Learn about the known issues in Zookeeper, the impact or changes to the functionality,
and the workaround.
- Zookeeper-client does not use ZooKeeper TLS/SSL automatically
- The command-line tool ‘zookeeper-client’ is installed to all Cloudera Nodes and it can
be used to start the default Java command line ZooKeeper client. However even when
ZooKeeper TLS/SSL is enabled, the zookeeper-client command connects to localhost:2181,
without using TLS/SSL.
- Manually configure the 2182 port, when zookeeper-client connects to a ZooKeeper
cluster.The following is an example of connecting to a specific three-node ZooKeeper
cluster using TLS/SSL:
CLIENT_JVMFLAGS="-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.ssl.keyStore.location=<path to your configured keystore> -Dzookeeper.ssl.keyStore.password=<the password you configured for the keystore> -Dzookeeper.ssl.trustStore.location=<path to your configured truststore> -Dzookeeper.ssl.trustStore.password=<the password you configured for the truststore> -Dzookeeper.client.secure=true" zookeeper-client -server <your.zookeeper.server-1>:2182,<your.zookeeper.server-2>:2182,<your.zookeeper.server-3>:2182