diff --git a/playbooks/roles/zookeeper/tasks/main.yaml b/playbooks/roles/zookeeper/tasks/main.yaml index 1acc60d29e..4b901eb570 100644 --- a/playbooks/roles/zookeeper/tasks/main.yaml +++ b/playbooks/roles/zookeeper/tasks/main.yaml @@ -54,3 +54,10 @@ - name: Run docker prune to cleanup unneeded images shell: cmd: docker image prune -f + +# This is handy to have on the zk cluster for interacting with the 4 letter +# commands. +- name: Install netcat + package: + name: netcat + state: present diff --git a/playbooks/roles/zookeeper/templates/zoo.cfg.j2 b/playbooks/roles/zookeeper/templates/zoo.cfg.j2 index d943db37b8..79243cd18c 100644 --- a/playbooks/roles/zookeeper/templates/zoo.cfg.j2 +++ b/playbooks/roles/zookeeper/templates/zoo.cfg.j2 @@ -22,6 +22,7 @@ autopurge.purgeInterval=6 maxClientCnxns=60 standaloneEnabled=true admin.enableServer=true +4lw.commands.whitelist=srvr, stat, dump clientPort=2181 secureClientPort=2281 ssl.keyStore.location=/tls/keys/keystore.pem diff --git a/testinfra/test_zookeeper.py b/testinfra/test_zookeeper.py index feb9009612..d96756b440 100644 --- a/testinfra/test_zookeeper.py +++ b/testinfra/test_zookeeper.py @@ -22,9 +22,22 @@ def test_id_file(host): assert myid.content == b'1\n' def test_zk_listening(host): - zk = host.socket("tcp://0.0.0.0:2281") + zk = host.socket("tcp://0.0.0.0:2181") assert zk.is_listening def test_zk_listening_ssl(host): zk = host.socket("tcp://0.0.0.0:2281") assert zk.is_listening + +def test_l4_commands(host): + cmd = host.run("echo srvr | nc localhost 2181") + assert "Zookeeper version" in cmd.stdout + assert "not executed because it is not in the whitelist" not in cmd.stdout + + cmd = host.run("echo stat | nc localhost 2181") + assert "Zookeeper version" in cmd.stdout + assert "not executed because it is not in the whitelist" not in cmd.stdout + + cmd = host.run("echo dump | nc localhost 2181") + assert "SessionTracker dump" in cmd.stdout + assert "not executed because it is not in the whitelist" not in cmd.stdout