zoo.cfg
Lists the ZooKeeper configuration file.
Example zoo.cfg File
The file /opt/mapr/zookeeper/zookeeper-$version/conf/zoo.cfg
specifies ZooKeeper configuration parameters.
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=20
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=10
# the directory where the snapshot is stored.
dataDir=/opt/mapr/zkdata
# the port at which the clients will connect
clientPort=5181
# max number of client connections
maxClientCnxns=1000
#autopurge interval - 24 hours
autopurge.purgeInterval=24
#superuser to allow zk nodes delete
superUser=mapr
#readuser to allow read zk info for authenticated clients
readUser=anyone
# cldb key location
mapr.cldbkeyfile.location=/opt/mapr/conf/cldb.key
#security provider name
authMech=MAPR-SECURITY
# security auth provider
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
# use maprserverticket not userticket for auth
mapr.usemaprserverticket=true
#
# Added for 3.4.11-mapr
#
# ZK-to-ZK server authentication using MAPR-SASL
# Set quorum.auth.enableSasl=false for insecure cluster, =true for secure cluster
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
#
# Added for 3.5.6-mapr
#
# ZK server-to-server SSL encryption
#
sslQuorum=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/opt/mapr/conf/ssl_keystore.p12
ssl.quorum.keyStore.password=<randomly generated password>
ssl.quorum.trustStore.location=/opt/mapr/conf/ssl_truststore.p12
ssl.quorum.trustStore.password=<randomly generated password>
ssl.quorum.protocol=TLS
ssl.quorum.enabledProtocols=TLSv1.2
# MapR uses the cluster name in the certificates, no host names
ssl.quorum.hostnameVerification=false
#
# The Jetty Admin Server allows ZK access via a URL
# Like http://localhost:8080/commands/stat
# Default port 8080 may cause conflicts; thus server disabled by default
# admin.serverPort=8080
admin.enableServer=false
#
# For upgrade from an existing 3.4.11 or older that had no snapshots
snapshot.trust.empty=true
#
WARNING
maxClientCnxns
limits the number of concurrent ZooKeeper connections
that a single client machine may make. This value does not set a limit for the whole
cluster. The default is 100. If you plan to run more than 100 jobs from a single node,
increase this value. ATTENTION
By default, only authenticated users (users with a valid
ticket) are allowed to execute ZooKeeper related commands. To allow all users to
execute ZooKeeper related commands, add the entry
sessionRequireClientSASLAuth=false
to this file and restart
ZooKeeper.Enable Encrypted Quorum Communication
Perform the following steps to enable encrypted quorum communication between ZooKeeper nodes:
- Copy all
*.p12
certificates from the master CLDB node to all the ZooKeeper nodes. - Set the user and group of all the
*.p12
certificates tomapr
on all the ZooKeeper nodes. - Set
sslQuorum=true
in thezoo.cfg
file. - Restart ZooKeeper and Warden:
service mapr-zookeeper restart service mapr-warden restart