org.apache.hadoop.security.authentication.util.ZookeeperClient

public class ZookeeperClient extends Object

Utility class to create a CuratorFramework object that can be used to connect to Zookeeper based on configuration values that can be supplied from different configuration properties. It is used from ZKDelegationTokenSecretManager in hadoop-common, and from ZKSignerSecretProvider. The class implements a fluid API to set up all the different properties. A very basic setup would seem like:

   ZookeeperClient.configure()
     .withConnectionString(<connectionString>)
     .create();

Mandatory parameters to be set:

connectionString: A Zookeeper connection string.
if authentication type is set to 'sasl':
- keytab: the location of the keytab to be used for Kerberos authentication
- principal: the Kerberos principal to be used from the supplied Kerberos keytab file.
- jaasLoginEntryName: the login entry name in the JAAS configuration that is created for the KerberosLoginModule to be used by the Zookeeper client code.
if SSL is enabled:
- the location of the Truststore file to be used
- the location of the Keystore file to be used
- if the Truststore is protected by a password, then the password of the Truststore
- if the Keystore is protected by a password, then the password if the Keystore

When using 'sasl' authentication type, the JAAS configuration to be used by the Zookeeper client withing CuratorFramework is set to use the supplied keytab and principal for Kerberos login, moreover an ACL provider is set to provide a default ACL that requires SASL auth and the same principal to have access to the used paths. When using SSL/TLS, the Zookeeper client will set to use the secure channel towards Zookeeper, with the specified Keystore and Truststore. Default values:

authentication type: 'none'
sessionTimeout: either the system property curator-default-session-timeout, or 60 seconds
connectionTimeout: either the system property curator-default-connection-timeout, or 15 seconds
retryPolicy: an ExponentialBackoffRetry, with a starting interval of 1 seconds and 3 retries
zkFactory: a ConfigurableZookeeperFactory instance, to allow SSL setup via ZKClientConfig

See Also:

ZKSignerSecretProvider

Constructor Summary

Constructors

Constructor

Description

ZookeeperClient()
Method Summary

Modifier and Type

Method

Description

static ZookeeperClient

configure()

org.apache.curator.framework.CuratorFramework

create()

ZookeeperClient

enableSSL(boolean enable)

ZookeeperClient

withAuthType(String authType)

ZookeeperClient

withConnectionString(String conn)

ZookeeperClient

withConnectionTimeout(int timeoutMS)

ZookeeperClient

withJaasLoginEntryName(String entryName)

ZookeeperClient

withKeystore(String keystorePath)

ZookeeperClient

withKeystorePassword(String keystorePass)

ZookeeperClient

withKeytab(String keytabPath)

ZookeeperClient

withNamespace(String ns)

ZookeeperClient

withPrincipal(String princ)

ZookeeperClient

withRetryPolicy(org.apache.curator.RetryPolicy policy)

ZookeeperClient

withSessionTimeout(int timeoutMS)

ZookeeperClient

withTruststore(String truststorePath)

ZookeeperClient

withTruststorePassword(String truststorePass)

ZookeeperClient

withZookeeperFactory(org.apache.curator.utils.ZookeeperFactory factory)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- ZookeeperClient
  
  public ZookeeperClient()
Method Details
- configure
  
  public static ZookeeperClient configure()
- withConnectionString
  
  public ZookeeperClient withConnectionString(String conn)
- withNamespace
  
  public ZookeeperClient withNamespace(String ns)
- withAuthType
  
  public ZookeeperClient withAuthType(String authType)
- withKeytab
  
  public ZookeeperClient withKeytab(String keytabPath)
- withPrincipal
  
  public ZookeeperClient withPrincipal(String princ)
- withJaasLoginEntryName
  
  public ZookeeperClient withJaasLoginEntryName(String entryName)
- withSessionTimeout
  
  public ZookeeperClient withSessionTimeout(int timeoutMS)
- withConnectionTimeout
  
  public ZookeeperClient withConnectionTimeout(int timeoutMS)
- withRetryPolicy
  
  public ZookeeperClient withRetryPolicy(org.apache.curator.RetryPolicy policy)
- withZookeeperFactory
  
  public ZookeeperClient withZookeeperFactory(org.apache.curator.utils.ZookeeperFactory factory)
- enableSSL
  
  public ZookeeperClient enableSSL(boolean enable)
- withKeystore
  
  public ZookeeperClient withKeystore(String keystorePath)
- withKeystorePassword
  
  public ZookeeperClient withKeystorePassword(String keystorePass)
- withTruststore
  
  public ZookeeperClient withTruststore(String truststorePath)
- withTruststorePassword
  
  public ZookeeperClient withTruststorePassword(String truststorePass)
- create
  
  public org.apache.curator.framework.CuratorFramework create()

Class ZookeeperClient

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

ZookeeperClient

Method Details

configure

withConnectionString

withNamespace

withAuthType

withKeytab

withPrincipal

withJaasLoginEntryName

withSessionTimeout

withConnectionTimeout

withRetryPolicy

withZookeeperFactory

enableSSL

withKeystore

withKeystorePassword

withTruststore

withTruststorePassword

create