Upload File

Download - Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

Transcript
Page 1: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

Securely explore your data

ZOOKEEPER,ACCUMULO AND YOU

Michael Allen

Architect

Sqrrl Data, Inc.

Page 2: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

THE CASE OF THE DEAD TSERVER

Why when I close my laptop does

my tablet server die?

Page 3: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ACCUMULO CLUSTER

Worker

Hadoop

DataNode

Accumulo

Tserver

Worker

Hadoop

DataNode

Accumulo

Tserver

Accumulo

Master

Zookeeper

Cluster

Hadoop

NameNod

e

Page 4: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER CLUSTER

Zookeeper

Cluster

Page 5: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER CLUSTER

Zookeeper

Cluster

Page 6: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER CLUSTER

Zookeeper

Node

Zookeeper

Node

Zookeeper

Node

Page 7: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER CLUSTER

Zookeeper

Node

Zookeeper

Node

Zookeeper

Node

Zookeeper

Node

Zookeeper

Node

Page 8: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

WHAT'S ZOOKEEPER GOOD AT?

Small amounts of data

Consistent across cluster

Fast reads

(in memory)

Total order of operations

Zab

Page 9: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER DATA

Zookeeper Node

Page 10: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER DATA

Zookeeper Node

/

/accumulo

/accumulo/instances

Page 11: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER DATA

Zookeeper Node

/

/accumulo

/accumulo/instances

834c234-cd2731

Page 12: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZOOKEEPER CLIENTS

Zookeeper Node

Zookeeper

Client

2181/tcp

Random long client ID and random password

Keep alive ping

Page 13: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

EPHEMERAL NODES

Zookeeper Node

Ephemeral node

Page 14: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

SEQUENTIAL NODES

Zookeeper Node

5

Sequential nodes

6

Page 15: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

WATCHES

Zookeeper Node

5 6

Page 16: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ACCUMULO DATA IN ZOOKEEPER

/

accumulo

cf7c5ecd-0c3c-4d5c-aed2-36d9ca076976

user

monitor

root_tablet

gc table_locks hdfs_reservationsnamespaces recoveryfate

tservers tables

next_filetracers

config

dead bulk_failed_copyqmasters

instances

Page 17: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

tservers

zlock-0000000000

server1.companyco.com:9997

TSERVERS

zlock-0000000000

server2.compnyco.com:9997

Page 18: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

config

gc.cycle.delay

CONFIG

general.rpc.timeout general.server.message.size.max

Page 19: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

tables

+r

TABLES

!0 1 2 3 4

state conf flush-id compact-id compact-cancel-id name namespace

Page 20: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

root_tablet

last_location

ROOT_TABLET

location dir walogs

Page 21: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

users

root

USERS

mallen jvines afuchs

Page 22: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

USERS

Page 23: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

USERS

Page 24: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

users

root

ZOOKEEPER ACLS

mallen jvines afuchs

'digest,'accumulo:SkvnZlrIQ19GNd7eLDXGKg0Esgw=: cdrwa

Page 25: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

DIGEST SCHEME REALLY MEANS PASSWORDS

Page 26: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

UH OH...

I forgot the password I used!

But...

I do have access to zkServer.sh

Page 27: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identity

Page 28: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ZK-DIGEST.SH#!/bin/bash

if [ -z ${ZOOKEEPER_HOME} ]; then

echo "Set \$ZOOKEEPER_HOME before running this script"

exit 4747

fi

if [ -z ${JAVA_HOME} ]; then

echo "Set \$JAVA_HOME before running this script"

exit 4747

fi

if [ $# -eq 0 ]; then

echo "usage: zk-digest.sh <digest string>"

echo ""

echo " Utility to produce authentication digests, such as you might see in ZooKeeper node ACL entries"

echo ""

echo " Example: zk-digest.sh sqrrl:secret"

exit 4747

fi

ZK_CLASSPATH="\

${ZOOKEEPER_HOME}/build/classes:\

${ZOOKEEPER_HOME}/build/lib/*.jar:\

${ZOOKEEPER_HOME}/lib/slf4j-log4j12-1.6.1.jar:\

${ZOOKEEPER_HOME}/lib/slf4j-api-1.6.1.jar:\

${ZOOKEEPER_HOME}/lib/netty-3.2.2.Final.jar:\

${ZOOKEEPER_HOME}/lib/log4j-1.2.15.jar:\

${ZOOKEEPER_HOME}/lib/jline-0.9.94.jar:\

${ZOOKEEPER_HOME}/zookeeper-3.4.5.jar:\

${ZOOKEEPER_HOME}/src/java/lib/*.jar:\

${ZOOKEEPER_HOME}/conf\

"

${JAVA_HOME}/bin/java -Dzookeeper.log.dir="." \

-Dzookeeper.root.logger="INFO,CONSOLE" \

-cp "${ZK_CLASSPATH}" \

-Dcom.sun.management.jmxremote \

-Dcom.sun.management.jmxremote.local.only=false \

org.apache.zookeeper.server.auth.DigestAuthenticationProvider $*

Page 29: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identityzk-digest.sh super:secretsuper:secret->super:lK75jTNcA+U9vtVEw5vB51mj/w4=

Page 30: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identity

2. Edit zk-server.sh

Page 31: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identity

2. Edit zk-server.shnohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" \-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &

Page 32: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identity

2. Edit zk-server.shnohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" \

"-Dzookeeper.DigestAuthenticationProvider.superDigest=super:lK75jTNcA+U9vtVEw5vB51mj/w4= \"-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &

Page 33: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

1. Create an identity

2. Edit zk-server.sh

3. Reboot Zookeeper

Page 34: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

ROOTING YOUR ZOOKEEPER

Page 35: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

THE CASE OF THE DEAD TSERVER

Why when I close my laptop does

my tablet server die?

Page 36: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

THE CASE OF THE DEAD TSERVER

tservers

zlock-0000000000

server1.companyco.com:9997

Page 37: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

THE CASE OF THE DEAD TSERVER

tservers

zlock-0000000000

server1.companyco.com:9997

Page 38: Accumulo Summit 2015: Zookeeper, Accumulo, and You [Internals]

QUESTIONS?


Top Related

Accumulo Summit 2015: Verifiable Responses to Accumulo Queries [Security]
Accumulo Summit 2015: Verifiable Responses to Accumulo Queries [Security]
Zookeeper 소개
Zookeeper 소개
Apache ZooKeeper
Apache ZooKeeper
Zookeeper Introduce
Zookeeper Introduce
Accumulo Summit 2015: Event-Driven Big Data with Accumulo - Leveraging Big Data in Motion [Leveraging Accumulo]
Accumulo Summit 2015: Event-Driven Big Data with Accumulo - Leveraging Big Data in Motion [Leveraging Accumulo]
Zookeeper Documentation
Zookeeper Documentation
Accumulo Summit 2014: Data-Center Replication with Apache Accumulo
Accumulo Summit 2014: Data-Center Replication with Apache Accumulo
Zookeeper big sonata
Zookeeper big sonata