You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Michael Han (JIRA)" <ji...@apache.org> on 2017/04/19 15:29:42 UTC

[jira] [Commented] (ZOOKEEPER-2764) By default, only srvr four-letter word is on the whitelist, while documentation says all are

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15974909#comment-15974909 ] 

Michael Han commented on ZOOKEEPER-2764:
----------------------------------------

3.5.3-beta has all four letter words disabled except srvr, please refer to the doc here:
http://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperAdmin.html
{noformat}
4lw.commands.whitelist
(Java system property: zookeeper.4lw.commands.whitelist)

New in 3.5.3: A list of comma separated Four Letter Words commands that user wants to use. A valid Four Letter Words command must be put in this list else ZooKeeper server will not enable the command. By default the whitelist only contains "srvr" command which zkServer.sh uses. The rest of four letter word commands are disabled by default.

Here's an example of the configuration that enables stat, ruok, conf, and isro command while disabling the rest of Four Letter Words command:

                4lw.commands.whitelist=stat, ruok, conf, isro
              
If you really need enable all four letter word commands by default, you can use the asterisk option so you don't have to include every command one by one in the list. As an example, this will enable all four letter word commands:

                4lw.commands.whitelist=*
              
{noformat}

bq. It says since 3.4.10 there's a whitelist option, but all commands are by default on it (same as 4lw.commands.whitelist=*).

As previously mentioned the document has up to date content wrt the white list. May I know where you find in 3.5.3-beta that all commands are by default on? 

On a side note, you can try Jetty admin server interface or JMX for monitoring server health instead of using 4lw.

> By default, only srvr four-letter word is on the whitelist, while documentation says all are
> --------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2764
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2764
>             Project: ZooKeeper
>          Issue Type: Bug
>    Affects Versions: 3.5.3
>            Reporter: Arne Bachmann
>            Priority: Minor
>
> Using the same Vagrant provisioning script as for 3.5.2-alpha, suddenly all monitoring tools told me that the ZK instance was unavailable or had an error. Investigating further, the instance was fine as a follower, but the response to telnet "ruok" was actually "ruok ... is not in the whitelist".
> Is this a new default not reflected in the documentation yet? It says since 3.4.10 there's a whitelist option, but all commands are by default on it (same as 4lw.commands.whitelist=*).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)