zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Wise <m...@nextdoor.com>
Subject Zookeeper and SSL...
Date Fri, 08 Mar 2013 23:13:35 GMT
Currently we run Zookeeper out on the big bad scary internet using Stunnel as an encryption
and authentication system for our clients. Our single 5-node Zookeeper quorum is in a single
datacenter where we can control network access and feel reasonably safe.

I've been thinking about scale recently, and I would love to be able to put Zookeeper Observer
nodes in each of our regions. We don't use VPC or any other network-to-network tunneling technology.
Stunnel is simple when you have one client, and one endpoint, but it sucks when you have multiple
servers all trying to talk to each other.

Are there any plans to add SSL support to Zookeeper? Specifically to its own private cluster
communication ports? If not, what about running a Zookeeper Observer in a "client" mode where
I can point it to any of our 5 quorum servers, and it acts as a kind of proxy for data --
without really "joining" the cluster?

--Matt


Mime
View raw message