Membership Services Access Control
In TimesTen Scaleout, all ZooKeeper connections for membership services have world permission by default, so it is important to limit this access to an authenticated user.
This user name applies to all grid instances connecting to ZooKeeper and to
the zkCli
command-line utility. Lack of a specified user name and
password is supported for backward compatibility only.
Specify the ZooKeeper user name through the -membershipUser
option of the ttGridAdmin gridCreate
or gridModify
command. When you specify the user name on thettGridAdmin
command line, you are prompted to enter the password. For example:
% ttGridAdmin gridModify -membershipUser pat
Enter membership password: zk_pwd
Password accepted
Grid Definition modified.
This will result in the ZooKeeper access control list being defined accordingly on each node. Changes to the user name and password will take effect with the next ttGridAdmin modelApply
command, at which time ZooKeeper connections on all grid instances are re-authenticated (which may cause a brief disconnection from membership services).
The membership services user name and password are stored in an Oracle Wallet. You
can specify the path to the location of the wallet on each instance of a grid (including
management instances) by using the ttGridAdmin gridCreate -walletDir
option. After creation of the grid, you can use the ttGridAdmin instanceCreate
-walletDir
option to specify a different wallet location for the standby
management instance or any data instance. The default wallet location is
timesten_home/info
. The ttGridAdmin
modelApply
command will send new wallets to all new instances. (The same
wallet is also used to store credentials for TimesTen Scaleout administration, the password of the Oracle cache administration user,
and other internal TimesTen credentials.)
See Setting Up the Membership Service in Oracle TimesTen In-Memory Database Scaleout
User's Guide. Use of zkCli
is shown in Start the ZooKeeper Servers and Managing a Development or Test Environment.
See Create a Grid (gridCreate) and Modify Grid Settings (gridModify) in Oracle TimesTen In-Memory Database Reference.