Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9346015
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
33 KB
Subscribers
None
View Options
diff --git a/manifests/init.pp b/manifests/init.pp
index 04f4198..f64e2f2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,165 +1,186 @@
# Class: zookeeper
#
# This module manages ZooKeeper installation
#
#
# Parameters:
# * [global_outstanding_limit] Clients can submit requests faster than ZooKeeper can process them,
# especially if there are a lot of clients. To prevent ZooKeeper from running out of memory due to
# queued requests, ZooKeeper will throttle clients so that there is no more than globalOutstandingLimit
# outstanding requests in the system
#
#
# * [whitelist_4lw] Fine grained control over the set of commands ZooKeeper can execute
#
# whitelist_4lw = ['stat','ruok']
#
class zookeeper (
# meta options
String $ensure = $zookeeper::params::ensure,
Variant[Boolean,String] $ensure_account = $zookeeper::params::ensure_account,
Boolean $ensure_cron = $zookeeper::params::ensure_cron,
String $group = $zookeeper::params::group,
Boolean $system_group = $zookeeper::params::system_group,
Array[String] $packages = $zookeeper::params::packages,
String $shell = $zookeeper::params::shell,
String $user = $zookeeper::params::user,
Boolean $system_user = $zookeeper::params::system_user,
# installation options
Hash $archive_checksum = $zookeeper::params::archive_checksum,
Optional[String] $archive_dl_site = $zookeeper::params::archive_dl_site,
Integer $archive_dl_timeout = $zookeeper::params::archive_dl_timeout,
Optional[String] $archive_dl_url = $zookeeper::params::archive_dl_url,
String $archive_install_dir = $zookeeper::params::archive_install_dir,
Boolean $archive_symlink = $zookeeper::params::archive_symlink,
String $archive_symlink_name = $zookeeper::params::archive_symlink_name,
String $archive_version = $zookeeper::params::archive_version,
Optional[String] $proxy_server = $zookeeper::params::proxy_server,
Optional[String] $proxy_type = $zookeeper::params::proxy_type,
Optional[String] $cdhver = $zookeeper::params::cdhver,
Boolean $install_java = $zookeeper::params::install_java,
String $install_method = $zookeeper::params::install_method,
String $java_bin = $zookeeper::params::java_bin,
String $java_opts = $zookeeper::params::java_opts,
Optional[String] $java_package = $zookeeper::params::java_package,
Optional[Hash] $repo = $zookeeper::params::repo,
# service options
Boolean $manage_service = $zookeeper::params::manage_service,
Boolean $manage_service_file = $zookeeper::params::manage_service_file,
String $pid_dir = $zookeeper::params::pid_dir,
Optional[String] $pid_file = $zookeeper::params::pid_file,
Boolean $restart_on_change = $zookeeper::params::restart_on_change,
String $service_ensure = $zookeeper::params::service_ensure,
String $service_name = $zookeeper::params::service_name,
Optional[String] $service_provider = $zookeeper::params::service_provider,
Optional[String] $systemd_unit_want = $zookeeper::params::systemd_unit_want,
String $systemd_unit_after = $zookeeper::params::systemd_unit_after,
String $systemd_path = $zookeeper::params::systemd_path,
String $zk_dir = $zookeeper::params::zk_dir,
# zookeeper config
String $cfg_dir = $zookeeper::params::cfg_dir,
String $cleanup_sh = $zookeeper::params::cleanup_sh,
Optional[String] $client_ip = $zookeeper::params::client_ip,
Integer $client_port = $zookeeper::params::client_port,
Optional[Integer] $secure_client_port = $zookeeper::params::secure_client_port,
+ Optional[Boolean] $ssl = $zookeeper::params::ssl,
+ Optional[String] $ssl_clientauth = $zookeeper::params::ssl_clientauth,
+ Optional[String] $keystore_location = $zookeeper::params::keystore_location,
+ Optional[String] $keystore_type = $zookeeper::params::keystore_type,
+ Optional[String] $keystore_password = $zookeeper::params::keystore_password,
+ Optional[String] $truststore_location = $zookeeper::params::truststore_location,
+ Optional[String] $truststore_type = $zookeeper::params::truststore_type,
+ Optional[String] $truststore_password = $zookeeper::params::truststore_password,
+ Optional[Boolean] $ssl_hostname_verification = $zookeeper::params::ssl_hostname_verification,
+ Optional[String] $ssl_ciphersuites = $zookeeper::params::ssl_ciphersuites,
+ Optional[String] $ssl_protocol = $zookeeper::params::ssl_protocol,
+ Optional[String] $keystore_quorum_location = $zookeeper::params::keystore_quorum_location,
+ Optional[String] $keystore_quorum_type = $zookeeper::params::keystore_quorum_type,
+ Optional[String] $keystore_quorum_password = $zookeeper::params::keystore_quorum_password,
+ Optional[String] $truststore_quorum_location = $zookeeper::params::truststore_quorum_location,
+ Optional[String] $truststore_quorum_type = $zookeeper::params::truststore_quorum_type,
+ Optional[String] $truststore_quorum_password = $zookeeper::params::truststore_quorum_password,
+ Optional[Boolean] $ssl_quorum_hostname_verification = $zookeeper::params::ssl_quorum_hostname_verification,
+ Optional[String] $ssl_quorum_ciphersuites = $zookeeper::params::ssl_quorum_ciphersuites,
+ Optional[String] $ssl_quorum_protocol = $zookeeper::params::ssl_quorum_protocol,
+ Optional[Boolean] $ssl_quorum = $zookeeper::params::ssl_quorum,
Optional[Boolean] $port_unification = $zookeeper::params::port_unification,
String $datastore = $zookeeper::params::datastore,
Optional[String] $datalogstore = $zookeeper::params::datalogstore,
Integer $election_port = $zookeeper::params::election_port,
String $export_tag = $zookeeper::params::export_tag,
String $id = $zookeeper::params::id,
Integer $init_limit = $zookeeper::params::init_limit,
Boolean $initialize_datastore = $zookeeper::params::initialize_datastore,
String $initialize_datastore_bin = $zookeeper::params::initialize_datastore_bin,
Boolean $leader = $zookeeper::params::leader,
Integer $leader_port = $zookeeper::params::leader_port,
String $log_dir = $zookeeper::params::log_dir,
Boolean $manual_clean = $zookeeper::params::manual_clean,
Optional[Integer] $max_session_timeout = $zookeeper::params::max_session_timeout,
Optional[Integer] $min_session_timeout = $zookeeper::params::min_session_timeout,
Array[String] $observers = $zookeeper::params::observers,
Integer $purge_interval = $zookeeper::params::purge_interval,
Variant[Array[String],Hash[String,String]] $servers = $zookeeper::params::servers,
Integer $pre_alloc_size = $zookeeper::params::pre_alloc_size,
Integer $snap_count = $zookeeper::params::snap_count,
Integer $snap_retain_count = $zookeeper::params::snap_retain_count,
Integer $sync_limit = $zookeeper::params::sync_limit,
Integer $tick_time = $zookeeper::params::tick_time,
Integer $global_outstanding_limit = $zookeeper::params::global_outstanding_limit,
Boolean $use_sasl_auth = $zookeeper::params::use_sasl_auth,
String $zoo_dir = $zookeeper::params::zoo_dir,
String $zoo_main = $zookeeper::params::zoo_main,
Boolean $quorum_listen_on_all_ips = $zookeeper::params::quorum_listen_on_all_ips,
# log4j properties
String $environment_file = $zookeeper::params::environment_file,
String $log4j_prop = $zookeeper::params::log4j_prop,
String $maxfilesize = $zookeeper::params::maxfilesize,
Integer $maxbackupindex = $zookeeper::params::maxbackupindex,
Optional[Integer] $max_allowed_connections = $zookeeper::params::max_allowed_connections,
String $peer_type = $zookeeper::params::peer_type,
String $rollingfile_threshold = $zookeeper::params::rollingfile_threshold,
String $tracefile_threshold = $zookeeper::params::tracefile_threshold,
String $console_threshold = $zookeeper::params::console_threshold,
Hash[String,Hash[String,String]] $extra_appenders = $zookeeper::params::extra_appenders,
# sasl options
Hash[String, String] $sasl_users = $zookeeper::params::sasl_users,
String $keytab_path = $zookeeper::params::keytab_path,
String $principal = $zookeeper::params::principal,
String $realm = $zookeeper::params::realm,
Boolean $sasl_krb5 = $zookeeper::params::sasl_krb5,
Boolean $store_key = $zookeeper::params::store_key,
Boolean $use_keytab = $zookeeper::params::use_keytab,
Boolean $use_ticket_cache = $zookeeper::params::use_ticket_cache,
Boolean $remove_host_principal = $zookeeper::params::remove_host_principal,
Boolean $remove_realm_principal = $zookeeper::params::remove_realm_principal,
# four letter words whitelist
Array[String] $whitelist_4lw = $zookeeper::params::whitelist_4lw,
# Metrics Providers
Optional[String] $metrics_provider_classname = $zookeeper::params::metrics_provider_classname,
Integer $metrics_provider_http_port = $zookeeper::params::metrics_provider_http_port,
Boolean $metrics_provider_export_jvm_info = $zookeeper::params::metrics_provider_export_jvm_info,
) inherits zookeeper::params {
if $pid_file {
$pid_path = $pid_file
} else {
$pid_path = "${pid_dir}/zookeeper.pid"
}
if $zookeeper::ensure_account {
group { $group:
ensure => $ensure_account,
system => $system_group,
}
user { $user:
ensure => $ensure_account,
home => $datastore,
comment => 'Zookeeper',
gid => $group,
shell => $shell,
system => $system_user,
require => Group[$group],
}
}
include zookeeper::install
include zookeeper::config
anchor { 'zookeeper::start': }
-> Class['zookeeper::install']
-> Class['zookeeper::config']
if ($use_sasl_auth) {
include zookeeper::sasl
Class['zookeeper::config']
-> Class['zookeeper::sasl']
-> Class['zookeeper::service']
}
if ($manage_service) and ($service_provider != 'exhibitor') {
include zookeeper::service
Class['zookeeper::config']
-> Class['zookeeper::service']
-> Anchor['zookeeper::end']
}
anchor { 'zookeeper::end': }
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 9c1d417..715e1ea 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,193 +1,214 @@
# OS specific configuration should be defined here
#
# PRIVATE CLASS - do not use directly (use main `zookeeper` class).
class zookeeper::params {
$_defaults = {
'packages' => ['zookeeper'],
}
$os_family = $facts['os']['family']
$os_name = $facts['os']['name']
$os_release = $facts['os']['release']['major']
case $os_family {
'Debian': {
case $os_name {
'Debian', 'Ubuntu': {
$initstyle = 'systemd'
}
default: { $initstyle = undef }
}
$_os_overrides = {
'packages' => ['zookeeper', 'zookeeperd'],
'service_name' => 'zookeeper',
'service_provider' => $initstyle,
'shell' => '/bin/false',
'initialize_datastore_bin' => '/usr/bin/zookeeper-server-initialize'
}
# 'environment' file probably read just by Debian
# see #16, #81
$environment_file = 'environment'
}
'RedHat': {
case $os_name {
'RedHat', 'CentOS': {
if versioncmp($os_release, '7') < 0 {
$initstyle = 'redhat'
} else {
$initstyle = 'systemd'
}
}
default: {
$initstyle = undef
}
}
$_os_overrides = {
'packages' => ['zookeeper', 'zookeeper-server'],
'service_name' => 'zookeeper-server',
'service_provider' => $initstyle,
'shell' => '/sbin/nologin',
'initialize_datastore_bin' => '/usr/bin/zookeeper-server-initialize'
}
$environment_file = 'java.env'
}
'Suse': {
case $os_name {
'SLES': {
$initstyle = 'systemd'
}
default: { $initstyle = undef }
}
$_os_overrides = {
'packages' => ['zookeeper', 'zookeeper-server'],
'service_name' => 'zookeeper-server',
'service_provider' => $initstyle,
'shell' => '/bin/false',
'initialize_datastore_bin' => '/usr/bin/zookeeper-server-initialize'
}
$environment_file = 'java.env'
}
default: {
fail("Module '${module_name}' is not supported on OS: '${os_name}', family: '${os_family}'")
}
}
$_params = merge($_defaults, $_os_overrides)
# meta options
$ensure = present
$ensure_account = present
$ensure_cron = true
$group = 'zookeeper'
$system_group = false
$packages = $_params['packages']
$shell = $_params['shell']
$user = 'zookeeper'
$system_user = false
# installation options
$archive_checksum = {}
$archive_dl_site = undef
$archive_dl_timeout = 600
$archive_dl_url = undef
$archive_install_dir = '/opt'
$archive_symlink = true
$archive_symlink_name = "${archive_install_dir}/zookeeper"
$archive_version = '3.4.8'
$cdhver = '5'
$install_java = false
$install_method = 'package'
$java_bin = '/usr/bin/java'
$java_opts = ''
$java_package = undef
$repo = undef
$proxy_server = undef
$proxy_type = undef
# service options
$manage_service = true
$manage_service_file = false
$pid_dir = '/var/run'
$pid_file = undef
$restart_on_change = true
$service_ensure = 'running'
$service_name = $_params['service_name']
$service_provider = $_params['service_provider']
# systemd_unit_want and _after can be overridden to
# donate the matching directives in the [Unit] section
$systemd_unit_want = undef
$systemd_unit_after = 'network.target'
$systemd_path = '/etc/systemd/system'
$zk_dir = '/etc/zookeeper'
# zookeeper config
$cfg_dir = '/etc/zookeeper/conf'
$cleanup_sh = '/usr/share/zookeeper/bin/zkCleanup.sh'
$client_ip = undef # use e.g. $::ipaddress if you want to bind to single interface
$client_port = 2181
$secure_client_port = undef
+ $ssl = false
+ $ssl_protocol = 'TLSv1.2'
+ $ssl_ciphersuites = ''
+ $ssl_hostname_verification = true
+ $ssl_clientauth = 'none'
+ $keystore_location = "/etc/zookeeper/conf/keystores/${::fqdn}.pem"
+ $keystore_type = 'PEM'
+ $keystore_password = undef
+ $truststore_location = '/etc/ssl/certs/ca-certificates.crt'
+ $truststore_type = 'PEM'
+ $truststore_password = undef
+ $keystore_quorum_location = "/etc/zookeeper/conf/keystores/${::fqdn}.pem"
+ $keystore_quorum_type = 'PEM'
+ $keystore_quorum_password = undef
+ $truststore_quorum_location = '/etc/ssl/certs/ca-certificates.crt'
+ $truststore_quorum_password = undef
+ $truststore_quorum_type = 'PEM'
+ $ssl_quorum_ciphersuites = ''
+ $ssl_quorum_hostname_verification = true
+ $ssl_quorum_protocol = 'TLSv1.2'
+ $ssl_quorum = false
$quorum_listen_on_all_ips = false
$port_unification = undef
$datastore = '/var/lib/zookeeper'
# datalogstore used to put transaction logs in separate location than snapshots
$datalogstore = undef
$election_port = 2888
$export_tag = 'zookeeper'
$id = '1'
$init_limit = 10
$initialize_datastore = false
$initialize_datastore_bin = $_params['initialize_datastore_bin']
$leader = true
$leader_port = 3888
$log_dir = '/var/log/zookeeper'
$manual_clean = false
$max_allowed_connections = undef
$max_session_timeout = undef
$min_session_timeout = undef
$observers = []
# interval in hours, purging enabled when >= 1
$purge_interval = 0
$servers = []
$pre_alloc_size = 65536
$snap_count = 10000
# since zookeeper 3.4, for earlier version cron task might be used
$snap_retain_count = 3
$sync_limit = 5
$tick_time = 2000
$global_outstanding_limit = 1000
$use_sasl_auth = false
$zoo_dir = '/usr/lib/zookeeper'
$zoo_main = 'org.apache.zookeeper.server.quorum.QuorumPeerMain'
# log4j properties
$log4j_prop = 'INFO,ROLLINGFILE'
$peer_type = 'UNSET'
$rollingfile_threshold = 'INFO'
$console_threshold = 'INFO'
$tracefile_threshold = 'TRACE'
$maxfilesize = '256MB'
$maxbackupindex = 20
$extra_appenders = {}
# sasl options
$sasl_krb5 = true
$sasl_users = {}
$keytab_path = '/etc/zookeeper/conf/zookeeper.keytab'
$principal = "zookeeper/${facts['networking']['fqdn']}"
$realm = pick($trusted['domain'], $trusted['certname'], 'puppet')
$store_key = true
$use_keytab = true
$use_ticket_cache = false
$remove_host_principal = false
$remove_realm_principal = false
# whitelist of Four Letter Words commands, see https://zookeeper.apache.org/doc/r3.4.12/zookeeperAdmin.html#sc_zkCommands
$whitelist_4lw = []
# Metrics Providers
$metrics_provider_classname = undef
$metrics_provider_http_port = 7000
$metrics_provider_export_jvm_info = true
}
diff --git a/templates/conf/zoo.cfg.erb b/templates/conf/zoo.cfg.erb
index 8d5e7fd..592d778 100644
--- a/templates/conf/zoo.cfg.erb
+++ b/templates/conf/zoo.cfg.erb
@@ -1,165 +1,230 @@
# http://hadoop.apache.org/zookeeper/docs/current/zookeeperAdmin.html
# The number of milliseconds of each tick
tickTime=<%= scope.lookupvar("zookeeper::tick_time") %>
# The number of ticks that the initial
# synchronization phase can take
initLimit=<%= scope.lookupvar("zookeeper::init_limit") %>
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=<%= scope.lookupvar("zookeeper::sync_limit") %>
# ZooKeeper will throttle clients so that there is no more than globalOutstandingLimit outstanding requests in the system.
globalOutstandingLimit=<%= scope.lookupvar('zookeeper::global_outstanding_limit') %>
# the directory where the snapshot is stored.
dataDir=<%= scope.lookupvar("zookeeper::datastore") %>
# Place the dataLogDir to a separate physical disc for better performance
<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::datalogstore")) -%>
dataLogDir=<%= scope.lookupvar("zookeeper::datalogstore") %>
<% else -%>
# dataLogDir=/disk2/zookeeper
<% end -%>
# the port at which the clients will connect
clientPort=<%= scope.lookupvar("zookeeper::client_port") %>
# interface to bind
<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::client_ip")) -%>
clientPortAddress=<%= scope.lookupvar("zookeeper::client_ip") %>
<% else -%>
#clientPortAddress=
<% end -%>
-# Supported since 3.5.1
-<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::secure_client_port")) -%>
-secureClientPort=<%= scope.lookupvar("zookeeper::secure_client_port") %>
-<% else -%>
-#secureClientPort=2281
-<% end -%>
-# Supported since 3.5.5
-<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::port_unification")) -%>
-portUnification=<%= scope.lookupvar("zookeeper::port_unification") %>
-<% end -%>
-
# specify all zookeeper servers
# The first port is used by followers to connect to the leader
# The second one is used for leader election
#server.1=zookeeper1:2888:3888
#server.2=zookeeper2:2888:3888
#server.3=zookeeper3:2888:3888
<%- if scope.lookupvar("zookeeper::servers").is_a?(Hash) -%>
<%- _servers = scope.lookupvar("zookeeper::servers") -%>
<% else -%>
<%# make sure @servers is a hash -%>
<%- _servers = Hash.new -%>
<%- scope.lookupvar("zookeeper::servers").map.each_with_index {|e, i| _servers[i + 1] = e } -%>
<%- end -%>
<%- _servers.each_pair do |id, host| -%>
<%# make sure port is not included in hostname -%>
<%- if host.index(':') -%>
<%- host = host[0...(host.index(':'))] -%>
<%- end -%>
<%- if scope.lookupvar("zookeeper::observers").include? host -%>
<%- observer_text=':observer' -%>
<%- end -%>
<%= "server.#{id}=#{host}:%s:%s%s" % [scope.lookupvar("zookeeper::election_port"), scope.lookupvar("zookeeper::leader_port"), observer_text ] %>
<%- end -%>
# Bind election_port and leader_port to all interfaces (0.0.0.0)
quorumListenOnAllIPs=<%= scope.lookupvar("zookeeper::quorum_listen_on_all_ips") %>
# To avoid seeks ZooKeeper allocates space in the transaction log file in
# blocks of preAllocSize kilobytes. The default block size is 64M. One reason
# for changing the size of the blocks is to reduce the block size if snapshots
# are taken more often. (Also, see snapCount).
preAllocSize=<%= scope.lookupvar("zookeeper::pre_alloc_size") %>
# Clients can submit requests faster than ZooKeeper can process them,
# especially if there are a lot of clients. To prevent ZooKeeper from running
# out of memory due to queued requests, ZooKeeper will throttle clients so that
# there is no more than globalOutstandingLimit outstanding requests in the
# system. The default limit is 1,000.ZooKeeper logs transactions to a
# transaction log. After snapCount transactions are written to a log file a
# snapshot is started and a new transaction log file is started. The default
# snapCount is 10,000.
snapCount=<%= scope.lookupvar("zookeeper::snap_count") %>
# If this option is defined, requests will be will logged to a trace file named
# traceFile.year.month.day.
#traceFile=
# Leader accepts client connections. Default value is "yes". The leader machine
# coordinates updates. For higher update throughput at thes slight expense of
# read throughput the leader can be configured to not accept clients and focus
# on coordination.
<% if scope.lookupvar("zookeeper::leader") -%>
leaderServes=yes
<% else -%>
leaderServes=no
<% end -%>
# Since 3.4.0: When enabled, ZooKeeper auto purge feature retains the autopurge.
# snapRetainCount most recent snapshots and the corresponding transaction logs
# in the dataDir and dataLogDir respectively and deletes the rest.
# Defaults to 3. Minimum value is 3.
autopurge.snapRetainCount=<%= scope.lookupvar("zookeeper::snap_retain_count") %>
# Since 3.4.0: The time interval in hours for which the purge task has to be
# triggered. Set to a positive integer (1 and above) to enable the auto purging.
# Defaults to 0.
autopurge.purgeInterval=<%= scope.lookupvar("zookeeper::purge_interval") %>
# Maximum allowed connections
<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::max_allowed_connections")) -%>
maxClientCnxns=<%= scope.lookupvar("zookeeper::max_allowed_connections") %>
<% else -%>
#maxClientCnxns=60
<% end -%>
<% if scope.lookupvar("zookeeper::peer_type") != 'UNSET' -%>
# Zookeeper peer type
peerType=<%= scope.lookupvar("zookeeper::peer_type") %>
<% end -%>
# The minimum session timeout in milliseconds that the server will allow the # client to negotiate. Defaults to 2 times the tickTime.
<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::min_session_timeout")) -%>
minSessionTimeout=<%= scope.lookupvar("zookeeper::min_session_timeout") %>
<% else -%>
#minSessionTimeout=2
<% end -%>
# The maximum session timeout in milliseconds that the server will allow the # client to negotiate. Defaults to 20 times the tickTime.
<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::max_session_timeout")) -%>
maxSessionTimeout=<%= scope.lookupvar("zookeeper::max_session_timeout") %>
<% else -%>
#maxSessionTimeout=20
<% end -%>
<% if scope.lookupvar("zookeeper::use_sasl_auth") -%>
# Enable SASL authentication and use the default provider/renew provided by cloudera
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
<% if scope.lookupvar("zookeeper::remove_host_principal") -%>
kerberos.removeHostFromPrincipal=true
<% end -%>
<% if scope.lookupvar("zookeeper::remove_realm_principal") -%>
kerberos.removeRealmFromPrincipal=true
<% end -%>
<% end -%>
+<% if scope.lookupvar("zookeeper::ssl") -%>
+# Supported since 3.5.1
+<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::secure_client_port")) -%>
+secureClientPort=<%= scope.lookupvar("zookeeper::secure_client_port") %>
+<% else -%>
+#secureClientPort=2281
+<% end -%>
+# Supported since 3.5.5
+<% if ! [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::port_unification")) -%>
+portUnification=<%= scope.lookupvar("zookeeper::port_unification") %>
+<% end -%>
+
+# Client TLS configuration
+serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
+# Force TLS version
+ssl.protocol=<%= scope.lookupvar("zookeeper::ssl_protocol") %>
+# Hostname verification (default yes)
+ssl.hostnameVerification=<%= scope.lookupvar("zookeeper::ssl_hostname_verification") %>
+# Client authentication
+ssl.clientAuth=<%= scope.lookupvar("zookeeper::ssl_clientauth") %>
+
+## Hint: if PEM is used, private key must be in PKCS#8 format
+# Line must begin with "-----BEGIN PRIVATE KEY-----"
+# and not "-----BEGIN RSA PRIVATE KEY-----"
+# Client TLS configuration
+ssl.keyStore.location=<%= scope.lookupvar("zookeeper::keystore_location") %>
+ssl.keyStore.type=<%= scope.lookupvar("zookeeper::keystore_type") %>
+<% if scope.lookupvar("zookeeper::keystore_password") %>
+ssl.keyStore.password=<%= scope.lookupvar("zookeeper::keystore_password") %>
+<% end -%>
+
+
+## Hint: if PEM is used, private key must be in PKCS#8 format
+# Line must begin with "-----BEGIN PRIVATE KEY-----"
+# and not "-----BEGIN RSA PRIVATE KEY-----"
+ssl.trustStore.location=<%= scope.lookupvar("zookeeper::truststore_location") %>
+ssl.trustStore.type=<%= scope.lookupvar("zookeeper::keystore_type") %>
+<% if scope.lookupvar("zookeeper::truststore_password") %>
+ssl.trustStore.password=<%= scope.lookupvar("zookeeper::truststore_password") %>
+<% end -%>
+<% if scope.lookupvar("zookeeper::zookeeper:ssl_ciphersuites") %>
+# Set allowed Ciphers
+ssl.ciphersuites=<%= scope.lookupvar("zookeeper:ssl_ciphersuites") %>
+<% end -%>
+
+# Server TLS configuration
+sslQuorum=<%= scope.lookupvar("zookeeper::ssl_quorum") %>
+# Force TLS version
+ssl.quorum.protocol=<%= scope.lookupvar("zookeeper::ssl_quorum_protocol") %>
+# Hostname verification from node to node (default yes)
+ssl.quorum.hostnameVerification=<%= scope.lookupvar("zookeeper::ssl_quorum_hostname_verification") %>
+
+## Hint: if PEM is used, private key must be in PKCS#8 format
+# Line must begin with "-----BEGIN PRIVATE KEY-----"
+# and not "-----BEGIN RSA PRIVATE KEY-----"
+ssl.quorum.keyStore.location=<%= scope.lookupvar("zookeeper::keystore_quorum_location") %>
+ssl.quorum.keyStore.type=<%= scope.lookupvar("zookeeper::keystore_quorum_type") %>
+<% if scope.lookupvar("zookeeper::keystore_keystore_quorum_password") %>
+ssl.quorum.keyStore.password=<%= scope.lookupvar("zookeeper::keystore_quorum_password") %>
+<% end -%>
+
+ssl.quorum.trustStore.type=<%= scope.lookupvar("zookeeper::keystore_quorum_type") %>
+## Hint: if PEM is used, private key must be in PKCS#8 format
+# Line must begin with "-----BEGIN PRIVATE KEY-----"
+# and not "-----BEGIN RSA PRIVATE KEY-----"
+ssl.quorum.trustStore.location=<%= scope.lookupvar("zookeeper::truststore_quorum_location") %>
+<% if scope.lookupvar("zookeeper::truststore_quorum_password") %>
+ssl.quorum.trustStore.password=<%= scope.lookupvar("zookeeper::truststore_quorum_password") %>
+<% end -%>
+
+<% if scope.lookupvar("zookeeper::zookeeper:ssl_quorum_ciphersuites") %>
+# Set allowed Ciphers
+ssl.quorum.ciphersuites=<%=ssl.ciphersuites=scope.lookupvar("zookeeper:ssl_quorum_ciphersuites") %>
+<% end -%>
+<% end -%>
+
<% unless scope.lookupvar("zookeeper::whitelist_4lw").empty? -%>
# Supported since 3.4.10
4lw.commands.whitelist=<%= scope.lookupvar("zookeeper::whitelist_4lw").join(',') %>
<% end -%>
# Supported since 3.6
## Metrics Providers
#
# https://prometheus.io Metrics Exporter
<% unless [nil, :undefined, :undef].include?(scope.lookupvar("zookeeper::metrics_provider_classname")) -%>
metricsProvider.className=<%= scope.lookupvar("zookeeper::metrics_provider_classname") %>
metricsProvider.httpPort=<%= scope.lookupvar("zookeeper::metrics_provider_http_port") %>
metricsProvider.exportJvmInfo=<%= scope.lookupvar("zookeeper::metrics_provider_export_jvm_info") %>
<% else -%>
#metricsProvider.className=org.apache.zookeeper.metrics.prometheus.PrometheusMetricsProvider
#metricsProvider.httpPort=7000
#metricsProvider.exportJvmInfo=true
<% end -%>
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Jul 4, 3:40 PM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3251121
Attached To
R146 puppet-deric-zookeeper
Event Timeline
Log In to Comment