Configuration and environment overrides
The cluster definition also supports overriding configuration properties and environment variables, either per role or per role group, where the more specific override (role group) has precedence over the less specific one (role).
Overriding certain properties which are set by operator (such as the ports) can interfere with the operator and can lead to problems. |
Configuration properties
For a role or role group, at the same level of config
, you can specify: configOverrides
for the zoo.cfg
and security.properties
files.
Overriding entries in zoo.cfg
For example, if you want to set the 4lw.commands.whitelist
to allow the ruok
administrative command, it can be configured in the ZookeeperCluster
resource like so:
servers:
roleGroups:
default:
configOverrides:
zoo.cfg:
4lw.commands.whitelist: "srvr, ruok"
replicas: 1
Just as for the config
, it is possible to specify this at role level as well:
servers:
configOverrides:
zoo.cfg:
4lw.commands.whitelist: "srvr, ruok"
roleGroups:
default:
replicas: 1
All property values must be strings.
For a full list of configuration options we refer to the Apache ZooKeeper Configuration Reference.
Overriding entries in security.properties
The security.properties
file is used to configure JVM security properties. It is very seldom that users need to tweak any of these, but there is one use-case that stands out, and that users need to be aware of: the JVM DNS cache.
The JVM manages its own cache of successfully resolved host names as well as a cache of host names that cannot be resolved. Some products of the Stackable platform are very sensible to the contents of these caches and their performance is heavily affected by them. As of version 3.8.1, Apache ZooKeeper always requires up-to-date IP addresses to maintain its quorum. To guarantee this, the negative DNS cache of the JVM needs to be disabled. This can be achieved by setting the TTL of entries in the negative cache to zero, like this:
servers:
configOverrides:
security.properties:
networkaddress.cache.ttl: "5"
networkaddress.cache.negative.ttl: "0"
The operator configures DNS caching by default as shown in the example above. |
For details on the JVM security see https://docs.oracle.com/en/java/javase/11/security/java-security-overview1.html