Package org.apache.hadoop.security.authentication.util

Class ZookeeperClient

java.lang.Object

org.apache.hadoop.security.authentication.util.ZookeeperClient

public class ZookeeperClient
extends java.lang.Object

Utility class to create a CuratorFramework object that can be used to connect to Zookeeper based on configuration values that can be supplied from different configuration properties. It is used from ZKDelegationTokenSecretManager in hadoop-common, and from ZKSignerSecretProvider. The class implements a fluid API to set up all the different properties. A very basic setup would seem like:

   ZookeeperClient.configure()
     .withConnectionString(<connectionString>)
     .create();
 

Mandatory parameters to be set:

• connectionString: A Zookeeper connection string.
• if authentication type is set to 'sasl':
  • keytab: the location of the keytab to be used for Kerberos authentication
  • principal: the Kerberos principal to be used from the supplied Kerberos keytab file.
  • jaasLoginEntryName: the login entry name in the JAAS configuration that is created for the KerberosLoginModule to be used by the Zookeeper client code.
• if SSL is enabled:
  • the location of the Truststore file to be used
  • the location of the Keystore file to be used
  • if the Truststore is protected by a password, then the password of the Truststore
  • if the Keystore is protected by a password, then the password if the Keystore

When using 'sasl' authentication type, the JAAS configuration to be used by the Zookeeper client withing CuratorFramework is set to use the supplied keytab and principal for Kerberos login, moreover an ACL provider is set to provide a default ACL that requires SASL auth and the same principal to have access to the used paths. When using SSL/TLS, the Zookeeper client will set to use the secure channel towards Zookeeper, with the specified Keystore and Truststore. Default values:

• authentication type: 'none'
• sessionTimeout: either the system property curator-default-session-timeout, or 60 seconds
• connectionTimeout: either the system property curator-default-connection-timeout, or 15 seconds
• retryPolicy: an ExponentialBackoffRetry, with a starting interval of 1 seconds and 3 retries
• zkFactory: a ConfigurableZookeeperFactory instance, to allow SSL setup via ZKClientConfig

See Also:

ZKSignerSecretProvider

Constructor Summary

Constructors

Constructor	Description
ZookeeperClient()

Method Summary

Modifier and Type	Method	Description
static ZookeeperClient	configure()
org.apache.curator.framework.CuratorFramework	create()
ZookeeperClient	enableSSL(boolean enable)
ZookeeperClient	withAuthType(java.lang.String authType)
ZookeeperClient	withConnectionString(java.lang.String conn)
ZookeeperClient	withConnectionTimeout(int timeoutMS)
ZookeeperClient	withJaasLoginEntryName(java.lang.String entryName)
ZookeeperClient	withKeystore(java.lang.String keystorePath)
ZookeeperClient	withKeystorePassword(java.lang.String keystorePass)
ZookeeperClient	withKeytab(java.lang.String keytabPath)
ZookeeperClient	withNamespace(java.lang.String ns)
ZookeeperClient	withPrincipal(java.lang.String princ)
ZookeeperClient	withRetryPolicy(org.apache.curator.RetryPolicy policy)
ZookeeperClient	withSessionTimeout(int timeoutMS)
ZookeeperClient	withTruststore(java.lang.String truststorePath)
ZookeeperClient	withTruststorePassword(java.lang.String truststorePass)
ZookeeperClient	withZookeeperFactory(org.apache.curator.utils.ZookeeperFactory factory)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ZookeeperClient

public ZookeeperClient()

Method Detail

configure

public static ZookeeperClient configure()

withConnectionString

public ZookeeperClient withConnectionString(java.lang.String conn)

withNamespace

public ZookeeperClient withNamespace(java.lang.String ns)

withAuthType

public ZookeeperClient withAuthType(java.lang.String authType)

withKeytab

public ZookeeperClient withKeytab(java.lang.String keytabPath)

withPrincipal

public ZookeeperClient withPrincipal(java.lang.String princ)

withJaasLoginEntryName

public ZookeeperClient withJaasLoginEntryName(java.lang.String entryName)

withSessionTimeout

public ZookeeperClient withSessionTimeout(int timeoutMS)

withConnectionTimeout

public ZookeeperClient withConnectionTimeout(int timeoutMS)

withRetryPolicy

public ZookeeperClient withRetryPolicy(org.apache.curator.RetryPolicy policy)

withZookeeperFactory

public ZookeeperClient withZookeeperFactory(org.apache.curator.utils.ZookeeperFactory factory)

enableSSL

public ZookeeperClient enableSSL(boolean enable)

withKeystore

public ZookeeperClient withKeystore(java.lang.String keystorePath)

withKeystorePassword

public ZookeeperClient withKeystorePassword(java.lang.String keystorePass)

withTruststore

public ZookeeperClient withTruststore(java.lang.String truststorePath)

withTruststorePassword

public ZookeeperClient withTruststorePassword(java.lang.String truststorePass)

create

public org.apache.curator.framework.CuratorFramework create()