Non-Ambari Cluster Installation Guide
Also available as:
PDF
loading table of contents...

ZooKeeper Configuration

[Note]Note

The steps in this section only need to be performed once for the HDP cluster. If this task has been done to secure HBase for example, then there is no need to repeat these ZooKeeper steps if the YARN cluster uses the same ZooKeeper server.

  1. Create a keytab for ZooKeeper called zookeeper.service.keytab and save it to /etc/security/keytabs.

    sudo kadmin.local -q "ktadd -k /tmp/zk.keytab zookeeper/ <ZOOKEEPER_HOSTNAME>@STORM.EXAMPLE.COM"
  2. Add the following to the zoo.cfg file:

    authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
    jaasLoginRenew=3600000
    kerberos.removeHostFromPrincipal=true
    kerberos.removeRealmFromPrincipal=true
  3. Create the zookeeper_client_jaas.conf file.

    Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=false
    useTicketCache=true;
    };
  4. Create the zookeeper_jaas.conf file.

    Server {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    useTicketCache=false
    keyTab="$PATH_TO_ZOOKEEPER_KEYTAB" 
    (such as"/etc/security/keytabs/zookeeper.service.keytab")
    principal="zookeeper/$HOST";
    (such as "zookeeper/xuan-sec-yarn-ha-2.novalocal@SCL42.HORTONWORKS.COM";)
    };
    
  5. Add the following information to zookeeper-env-sh:

    export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/zookeeper_client_jaas.conf"
    export SERVER_JVMFLAGS="-Xmx1024m 
    -Djava.security.auth.login.config=/etc/zookeeper/conf/zookeeper_jaas.conf"