.certificate

The location of the OCSP responder certificate if one is being used. It is blank by default

 — 

nifi.security.user.oidc.discovery.url

The discovery URL for the desired OpenId Connect Provider

 — 

nifi.security.user.oidc.connect.timeout

Connect timeout when communicating with the OpenId Connect Provider

5 secs

nifi.security.user.oidc.read.timeout

Read timeout when communicating with the OpenId Connect Provider

5 secs

nifi.security.user.oidc.client.id

The client id for NiFi after registration with the OpenId Connect Provider

 — 

nifi.security.user.oidc.client.secret

The client secret for NiFi after registration with the OpenId Connect Provider

 — 

nifi.security.user.oidc.preferred.jwsalgorithm

The preferred algorithm for validating identity tokens. If this value is blank, it will default to RS256 which is required to be supported by the OpenId Connect Provider according to the specification. If this value is HS256, HS384, or HS512, NiFi will attempt to validate HMAC protected tokens using the specified client secret. If this value is none, NiFi will attempt to validate unsecured/plain tokens. Other values for this algorithm will attempt to parse as an RSA or EC algorithm to be used in conjunction with the JSON Web Key (JWK) provided through the jwks_uri in the metadata found at the discovery URL

 — 

nifi.security.user.knox.url

The URL for the Apache Knox login page

 — 

nifi.security.user.knox.publicKey

The path to the Apache Knox public key that will be used to verify the signatures of the authentication tokens in the HTTP Cookie

 — 

nifi.security.user.knox.cookieName

The name of the HTTP Cookie that Apache Knox will generate after successful login

hadoop-jwt

nifi.security.user.knox.audiences

Optional. A comma-separated listed of allowed audiences. If set, the audience in the token must be present in this listing. The audience that is populated in the token can be configured in Knox

 — 

nifi.cluster.protocol.heartbeat.interval

The interval at which nodes should emit heartbeats to the Cluster Coordinator

5 sec

nifi.cluster.node.protocol.port

The node’s protocol port

11433

nifi.cluster.node.protocol.threads

The number of threads that should be used to communicate with other nodes in the cluster

10

nifi.cluster.node.protocol.max.threads

The maximum number of threads that should be used to communicate with other nodes in the cluster

50

nifi.cluster.node.event.history.size

When the state of a node in the cluster is changed, an event is generated and can be viewed in the Cluster page. This value indicates how many events to keep in memory for each node

25

nifi.cluster.node.max.concurrent.requests

The maximum number of outstanding web requests that can be replicated to nodes in the cluster. If this number of requests is exceeded, the embedded Jetty server will return a "409: Conflict" response

100

nifi.cluster.firewall.file

The location of the node firewall file. This is a file that may be used to list all the nodes that are allowed to connect to the cluster. It provides an additional layer of security. This value is blank by default, meaning that no firewall file is to be used

 — 

nifi.cluster.flow.election.max.wait.time

Specifies the amount of time to wait before electing a Flow as the "correct" Flow. If the number of Nodes that have voted is equal to the number specified by the nifi.cluster.flow.election.max.candidates property, the cluster will not wait this long

5 mins

nifi.cluster.load.balance.host

Specifies the hostname to listen on for incoming connections for load balancing data across the cluster. If not specified, will default to the value used by the nifi.cluster.node.address property

 — 

nifi.cluster.load.balance.port

Specifies the port to listen on for incoming connections for load balancing data across the cluster

6342

nifi.cluster.load.balance.connections.per.node

The maximum number of connections to create between this node and each other node in the cluster. For example, if there are 5 nodes in the cluster and this value is set to 4, there will be up to 20 socket connections established for load-balancing purposes (5 x 4 = 20)

4

nifi.cluster.load.balance.max.thread.count

The maximum number of threads to use for transferring data from this node to other nodes in the cluster. While a given thread can only write to a single socket at a time, a single thread is capable of servicing multiple connections simultaneously because a given connection may not be available for reading/writing at any given time

8

nifi.cluster.load.balance.comms.timeout

When communicating with another node, if this amount of time elapses without making any progress when reading from or writing to a socket, then a TimeoutException will be thrown. This will then result in the data either being retried or sent to another node in the cluster, depending on the configured Load Balancing Strategy

30 sec

nifi.remote.input.socket.port

The remote input socket port for Site-to-Site communication

10443

nifi.remote.input.secure

This indicates whether communication between this instance of NiFi and remote NiFi instances should be secure

ON

nifi.security.keystore

The full path and name of the keystore

/tmp/keystore.jks

nifi.security.keystoreType

The keystore type

JKS

nifi.security.keystorePasswd

The keystore password

 — 

nifi.security.keyPasswd

The key password

 — 

nifi.security.truststore

The full path and name of the truststore

 — 

nifi.security.truststoreType

The truststore type

JKS

nifi.security.truststorePasswd

The truststore password

 — 

Add key,value

 — 

app_file_max_history

Maximum number of files for applications

10

user_file_max_history

Maximum user files

10

boot_file_max_history

Maximum number of files for Boot

5

root_level

Event level

INFO

app_loggers

org.apache.nifi

INFO

org.apache.nifi.processors

WARN

org.apache.nifi.processors.standard.LogAttribute

INFO

org.apache.nifi.processors.standard.LogMessage

INFO

org.apache.nifi.controller.repository.StandardProcessSession

WARN

org.wali

WARN

org.apache.nifi.cluster

INFO

org.apache.nifi.server.JettyServer

INFO

org.eclipse.jetty

INFO

user_events_loggers

org.apache.nifi.web.security

INFO

org.apache.nifi.web.api.config

INFO

org.apache.nifi.authorization

INFO

org.apache.nifi.cluster.authorization

INFO

org.apache.nifi.web.filter.RequestLogger

INFO

bootstrap_loggers

org.apache.nifi.bootstrap

INFO

org.apache.nifi.bootstrap.Command

INFO

org.apache.nifi.StdOut

INFO

org.apache.nifi.StdErr

INFO

custom_logger

 — 

 — 

nifi.registry.web.war.directory

The location of the web war directory

./lib

nifi.registry.web.jetty.working.directory

The location of the Jetty working directory

./work/jetty

nifi.registry.web.jetty.threads

The number of the Jetty threads

200

nifi.registry.security.needClientAuth

Specifies that connecting clients must authenticate with a client cert

OFF

nifi.registry.db.directory

The location of the Registry database directory

 — 

nifi.registry.db.url.append

Specifies additional arguments to add to the connection string for the Registry database

 — 

nifi.registry.db.url

The full JBDC connection string

jdbc:h2:/usr/lib/nifi-registry/database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE

nifi.registry.db.driver.class

The class name of the JBDC driver

org.h2.Driver

nifi.registry.db.driver.directory

An optional directory containing one or more JARs to add to the classpath

 — 

nifi.registry.db.username

The username for the database

nifireg

nifi.registry.db.password

The password for the database

 — 

nifi.registry.db.maxConnections

The maximum number of connections for the connection pool

5

nifi.registry.db.sql.debug

Whether or not to enable debug logging for SQL statements

OFF

nifi.registry.security.keystore

The full path and the name of the keystore

/tmp/keystore.jks

nifi.registry.security.keystoreType

The keystore type

JKS

nifi.registry.security.keystorePasswd

The keystore password

 — 

nifi.registry.security.keyPasswd

The key password

 — 

nifi.registry.security.truststore

The full path and name of the truststore

/tmp/truststore.jks

nifi.registry.security.truststoreType

The truststore type

JKS

nifi.registry.security.truststorePasswd

The truststore password

 — 

nifi.registry.sensitive.props.additional.keys

Comma-separated list of properties for encryption in addition to the default sensitive properties

nifi.registry.db.password

Git Flow Storage Directory

File system path for a directory where flow contents files are persisted to. The directory must exist when NiFi Registry starts. It also must be initialized as a Git directory

/usr/lib/nifi-registry/git_flow_storage

Remote To Push

When a new flow snapshot is created, this persistence provider updates files in the specified Git directory, then creates a commit to the local repository. If Remote To Push is defined, provider pushes to the specified remote repository (e.g. origin). To define more detailed remote spec such as branch names, use Refspec

 — 

Remote Access User

The username is used to make push requests to the remote repository when Remote To Push is enabled, and the remote repository is accessed by HTTP protocol. If SSH is used, user authentications are done with SSH keys

 — 

Remote Access Password

The password for the Remote Access User

 — 

Remote Clone Repository

Remote repository URI to use to clone into Flow Storage Directory, if local repository is not present in Flow Storage Directory. If left empty, the Git directory needs to be configured as per initialaze Git directory. If URI is provided, then Remote Access User and Remote Access Password also should be present. Currently, default branch of remote wil be cloned

 — 

NIFI_REGISTRY_HOME

The directory for installing

/usr/lib/nifi-registry

NIFI_REGISTRY_PID_DIR

The directory to store the NiFi-Registry

/var/run/nifi-registry

NIFI_REGISTRY_LOG_DIR

The directory to store the logs

/var/log/nifi-registry

app_file_max_history

Maximum number of files for applications

10

events_file_max_history

Maximum number of files for events

5

boot_file_max_history

Maximum number of files for Boot

5

root_level

Event level

INFO

app_loggers

org.apache.nifi.registry

INFO

org.hibernate.SQL

WARN

org.hibernate.type

INFO

events_loggers

org.apache.nifi.registry.provider.hook.LoggingEventHookProvider

INFO

bootstrap_loggers

org.apache.nifi.registry.bootstrap

INFO

org.apache.nifi.registry.bootstrap.Command

INFO

org.apache.nifi.registry.StdOut

INFO

org.apache.nifi.registry.StdErr

ERROR

listener port

Schema-Registry listener port. Specified as listeners in the schema-registry.properties file

8081

LOG_DIR

The directory for storing logs

/var/log/schema-registry

JMX_PORT

Port on which Schema-Registry sends JMX metrics

9997

SCHEMA_REGISTRY_HEAP_OPTS

Heap size allocated to the Schema-Registry process

-Xmx1024M

SCHEMA_REGISTRY_JVM_PERFORMANCE_OPTS

JVM options in terms of PERFORMANCE options

-server

-XX:+UseG1G

-XX:MaxGCPauseMillis=20

-XX:InitiatingHeapOccupancyPercent=35

-XX:+ExplicitGCInvokesConcurrent

-Djava.awt.headless=true

authentication.method

Authentication method

BASIC

authentication.roles

Defines a comma-separated list of user roles. To be authorized on the Schema-Registry server, the authenticated user must belong to at least one of these roles

admin

authentication.realm

Corresponds to a section in the jaas_config.file that defines how the server authenticates users and must be passed as a parameter to the JVM during server startup

SchemaRegistry-Props

kafkastore.topic

The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy

_schemas

debug

Boolean indicating whether extra debugging information is generated in some error response entities

OFF

inter.instance.protocol

The protocol used while making calls between the instances of Schema Registry

 — 

ssl.keystore.location

Used for HTTPS. Location of the keystore file to use for SSL

 — 

ssl.keystore.password

Used for HTTPS. The store password for the keystore file

 — 

ssl.key.password

The password of the key contained in the keystore

 — 

ssl.truststore.location

Used for HTTPS. Location of the truststore. Required only to authenticate HTTPS clients

 — 

ssl.truststore.password

The password to access the truststore

 — 

kafkastore.ssl.keystore.location

The location of the SSL keystore file

 — 

kafkastore.ssl.keystore.password

The password to access the keystore

 — 

kafkastore.ssl.key.password

The password of the key contained in the keystore

 — 

kafkastore.ssl.keystore.type

The file format of the keystore

 — 

kafkastore.ssl.truststore.location

The location of the SSL truststore file

 — 

kafkastore.ssl.truststore.password

The password to access the truststore

 — 

kafkastore.ssl.truststore.type

The file format of the truststore

 — 

kafkastore.ssl.endpoint.identification.algorithm

The endpoint identification algorithm to validate the server hostname using the server certificate

 — 

Add key,value

 — 

log4j.rootLogger

Setting the logging level

INFO

log4j.logger.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.org.apache.kafka

ERROR

log4j.logger.org.apache.zookeeper

Change to adjust ZooKeeper client logging

ERROR

log4j.logger.org.apache.kafka

Change to adjust the general broker logging level (output to server.log and stdout). See also log4j.logger.kafka

ERROR

log4j.logger.org.I0Itec.zkclient

Change to adjust ZooKeeper client logging level

ERROR

The ZooKeeper connection string that is used by other services or clusters. It is generated automatically

 — 

The location where ZooKeeper stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database

/var/lib/zookeeper

admin.serverPort

Port that listens on the embedded Jetty server. Jetty server provides an HTTP interface to the four letter word commands

58080

The port that Client connections, i.e. the port that Clients attempt to connect to

2181

Base unit of time used by ZooKeeper. It is used for heart contractions. The minimum session timeout becomes twice the tickTime (in ms)

2000

The timeouts, ZooKeeper uses to limit the length of the time that the ZooKeeper Servers in Quorum have to connect to the Leader

5

How far out of date each Server can be from the Leader

2

Limits the number of active connections from the host, specified by IP address, to a single ZooKeeper Server

0

Enables storing the most recent snapshots and related transaction logs in dataDir and dataLogDir respectively, and deleting the rest. The minimum value is 3

3

The time interval in hours between runs of the purge task. Set to a positive integer (1 and above) to enable the auto purging

24

Add key,value

 — 

ZOO_LOG_DIR

The directory to store the logs

/var/log/zookeeper

ZOOPIDFILE

The directory to store the ZooKeeper process ID

/var/run/zookeeper/zookeeper_server.pid

SERVER_JVMFLAGS

It is used for setting different JVM parameters connected, for example, with garbage collecting

-Xmx1024m

JAVA

A path to Java

$JAVA_HOME/bin/java

ZOO_LOG4J_PROP

It is used for setting the LOG4J logging level and telling what log appenders to turn on. The effect of turning on the log appender CONSOLE is that logs now go to stdout. The effect of turning on ROLLINGFILE is that zookeeper.log file is created, rotated, and expired

INFO, CONSOLE, ROLLINGFILE