本文共 6044 字,大约阅读时间需要 20 分钟。
#./bin/zkCli.sh
Connecting to localhost:21812020-01-14 10:01:21,694 [myid:] - INFO [main:Environment@100] - Client environment:zookeeper.version=3.4.14-4c25d480e66aadd371de8bd2fd8da255ac140bcf, built on 03/06/2019 16:18 GMT2020-01-14 10:01:21,697 [myid:] - INFO [main:Environment@100] - Client environment:host.name=dianliangcaiji.novalocal2020-01-14 10:01:21,697 [myid:] - INFO [main:Environment@100] - Client environment:java.version=1.8.0_2012020-01-14 10:01:21,705 [myid:] - INFO [main:Environment@100] - Client environment:java.vendor=Oracle Corporation2020-01-14 10:01:21,705 [myid:] - INFO [main:Environment@100] - Client environment:java.home=/home/ocr/jdk1.8.0_201/jre2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:java.class.path=/usr/local/zookeeper-3.4.14/bin/../zookeeper-server/target/classes:/usr/local/zookeeper-3.4.14/bin/../build/classes:/usr/local/zookeeper-3.4.14/bin/../zookeeper-server/target/lib/*.jar:/usr/local/zookeeper-3.4.14/bin/../build/lib/*.jar:/usr/local/zookeeper-3.4.14/bin/../lib/slf4j-log4j12-1.7.25.jar:/usr/local/zookeeper-3.4.14/bin/../lib/slf4j-api-1.7.25.jar:/usr/local/zookeeper-3.4.14/bin/../lib/netty-3.10.6.Final.jar:/usr/local/zookeeper-3.4.14/bin/../lib/log4j-1.2.17.jar:/usr/local/zookeeper-3.4.14/bin/../lib/jline-0.9.94.jar:/usr/local/zookeeper-3.4.14/bin/../lib/audience-annotations-0.5.0.jar:/usr/local/zookeeper-3.4.14/bin/../zookeeper-3.4.14.jar:/usr/local/zookeeper-3.4.14/bin/../zookeeper-server/src/main/resources/lib/*.jar:/usr/local/zookeeper-3.4.14/bin/../conf:2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:java.io.tmpdir=/tmp2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:java.compiler=2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:os.name=Linux2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:os.arch=amd642020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:os.version=3.10.0-693.11.6.el7.x86_642020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:user.name=root2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:user.home=/root2020-01-14 10:01:21,706 [myid:] - INFO [main:Environment@100] - Client environment:user.dir=/usr/local/zookeeper-3.4.142020-01-14 10:01:21,707 [myid:] - INFO [main:ZooKeeper@442] - Initiating client connection, connectString=localhost:2181 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@5ce65a89Welcome to ZooKeeper!2020-01-14 10:01:21,769 [myid:] - INFO [main-SendThread(localhost:2181):ClientCnxn$SendThread@1025] - Opening socket connection to server localhost/127.0.0.1:2181. Will not attempt to authenticate using SASL (unknown error)JLine support is enabled2020-01-14 10:01:22,037 [myid:] - INFO [main-SendThread(localhost:2181):ClientCnxn$SendThread@879] - Socket connection established to localhost/127.0.0.1:2181, initiating session2020-01-14 10:01:22,100 [myid:] - INFO [main-SendThread(localhost:2181):ClientCnxn$SendThread@1299] - Session establishment complete on server localhost/127.0.0.1:2181, sessionid = 0x101eeb3e0180000, negotiated timeout = 30000WATCHER::WatchedEvent state:SyncConnected type:None path:null[zk: localhost:2181(CONNECTED) 0][zk: localhost:2181(CONNECTED) 0] ls / ##查看当前 ZooKeeper 中所包含的内容[zookeeper][zk: localhost:2181(CONNECTED) 1] ls2 / ##更详细显示当前ZooKeeper 中内容[zookeeper]cZxid = 0x0ctime = Thu Jan 01 08:00:00 CST 1970mZxid = 0x0mtime = Thu Jan 01 08:00:00 CST 1970pZxid = 0x0cversion = -1dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 0numChildren = 1
[zk: localhost:2181(CONNECTED) 4] addauth digest root:123456
如果需要加密,可执行以下命令:
echo -n root:123456 | openssl dgst -binary -sha1 | openssl base64 上述命令可将明文密码加密为base64的编码,对应在配置acl的set时密码写成改base64编码: 4Pn5A64fVZyQ0gOJ8ZWqkY=:drawc[zk: localhost:2181(CONNECTED) 17] setAcl /zookeeper auth:root:123456:cdrwacZxid = 0x0ctime = Thu Jan 01 08:00:00 CST 1970mZxid = 0x0mtime = Thu Jan 01 08:00:00 CST 1970pZxid = 0x0cversion = -1dataVersion = 0aclVersion = 1ephemeralOwner = 0x0dataLength = 0numChildren = 1
注:
acl由三部分组成:1为scheme,2为user,3为permission,一般情况下表示为scheme🆔permissions。auth为节点创建auth权限认证方式。world: 它下面只有一个id, 叫anyone, world:anyone代表任何人,zookeeper中对所有人有权限的结点就是属于world:anyone的
auth: 它不需要id, 只要是通过authentication的user都有权限(zookeeper支持通过kerberos来进行authencation, 也支持username/password形式的authentication)
digest: 它对应的id为username:BASE64(SHA1(password)),它需要先通过username:password形式的authentication
ip: 它对应的id为客户机的IP地址,设置的时候可以设置一个ip段,比如ip:192.168.1.0/16, 表示匹配前16个bit的IP段
super: 在这种scheme情况下,对应的id拥有超级权限,可以做任何事情(cdrwa)
CREATE©: 创建权限,可以在在当前node下创建child node
DELETE(d): 删除权限,可以删除当前的node
READ®: 读权限,可以获取当前node的数据,可以list当前node所有的child nodes
WRITE(w): 写权限,可以向当前node写数据
ADMIN(a): 管理权限,可以设置当前node的permission
综上,一个简单使用setAcl命令,则可以为:
示例: setAcl /zookeeper/node1 world:anyone:cdrw
[zk: localhost:2181(CONNECTED) 18] getAcl /zookeeper'digest,'root:0Fd0NdkiOPwY3b04Eh1/Wlqh9Qb=: cdrwa退出客户端quit重新连接客户端./zkCli.sh……WATCHER::WatchedEvent state:SyncConnected type:None path:null[zk: localhost:2181(CONNECTED) 0] ls /zookeeperAuthentication is not valid : /zookeeper ##不能不经验证连接了,没有权限进行访问[zk: localhost:2181(CONNECTED) 1] addauth digest root:Admin#123456 //设置一下权限再访问[zk: localhost:2181(CONNECTED) 2] ls /zookeeper //已经可访问了[quota][zk: localhost:2181(CONNECTED) 3] get /zookeepercZxid = 0x0ctime = Thu Jan 01 08:00:00 CST 1970mZxid = 0x0mtime = Thu Jan 01 08:00:00 CST 1970pZxid = 0x0cversion = -1dataVersion = 0aclVersion = 1ephemeralOwner = 0x0dataLength = 0numChildren = 1[zk: localhost:2181(CONNECTED) 4]
转载地址:http://ofwxz.baihongyu.com/