deployment/base/configmap-nifi-config.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nifi-config
  labels:
    app: "nifi"
data:
  authorizers-empty.xml: |
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <authorizers>
        <userGroupProvider>
            <identifier>file-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
            <property name="Users File">../data/users.xml</property>
            <property name="Legacy Authorized Users File"></property>
        </userGroupProvider>

        <!-- To enable the ldap-user-group-provider remove 2 lines. This is 1 of 2.
        <userGroupProvider>
            <identifier>ldap-user-group-provider</identifier>
            <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
            <property name="Authentication Strategy">START_TLS</property>
            <property name="Manager DN"></property>
            <property name="Manager Password"></property>
            <property name="TLS - Keystore"></property>
            <property name="TLS - Keystore Password"></property>
            <property name="TLS - Keystore Type"></property>
            <property name="TLS - Truststore"></property>
            <property name="TLS - Truststore Password"></property>
            <property name="TLS - Truststore Type"></property>
            <property name="TLS - Client Auth"></property>
            <property name="TLS - Protocol"></property>
            <property name="TLS - Shutdown Gracefully"></property>
            <property name="Referral Strategy">FOLLOW</property>
            <property name="Connect Timeout">10 secs</property>
            <property name="Read Timeout">10 secs</property>
            <property name="Url"></property>
            <property name="Page Size"></property>
            <property name="Sync Interval">30 mins</property>
            <property name="User Search Base"></property>
            <property name="User Object Class">person</property>
            <property name="User Search Scope">ONE_LEVEL</property>
            <property name="User Search Filter"></property>
            <property name="User Identity Attribute"></property>
            <property name="User Group Name Attribute"></property>
            <property name="User Group Name Attribute - Referenced Group Attribute"></property>
            <property name="Group Search Base"></property>
            <property name="Group Object Class">group</property>
            <property name="Group Search Scope">ONE_LEVEL</property>
            <property name="Group Search Filter"></property>
            <property name="Group Name Attribute"></property>
            <property name="Group Member Attribute"></property>
            <property name="Group Member Attribute - Referenced User Attribute"></property>
        </userGroupProvider>
        To enable the ldap-user-group-provider remove 2 lines. This is 2 of 2. -->

        <!-- To enable the composite-user-group-provider remove 2 lines. This is 1 of 2.
        <userGroupProvider>
            <identifier>composite-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.CompositeUserGroupProvider</class>
            <property name="User Group Provider 1"></property>
        </userGroupProvider>
        To enable the composite-user-group-provider remove 2 lines. This is 2 of 2. -->

        <!-- To enable the composite-configurable-user-group-provider remove 2 lines. This is 1 of 2.
        <userGroupProvider>
            <identifier>composite-configurable-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class>
            <property name="Configurable User Group Provider">file-user-group-provider</property>
            <property name="User Group Provider 1"></property>
        </userGroupProvider>
        To enable the composite-configurable-user-group-provider remove 2 lines. This is 2 of 2. -->

        <accessPolicyProvider>
            <identifier>file-access-policy-provider</identifier>
            <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
            <property name="User Group Provider">file-user-group-provider</property>
            <property name="Authorizations File">../data/authorizations.xml</property>
        </accessPolicyProvider>

        <authorizer>
            <identifier>managed-authorizer</identifier>
            <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
            <property name="Access Policy Provider">file-access-policy-provider</property>
        </authorizer>

        <authorizer>
            <identifier>file-provider</identifier>
            <class>org.apache.nifi.authorization.FileAuthorizer</class>
            <property name="Authorizations File">./conf/authorizations.xml</property>
            <property name="Users File">./conf/users.xml</property>
            <property name="Initial Admin Identity"></property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Node Identity 1"></property>
        </authorizer>
    </authorizers>
  authorizers.xml: >
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <authorizers>
        <userGroupProvider>
            <identifier>file-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
            <property name="Users File">./auth-conf/users.xml</property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Initial User Identity 0">CN=nifi-0.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity 1">CN=nifi-1.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity 2">CN=nifi-2.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity 3">CN=nifi-3.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity 4">CN=nifi-4.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Initial User Identity admin">$(admin_identity)</property>
        </userGroupProvider>

        <userGroupProvider>
            <identifier>composite-configurable-user-group-provider</identifier>
            <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class>
            <property name="Configurable User Group Provider">file-user-group-provider</property>
        </userGroupProvider>

        <accessPolicyProvider>
            <identifier>file-access-policy-provider</identifier>
            <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
            <property name="User Group Provider">composite-configurable-user-group-provider</property>
            <property name="Authorizations File">./auth-conf/authorizations.xml</property>
            <property name="Initial Admin Identity">$(admin_identity)</property>
            <property name="Legacy Authorized Users File"></property>
            <property name="Node Identity 0">CN=nifi-0.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Node Identity 1">CN=nifi-1.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Node Identity 2">CN=nifi-2.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Node Identity 3">CN=nifi-3.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
            <property name="Node Identity 4">CN=nifi-4.nifi-headless.$(namespace).svc.cluster.local, OU=NIFI</property>
        </accessPolicyProvider>

        <authorizer>
            <identifier>managed-authorizer</identifier>
            <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
            <property name="Access Policy Provider">file-access-policy-provider</property>
        </authorizer>

    </authorizers>
  bootstrap-notification-services.xml: |
    <?xml version="1.0"?>
    <services>

    <!--
        <service>
            <id>email-notification</id>
            <class>org.apache.nifi.bootstrap.notification.email.EmailNotificationService</class>
            <property name="SMTP Hostname"></property>
            <property name="SMTP Port"></property>
            <property name="SMTP Username"></property>
            <property name="SMTP Password"></property>
            <property name="SMTP TLS"></property>
            <property name="From"></property>
            <property name="To"></property>
        </service>
    -->
    <!--
        <service>
            <id>http-notification</id>
            <class>org.apache.nifi.bootstrap.notification.http.HttpNotificationService</class>
            <property name="URL"></property>
        </service>
    -->
    </services>

  bootstrap.conf: |+
    #
    # Licensed to the Apache Software Foundation (ASF) under one or more
    # contributor license agreements.  See the NOTICE file distributed with
    # this work for additional information regarding copyright ownership.
    # The ASF licenses this file to You under the Apache License, Version 2.0
    # (the "License"); you may not use this file except in compliance with
    # the License.  You may obtain a copy of the License at
    #
    #   http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    #

    # Java command to use when running NiFi
    java=java

    # Username to use when running NiFi. This value will be ignored on Windows.
    run.as=

    # Configure where NiFi's lib and conf directories live
    lib.dir=./lib
    conf.dir=./conf

    # How long to wait after telling NiFi to shutdown before explicitly killing the Process
    graceful.shutdown.seconds=20

    # Disable JSR 199 so that we can use JSP's without running a JDK
    java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true

    # JVM memory settings
    java.arg.2=-Xms2g
    java.arg.3=-Xmx2g

    # Enable Remote Debugging
    #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000

    java.arg.4=-Djava.net.preferIPv4Stack=true

    # allowRestrictedHeaders is required for Cluster/Node communications to work properly
    java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
    java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol

    # The G1GC is still considered experimental but has proven to be very advantageous in providing great
    # performance without significant "stop-the-world" delays.
    #java.arg.13=-XX:+UseG1GC

    #Set headless mode by default
    java.arg.14=-Djava.awt.headless=true

    # Master key in hexadecimal format for encrypted sensitive configuration values
    nifi.bootstrap.sensitive.key=

    # Sets the provider of SecureRandom to /dev/urandom to prevent blocking on VMs
    java.arg.15=-Djava.security.egd=file:/dev/urandom

    ###
    # Notification Services for notifying interested parties when NiFi is stopped, started, dies
    ###

    # XML File that contains the definitions of the notification services
    notification.services.file=./conf/bootstrap-notification-services.xml

    # In the case that we are unable to send a notification for an event, how many times should we retry?
    notification.max.attempts=5

    # Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi is started?
    #nifi.start.notification.services=email-notification

    # Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi is stopped?
    #nifi.stop.notification.services=email-notification

    # Comma-separated list of identifiers that are present in the notification.services.file; which services should be used to notify when NiFi dies?
    #nifi.dead.notification.services=email-notification


  flow.xml: |
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <flowController encoding-version="1.3">
        <maxTimerDrivenThreadCount>10</maxTimerDrivenThreadCount>
        <maxEventDrivenThreadCount>5</maxEventDrivenThreadCount>
        <registries>
            <flowRegistry>
                <id>$(uid)</id>
                <name>default</name>
                <url>http://nifi-registry:18080</url>
                <description/>
            </flowRegistry>
        </registries>
        <rootGroup>
            <id>$(uid)</id>
            <name>Nifi Flow</name>
            <position x="0.0" y="0.0"/>
            <comment/>
        </rootGroup>
        <controllerServices/>
        <reportingTasks/>
    </flowController>
  login-identity-providers.xml: |
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <loginIdentityProviders>
        <provider>
            <identifier>single-user-provider</identifier>
            <class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class>
            <property name="Username"/>
            <property name="Password"/>
        </provider>
    </loginIdentityProviders>
  nifi.properties: |
    # Licensed to the Apache Software Foundation (ASF) under one or more
    # contributor license agreements.  See the NOTICE file distributed with
    # this work for additional information regarding copyright ownership.
    # The ASF licenses this file to You under the Apache License, Version 2.0
    # (the "License"); you may not use this file except in compliance with
    # the License.  You may obtain a copy of the License at
    #
    #     http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.

    # Core Properties #
    nifi.flow.configuration.file=../data/flow.xml.gz
    nifi.flow.configuration.archive.enabled=true
    nifi.flow.configuration.archive.dir=../data/archive/
    nifi.flow.configuration.archive.max.time=30 days
    nifi.flow.configuration.archive.max.storage=500 MB
    nifi.flow.configuration.archive.max.count=
    nifi.flowcontroller.autoResumeState=true
    nifi.flowcontroller.graceful.shutdown.period=10 sec
    nifi.flowservice.writedelay.interval=500 ms
    nifi.administrative.yield.duration=30 sec
    # If a component has no work to do (is "bored"), how long should we wait before checking again for work?
    nifi.bored.yield.duration=10 millis
    nifi.queue.backpressure.count=10000
    nifi.queue.backpressure.size=1 GB

    nifi.authorizer.configuration.file=./conf/authorizers.xml
    nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
    nifi.templates.directory=../data/templates
    nifi.ui.banner.text=
    nifi.ui.autorefresh.interval=30 sec
    nifi.nar.library.directory=./lib
    nifi.nar.library.directory.custom=
    nifi.nar.library.autoload.directory=./extensions
    nifi.nar.working.directory=./work/nar/
    nifi.documentation.working.directory=./work/docs/components

    ####################
    # State Management #
    ####################
    nifi.state.management.configuration.file=./conf/state-management.xml
    # The ID of the local state provider
    nifi.state.management.provider.local=local-provider
    # The ID of the cluster-wide state provider. This will be ignored if NiFi is not clustered but must be populated if running in a cluster.
    nifi.state.management.provider.cluster=zk-provider
    # Specifies whether or not this instance of NiFi should run an embedded ZooKeeper server
    nifi.state.management.embedded.zookeeper.start=false
    # Properties file that provides the ZooKeeper properties to use if <nifi.state.management.embedded.zookeeper.start> is set to true
    nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties


    # H2 Settings
    nifi.database.directory=../data/database_repository
    nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE

    # FlowFile Repository
    nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
    nifi.flowfile.repository.wal.implementation=org.apache.nifi.wali.SequentialAccessWriteAheadLog
    nifi.flowfile.repository.directory=../flowfile_repository
    nifi.flowfile.repository.partitions=256
    nifi.flowfile.repository.checkpoint.interval=2 mins
    nifi.flowfile.repository.always.sync=false
    nifi.flowfile.repository.encryption.key.provider.implementation=
    nifi.flowfile.repository.encryption.key.provider.location=
    nifi.flowfile.repository.encryption.key.provider.password=
    nifi.flowfile.repository.encryption.key.id=
    nifi.flowfile.repository.encryption.key=
    nifi.flowfile.repository.retain.orphaned.flowfiles=true

    nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
    nifi.queue.swap.threshold=20000
    nifi.swap.in.period=5 sec
    nifi.swap.in.threads=1
    nifi.swap.out.period=5 sec
    nifi.swap.out.threads=4

    # Content Repository
    nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
    nifi.content.claim.max.appendable.size=1 MB
    nifi.content.claim.max.flow.files=100
    nifi.content.repository.directory.default=../content_repository
    nifi.content.repository.archive.max.retention.period=3 days
    nifi.content.repository.archive.max.usage.percentage=85%
    nifi.content.repository.archive.enabled=true
    nifi.content.repository.always.sync=false
    nifi.content.viewer.url=/nifi-content-viewer/
    nifi.content.repository.encryption.key.provider.implementation=
    nifi.content.repository.encryption.key.provider.location=
    nifi.content.repository.encryption.key.provider.password=
    nifi.content.repository.encryption.key.id=
    nifi.content.repository.encryption.key=

    # Provenance Repository Properties
    nifi.provenance.repository.implementation=org.apache.nifi.provenance.WriteAheadProvenanceRepository
    nifi.provenance.repository.debug.frequency=1_000_000
    nifi.provenance.repository.encryption.key.provider.implementation=
    nifi.provenance.repository.encryption.key.provider.location=
    nifi.provenance.repository.encryption.key.id=
    nifi.provenance.repository.encryption.key=

    # Persistent Provenance Repository Properties
    nifi.provenance.repository.directory.default=../provenance_repository
    nifi.provenance.repository.max.storage.time=10 days
    nifi.provenance.repository.max.storage.size=8 GB
    nifi.provenance.repository.rollover.time=30 secs
    nifi.provenance.repository.rollover.size=100 MB
    nifi.provenance.repository.query.threads=2
    nifi.provenance.repository.index.threads=2
    nifi.provenance.repository.compress.on.rollover=true
    nifi.provenance.repository.always.sync=false
    nifi.provenance.repository.journal.count=16
    # Comma-separated list of fields. Fields that are not indexed will not be searchable. Valid fields are:
    # EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, Relationship, Details
    nifi.provenance.repository.indexed.fields=EventType, FlowFileUUID, Filename, ProcessorID, Relationship
    # FlowFile Attributes that should be indexed and made searchable.  Some examples to consider are filename, uuid, mime.type
    nifi.provenance.repository.indexed.attributes=
    # Large values for the shard size will result in more Java heap usage when searching the Provenance Repository
    # but should provide better performance
    nifi.provenance.repository.index.shard.size=500 MB
    # Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from
    # the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved.
    nifi.provenance.repository.max.attribute.length=65536

    # Volatile Provenance Respository Properties
    nifi.provenance.repository.buffer.size=100000

    # Component Status Repository
    nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository
    nifi.components.status.repository.buffer.size=1440
    nifi.components.status.snapshot.frequency=1 min

    # Site to Site properties
    nifi.remote.input.host=
    nifi.remote.input.secure=true
    nifi.remote.input.socket.port=10000
    nifi.remote.input.http.enabled=true
    nifi.remote.input.http.transaction.ttl=30 sec
    nifi.remote.contents.cache.expiration=30 secs

    # web properties #
    #############################################

    # For security, NiFi will present the UI on 127.0.0.1 and only be accessible through this loopback interface.
    # Be aware that changing these properties may affect how your instance can be accessed without any restriction.
    # We recommend configuring HTTPS instead. The administrators guide provides instructions on how to do this.

    nifi.web.war.directory=./lib
    nifi.web.proxy.host=

    nifi.web.http.port=
    nifi.web.https.port=9443

    nifi.web.http.host=
    nifi.web.http.network.interface.default=
    nifi.web.https.host=
    nifi.web.https.network.interface.default=
    nifi.web.jetty.working.directory=./work/jetty
    nifi.web.jetty.threads=200
    # nifi.web.proxy.context.path=

    # security properties #
    nifi.sensitive.props.key=
    nifi.sensitive.props.key.protected=
    nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
    nifi.sensitive.props.provider=BC
    nifi.sensitive.props.additional.keys=

    nifi.security.keystore=
    nifi.security.keystoreType=jks
    nifi.security.keystorePasswd=env:PASS
    nifi.security.keyPasswd=env:PASS
    nifi.security.truststore=
    nifi.security.truststoreType=jks
    nifi.security.truststorePasswd=env:PASS
    proxiedEntity=$(admin_identity)
    nifi.security.user.authorizer=managed-authorizer
    nifi.security.needClientAuth=true


    nifi.security.user.login.identity.provider=single-user-provider

    nifi.security.ocsp.responder.url=
    nifi.security.ocsp.responder.certificate=

    # OpenId Connect SSO Properties #
    nifi.security.user.oidc.discovery.url=
    nifi.security.user.oidc.connect.timeout=5s
    nifi.security.user.oidc.read.timeout=5s
    nifi.security.user.oidc.client.id=
    nifi.security.user.oidc.client.secret=
    nifi.security.user.oidc.preferred.jwsalgorithm=
    nifi.security.user.oidc.claim.identifying.user=
    nifi.security.user.oidc.additional.scopes=

    # Apache Knox SSO Properties #
    nifi.security.user.knox.url=
    nifi.security.user.knox.publicKey=
    nifi.security.user.knox.cookieName=hadoop-jwt
    nifi.security.user.knox.audiences=

    # Identity Mapping Properties #
    # These properties allow normalizing user identities such that identities coming from different identity providers
    # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
    # DNs from certificates and principals from Kerberos into a common identity string:
    #
    nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?)
    nifi.security.identity.mapping.value.dn=$1@$2
    nifi.security.identity.mapping.pattern.dn2=^uid=(.*?),cn=(.*?),cn=(.*?),dc=(.*?),dc=(.*?)
    nifi.security.identity.mapping.value.dn2=$1
    # nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
    # nifi.security.identity.mapping.value.kerb=$1@$2

    # cluster common properties (all nodes must have same values) #
    nifi.cluster.protocol.heartbeat.interval=5 sec
    nifi.cluster.protocol.is.secure=true

    # cluster node properties (only configure for cluster nodes) #
    nifi.cluster.is.node=true
    nifi.cluster.node.address=
    nifi.cluster.node.protocol.port=6007
    nifi.cluster.node.protocol.threads=10
    nifi.cluster.node.protocol.max.threads=50
    nifi.cluster.node.event.history.size=25
    nifi.cluster.node.connection.timeout=5 sec
    nifi.cluster.node.read.timeout=5 sec
    nifi.cluster.node.max.concurrent.requests=100
    nifi.cluster.firewall.file=
    nifi.cluster.flow.election.max.wait.time=1 mins
    nifi.cluster.flow.election.max.candidates=$(nodes_number)

    # zookeeper properties, used for cluster management #
    nifi.zookeeper.connect.string=
    nifi.zookeeper.connect.timeout=3 secs
    nifi.zookeeper.session.timeout=3 secs
    nifi.zookeeper.root.node=/nifi

    # Zookeeper properties for the authentication scheme used when creating acls on znodes used for cluster management
    # Values supported for nifi.zookeeper.auth.type are "default", which will apply world/anyone rights on znodes
    # and "sasl" which will give rights to the sasl/kerberos identity used to authenticate the nifi node
    # The identity is determined using the value in nifi.kerberos.service.principal and the removeHostFromPrincipal
    # and removeRealmFromPrincipal values (which should align with the kerberos.removeHostFromPrincipal and kerberos.removeRealmFromPrincipal
    # values configured on the zookeeper server).
    nifi.zookeeper.auth.type=
    nifi.zookeeper.kerberos.removeHostFromPrincipal=
    nifi.zookeeper.kerberos.removeRealmFromPrincipal=

    # kerberos #
    nifi.kerberos.krb5.file=

    # kerberos service principal #
    nifi.kerberos.service.principal=
    nifi.kerberos.service.keytab.location=

    # kerberos spnego principal #
    nifi.kerberos.spnego.principal=
    nifi.kerberos.spnego.keytab.location=
    nifi.kerberos.spnego.authentication.expiration=12 hours

    # external properties files for variable registry
    # supports a comma delimited list of file locations
    nifi.variable.registry.properties=
  state-management.xml: |
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <stateManagement>
        <local-provider>
            <id>local-provider</id>
            <class>org.apache.nifi.controller.state.providers.local.WriteAheadLocalStateProvider</class>
            <property name="Directory">../data/state/local</property>
            <property name="Always Sync">false</property>
            <property name="Partitions">16</property>
            <property name="Checkpoint Interval">2 mins</property>
        </local-provider>
        <cluster-provider>
            <id>zk-provider</id>
            <class>org.apache.nifi.controller.state.providers.zookeeper.ZooKeeperStateProvider</class>
            <property name="Connect String">nifi-zookeeper:2181</property>
            <property name="Root Node">/nifi</property>
            <property name="Session Timeout">10 seconds</property>
            <property name="Access Control">Open</property>
        </cluster-provider>
    </stateManagement>
  zookeeper.properties: |+
    #
    #
    # Licensed to the Apache Software Foundation (ASF) under one
    # or more contributor license agreements.  See the NOTICE file
    # distributed with this work for additional information
    # regarding copyright ownership.  The ASF licenses this file
    # to you under the Apache License, Version 2.0 (the
    # "License"); you may not use this file except in compliance
    # with the License.  You may obtain a copy of the License at
    #
    #   http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing,
    # software distributed under the License is distributed on an
    # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    # KIND, either express or implied.  See the License for the
    # specific language governing permissions and limitations
    # under the License.
    #
    #
    #

    initLimit=10
    autopurge.purgeInterval=24
    syncLimit=5
    tickTime=2000
    dataDir=./state/zookeeper
    autopurge.snapRetainCount=30

    #
    # Specifies the servers that are part of this zookeeper ensemble. For
    # every NiFi instance running an embedded zookeeper, there needs to be
    # a server entry below. For instance:
    #
    # server.1=nifi-node1-hostname:2888:3888;2181
    # server.2=nifi-node2-hostname:2888:3888;2181
    # server.3=nifi-node3-hostname:2888:3888;2181
    #
    # The index of the server corresponds to the myid file that gets created
    # in the dataDir of each node running an embedded zookeeper. See the
    # administration guide for more details.
    #

    server.1=