[jira] [Commented] (ZOOKEEPER-2764) By default, only srvr four-letter word is on the whitelist, while documentation says all are

Wed, 19 Apr 2017 08:29:59 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15974909#comment-15974909
 ] 

Michael Han commented on ZOOKEEPER-2764:
----------------------------------------

3.5.3-beta has all four letter words disabled except srvr, please refer to the 
doc here:
http://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperAdmin.html
{noformat}
4lw.commands.whitelist
(Java system property: zookeeper.4lw.commands.whitelist)

New in 3.5.3: A list of comma separated Four Letter Words commands that user 
wants to use. A valid Four Letter Words command must be put in this list else 
ZooKeeper server will not enable the command. By default the whitelist only 
contains "srvr" command which zkServer.sh uses. The rest of four letter word 
commands are disabled by default.

Here's an example of the configuration that enables stat, ruok, conf, and isro 
command while disabling the rest of Four Letter Words command:

                4lw.commands.whitelist=stat, ruok, conf, isro
              
If you really need enable all four letter word commands by default, you can use 
the asterisk option so you don't have to include every command one by one in 
the list. As an example, this will enable all four letter word commands:

                4lw.commands.whitelist=*
              
{noformat}

bq. It says since 3.4.10 there's a whitelist option, but all commands are by 
default on it (same as 4lw.commands.whitelist=*).

As previously mentioned the document has up to date content wrt the white list. 
May I know where you find in 3.5.3-beta that all commands are by default on? 

On a side note, you can try Jetty admin server interface or JMX for monitoring 
server health instead of using 4lw.

> By default, only srvr four-letter word is on the whitelist, while 
> documentation says all are
> --------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2764
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2764
>             Project: ZooKeeper
>          Issue Type: Bug
>    Affects Versions: 3.5.3
>            Reporter: Arne Bachmann
>            Priority: Minor
>
> Using the same Vagrant provisioning script as for 3.5.2-alpha, suddenly all 
> monitoring tools told me that the ZK instance was unavailable or had an 
> error. Investigating further, the instance was fine as a follower, but the 
> response to telnet "ruok" was actually "ruok ... is not in the whitelist".
> Is this a new default not reflected in the documentation yet? It says since 
> 3.4.10 there's a whitelist option, but all commands are by default on it 
> (same as 4lw.commands.whitelist=*).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to