The file
/opt/mapr/zookeeper/zookeeper-
$version
/conf/zoo.cfg
specifies ZooKeeper configuration parameters.
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=20
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=10
# the directory where the snapshot is stored.
dataDir=/opt/mapr/zkdata
# the port at which the clients will connect
clientPort=5181
# max number of client connections
maxClientCnxns=1000
#autopurge interval - 24 hours
autopurge.purgeInterval=24
#superuser to allow zk nodes delete
superUser=mapr
#readuser to allow read zk info for authenticated clients
readUser=anyone
# cldb key location
mapr.cldbkeyfile.location=/opt/mapr/conf/cldb.key
#security provider name
authMech=MAPR-SECURITY
# security auth provider
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
# use maprserverticket not userticket for auth
mapr.usemaprserverticket=true
# Added for 3.4.11-mapr
# ZK-to-ZK server authentication using MAPR-SASL
# Set quorum.auth.enableSasl=false for insecure cluster, =true for secure cluster
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
# Added for 3.5.6-mapr
# ZK server-to-server SSL encryption
sslQuorum=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/opt/mapr/conf/ssl_keystore.p12
ssl.quorum.keyStore.password=<randomly generated password>
ssl.quorum.trustStore.location=/opt/mapr/conf/ssl_truststore.p12
ssl.quorum.trustStore.password=<randomly generated password>
ssl.quorum.protocol=TLS
ssl.quorum.enabledProtocols=TLSv1.2
# MapR uses the cluster name in the certificates, no host names
ssl.quorum.hostnameVerification=false
# The Jetty Admin Server allows ZK access via a URL
# Like http://localhost:8080/commands/stat
# Default port 8080 may cause conflicts; thus server disabled by default
# admin.serverPort=8080
admin.enableServer=false
# For upgrade from an existing 3.4.11 or older that had no snapshots
snapshot.trust.empty=true
WARNING
maxClientCnxns limits the number of concurrent ZooKeeper connections
that a single client machine may make. This value does not set a limit for the whole
cluster. The default is 100. If you plan to run more than 100 jobs from a single node,
increase this value.
ATTENTION
By default, only
authenticated users (users with a valid
ticket) are allowed to execute ZooKeeper related commands. To allow
all users to
execute ZooKeeper related commands, add the entry
sessionRequireClientSASLAuth=false to this file and restart
ZooKeeper.
Enable Encrypted Quorum Communication
Perform the following steps to enable encrypted quorum communication between ZooKeeper nodes:
Copy all *.p12 certificates from the master CLDB node to all the
ZooKeeper nodes.
Set the user and group of all the *.p12 certificates to
mapr on all the ZooKeeper nodes.
Set sslQuorum=true in the zoo.cfg file.
Restart ZooKeeper and Warden:
service mapr-zookeeper restart
service mapr-warden restart
Abstract
This site contains documentation for the customer-managed platform of the HPE Ezmeral
Data Fabric version 7.10.0 including
installation, configuration, administration, and reference content, as well as content for the
associated bundled ecosystem components and drivers.
Published
September 2025
Edition
7.10.0
Topic last updated2021-02-25
