Category: Zookeeper

Zookeeper Kerberos Installation

We are going to install Zookeeper. Ensure you install Kerberos.

This assumes your hostname is “hadoop”

Install Java JDK

  1. apt-get update
  2. apt-get upgrade
  3. apt-get install default-jdk

Download Zookeeper:

  1. wget http://apache.forsale.plus/zookeeper/zookeeper-3.4.13/zookeeper-3.4.13.tar.gz
  2. tar -zxvf zookeeper-3.4.13.tar.gz
  3. sudo mv zookeeper-3.4.13 /usr/local/zookeeper/
  4. sudo chown -R root:hadoopuser /usr/local/zookeeper/

Setup .bashrc:

  1.  sudo nano ~/.bashrc

Add the following to the end of the file.

#ZOOKEEPER VARIABLES START
export ZOOKEEPER_HOME=/usr/local/zookeeper
export PATH=$PATH:$ZOOKEEPER_HOME/bin
#ZOOKEEPER VARIABLES STOP

  1.  source ~/.bashrc

Create Kerberos Principals

  1. cd /etc/security/keytabs
  2. sudo kadmin.local
  3. addprinc -randkey zookeeper/hadoop@REALM.CA
  4. xst -kt zookeeper.service.keytab zookeeper/hadoop@REALM.CA
  5. q

Set Keytab Permissions/Ownership

  1. sudo chown root:hadoopuser /etc/security/keytabs/*
  2. sudo chmod 750 /etc/security/keytabs/*

zoo.cfg

  1. cd /usr/local/zookeeper/conf/
  2. cp zoo_sample.cfg zoo.cfg
  3. nano zoo.cfg

# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=/usr/local/zookeeper/data
# the port at which the clients will connect
clientPort=2181
# the maximum number of client connections.
# increase this if you need to handle more clients
#maxClientCnxns=60
#
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
#
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
#
# The number of snapshots to retain in dataDir
#autopurge.snapRetainCount=3
# Purge task interval in hours
# Set to “0” to disable auto purge feature
#autopurge.purgeInterval=1

server.1=hadoop:2888:3888

authProvider.1 = org.apache.zookeeper.server.auth.SASLAuthenticationProvider
kerberos.removeHostFromPrincipal = true
kerberos.removeRealmFromPrincipal = true
jaasLoginRenew=3600000

java.env

  1. cd /usr/local/zookeeper/conf/
  2. touch java.env
  3. nano java.env

ZOO_LOG4J_PROP=”INFO,ROLLINGFILE”
ZOO_LOG_DIR=”/usr/local/zookeeper/logs”

zookeeper_client_jaas.conf

  1. cd /usr/local/zookeeper/conf/
  2. touch zookeeper_client_jaas.conf
  3. nano zookeeper_client_jaas.conf

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

zookeeper_jaas.conf

  1. cd /usr/local/zookeeper/conf/
  2. touch zookeeper_jaas.conf
  3. nano zookeeper_jaas.conf

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab=”/etc/security/keytabs/zookeeper.service.keytab”
principal=”zookeeper/hadoop@REALM.CA”;
};

zkServer.sh

  1. cd /usr/local/zookeeper/bin/
  2. nano zkServer.sh
  3.  
  4. #Add the following at the top
  5.  
  6. export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/usr/local/zookeeper/conf/zookeeper_client_jaas.conf"
  7. export SERVER_JVMFLAGS="-Xmx1024m -Djava.security.auth.login.config=/usr/local/zookeeper/conf/zookeeper_jaas.conf"

zkCli.sh

  1. cd /usr/local/zookeeper/bin/
  2. nano zkCli.sh
  3.  
  4. #Add the following at the top
  5.  
  6. export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/usr/local/zookeeper/conf/zookeeper_client_jaas.conf"
  7. export SERVER_JVMFLAGS="-Xmx1024m -Djava.security.auth.login.config=/usr/local/zookeeper/conf/zookeeper_jaas.conf"

MkDir

  1. mkdir /usr/local/zookeeper/data/
  2. mkdir /usr/local/zookeeper/logs/
  3.  
  4. echo "1" > /usr/local/zookeeper/data/myid
  5.  
  6. sudo chown -R hduser:hduser /usr/local/zookeeper

Auto Start

  1. crontab -e
  2.  
  3. #Add the following
  4. @reboot /usr/local/zookeeper/bin/zkServer.sh start

Run Client

  1. kinit -kt /etc/security/keytabs/zookeeper.service.keytab zookeeper/hadoop@REALM.CA
  2. ./zkCli.sh -server 127.0.0.1:2181
  3.  
  4. #Now you can list all directories
  5. ls /
  6.  
  7. #Or delete directories
  8.  
  9. rmr /folder

References

https://my-bigdata-blog.blogspot.com/2017/07/apache-Zookeeper-install-Ubuntu.html
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_command-line-installation/content/zookeeper_configuration.html
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_command-line-installation/content/securing_zookeeper_with_kerberos.html