Enable srvr, stat and dump commands in the zk cluster

Zookeeper supports a number of "4 letter" commands [0] which are useful for debugging and general diagnostics. By default only srvr is enabled, but we want to add stat and dump to see details on server and client connection statuses. We do this via the 4lw.commands.whitelist configuration option [1] and not the docker image env vars because we're mounting a zoo.cfg in already. [0] https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_4lw [1] https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_clusterOptions Change-Id: I24ea9b37cd5766c9d393106e8eab34623cad1624
2021-03-12 09:12:05 -08:00 · 2021-03-12 09:12:05 -08:00 · 3f2dd0e681
commit 3f2dd0e681
parent a5a0e5faba
3 changed files with 22 additions and 1 deletions
--- a/playbooks/roles/zookeeper/tasks/main.yaml
+++ b/playbooks/roles/zookeeper/tasks/main.yaml
@ -54,3 +54,10 @@
 - name: Run docker prune to cleanup unneeded images
  shell:
    cmd: docker image prune -f
+
+# This is handy to have on the zk cluster for interacting with the 4 letter
+# commands.
+- name: Install netcat
+  package:
+    name: netcat
+    state: present
--- a/playbooks/roles/zookeeper/templates/zoo.cfg.j2
+++ b/playbooks/roles/zookeeper/templates/zoo.cfg.j2
@ -22,6 +22,7 @@ autopurge.purgeInterval=6
 maxClientCnxns=60
 standaloneEnabled=true
 admin.enableServer=true
+4lw.commands.whitelist=srvr, stat, dump
 clientPort=2181
 secureClientPort=2281
 ssl.keyStore.location=/tls/keys/keystore.pem
--- a/testinfra/test_zookeeper.py
+++ b/testinfra/test_zookeeper.py
@ -22,9 +22,22 @@ def test_id_file(host):
    assert myid.content == b'1\n'

 def test_zk_listening(host):
-    zk = host.socket("tcp://0.0.0.0:2281")
+    zk = host.socket("tcp://0.0.0.0:2181")
    assert zk.is_listening

 def test_zk_listening_ssl(host):
    zk = host.socket("tcp://0.0.0.0:2281")
    assert zk.is_listening
+
+def test_l4_commands(host):
+    cmd = host.run("echo srvr | nc localhost 2181")
+    assert "Zookeeper version" in cmd.stdout
+    assert "not executed because it is not in the whitelist" not in cmd.stdout
+
+    cmd = host.run("echo stat | nc localhost 2181")
+    assert "Zookeeper version" in cmd.stdout
+    assert "not executed because it is not in the whitelist" not in cmd.stdout
+
+    cmd = host.run("echo dump | nc localhost 2181")
+    assert "SessionTracker dump" in cmd.stdout
+    assert "not executed because it is not in the whitelist" not in cmd.stdout