XenonStack Recommends

Continuous Security

Apache ZooKeeper Security and its Architecture | Complete Guide

Parveen Bhandari | 08 March 2022

Introduction to Apache ZooKeeper

Apache ZooKeeper is a software plan of Apache Software Foundation. This is essentially a centralized service for the distributed systems for hierarchical key-value collection, which is used to provide synchronization services, distributed configuration services, and naming registry for the large distributed systems. ZooKeeper is a centralized service for naming, configuration information, providing group services, and providing distributed synchronization.

Zookeeper is a data managing service which is distributed and is in coordination with each other. Click to explore about, How to Secure Apache Zookeeper with Kerberos?

All these types of services are used by applications distributed in some form or the other. Every time they are applied, there is a lot of work that goes into fixing the condition of bugs. Due to difficulty in using these types of services, the applications initially tend to skimp on them, which make them brittle in the presence of change and are challenging to manage. Even when done correctly, the management implementations of these services lead to management complexity when deployed.This article will descibe all the steps to required to install Apache ZooKeeper on AWS.

What is the architecture of Apache ZooKeeper?

Apache ZooKeeper follows Client-Server architecture where servers are nodes that provides the service and clients are nodes (i.e., machine) That makes use of the service.

  • Client - To access information from the server client node in distributed applications cluster Is used. The client sends a message to the server to let the server know that the client is alive, and the client automatically resends the message to another server if there is no response from the connected server received.
  • Server - An acknowledgment will give by the server to the client to inform that server is alive, and the server provides all services to clients.
  • Leader - If any of the server nodes become failed, this server node will perform recovery automatically.
Apache HBase consists of the keys and values, and each key points to an amount which can be an array of bits or can be strings. Click to explore about, Apache Hbase Security with Kerberos

Apache ZooKeeper Security

Apache ZooKeeper uses Access Control List or ACLs to control access to their znodes which are the data nodes of ZooKeeper data tree. Access Control List is relatively similar to UNIX file access permissions, and it uses permission bits to allow or disallow various operations agadinst a node and their scope to which the bits apply. Unlike standard permissions in UNIX, ZooKeeper is not only three standard scopes for the user, group, and world. ZooKeeper did not have a notion for an owner of znode. Instead, an Access Control List specifies sets of permissions and ids that are associated with those ids.

Access Control List (ACLs) Permissions

Following permissions are supported by ZooKeeper -
  • CREATE - use for creating a child node
  • READ – use for getting data from a node and lists its children
  • WRITE – use for setting data for a node
  • DELETE – use for deleting a child node
  • ADMIN – use for setting permissions

A public subscribe scalable messaging system and fault tolerant that helps us to establish distributed applications. Click to explore about, Apache Kafka Security with Kerberos

Installation of Apache ZooKeeper on AWS EC2 Instance

Prerequisites - An AWS EC2 instance with Amazon Linux AMI with java Steps to install Apache ZooKeeper on AWS -

Connect to your instance, using SSH

ssh -i /path/to/my-key-pair.pem ec2-user@ec2-18-222-212-204.us-east- 2.compute.amazonaws.com

Download ZooKeeper by the following command.

wget https://www-us.apache.org/dist/zookeeper/stable/zookeeper-3.4.12.tar.gz

Extract and install ZooKeeper by the following command

tar -xzf zookeeper-3.4.12.tar.gz
sudo mv zookeeper-3.4.12 /usr/local/zookeeper

Create a data directory by the following command

sudo mkdir /var/lib/zookeeper

Use the sample configuration file of ZooKeeper as a base

sudo cp /usr/local/zookeeper/conf/zoo_sample.cfg
By default when launching the Jar file, this zoo.cfg file will be used.

Change the dataDir parameter in the file


A Holistic Strategy

AWS Managed Apache ZooKeeper solutions to build a centralized service for managing configuration data and naming registry for large distributed systems. To know more about AWS and ZooKeeper Solutions we recommend taking the following steps -