zoo.cfg

Lists the ZooKeeper configuration file.

Example zoo.cfg File

The file /opt/mapr/zookeeper/zookeeper-$version/conf/zoo.cfg specifies ZooKeeper configuration parameters.

# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=20
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=10
# the directory where the snapshot is stored.
dataDir=/opt/mapr/zkdata
# the port at which the clients will connect
clientPort=5181
# max number of client connections
maxClientCnxns=1000
#autopurge interval - 24 hours
autopurge.purgeInterval=24
#superuser to allow zk nodes delete
superUser=mapr
#readuser to allow read zk info for authenticated clients
readUser=anyone
# cldb key location
mapr.cldbkeyfile.location=/opt/mapr/conf/cldb.key
#security provider name
authMech=MAPR-SECURITY
# security auth provider
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
# use maprserverticket not userticket for auth
mapr.usemaprserverticket=true
#
# Added for 3.4.11-mapr
#
# ZK-to-ZK server authentication using MAPR-SASL
# Set quorum.auth.enableSasl=false for insecure cluster, =true for secure cluster
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
#
# Added for 3.5.6-mapr
#
# ZK server-to-server SSL encryption
#
sslQuorum=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/opt/mapr/conf/ssl_keystore.p12
ssl.quorum.keyStore.password=<randomly generated password>
ssl.quorum.trustStore.location=/opt/mapr/conf/ssl_truststore.p12
ssl.quorum.trustStore.password=<randomly generated password>
ssl.quorum.protocol=TLS
ssl.quorum.enabledProtocols=TLSv1.2
# MapR uses the cluster name in the certificates, no host names
ssl.quorum.hostnameVerification=false
#
#  The Jetty Admin Server allows ZK access via a URL
#  Like  http://localhost:8080/commands/stat
#  Default port 8080 may cause conflicts; thus server disabled by default
# admin.serverPort=8080
admin.enableServer=false
#
# For upgrade from an existing 3.4.11 or older that had no snapshots
snapshot.trust.empty=true
#
Warning: maxClientCnxns limits the number of concurrent ZooKeeper connections that a single client machine may make. This value does not set a limit for the whole cluster. The default is 100. If you plan to run more than 100 jobs from a single node, increase this value.
Attention: By default, only authenticated users (users with a valid ticket) are allowed to execute ZooKeeper related commands. To allow all users to execute ZooKeeper related commands, add the entry sessionRequireClientSASLAuth=false to this file and restart ZooKeeper.

Enable Encrypted Quorum Communication

Perform the following steps to enable encrypted quorum communication between ZooKeeper nodes:

  1. Copy all *.p12 certificates from the master CLDB node to all the ZooKeeper nodes.
  2. Set the user and group of all the *.p12 certificates to mapr on all the ZooKeeper nodes.
  3. Set sslQuorum=true in the zoo.cfg file.
  4. Restart ZooKeeper and Warden:
    service mapr-zookeeper restart
    service mapr-warden restart