Apache ZooKeeper on Kubernetes and Zookeeper Security
Introduction to Apache ZooKeeper
Apache ZooKeeper is a software plan of Apache Software Foundation. This is essentially a centralized service for the distributed systems for hierarchical key-value collection, which is used to provide synchronization services, distributed configuration services, and naming registry for the large distributed systems. ZooKeeper is a centralized service for naming, configuration information, providing group services, and providing distributed synchronization. All these types of services are used by applications distributed in some form or the other. Every time they are applied, there is a lot of work that goes into fixing the condition of bugs. Due to difficulty in using these types of services, the applications initially tend to skimp on them, which make them brittle in the presence of change and are challenging to manage. Even when done correctly, the management implementations of these services lead to management complexity when deployed. This article will describe all the steps required to install Apache ZooKeeper on AWS.
Apache ZooKeeper Architecture
Apache ZooKeeper follows Client-Server architecture where servers are nodes that provides the service and clients are nodes (i.e., machine) That makes use of the service.
Client — To access information from the server-client node in distributed applications cluster Is used. The client sends a message to the server to let the server know that the client is alive, and the client automatically resends the message to another server if there is no response from the connected server received.
Server — An acknowledgement will give by the server to the client to inform that server is alive, and the server provides all services to clients.
Leader — If any of the server nodes become failed, this server node will perform recovery automatically.
Apache ZooKeeper Security
Apache ZooKeeper uses Access Control List or ACLs to control access to their znodes which are the data nodes of the ZooKeeper data tree.
Access Control List is relatively similar to UNIX file access permissions, and it uses permission bits to allow or disallow various operations against a node and their scope to which the bits apply. Unlike standard permissions in UNIX, ZooKeeper is not only three standard scopes for the user, group, and world. ZooKeeper did not have a notion for an owner of znode. Instead, an Access Control List specifies sets of permissions and ids that are associated with those ids.
Access Control List (ACLs) Permissions
Following permissions are supported by ZooKeeper -
- CREATE — use for creating a child node
- READ — used for getting data from a node and lists its children
- WRITE — use for setting data for a node
- DELETE — used for deleting a child node
- ADMIN — use for setting permissions
Installation of Apache ZooKeeper on AWS EC2 Instance
Prerequisites — An AWS EC2 instance with Amazon Linux AMI with java
Steps to install Apache ZooKeeper on AWS -
Step 1 — Connect to your instance, using SSH
ssh -i /path/to/my-key-pair.pem ec2-user@ec2-18-222-212-204.us-east- 2.compute.amazonaws.com
Step 2 — Download ZooKeeper by the following command.
wget https://www-us.apache.org/dist/zookeeper/stable/zookeeper-3.4.12.tar.gz
Step 3 — Extract and install ZooKeeper by the following command
tar -xzf zookeeper-3.4.12.tar.gz sudo mv zookeeper-3.4.12 /usr/local/zookeeper
Step 4 — Create a data directory by the following command
sudo mkdir /var/lib/zookeeper
Step 5: Use the sample configuration file of ZooKeeper as a base
sudo cp /usr/local/zookeeper/conf/zoo_sample.cfg /usr/local/zookeeper/conf/zoo.cfg
By default when launching the Jar file, this zoo.cfg file will be used
Step 6: Change the dataDir parameter in the file
dataDir=/var/lib/zookeeper
A Holistic Strategy
AWS Managed Apache ZooKeeper solutions to build a centralized service for managing configuration data and naming registry for large distributed systems. To know more about AWS and ZooKeeper Solutions we recommend taking the following steps -
- Understand How to Secure Apache Zookeeper with Kerberos
- Learn more about XenonStack Amazon Web Services Solutions
- Get an insight about Apache Spark Installation on AWS
Originally published at https://www.xenonstack.com on May 16, 2019.