...
Code Block | ||
---|---|---|
| ||
quorum.auth.enableSasl=true quorum.auth.learnerRequireSasl=true quorum.auth.serverRequireSasl=true quorum.auth.learner.loginContextsaslLoginContext=QuorumLearner quorum.auth.server.loginContextsaslLoginContext=QuorumServer quorum.auth.kerberos.servicePrincipal=servicename/_HOST quorum.cnxn.threads.size=20 |
Sets to enable quorum authentication using SASL.
Code Block title zoo.cfg # Defaulting to false quorum.auth.enableSasl=true
Sets to connect using quorum authentication. If this is true, quorum peer learner will send authentication packet to quorum peer server then proceeds with LE on successful authentication. If false, then proceeds with LE without any authentication. This can be used while upgrading ZooKeeper server.
Code Block title zoo.cfg # Defaulting to false quorum.auth.learnerRequireSasl=true
Sets to connect using quorum authentication. If this is true, then all unauthenticated quorum peer learner connection requests will be rejected. If false, then quorum peer server will accept quorum peer learner connection request and then proceeds with Leader Election even if the authentication did not succeed. This can be used while upgrading ZK server.
Code Block title zoo.cfg # Defaulting to false quorum.auth.serverRequireSasl=true
(Optional) If you want to use different login context for learner/server other than the default values, then configure the following.
Code Block title zoo.cfg # Defaulting to QuorumLearner quorum.auth.learner.loginContextsaslLoginContext=QuorumLearner # Defaulting to QuorumServer quorum.auth.server.loginContextsaslLoginContext=QuorumServer
The maximum number of threads to allow in the “
connectionExecutors
” thread pool, which will be used to process quorum server connection requests during Leader Election. This has to be tuned depending on the cluster size. For example, consider a 3-node cluster, during quorum formation at least 3 outgoing connection requests and 3 incoming connection requests will occur. So total 6 threads will be used. It is recommended to configure2x
number of threads for smooth execution, where'x'
represents the cluster size.Code Block title zoo.cfg # Defaulting to 20 quorum.cnxn.threads.size=20
...
ZooKeeper servers will talk to each other using the credentials configured in “jaas/file.conf
” file. They will act like learner-server when creating connections during quorum formation. Set up the Java Authentication and Authorization Service (JAAS) by creating a “jaas/file.conf
” file in the ZooKeeper configuration directory and add configuration entries into this file specific to your selected authentication schemes.
Following section describes the details of supported authentication schemes, Kerberos
or DIGEST-MD5
.
...
Code Block | ||
---|---|---|
| ||
server.1=FQDN1:port:port server.2=FQDN2:port:port server.3=FQDN3:port:port |
...
DIGEST-MD5 based authentication
...