zookeeper从3.4.8升级到3.4.14

Apache Zookeeper 缓冲区溢出漏洞(CVE-2016-5017)

官方给出的升级建议：

地址:https://zookeeper.apache.org/security.html#CVE-2016-5017

Mitigation: It is important to use the fully featured/supported Java cli shell rather than the C cli shell independent of version.shell

• ZooKeeper 3.4.x users should upgrade to 3.4.9 or apply this patchapache

• ZooKeeper 3.5.x users should upgrade to 3.5.3 when released or apply this patch安全

即：升级到较高版本或者打补丁。因为当前环境中使用的版本是3.4.8.因此，将zk升级到3.4版本当前的最新版本。3.4.14服务器

tar -C ../app/ -zxf zookeeper-3.4.14.tar.gz 

cp zookeeper-3.4.8/conf/zoo.cfg zookeeper-3.4.14/conf/
mkdir zookeeper-3.4.14/data
cp zookeeper-3.4.8/data/myid zookeeper-3.4.14/data/

[aiprd@host-10-124-163-135 app]$ grep dataDir zookeeper-3.4.14/conf/zoo.cfg 
dataDir=/mnt/aiprd/app/zookeeper-3.4.14/data
# The number of snapshots to retain in dataDir

zookeeper-3.4.8/bin/zkServer.sh stop
zookeeper-3.4.14/bin/zkServer.sh start
[aiprd@host-10-124-163-135 app]$ zookeeper-3.4.14/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /mnt/aiprd/app/zookeeper-3.4.14/bin/../conf/zoo.cfg
Mode: follower

zookeeper-3.4.14/bin/zkCli.sh -server 10.124.163.135:2181
#查看其中注册的regionserver的信息。已经有数据，说明升级成功。
[zk: 10.124.163.135:2181(CONNECTED) 15] ls /hbase/rs        
[host-10-124-163-134,16020,1562122185977, host-10-124-163-135,16020,1562122203415, host-10-124-163-136,16020,1562122183160]

http://10.124.163.134:16010/master-status