From b2d37cfd36b60bddbe506d6cdcd10b7984d1fcca Mon Sep 17 00:00:00 2001
From: Davinder Pal <dpsangwal@gmail.com>
Date: Tue, 20 Feb 2024 21:16:04 +0200
Subject: [PATCH] * fix issue with zkCli.sh not working with sasl * updated
 readme for sasl setup * logging updates to dependent systesms likes splunk

---
 Splunk-Config.md                    |  2 +-
 Vagrantfile                         |  1 +
 clusterMigrateToMtls.yml            | 12 ++++++------
 clusterMigrateToSasLAuth.yml        | 10 +++++-----
 docs/migrate-to-mtls.md             |  1 +
 docs/vagrant-notes.md               |  8 ++++++++
 files/vagrant-generate-tls-certs.sh |  0
 roles/configure/templates/jaas.conf | 11 +++++++++++
 8 files changed, 33 insertions(+), 12 deletions(-)
 create mode 100644 docs/vagrant-notes.md
 mode change 100644 => 100755 files/vagrant-generate-tls-certs.sh

diff --git a/Splunk-Config.md b/Splunk-Config.md
index e3aad29..4d4815e 100755
--- a/Splunk-Config.md
+++ b/Splunk-Config.md
@@ -5,7 +5,7 @@
 [default]
 host = $HOSTNAME
 
-[monitor:///zookeeper/zookeeper-logs/*.out]
+[monitor:///zookeeper/zookeeper-logs/*]
 disabled = false
 index = kafka
 sourcetype = zookeeper
diff --git a/Vagrantfile b/Vagrantfile
index 56177d9..b0dc03e 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -22,4 +22,5 @@ Vagrant.configure("2") do |config|
 # SSH config to use your local ssh key for auth instead of username/password
   config.ssh.insert_key = false
   config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/authorized_keys"
+  config.vm.synced_folder '.', '/vagrant', disabled: true
 end
diff --git a/clusterMigrateToMtls.yml b/clusterMigrateToMtls.yml
index f6a3be4..c3d4180 100644
--- a/clusterMigrateToMtls.yml
+++ b/clusterMigrateToMtls.yml
@@ -63,9 +63,9 @@
         name: configure
         tasks_from: dynamicConfigs
       vars:
-        - zookeeperConfigFile: zoo.cfg
-        - zookeeperSslQuorum: true
-        - zookeeperPortUnification: "true" # force true
+        zookeeperConfigFile: zoo.cfg
+        zookeeperSslQuorum: true
+        zookeeperPortUnification: "true" # force true
 
     - name: MigrateToMtls | restarting zookeeper
       ansible.builtin.import_role:
@@ -100,9 +100,9 @@
         name: configure
         tasks_from: dynamicConfigs
       vars:
-        - zookeeperConfigFile: zoo.cfg
-        - zookeeperSslQuorum: true
-        - zookeeperPortUnification: "false" # force false
+        zookeeperConfigFile: zoo.cfg
+        zookeeperSslQuorum: true
+        zookeeperPortUnification: "false" # force false
 
     - name: MigrateToMtls | restarting zookeeper
       ansible.builtin.import_role:
diff --git a/clusterMigrateToSasLAuth.yml b/clusterMigrateToSasLAuth.yml
index 97a45c3..20831ea 100644
--- a/clusterMigrateToSasLAuth.yml
+++ b/clusterMigrateToSasLAuth.yml
@@ -14,15 +14,15 @@
         name: configure
         tasks_from: dynamicConfigs
       vars:
-        - zookeeperConfigFile: jaas.conf
+        zookeeperConfigFile: jaas.conf
 
     - name: MigrateToSasL | regenerate java.env to enable jaas.conf
       ansible.builtin.include_role:
         name: configure
         tasks_from: dynamicConfigs
       vars:
-        - zookeeperConfigFile: java.env
-        - zookeeperQuorumAuthEnableSasl: true
+        zookeeperConfigFile: java.env
+        zookeeperQuorumAuthEnableSasl: true
 
     - name: MigrateToSasL | enableSasl in zoo.cfg
       ansible.builtin.lineinfile:
@@ -83,8 +83,8 @@
         name: configure
         tasks_from: dynamicConfigs
       vars:
-        - zookeeperConfigFile: zoo.cfg
-        - zookeeperQuorumAuthEnableSasl: true
+        zookeeperConfigFile: zoo.cfg
+        zookeeperQuorumAuthEnableSasl: true
 
     - name: MigrateToSasL | restarting zookeeper
       ansible.builtin.import_role:
diff --git a/docs/migrate-to-mtls.md b/docs/migrate-to-mtls.md
index 8d91934..135114b 100644
--- a/docs/migrate-to-mtls.md
+++ b/docs/migrate-to-mtls.md
@@ -4,6 +4,7 @@ Read documentation here: https://zookeeper.apache.org/doc/r3.8.0/zookeeperAdmin.
 
 ### Step 0
 Generate MTLS Certs, if you are testing with vagrant then you can use below-mentioned script else read above-mentioned documenations.
+The following script generates certs in the directory from where you are running the script.
 
 [vagrant-generate-tls-certs.sh](../files/vagrant-generate-tls-certs.sh)
 
diff --git a/docs/vagrant-notes.md b/docs/vagrant-notes.md
new file mode 100644
index 0000000..6e81836
--- /dev/null
+++ b/docs/vagrant-notes.md
@@ -0,0 +1,8 @@
+## Running on Windows
+
+### Requires following plugins
+```bash
+vagrant plugin install vagrant-hosts
+vagrant plugin install virtualbox_WSL2
+vagrant plugin install vagrant-vbguest # optional
+```
\ No newline at end of file
diff --git a/files/vagrant-generate-tls-certs.sh b/files/vagrant-generate-tls-certs.sh
old mode 100644
new mode 100755
diff --git a/roles/configure/templates/jaas.conf b/roles/configure/templates/jaas.conf
index 7251023..20347fa 100644
--- a/roles/configure/templates/jaas.conf
+++ b/roles/configure/templates/jaas.conf
@@ -8,3 +8,14 @@ QuorumLearner {
        username="{{ zookeeperQuorumUsername }}"
        password="{{ zookeeperQuorumPassword }}";
 };
+
+Server {
+       org.apache.zookeeper.server.auth.DigestLoginModule required
+       user_{{ zookeeperQuorumUsername }}="{{ zookeeperQuorumPassword }}";
+};
+
+Client {
+       org.apache.zookeeper.server.auth.DigestLoginModule required
+       username="{{ zookeeperQuorumUsername }}"
+       password="{{ zookeeperQuorumPassword }}";
+};