http://git-wip-us.apache.org/repos/asf/zookeeper/blob/4607a3e1/zookeeper-docs/src/documentation/content/xdocs/zookeeperQuotas.xml ---------------------------------------------------------------------- diff --git a/zookeeper-docs/src/documentation/content/xdocs/zookeeperQuotas.xml b/zookeeper-docs/src/documentation/content/xdocs/zookeeperQuotas.xml new file mode 100644 index 0000000..7668e6a --- /dev/null +++ b/zookeeper-docs/src/documentation/content/xdocs/zookeeperQuotas.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> + <!-- + Copyright 2002-2004 The Apache Software Foundation Licensed under the + Apache License, Version 2.0 (the "License"); you may not use this file + except in compliance with the License. You may obtain a copy of the + License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under + the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the + License. + --> + <!DOCTYPE article PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0//EN" + "http://www.oasis-open.org/docbook/xml/simple/1.0/sdocbook.dtd";> +<article id="bk_Quota"> + <title>ZooKeeper Quota's Guide</title> + <subtitle>A Guide to Deployment and Administration</subtitle> + <articleinfo> + <legalnotice> + <para> + Licensed under the Apache License, Version 2.0 (the "License"); you + may not use this file except in compliance with the License. You may + obtain a copy of the License at + <ulink url="http://www.apache.org/licenses/LICENSE-2.0";>http://www.apache.org/licenses/LICENSE-2.0 + </ulink> + . + </para> + <para>Unless required by applicable law or agreed to in + writing, software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + express or implied. See the License for the specific language + governing permissions and limitations under the License.</para> + </legalnotice> + <abstract> + <para>This document contains information about deploying, + administering and mantaining ZooKeeper. It also discusses best + practices and common problems.</para> + </abstract> + </articleinfo> + <section id="zookeeper_quotas"> + <title>Quotas</title> + <para> ZooKeeper has both namespace and bytes quotas. You can use the ZooKeeperMain class to setup quotas. + ZooKeeper prints <emphasis>WARN</emphasis> messages if users exceed the quota assigned to them. The messages + are printed in the log of the ZooKeeper. + </para> + <para><computeroutput>$ bin/zkCli.sh -server host:port</computeroutput></para> + <para> The above command gives you a command line option of using quotas.</para> + <section> + <title>Setting Quotas</title> + <para>You can use + <emphasis>setquota</emphasis> to set a quota on a ZooKeeper node. It has an option of setting quota with + -n (for namespace) + and -b (for bytes). </para> + <para> The ZooKeeper quota are stored in ZooKeeper itself in /zookeeper/quota. To disable other people from + changing the quota's set the ACL for /zookeeper/quota such that only admins are able to read and write to it. + </para> + </section> + <section> + <title>Listing Quotas</title> + <para> You can use + <emphasis>listquota</emphasis> to list a quota on a ZooKeeper node. + </para> + </section> + <section> + <title> Deleting Quotas</title> + <para> You can use + <emphasis>delquota</emphasis> to delete quota on a ZooKeeper node. + </para> + </section> + </section> + </article>
http://git-wip-us.apache.org/repos/asf/zookeeper/blob/4607a3e1/zookeeper-docs/src/documentation/content/xdocs/zookeeperReconfig.xml ---------------------------------------------------------------------- diff --git a/zookeeper-docs/src/documentation/content/xdocs/zookeeperReconfig.xml b/zookeeper-docs/src/documentation/content/xdocs/zookeeperReconfig.xml new file mode 100644 index 0000000..aa6419e --- /dev/null +++ b/zookeeper-docs/src/documentation/content/xdocs/zookeeperReconfig.xml @@ -0,0 +1,878 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2002-2004 The Apache Software Foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE article PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0//EN" +"http://www.oasis-open.org/docbook/xml/simple/1.0/sdocbook.dtd";> +<article id="ar_reconfig"> + <title>ZooKeeper Dynamic Reconfiguration</title> + + <articleinfo> + <legalnotice> + <para>Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. You may + obtain a copy of the License at <ulink + url="http://www.apache.org/licenses/LICENSE-2.0";>http://www.apache.org/licenses/LICENSE-2.0</ulink>.</para> + + <para>Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an "AS IS" + BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied. See the License for the specific language governing permissions + and limitations under the License.</para> + </legalnotice> + + <abstract> + <para>This document contains information about Dynamic Reconfiguration in + ZooKeeper.</para> + </abstract> + </articleinfo> + <section id="ch_reconfig_intro"> + <title>Overview</title> + <para>Prior to the 3.5.0 release, the membership and all other configuration + parameters of Zookeeper were static - loaded during boot and immutable at + runtime. Operators resorted to ''rolling restarts'' - a manually intensive + and error-prone method of changing the configuration that has caused data + loss and inconsistency in production.</para> + <para>Starting with 3.5.0, ârolling restartsâ are no longer needed! + ZooKeeper comes with full support for automated configuration changes: the + set of Zookeeper servers, their roles (participant / observer), all ports, + and even the quorum system can be changed dynamically, without service + interruption and while maintaining data consistency. Reconfigurations are + performed immediately, just like other operations in ZooKeeper. Multiple + changes can be done using a single reconfiguration command. The dynamic + reconfiguration functionality does not limit operation concurrency, does + not require client operations to be stopped during reconfigurations, has a + very simple interface for administrators and no added complexity to other + client operations.</para> + <para>New client-side features allow clients to find out about configuration + changes and to update the connection string (list of servers and their + client ports) stored in their ZooKeeper handle. A probabilistic algorithm + is used to rebalance clients across the new configuration servers while + keeping the extent of client migrations proportional to the change in + ensemble membership.</para> + <para>This document provides the administrator manual for reconfiguration. + For a detailed description of the reconfiguration algorithms, performance + measurements, and more, please see our paper:</para> + <variablelist> + <varlistentry> + <term>Shraer, A., Reed, B., Malkhi, D., Junqueira, F. Dynamic + Reconfiguration of Primary/Backup Clusters. In <emphasis>USENIX Annual + Technical Conference (ATC) </emphasis>(2012), 425-437</term> + <listitem> + <para>Links: <ulink + url="https://www.usenix.org/system/files/conference/atc12/atc12-final74.pdf"; + >paper (pdf)</ulink>, <ulink + url="https://www.usenix.org/sites/default/files/conference/protected-files/shraer_atc12_slides.pdf"; + >slides (pdf)</ulink>, <ulink + url="https://www.usenix.org/conference/atc12/technical-sessions/presentation/shraer"; + >video</ulink>, <ulink + url="http://www.slideshare.net/Hadoop_Summit/dynamic-reconfiguration-of-zookeeper"; + >hadoop summit slides</ulink></para> + </listitem> + </varlistentry> + </variablelist> + <para><emphasis role="bold">Note:</emphasis> Starting with 3.5.3, the dynamic reconfiguration + feature is disabled by default, and has to be explicitly turned on via + <ulink url="zookeeperAdmin.html#sc_advancedConfiguration"> + reconfigEnabled </ulink> configuration option. + </para> + </section> + <section id="ch_reconfig_format"> + <title>Changes to Configuration Format</title> + <section id="sc_reconfig_clientport"> + <title>Specifying the client port</title> + <para>A client port of a server is the port on which the server accepts + client connection requests. Starting with 3.5.0 the + <emphasis>clientPort</emphasis> and <emphasis>clientPortAddress + </emphasis> configuration parameters should no longer be used. Instead, + this information is now part of the server keyword specification, which + becomes as follows:</para> + <para><computeroutput><![CDATA[server.<positive id> = <address1>:<port1>:<port2>[:role];[<client port address>:]<client port>]]></computeroutput></para> + <para>The client port specification is to the right of the semicolon. The + client port address is optional, and if not specified it defaults to + "0.0.0.0". As usual, role is also optional, it can be + <emphasis>participant</emphasis> or <emphasis>observer</emphasis> + (<emphasis>participant</emphasis> by default).</para> + <para> Examples of legal server statements: </para> + <itemizedlist> + <listitem> + <para><computeroutput>server.5 = 125.23.63.23:1234:1235;1236</computeroutput></para> + </listitem> + <listitem> + <para><computeroutput>server.5 = 125.23.63.23:1234:1235:participant;1236</computeroutput></para> + </listitem> + <listitem> + <para><computeroutput>server.5 = 125.23.63.23:1234:1235:observer;1236</computeroutput></para> + </listitem> + <listitem> + <para><computeroutput>server.5 = 125.23.63.23:1234:1235;125.23.63.24:1236</computeroutput></para> + </listitem> + <listitem> + <para><computeroutput>server.5 = 125.23.63.23:1234:1235:participant;125.23.63.23:1236</computeroutput></para> + </listitem> + </itemizedlist> + </section> + <section id="sc_reconfig_standaloneEnabled"> + <title>The <emphasis>standaloneEnabled</emphasis> flag</title> + <para>Prior to 3.5.0, one could run ZooKeeper in Standalone mode or in a + Distributed mode. These are separate implementation stacks, and + switching between them during run time is not possible. By default (for + backward compatibility) <emphasis>standaloneEnabled</emphasis> is set to + <emphasis>true</emphasis>. The consequence of using this default is that + if started with a single server the ensemble will not be allowed to + grow, and if started with more than one server it will not be allowed to + shrink to contain fewer than two participants.</para> + <para>Setting the flag to <emphasis>false</emphasis> instructs the system + to run the Distributed software stack even if there is only a single + participant in the ensemble. To achieve this the (static) configuration + file should contain:</para> + <para><computeroutput>standaloneEnabled=false</computeroutput></para> + <para>With this setting it is possible to start a ZooKeeper ensemble + containing a single participant and to dynamically grow it by adding + more servers. Similarly, it is possible to shrink an ensemble so that + just a single participant remains, by removing servers.</para> + <para>Since running the Distributed mode allows more flexibility, we + recommend setting the flag to <emphasis>false</emphasis>. We expect that + the legacy Standalone mode will be deprecated in the future.</para> + </section> + <section id="sc_reconfig_reconfigEnabled"> + <title>The <emphasis>reconfigEnabled</emphasis> flag</title> + <para>Starting with 3.5.0 and prior to 3.5.3, there is no way to disable + dynamic reconfiguration feature. We would like to offer the option of + disabling reconfiguration feature because with reconfiguration enabled, + we have a security concern that a malicious actor can make arbitrary changes + to the configuration of a ZooKeeper ensemble, including adding a compromised + server to the ensemble. We prefer to leave to the discretion of the user to + decide whether to enable it or not and make sure that the appropriate security + measure are in place. So in 3.5.3 the <ulink url="zookeeperAdmin.html#sc_advancedConfiguration"> + reconfigEnabled </ulink> configuration option is introduced + such that the reconfiguration feature can be completely disabled and any attempts + to reconfigure a cluster through reconfig API with or without authentication + will fail by default, unless <emphasis role="bold">reconfigEnabled</emphasis> is set to + <emphasis role="bold">true</emphasis>. + </para> + <para>To set the option to true, the configuration file (zoo.cfg) should contain:</para> + <para><computeroutput>reconfigEnabled=true</computeroutput></para> + </section> + <section id="sc_reconfig_file"> + <title>Dynamic configuration file</title> + <para>Starting with 3.5.0 we're distinguishing between dynamic + configuration parameters, which can be changed during runtime, and + static configuration parameters, which are read from a configuration + file when a server boots and don't change during its execution. For now, + the following configuration keywords are considered part of the dynamic + configuration: <emphasis>server</emphasis>, <emphasis>group</emphasis> + and <emphasis>weight</emphasis>.</para> + <para>Dynamic configuration parameters are stored in a separate file on + the server (which we call the dynamic configuration file). This file is + linked from the static config file using the new + <emphasis>dynamicConfigFile</emphasis> keyword.</para> + <para><emphasis role="bold">Example</emphasis></para> + <example> + <title>zoo_replicated1.cfg</title> + <programlisting>tickTime=2000 +dataDir=/zookeeper/data/zookeeper1 +initLimit=5 +syncLimit=2 +dynamicConfigFile=/zookeeper/conf/zoo_replicated1.cfg.dynamic</programlisting> + </example> + <example> + <title>zoo_replicated1.cfg.dynamic</title> + <programlisting>server.1=125.23.63.23:2780:2783:participant;2791 +server.2=125.23.63.24:2781:2784:participant;2792 +server.3=125.23.63.25:2782:2785:participant;2793</programlisting> + </example> + <para>When the ensemble configuration changes, the static configuration + parameters remain the same. The dynamic parameters are pushed by + ZooKeeper and overwrite the dynamic configuration files on all servers. + Thus, the dynamic configuration files on the different servers are + usually identical (they can only differ momentarily when a + reconfiguration is in progress, or if a new configuration hasn't + propagated yet to some of the servers). Once created, the dynamic + configuration file should not be manually altered. Changed are only made + through the new reconfiguration commands outlined below. Note that + changing the config of an offline cluster could result in an + inconsistency with respect to configuration information stored in the + ZooKeeper log (and the special configuration znode, populated from the + log) and is therefore highly discouraged.</para> + <para><emphasis role="bold">Example 2</emphasis></para> + <para>Users may prefer to initially specify a single configuration file. + The following is thus also legal:</para> + <example> + <title>zoo_replicated1.cfg</title> + <programlisting>tickTime=2000 +dataDir=/zookeeper/data/zookeeper1 +initLimit=5 +syncLimit=2 +clientPort=<emphasis role="bold">2791</emphasis> // note that this line is now redundant and therefore not recommended +server.1=125.23.63.23:2780:2783:participant;<emphasis role="bold">2791</emphasis> +server.2=125.23.63.24:2781:2784:participant;2792 +server.3=125.23.63.25:2782:2785:participant;2793</programlisting> + </example> + <para>The configuration files on each server will be automatically split + into dynamic and static files, if they are not already in this format. + So the configuration file above will be automatically transformed into + the two files in Example 1. Note that the clientPort and + clientPortAddress lines (if specified) will be automatically removed + during this process, if they are redundant (as in the example above). + The original static configuration file is backed up (in a .bak + file).</para> + </section> + <section id="sc_reconfig_backward"> + <title>Backward compatibility</title> + <para>We still support the old configuration format. For example, the + following configuration file is acceptable (but not recommended):</para> + <example> + <title>zoo_replicated1.cfg</title> + <programlisting>tickTime=2000 +dataDir=/zookeeper/data/zookeeper1 +initLimit=5 +syncLimit=2 +clientPort=2791 +server.1=125.23.63.23:2780:2783:participant +server.2=125.23.63.24:2781:2784:participant +server.3=125.23.63.25:2782:2785:participant</programlisting> + </example> + <para>During boot, a dynamic configuration file is created and contains + the dynamic part of the configuration as explained earlier. In this + case, however, the line "clientPort=2791" will remain in the static + configuration file of server 1 since it is not redundant -- it was not + specified as part of the "server.1=..." using the format explained in + the section <xref linkend="ch_reconfig_format"/>. If a reconfiguration + is invoked that sets the client port of server 1, we remove + "clientPort=2791" from the static configuration file (the dynamic file + now contain this information as part of the specification of server + 1).</para> + </section> + </section> + <section id="ch_reconfig_upgrade"> + <title>Upgrading to 3.5.0</title> + <para>Upgrading a running ZooKeeper ensemble to 3.5.0 should be done only + after upgrading your ensemble to the 3.4.6 release. Note that this is only + necessary for rolling upgrades (if you're fine with shutting down the + system completely, you don't have to go through 3.4.6). If you attempt a + rolling upgrade without going through 3.4.6 (for example from 3.4.5), you + may get the following error:</para> + <programlisting>2013-01-30 11:32:10,663 [myid:2] - INFO [localhost/127.0.0.1:2784:QuorumCnxManager$Listener@498] - Received connection request /127.0.0.1:60876 +2013-01-30 11:32:10,663 [myid:2] - WARN [localhost/127.0.0.1:2784:QuorumCnxManager@349] - Invalid server id: -65536</programlisting> + <para>During a rolling upgrade, each server is taken down in turn and + rebooted with the new 3.5.0 binaries. Before starting the server with + 3.5.0 binaries, we highly recommend updating the configuration file so + that all server statements "server.x=..." contain client ports (see the + section <xref linkend="sc_reconfig_clientport"/>). As explained earlier + you may leave the configuration in a single file, as well as leave the + clientPort/clientPortAddress statements (although if you specify client + ports in the new format, these statements are now redundant).</para> + </section> + + <section id="ch_reconfig_dyn"> + <title>Dynamic Reconfiguration of the ZooKeeper Ensemble</title> + <para>The ZooKeeper Java and C API were extended with getConfig and reconfig + commands that facilitate reconfiguration. Both commands have a synchronous + (blocking) variant and an asynchronous one. We demonstrate these commands + here using the Java CLI, but note that you can similarly use the C CLI or + invoke the commands directly from a program just like any other ZooKeeper + command.</para> + + <section id="ch_reconfig_api"> + <title>API</title> + <para>There are two sets of APIs for both Java and C client. + </para> + <variablelist> + <varlistentry> + <term><emphasis role="bold">Reconfiguration API</emphasis></term> + + <listitem> + <para>Reconfiguration API is used to reconfigure the ZooKeeper cluster. + Starting with 3.5.3, reconfiguration Java APIs are moved into ZooKeeperAdmin class + from ZooKeeper class, and use of this API requires ACL setup and user + authentication (see <xref linkend="sc_reconfig_access_control"/> for more information.). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis role="bold">Get Configuration API</emphasis></term> + <listitem> + <para>Get configuration APIs are used to retrieve ZooKeeper cluster configuration information + stored in /zookeeper/config znode. Use of this API does not require specific setup or authentication, + because /zookeeper/config is readable to any users.</para> + </listitem> + </varlistentry> + </variablelist> + </section> + + <section id="sc_reconfig_access_control"> + <title>Security</title> + <para>Prior to <emphasis role="bold">3.5.3</emphasis>, there is no enforced security mechanism + over reconfig so any ZooKeeper clients that can connect to ZooKeeper server ensemble + will have the ability to change the state of a ZooKeeper cluster via reconfig. + It is thus possible for a malicious client to add compromised server to an ensemble, + e.g., add a compromised server, or remove legitimate servers. + Cases like these could be security vulnerabilities on a case by case basis. + </para> + <para>To address this security concern, we introduced access control over reconfig + starting from <emphasis role="bold">3.5.3</emphasis> such that only a specific set of users + can use reconfig commands or APIs, and these users need be configured explicitly. In addition, + the setup of ZooKeeper cluster must enable authentication so ZooKeeper clients can be authenticated. + </para> + <para> + We also provides an escape hatch for users who operate and interact with a ZooKeeper ensemble in a secured + environment (i.e. behind company firewall). For those users who want to use reconfiguration feature but + don't want the overhead of configuring an explicit list of authorized user for reconfig access checks, + they can set <ulink url="zookeeperAdmin.html#sc_authOptions">"skipACL"</ulink> to "yes" which will + skip ACL check and allow any user to reconfigure cluster. + </para> + <para> + Overall, ZooKeeper provides flexible configuration options for the reconfigure feature + that allow a user to choose based on user's security requirement. + We leave to the discretion of the user to decide appropriate security measure are in place. + </para> + <variablelist> + <varlistentry> + <term><emphasis role="bold">Access Control</emphasis></term> + + <listitem> + <para>The dynamic configuration is stored in a special znode + ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only + for all users, except super user and users that's explicitly configured for write + access. + </para> + + <para>Clients that need to use reconfig commands or reconfig API should be configured as users + that have write access to CONFIG_NODE. By default, only the super user has full control including + write access to CONFIG_NODE. Additional users can be granted write access through superuser + by setting an ACL that has write permission associated with specified user. + </para> + + <para>A few examples of how to setup ACLs and use reconfiguration API with authentication can be found in + ReconfigExceptionTest.java and TestReconfigServer.cc.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis role="bold">Authentication</emphasis></term> + + <listitem> + <para>Authentication of users is orthogonal to the access control and is delegated to + existing authentication mechanism supported by ZooKeeper's pluggable authentication schemes. + See <ulink + url="https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL"; + >ZooKeeper and SASL</ulink> for more details on this topic. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis role="bold">Disable ACL check</emphasis></term> + <listitem> + <para> + ZooKeeper supports <ulink + url="zookeeperAdmin.html#sc_authOptions">"skipACL"</ulink> option such that ACL + check will be completely skipped, if skipACL is set to "yes". In such cases any unauthenticated + users can use reconfig API. + </para> + </listitem> + </varlistentry> + </variablelist> + </section> + + <section id="sc_reconfig_retrieving"> + <title>Retrieving the current dynamic configuration</title> + <para>The dynamic configuration is stored in a special znode + ZooDefs.CONFIG_NODE = /zookeeper/config. The new + <command>config</command> CLI command reads this znode (currently it is + simply a wrapper to <command>get /zookeeper/config</command>). As with + normal reads, to retrieve the latest committed value you should do a + <command>sync</command> first.</para> + <programlisting>[zk: 127.0.0.1:2791(CONNECTED) 3] config +server.1=localhost:2780:2783:participant;localhost:2791 +server.2=localhost:2781:2784:participant;localhost:2792 +server.3=localhost:2782:2785:participant;localhost:2793 +<emphasis role="bold">version=400000003</emphasis></programlisting> + <para>Notice the last line of the output. This is the configuration + version. The version equals to the zxid of the reconfiguration command + which created this configuration. The version of the first established + configuration equals to the zxid of the NEWLEADER message sent by the + first successfully established leader. When a configuration is written + to a dynamic configuration file, the version automatically becomes part + of the filename and the static configuration file is updated with the + path to the new dynamic configuration file. Configuration files + corresponding to earlier versions are retained for backup + purposes.</para> + <para>During boot time the version (if it exists) is extracted from the + filename. The version should never be altered manually by users or the + system administrator. It is used by the system to know which + configuration is most up-to-date. Manipulating it manually can result in + data loss and inconsistency.</para> + <para>Just like a <command>get</command> command, the + <command>config</command> CLI command accepts the <option>-w</option> + flag for setting a watch on the znode, and <option>-s</option> flag for + displaying the Stats of the znode. It additionally accepts a new flag + <option>-c</option> which outputs only the version and the client + connection string corresponding to the current configuration. For + example, for the configuration above we would get:</para> + <programlisting>[zk: 127.0.0.1:2791(CONNECTED) 17] config -c +400000003 localhost:2791,localhost:2793,localhost:2792</programlisting> + <para>Note that when using the API directly, this command is called + <command>getConfig</command>.</para> + <para>As any read command it returns the configuration known to the + follower to which your client is connected, which may be slightly + out-of-date. One can use the <command>sync</command> command for + stronger guarantees. For example using the Java API:</para> + <programlisting>zk.sync(ZooDefs.CONFIG_NODE, void_callback, context); +zk.getConfig(watcher, callback, context);</programlisting> + <para>Note: in 3.5.0 it doesn't really matter which path is passed to the + <command>sync() </command> command as all the server's state is brought + up to date with the leader (so one could use a different path instead of + ZooDefs.CONFIG_NODE). However, this may change in the future.</para> + </section> + <section id="sc_reconfig_modifying"> + <title>Modifying the current dynamic configuration</title> + <para>Modifying the configuration is done through the + <command>reconfig</command> command. There are two modes of + reconfiguration: incremental and non-incremental (bulk). The + non-incremental simply specifies the new dynamic configuration of the + system. The incremental specifies changes to the current configuration. + The <command>reconfig</command> command returns the new + configuration.</para> + <para>A few examples are in: <filename>ReconfigTest.java</filename>, + <filename>ReconfigRecoveryTest.java</filename> and + <filename>TestReconfigServer.cc</filename>.</para> + <section id="sc_reconfig_general"> + <title>General</title> + <para><emphasis role="bold">Removing servers:</emphasis> Any server can + be removed, including the leader (although removing the leader will + result in a short unavailability, see Figures 6 and 8 in the <ulink + url="https://www.usenix.org/conference/usenixfederatedconferencesweek/dynamic-recon%EF%AC%81guration-primarybackup-clusters"; + >paper</ulink>). The server will not be shut-down automatically. + Instead, it becomes a "non-voting follower". This is somewhat similar + to an observer in that its votes don't count towards the Quorum of + votes necessary to commit operations. However, unlike a non-voting + follower, an observer doesn't actually see any operation proposals and + does not ACK them. Thus a non-voting follower has a more significant + negative effect on system throughput compared to an observer. + Non-voting follower mode should only be used as a temporary mode, + before shutting the server down, or adding it as a follower or as an + observer to the ensemble. We do not shut the server down automatically + for two main reasons. The first reason is that we do not want all the + clients connected to this server to be immediately disconnected, + causing a flood of connection requests to other servers. Instead, it + is better if each client decides when to migrate independently. The + second reason is that removing a server may sometimes (rarely) be + necessary in order to change it from "observer" to "participant" (this + is explained in the section <xref linkend="sc_reconfig_additional" + />).</para> + <para>Note that the new configuration should have some minimal number of + participants in order to be considered legal. If the proposed change + would leave the cluster with less than 2 participants and standalone + mode is enabled (standaloneEnabled=true, see the section <xref + linkend="sc_reconfig_standaloneEnabled"/>), the reconfig will not be + processed (BadArgumentsException). If standalone mode is disabled + (standaloneEnabled=false) then its legal to remain with 1 or more + participants.</para> + <para><emphasis role="bold">Adding servers:</emphasis> Before a + reconfiguration is invoked, the administrator must make sure that a + quorum (majority) of participants from the new configuration are + already connected and synced with the current leader. To achieve this + we need to connect a new joining server to the leader before it is + officially part of the ensemble. This is done by starting the joining + server using an initial list of servers which is technically not a + legal configuration of the system but (a) contains the joiner, and (b) + gives sufficient information to the joiner in order for it to find and + connect to the current leader. We list a few different options of + doing this safely.</para> + <orderedlist> + <listitem> + <para>Initial configuration of joiners is comprised of servers in + the last committed configuration and one or more joiners, where + <emphasis role="bold">joiners are listed as observers.</emphasis> + For example, if servers D and E are added at the same time to (A, + B, C) and server C is being removed, the initial configuration of + D could be (A, B, C, D) or (A, B, C, D, E), where D and E are + listed as observers. Similarly, the configuration of E could be + (A, B, C, E) or (A, B, C, D, E), where D and E are listed as + observers. <emphasis role="bold">Note that listing the joiners as + observers will not actually make them observers - it will only + prevent them from accidentally forming a quorum with other + joiners.</emphasis> Instead, they will contact the servers in the + current configuration and adopt the last committed configuration + (A, B, C), where the joiners are absent. Configuration files of + joiners are backed up and replaced automatically as this happens. + After connecting to the current leader, joiners become non-voting + followers until the system is reconfigured and they are added to + the ensemble (as participant or observer, as appropriate).</para> + </listitem> + <listitem> + <para>Initial configuration of each joiner is comprised of servers + in the last committed configuration + <emphasis role="bold">the + joiner itself, listed as a participant.</emphasis> For example, to + add a new server D to a configuration consisting of servers (A, B, + C), the administrator can start D using an initial configuration + file consisting of servers (A, B, C, D). If both D and E are added + at the same time to (A, B, C), the initial configuration of D + could be (A, B, C, D) and the configuration of E could be (A, B, + C, E). Similarly, if D is added and C is removed at the same time, + the initial configuration of D could be (A, B, C, D). Never list + more than one joiner as participant in the initial configuration + (see warning below).</para> + </listitem> + <listitem> + <para>Whether listing the joiner as an observer or as participant, + it is also fine not to list all the current configuration servers, + as long as the current leader is in the list. For example, when + adding D we could start D with a configuration file consisting of + just (A, D) if A is the current leader. however this is more + fragile since if A fails before D officially joins the ensemble, D + doesnât know anyone else and therefore the administrator will have + to intervene and restart D with another server list.</para> + </listitem> + </orderedlist> + <note> + <title>Warning</title> + <para>Never specify more than one joining server in the same initial + configuration as participants. Currently, the joining servers donât + know that they are joining an existing ensemble; if multiple joiners + are listed as participants they may form an independent quorum + creating a split-brain situation such as processing operations + independently from your main ensemble. It is OK to list multiple + joiners as observers in an initial config.</para> + </note> + <para>If the configuration of existing servers changes or they become unavailable + before the joiner succeeds to connect and learn obout configuration changes, the + joiner may need to be restarted with an updated configuration file in order to be + able to connect.</para> + <para>Finally, note that once connected to the leader, a joiner adopts + the last committed configuration, in which it is absent (the initial + config of the joiner is backed up before being rewritten). If the + joiner restarts in this state, it will not be able to boot since it is + absent from its configuration file. In order to start it youâll once + again have to specify an initial configuration.</para> + <para><emphasis role="bold">Modifying server parameters:</emphasis> One + can modify any of the ports of a server, or its role + (participant/observer) by adding it to the ensemble with different + parameters. This works in both the incremental and the bulk + reconfiguration modes. It is not necessary to remove the server and + then add it back; just specify the new parameters as if the server is + not yet in the system. The server will detect the configuration change + and perform the necessary adjustments. See an example in the section + <xref linkend="sc_reconfig_incremental"/> and an exception to this + rule in the section <xref linkend="sc_reconfig_additional"/>.</para> + <para>It is also possible to change the Quorum System used by the + ensemble (for example, change the Majority Quorum System to a + Hierarchical Quorum System on the fly). This, however, is only allowed + using the bulk (non-incremental) reconfiguration mode. In general, + incremental reconfiguration only works with the Majority Quorum + System. Bulk reconfiguration works with both Hierarchical and Majority + Quorum Systems.</para> + <para><emphasis role="bold">Performance Impact:</emphasis> There is + practically no performance impact when removing a follower, since it + is not being automatically shut down (the effect of removal is that + the server's votes are no longer being counted). When adding a server, + there is no leader change and no noticeable performance disruption. + For details and graphs please see Figures 6, 7 and 8 in the <ulink + url="https://www.usenix.org/conference/usenixfederatedconferencesweek/dynamic-recon%EF%AC%81guration-primarybackup-clusters"; + >paper</ulink>.</para> + <para>The most significant disruption will happen when a leader change + is caused, in one of the following cases:</para> + <orderedlist> + <listitem> + <para>Leader is removed from the ensemble.</para> + </listitem> + <listitem> + <para>Leader's role is changed from participant to observer.</para> + </listitem> + <listitem> + <para>The port used by the leader to send transactions to others + (quorum port) is modified.</para> + </listitem> + </orderedlist> + <para>In these cases we perform a leader hand-off where the old leader + nominates a new leader. The resulting unavailability is usually + shorter than when a leader crashes since detecting leader failure is + unnecessary and electing a new leader can usually be avoided during a + hand-off (see Figures 6 and 8 in the <ulink + url="https://www.usenix.org/conference/usenixfederatedconferencesweek/dynamic-recon%EF%AC%81guration-primarybackup-clusters"; + >paper</ulink>).</para> + <para>When the client port of a server is modified, it does not drop + existing client connections. New connections to the server will have + to use the new client port.</para> + <para><emphasis role="bold">Progress guarantees:</emphasis> Up to the + invocation of the reconfig operation, a quorum of the old + configuration is required to be available and connected for ZooKeeper + to be able to make progress. Once reconfig is invoked, a quorum of + both the old and of the new configurations must be available. The + final transition happens once (a) the new configuration is activated, + and (b) all operations scheduled before the new configuration is + activated by the leader are committed. Once (a) and (b) happen, only a + quorum of the new configuration is required. Note, however, that + neither (a) nor (b) are visible to a client. Specifically, when a + reconfiguration operation commits, it only means that an activation + message was sent out by the leader. It does not necessarily mean that + a quorum of the new configuration got this message (which is required + in order to activate it) or that (b) has happened. If one wants to + make sure that both (a) and (b) has already occurred (for example, in + order to know that it is safe to shut down old servers that were + removed), one can simply invoke an update + (<command>set-data</command>, or some other quorum operation, but not + a <command>sync</command>) and wait for it to commit. An alternative + way to achieve this was to introduce another round to the + reconfiguration protocol (which, for simplicity and compatibility with + Zab, we decided to avoid).</para> + </section> + <section id="sc_reconfig_incremental"> + <title>Incremental mode</title> + <para>The incremental mode allows adding and removing servers to the + current configuration. Multiple changes are allowed. For + example:</para> + <para><userinput>> reconfig -remove 3 -add + server.5=125.23.63.23:1234:1235;1236</userinput></para> + <para>Both the add and the remove options get a list of comma separated + arguments (no spaces):</para> + <para><userinput>> reconfig -remove 3,4 -add + server.5=localhost:2111:2112;2113,6=localhost:2114:2115:observer;2116</userinput></para> + <para>The format of the server statement is exactly the same as + described in the section <xref linkend="sc_reconfig_clientport"/> and + includes the client port. Notice that here instead of "server.5=" you + can just say "5=". In the example above, if server 5 is already in the + system, but has different ports or is not an observer, it is updated + and once the configuration commits becomes an observer and starts + using these new ports. This is an easy way to turn participants into + observers and vise versa or change any of their ports, without + rebooting the server.</para> + <para>ZooKeeper supports two types of Quorum Systems â the simple + Majority system (where the leader commits operations after receiving + ACKs from a majority of voters) and a more complex Hierarchical + system, where votes of different servers have different weights and + servers are divided into voting groups. Currently, incremental + reconfiguration is allowed only if the last proposed configuration + known to the leader uses a Majority Quorum System + (BadArgumentsException is thrown otherwise).</para> + <para>Incremental mode - examples using the Java API:</para> + <programlisting><![CDATA[List<String> leavingServers = new ArrayList<String>(); +leavingServers.add("1"); +leavingServers.add("2"); +byte[] config = zk.reconfig(null, leavingServers, null, -1, new Stat());]]></programlisting> + + <programlisting><![CDATA[List<String> leavingServers = new ArrayList<String>(); +List<String> joiningServers = new ArrayList<String>(); +leavingServers.add("1"); +joiningServers.add("server.4=localhost:1234:1235;1236"); +byte[] config = zk.reconfig(joiningServers, leavingServers, null, -1, new Stat()); + +String configStr = new String(config); +System.out.println(configStr);]]></programlisting> + <para>There is also an asynchronous API, and an API accepting comma + separated Strings instead of List<String>. See + src/java/main/org/apache/zookeeper/ZooKeeper.java.</para> + </section> + <section id="sc_reconfig_nonincremental"> + <title>Non-incremental mode</title> + <para>The second mode of reconfiguration is non-incremental, whereby a + client gives a complete specification of the new dynamic system + configuration. The new configuration can either be given in place or + read from a file:</para> + <para><userinput>> reconfig -file newconfig.cfg + </userinput>//newconfig.cfg is a dynamic config file, see <xref + linkend="sc_reconfig_file"/></para> + <para><userinput>> reconfig -members + server.1=125.23.63.23:2780:2783:participant;2791,server.2=125.23.63.24:2781:2784:participant;2792,server.3=125.23.63.25:2782:2785:participant;2793</userinput></para> + <para>The new configuration may use a different Quorum System. For + example, you may specify a Hierarchical Quorum System even if the + current ensemble uses a Majority Quorum System.</para> + <para>Bulk mode - example using the Java API:</para> + <programlisting><![CDATA[List<String> newMembers = new ArrayList<String>(); +newMembers.add("server.1=1111:1234:1235;1236"); +newMembers.add("server.2=1112:1237:1238;1239"); +newMembers.add("server.3=1114:1240:1241:observer;1242"); + +byte[] config = zk.reconfig(null, null, newMembers, -1, new Stat()); + +String configStr = new String(config); +System.out.println(configStr);]]></programlisting> + <para>There is also an asynchronous API, and an API accepting comma + separated String containing the new members instead of + List<String>. See + src/java/main/org/apache/zookeeper/ZooKeeper.java.</para> + </section> + <section id="sc_reconfig_conditional"> + <title>Conditional reconfig</title> + <para>Sometimes (especially in non-incremental mode) a new proposed + configuration depends on what the client "believes" to be the current + configuration, and should be applied only to that configuration. + Specifically, the <command>reconfig</command> succeeds only if the + last configuration at the leader has the specified version.</para> + <para><userinput><![CDATA[> reconfig -file <filename> -v <version>]]></userinput></para> + <para>In the previously listed Java examples, instead of -1 one could + specify a configuration version to condition the + reconfiguration.</para> + </section> + <section id="sc_reconfig_errors"> + <title>Error conditions</title> + <para>In addition to normal ZooKeeper error conditions, a + reconfiguration may fail for the following reasons:</para> + <orderedlist> + <listitem> + <para>another reconfig is currently in progress + (ReconfigInProgress)</para> + </listitem> + <listitem> + <para>the proposed change would leave the cluster with less than 2 + participants, in case standalone mode is enabled, or, if + standalone mode is disabled then its legal to remain with 1 or + more participants (BadArgumentsException)</para> + </listitem> + <listitem> + <para>no quorum of the new configuration was connected and + up-to-date with the leader when the reconfiguration processing + began (NewConfigNoQuorum)</para> + </listitem> + <listitem> + <para><userinput>-v x</userinput> was specified, but the version + <userinput>y</userinput> of the latest configuration is not + <userinput>x</userinput> (BadVersionException)</para> + </listitem> + <listitem> + <para>an incremental reconfiguration was requested but the last + configuration at the leader uses a Quorum System which is + different from the Majority system (BadArgumentsException)</para> + </listitem> + <listitem> + <para>syntax error (BadArgumentsException)</para> + </listitem> + <listitem> + <para>I/O exception when reading the configuration from a file + (BadArgumentsException)</para> + </listitem> + </orderedlist> + <para>Most of these are illustrated by test-cases in + <filename>ReconfigFailureCases.java</filename>.</para> + </section> + <section id="sc_reconfig_additional"> + <title>Additional comments</title> + <para><emphasis role="bold">Liveness:</emphasis> To better understand + the difference between incremental and non-incremental + reconfiguration, suppose that client C1 adds server D to the system + while a different client C2 adds server E. With the non-incremental + mode, each client would first invoke <command>config</command> to find + out the current configuration, and then locally create a new list of + servers by adding its own suggested server. The new configuration can + then be submitted using the non-incremental + <command>reconfig</command> command. After both reconfigurations + complete, only one of E or D will be added (not both), depending on + which client's request arrives second to the leader, overwriting the + previous configuration. The other client can repeat the process until + its change takes effect. This method guarantees system-wide progress + (i.e., for one of the clients), but does not ensure that every client + succeeds. To have more control C2 may request to only execute the + reconfiguration in case the version of the current configuration + hasn't changed, as explained in the section <xref + linkend="sc_reconfig_conditional"/>. In this way it may avoid blindly + overwriting the configuration of C1 if C1's configuration reached the + leader first.</para> + <para>With incremental reconfiguration, both changes will take effect as + they are simply applied by the leader one after the other to the + current configuration, whatever that is (assuming that the second + reconfig request reaches the leader after it sends a commit message + for the first reconfig request -- currently the leader will refuse to + propose a reconfiguration if another one is already pending). Since + both clients are guaranteed to make progress, this method guarantees + stronger liveness. In practice, multiple concurrent reconfigurations + are probably rare. Non-incremental reconfiguration is currently the + only way to dynamically change the Quorum System. Incremental + configuration is currently only allowed with the Majority Quorum + System.</para> + <para><emphasis role="bold">Changing an observer into a + follower:</emphasis> Clearly, changing a server that participates in + voting into an observer may fail if error (2) occurs, i.e., if fewer + than the minimal allowed number of participants would remain. However, + converting an observer into a participant may sometimes fail for a + more subtle reason: Suppose, for example, that the current + configuration is (A, B, C, D), where A is the leader, B and C are + followers and D is an observer. In addition, suppose that B has + crashed. If a reconfiguration is submitted where D is said to become a + follower, it will fail with error (3) since in this configuration, a + majority of voters in the new configuration (any 3 voters), must be + connected and up-to-date with the leader. An observer cannot + acknowledge the history prefix sent during reconfiguration, and + therefore it does not count towards these 3 required servers and the + reconfiguration will be aborted. In case this happens, a client can + achieve the same task by two reconfig commands: first invoke a + reconfig to remove D from the configuration and then invoke a second + command to add it back as a participant (follower). During the + intermediate state D is a non-voting follower and can ACK the state + transfer performed during the second reconfig comand.</para> + </section> + </section> + </section> + <section id="ch_reconfig_rebalancing"> + <title>Rebalancing Client Connections</title> + <para>When a ZooKeeper cluster is started, if each client is given the same + connection string (list of servers), the client will randomly choose a + server in the list to connect to, which makes the expected number of + client connections per server the same for each of the servers. We + implemented a method that preserves this property when the set of servers + changes through reconfiguration. See Sections 4 and 5.1 in the <ulink + url="https://www.usenix.org/conference/usenixfederatedconferencesweek/dynamic-recon%EF%AC%81guration-primarybackup-clusters"; + >paper</ulink>.</para> + <para>In order for the method to work, all clients must subscribe to + configuration changes (by setting a watch on /zookeeper/config either + directly or through the <command>getConfig</command> API command). When + the watch is triggered, the client should read the new configuration by + invoking <command>sync</command> and <command>getConfig</command> and if + the configuration is indeed new invoke the + <command>updateServerList</command> API command. To avoid mass client + migration at the same time, it is better to have each client sleep a + random short period of time before invoking + <command>updateServerList</command>.</para> + <para>A few examples can be found in: + <filename>StaticHostProviderTest.java</filename> and + <filename>TestReconfig.cc</filename></para> + <para>Example (this is not a recipe, but a simplified example just to + explain the general idea):</para> + <programlisting><![CDATA[ +public void process(WatchedEvent event) { + synchronized (this) { + if (event.getType() == EventType.None) { + connected = (event.getState() == KeeperState.SyncConnected); + notifyAll(); + } else if (event.getPath()!=null && event.getPath().equals(ZooDefs.CONFIG_NODE)) { + // in prod code never block the event thread! + zk.sync(ZooDefs.CONFIG_NODE, this, null); + zk.getConfig(this, this, null); + } + } +} +public void processResult(int rc, String path, Object ctx, byte[] data, Stat stat) { + if (path!=null && path.equals(ZooDefs.CONFIG_NODE)) { + String config[] = ConfigUtils.getClientConfigStr(new String(data)).split(" "); // similar to config -c + long version = Long.parseLong(config[0], 16); + if (this.configVersion == null){ + this.configVersion = version; + } else if (version > this.configVersion) { + hostList = config[1]; + try { + // the following command is not blocking but may cause the client to close the socket and + // migrate to a different server. In practice its better to wait a short period of time, chosen + // randomly, so that different clients migrate at different times + zk.updateServerList(hostList); + } catch (IOException e) { + System.err.println("Error updating server list"); + e.printStackTrace(); + } + this.configVersion = version; +} } }]]></programlisting> + </section> +</article> http://git-wip-us.apache.org/repos/asf/zookeeper/blob/4607a3e1/zookeeper-docs/src/documentation/content/xdocs/zookeeperStarted.xml ---------------------------------------------------------------------- diff --git a/zookeeper-docs/src/documentation/content/xdocs/zookeeperStarted.xml b/zookeeper-docs/src/documentation/content/xdocs/zookeeperStarted.xml new file mode 100644 index 0000000..e5cd777 --- /dev/null +++ b/zookeeper-docs/src/documentation/content/xdocs/zookeeperStarted.xml @@ -0,0 +1,419 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2002-2004 The Apache Software Foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!DOCTYPE article PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0//EN" +"http://www.oasis-open.org/docbook/xml/simple/1.0/sdocbook.dtd";> +<article id="bk_GettStartedGuide"> + <title>ZooKeeper Getting Started Guide</title> + + <articleinfo> + <legalnotice> + <para>Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. You may + obtain a copy of the License at <ulink + url="http://www.apache.org/licenses/LICENSE-2.0";>http://www.apache.org/licenses/LICENSE-2.0</ulink>.</para> + + <para>Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an "AS IS" + BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied. See the License for the specific language governing permissions + and limitations under the License.</para> + </legalnotice> + + <abstract> + <para>This guide contains detailed information about creating + distributed applications that use ZooKeeper. It discusses the basic + operations ZooKeeper supports, and how these can be used to build + higher-level abstractions. It contains solutions to common tasks, a + troubleshooting guide, and links to other information.</para> + </abstract> + </articleinfo> + + <section id="ch_GettingStarted"> + <title>Getting Started: Coordinating Distributed Applications with + ZooKeeper</title> + + <para>This document contains information to get you started quickly with + ZooKeeper. It is aimed primarily at developers hoping to try it out, and + contains simple installation instructions for a single ZooKeeper server, a + few commands to verify that it is running, and a simple programming + example. Finally, as a convenience, there are a few sections regarding + more complicated installations, for example running replicated + deployments, and optimizing the transaction log. However for the complete + instructions for commercial deployments, please refer to the <ulink + url="zookeeperAdmin.html">ZooKeeper + Administrator's Guide</ulink>.</para> + + <section id="sc_Prerequisites"> + <title>Pre-requisites</title> + + <para>See <ulink url="zookeeperAdmin.html#sc_systemReq"> + System Requirements</ulink> in the Admin guide.</para> + </section> + + <section id="sc_Download"> + <title>Download</title> + + <para>To get a ZooKeeper distribution, download a recent + <ulink url="http://zookeeper.apache.org/releases.html";> + stable</ulink> release from one of the Apache Download + Mirrors.</para> + </section> + + <section id="sc_InstallingSingleMode"> + <title>Standalone Operation</title> + + <para>Setting up a ZooKeeper server in standalone mode is + straightforward. The server is contained in a single JAR file, + so installation consists of creating a configuration.</para> + + <para>Once you've downloaded a stable ZooKeeper release unpack + it and cd to the root</para> + + <para>To start ZooKeeper you need a configuration file. Here is a sample, + create it in <emphasis role="bold">conf/zoo.cfg</emphasis>:</para> + +<programlisting> +tickTime=2000 +dataDir=/var/lib/zookeeper +clientPort=2181 +</programlisting> + + <para>This file can be called anything, but for the sake of this + discussion call + it <emphasis role="bold">conf/zoo.cfg</emphasis>. Change the + value of <emphasis role="bold">dataDir</emphasis> to specify an + existing (empty to start with) directory. Here are the meanings + for each of the fields:</para> + + <variablelist> + <varlistentry> + <term><emphasis role="bold">tickTime</emphasis></term> + + <listitem> + <para>the basic time unit in milliseconds used by ZooKeeper. It is + used to do heartbeats and the minimum session timeout will be + twice the tickTime.</para> + </listitem> + </varlistentry> + </variablelist> + + <variablelist> + <varlistentry> + <term><emphasis role="bold">dataDir</emphasis></term> + + <listitem> + <para>the location to store the in-memory database snapshots and, + unless specified otherwise, the transaction log of updates to the + database.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis role="bold">clientPort</emphasis></term> + + <listitem> + <para>the port to listen for client connections</para> + </listitem> + </varlistentry> + </variablelist> + + <para>Now that you created the configuration file, you can start + ZooKeeper:</para> + + <programlisting>bin/zkServer.sh start</programlisting> + + <para>ZooKeeper logs messages using log4j -- more detail + available in the + <ulink url="zookeeperProgrammers.html#Logging">Logging</ulink> + section of the Programmer's Guide. You will see log messages + coming to the console (default) and/or a log file depending on + the log4j configuration.</para> + + <para>The steps outlined here run ZooKeeper in standalone mode. There is + no replication, so if ZooKeeper process fails, the service will go down. + This is fine for most development situations, but to run ZooKeeper in + replicated mode, please see <ulink + url="#sc_RunningReplicatedZooKeeper">Running Replicated + ZooKeeper</ulink>.</para> + </section> + + <section id="sc_FileManagement"> + <title>Managing ZooKeeper Storage</title> + <para>For long running production systems ZooKeeper storage must + be managed externally (dataDir and logs). See the section on + <ulink + url="zookeeperAdmin.html#sc_maintenance">maintenance</ulink> for + more details.</para> + </section> + + <section id="sc_ConnectingToZooKeeper"> + <title>Connecting to ZooKeeper</title> + + <programlisting>$ bin/zkCli.sh -server 127.0.0.1:2181</programlisting> + + <para>This lets you perform simple, file-like operations.</para> + + <para>Once you have connected, you should see something like: + </para> + <programlisting> +<![CDATA[ +Connecting to localhost:2181 +log4j:WARN No appenders could be found for logger (org.apache.zookeeper.ZooKeeper). +log4j:WARN Please initialize the log4j system properly. +Welcome to ZooKeeper! +JLine support is enabled +[zkshell: 0] +]]> </programlisting> + <para> + From the shell, type <command>help</command> to get a listing of commands that can be executed from the client, as in: + </para> + <programlisting> +<![CDATA[ +[zkshell: 0] help +ZooKeeper host:port cmd args + get path [watch] + ls path [watch] + set path data [version] + delquota [-n|-b] path + quit + printwatches on|off + create path data acl + stat path [watch] + listquota path + history + setAcl path acl + getAcl path + sync path + redo cmdno + addauth scheme auth + delete path [version] + deleteall path + setquota -n|-b val path + +]]> </programlisting> + <para>From here, you can try a few simple commands to get a feel for this simple command line interface. First, start by issuing the list command, as + in <command>ls</command>, yielding: + </para> + <programlisting> +<![CDATA[ +[zkshell: 8] ls / +[zookeeper] +]]> </programlisting> + <para>Next, create a new znode by running <command>create /zk_test my_data</command>. This creates a new znode and associates the string "my_data" with the node. + You should see:</para> + <programlisting> +<![CDATA[ +[zkshell: 9] create /zk_test my_data +Created /zk_test +]]> </programlisting> + <para> Issue another <command>ls /</command> command to see what the directory looks like: + </para> + <programlisting> +<![CDATA[ +[zkshell: 11] ls / +[zookeeper, zk_test] + +]]> </programlisting><para> + Notice that the zk_test directory has now been created. + </para> + <para>Next, verify that the data was associated with the znode by running the <command>get</command> command, as in: + </para> + <programlisting> +<![CDATA[ +[zkshell: 12] get /zk_test +my_data +cZxid = 5 +ctime = Fri Jun 05 13:57:06 PDT 2009 +mZxid = 5 +mtime = Fri Jun 05 13:57:06 PDT 2009 +pZxid = 5 +cversion = 0 +dataVersion = 0 +aclVersion = 0 +ephemeralOwner = 0 +dataLength = 7 +numChildren = 0 +]]> </programlisting> + <para>We can change the data associated with zk_test by issuing the <command>set</command> command, as in: + </para> + <programlisting> +<![CDATA[ +[zkshell: 14] set /zk_test junk +cZxid = 5 +ctime = Fri Jun 05 13:57:06 PDT 2009 +mZxid = 6 +mtime = Fri Jun 05 14:01:52 PDT 2009 +pZxid = 5 +cversion = 0 +dataVersion = 1 +aclVersion = 0 +ephemeralOwner = 0 +dataLength = 4 +numChildren = 0 +[zkshell: 15] get /zk_test +junk +cZxid = 5 +ctime = Fri Jun 05 13:57:06 PDT 2009 +mZxid = 6 +mtime = Fri Jun 05 14:01:52 PDT 2009 +pZxid = 5 +cversion = 0 +dataVersion = 1 +aclVersion = 0 +ephemeralOwner = 0 +dataLength = 4 +numChildren = 0 +]]> </programlisting> + <para> + (Notice we did a <command>get</command> after setting the data and it did, indeed, change.</para> + <para>Finally, let's <command>delete</command> the node by issuing: + </para> + <programlisting> +<![CDATA[ +[zkshell: 16] delete /zk_test +[zkshell: 17] ls / +[zookeeper] +[zkshell: 18] +]]></programlisting> + <para>That's it for now. To explore more, continue with the rest of this document and see the <ulink url="zookeeperProgrammers.html">Programmer's Guide</ulink>. </para> + </section> + + <section id="sc_ProgrammingToZooKeeper"> + <title>Programming to ZooKeeper</title> + + <para>ZooKeeper has a Java bindings and C bindings. They are + functionally equivalent. The C bindings exist in two variants: single + threaded and multi-threaded. These differ only in how the messaging loop + is done. For more information, see the <ulink + url="zookeeperProgrammers.html#ch_programStructureWithExample">Programming + Examples in the ZooKeeper Programmer's Guide</ulink> for + sample code using of the different APIs.</para> + </section> + + <section id="sc_RunningReplicatedZooKeeper"> + <title>Running Replicated ZooKeeper</title> + + <para>Running ZooKeeper in standalone mode is convenient for evaluation, + some development, and testing. But in production, you should run + ZooKeeper in replicated mode. A replicated group of servers in the same + application is called a <emphasis>quorum</emphasis>, and in replicated + mode, all servers in the quorum have copies of the same configuration + file.</para> + <note> + <para> + For replicated mode, a minimum of three servers are required, + and it is strongly recommended that you have an odd number of + servers. If you only have two servers, then you are in a + situation where if one of them fails, there are not enough + machines to form a majority quorum. Two servers is inherently + <emphasis role="bold">less</emphasis> + stable than a single server, because there are two single + points of failure. + </para> + </note> + <para> + The required + <emphasis role="bold">conf/zoo.cfg</emphasis> + file for replicated mode is similar to the one used in standalone + mode, but with a few differences. Here is an example: + </para> + +<programlisting> +tickTime=2000 +dataDir=/var/lib/zookeeper +clientPort=2181 +initLimit=5 +syncLimit=2 +server.1=zoo1:2888:3888 +server.2=zoo2:2888:3888 +server.3=zoo3:2888:3888 +</programlisting> + + <para>The new entry, <emphasis role="bold">initLimit</emphasis> is + timeouts ZooKeeper uses to limit the length of time the ZooKeeper + servers in quorum have to connect to a leader. The entry <emphasis + role="bold">syncLimit</emphasis> limits how far out of date a server can + be from a leader.</para> + + <para>With both of these timeouts, you specify the unit of time using + <emphasis role="bold">tickTime</emphasis>. In this example, the timeout + for initLimit is 5 ticks at 2000 milleseconds a tick, or 10 + seconds.</para> + + <para>The entries of the form <emphasis>server.X</emphasis> list the + servers that make up the ZooKeeper service. When the server starts up, + it knows which server it is by looking for the file + <emphasis>myid</emphasis> in the data directory. That file has the + contains the server number, in ASCII.</para> + + <para>Finally, note the two port numbers after each server + name: " 2888" and "3888". Peers use the former port to connect + to other peers. Such a connection is necessary so that peers + can communicate, for example, to agree upon the order of + updates. More specifically, a ZooKeeper server uses this port + to connect followers to the leader. When a new leader arises, a + follower opens a TCP connection to the leader using this + port. Because the default leader election also uses TCP, we + currently require another port for leader election. This is the + second port in the server entry. + </para> + + <note> + <para>If you want to test multiple servers on a single + machine, specify the servername + as <emphasis>localhost</emphasis> with unique quorum & + leader election ports (i.e. 2888:3888, 2889:3889, 2890:3890 in + the example above) for each server.X in that server's config + file. Of course separate <emphasis>dataDir</emphasis>s and + distinct <emphasis>clientPort</emphasis>s are also necessary + (in the above replicated example, running on a + single <emphasis>localhost</emphasis>, you would still have + three config files).</para> + <para>Please be aware that setting up multiple servers on a single + machine will not create any redundancy. If something were to + happen which caused the machine to die, all of the zookeeper + servers would be offline. Full redundancy requires that each + server have its own machine. It must be a completely separate + physical server. Multiple virtual machines on the same physical + host are still vulnerable to the complete failure of that host.</para> + </note> + </section> + + <section> + <title>Other Optimizations</title> + + <para>There are a couple of other configuration parameters that can + greatly increase performance:</para> + + <itemizedlist> + <listitem> + <para>To get low latencies on updates it is important to + have a dedicated transaction log directory. By default + transaction logs are put in the same directory as the data + snapshots and <emphasis>myid</emphasis> file. The dataLogDir + parameters indicates a different directory to use for the + transaction logs.</para> + </listitem> + + <listitem> + <para><emphasis>[tbd: what is the other config param?]</emphasis></para> + </listitem> + </itemizedlist> + </section> + </section> +</article>
