本文详细介绍了如何在Zookeeper中进行节点创建、修改、删除、权限控制以及节点属性管理,包括有序/临时节点、监听器和访问控制列表(ACL)的实战教程。
推荐学习
- 肝了30天,整出这份[分布式宝典:限流+缓存+通讯],秋招跳槽有望
- 微服务架构秘籍:SpringCloud+SpringCloud Alibaba,全网疯传
- 闭关28天,奉上[Java一线大厂高岗面试题解析合集],备战金九银十
首先说明一下环境,溪源使用zookeeper版本为3.5.10;由于版本不同,命令语法略有差异,提前说明一下,但是基本原理一致,大家可以通过help命令查看自己当前版本的命令语法。
客户端、服务器命令
切换至zookeeper安装目录下的bin目录输入以下命令启动服务器或者客户端1. 启动ZK服务: ./zkServer.sh start2. 查看ZK服务状态: ./zkServer.sh status3. 停止ZK服务: ./zkServer.sh stop4. 重启ZK服务: ./zkServer.sh restart5. 连接内部客户端: ./zkCli.sh或者./zkCli.sh -server 127.0.0.1(指定连接服务器IP):2181节点属性
学习zookeeper常用命令之前先介绍一下节点属性的含义。
-`cZxid`:当前数据结点创建时的事务ID——针对于`zookeeper`数据结点的管理:我们对结点数据的一些写操作都会导致`zookeeper`自动地为我们去开启一个事务,并且自动地去为每一个事务维护一个事务`ID`- `ctime`:当前数据结点创建时的时间- `mZxid`:当前数据结点最后一次更新时的事务ID- `mtime`:当前数据结点最后一次更新时的时间- `pZxid`:当前数据节点最后一次修改**其**子节点**更改的`zxid`。修改指(增加子节点、删除子节点),并不指其子节点的数据发生改变;- `cversion`:当前数据节点对应**子结点**的更改次数- `dataVersion`:当前结点数据的发生更改的次数- `aclVersion`:当前结点的ACL更改次数——类似`linux`的权限列表,维护的是当前结点的权限列表被修改的次数- `ephemeralOwner`:如果结点是临时结点,则表示创建该结点的会话的`SessionID`;如果是持久结点,该属性值为0- `dataLength`:当前节点的数据内容长度- `numChildren`:当前数据结点的子结点个数help命令
zookeeper基本常用命令通过help查看,遇到错误命令可以直接查询语法。
ZooKeeper -server host:port cmd argsaddauth scheme authclose config [-c] [-w] [-s]connect host:portcreate [-s] [-e] [-c] [-t ttl] path [data] [acl]delete [-v version] pathdeleteall pathdelquota [-n|-b] pathget [-s] [-w] pathgetAcl [-s] pathhistory listquota pathls [-s] [-w] [-R] pathls2 path [watch]printwatches on|offquit reconfig [-s] [-v version] [[-file path] | [-members serverID=host:port1:port2;port3[,...]*]] | [-add serverId=host:port1:port2;port3[,...]]* [-remove serverId[,...]*]redo cmdnoremovewatches path [-c|-d|-a] [-l]rmr pathset [-s] [-v version] path datasetAcl [-s] [-v version] [-R] path aclsetquota -n|-b val pathstat [-w] pathsync pathCommand not found: Command not found help12345678910111213141516171819202122232425262728新增、查询节点
- 新增命令:create [-s] [-e] path data
其中 -s 为有序结点,-e 临时结点(默认是持久结点) - 查询命令:get [-s] [-w] path
-s 查看节点所有信息:数据信息+节点属性值
-w 查看节点数据信息 - 实战
//创建持久化节点node1[zk: localhost:2181(CONNECTED) 0] create /node1 "123"Created /node1//查看node1节点属性[zk: localhost:2181(CONNECTED) 1] get -s /node1123cZxid = 0x43ctime = Wed Jul 29 21:27:31 CST 2020mZxid = 0x43mtime = Wed Jul 29 21:27:31 CST 2020pZxid = 0x43cversion = 0dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 3numChildren = 0//创建有序持久化节点[zk: localhost:2181(CONNECTED) 2] create -s /seqNode1 "seq1"Created /seqNode10000000011//查看有序持久化节点信息[zk: localhost:2181(CONNECTED) 3] get -s /seqNode10000000011seq1cZxid = 0x44ctime = Wed Jul 29 21:28:25 CST 2020mZxid = 0x44mtime = Wed Jul 29 21:28:25 CST 2020pZxid = 0x44cversion = 0dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 4numChildren = 0//创建临时节点[zk: localhost:2181(CONNECTED) 4] create -s -e /tmpNode1 "tmp"Created /tmpNode10000000012[zk: localhost:2181(CONNECTED) 5] get -s /tmpNode10000000012tmpcZxid = 0x45ctime = Wed Jul 29 21:35:28 CST 2020mZxid = 0x45mtime = Wed Jul 29 21:35:28 CST 2020pZxid = 0x45cversion = 0dataVersion = 0aclVersion = 0ephemeralOwner = 0x10029ab39130008dataLength = 3numChildren = 0修改节点
- 命令: set [-s] [-v version] path data
可以直接进行修改;也可以选择使用版本号
-v + 版本号,类似乐观锁原理;
[zk: localhost:2181(CONNECTED) 13] set /node1 "456"[zk: localhost:2181(CONNECTED) 14] get -w /node1456[zk: localhost:2181(CONNECTED) 15] set -v 0 /node1 "234"WATCHER::WatchedEvent state:SyncConnected type:NodeDataChanged path:/node1[zk: localhost:2181(CONNECTED) 16] get -w /node1234删除节点
- 命令:
delete [-v version] path:可以直接删除,也可以指定版本号删除,此命令只能删除单个节点,如果存在子节点,则需要依次删除子节点
deleteall path:直接删除指定的所有节点
[zk: localhost:2181(CONNECTED) 0] delete /node1[zk: localhost:2181(CONNECTED) 1] get -s /node1org.apache.zookeeper.KeeperException$NoNodeException: KeeperErrorCode = NoNode for /node1[zk: localhost:2181(CONNECTED) 4] create /node1 "node1"Created /node1[zk: localhost:2181(CONNECTED) 5] create /node1/node11 "node11"Created /node1/node11//使用delete删除存在子节点的节点,删除失败[zk: localhost:2181(CONNECTED) 6] delete /node1Node not empty: /node1[zk: localhost:2181(CONNECTED) 7] get -s /node1node1cZxid = 0x4fctime = Wed Jul 29 21:53:37 CST 2020mZxid = 0x4fmtime = Wed Jul 29 21:53:37 CST 2020pZxid = 0x50cversion = 1dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 5numChildren = 1[zk: localhost:2181(CONNECTED) 8] deleteall /node1[zk: localhost:2181(CONNECTED) 9] get /node1org.apache.zookeeper.KeeperException$NoNodeException: KeeperErrorCode = NoNode for /node1注意:删除存在子节点时,命令不要再使用rmr,此命令已经无效。
[zk: localhost:2181(CONNECTED) 17] rmr /node1The command 'rmr' has been deprecated. Please use 'deleteall' instead.查看子节点列表
- 命令:
ls [-s] [-w] [-R] path:
ls2 path [watch]
[zk: localhost:2181(CONNECTED) 19] ls /[a0000000001, b0000000002, c, hadoop, seqNode10000000011, zookeeper][zk: localhost:2181(CONNECTED) 20] ls -s /[a0000000001, b0000000002, c, hadoop, seqNode10000000011, zookeeper]cZxid = 0x0ctime = Thu Jan 01 08:00:00 CST 1970mZxid = 0x0mtime = Thu Jan 01 08:00:00 CST 1970pZxid = 0x53cversion = 22dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 0numChildren = 6[zk: localhost:2181(CONNECTED) 21] create /node1 "node1"Created /node1//当前节点下没有子节点,返回空数组[zk: localhost:2181(CONNECTED) 22] ls /node1[][zk: localhost:2181(CONNECTED) 23] create /node1/node11 "node11"Created /node1/node11[zk: localhost:2181(CONNECTED) 24] ls /node1[node11]查看节点状态
使用stat命令查看节点状态,与get命令的区别是此命令不返回数据信息;
[zk: localhost:2181(CONNECTED) 25] stat /node1cZxid = 0x55ctime = Wed Jul 29 22:05:16 CST 2020mZxid = 0x55mtime = Wed Jul 29 22:05:16 CST 2020pZxid = 0x56cversion = 1dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 5numChildren = 1监听器
特殊说明get path [watch]命令已被废弃:
[zk: localhost:2181(CONNECTED) 27] get /node1 watch'get path [watch]' has been deprecated. Please use 'get [-s] [-w] path' instead.node1使用 get [-s] [-w] path注册的监听器能够在结点内容发生改变的时候,向客户端发出通知。需要注意的是zookeeper的触发器是一次性的(One-time trigger),即触发一次后就会立即失效。
//一个窗口监听,新打开一个窗口修改节点数据[zk: localhost:2181(CONNECTED) 29] get -w /node1node1//收到修改信息[zk: localhost:2181(CONNECTED) 30] WATCHER::WatchedEvent state:SyncConnected type:NodeDataChanged path:/node1//另一个窗口修改节点:[zk: localhost:2181(CONNECTED) 0] set /node1 "set node1"
权限控制
zookeeper类似文件系统,client可以创建结点、更新结点、删除结点,那么如何做到结点的权限控制呢?
zookeeper的 access control list 访问控制列表可以做到这一点。
acl权限控制,使用scheme:id:permission来标识,主要涵盖3个方面:
- 权限模式(scheme):授权的策略
- 授权对象(id):授权的对象
- 权限(permission):授予的权限权限模式
授权对象
- 给谁授予权限
- 授权对象ID是指,权限赋予的实体,例如:IP地址或用户
权限
- create、delete、read、writer、admin也就是 增、删、查、改、管理权限,这5种权限简写为 c d r w a,注意:
这五种权限中,有的权限并不是对结点自身操作的例如:delete是指对子结点的删除权限。
可以试图删除父结点,但是子结点必须删除干净,所以delete的权限也是很有用的
授权的相关命令
- world模式:
[zk: localhost:2181(CONNECTED) 31] getAcl /node1'world,'anyone: cdrwa[zk: localhost:2181(CONNECTED) 32] setAcl /node1 world:anyone:drwa[zk: localhost:2181(CONNECTED) 33] create /node1/node2 "node2"Authentication is not valid : /node1/node2[zk: localhost:2181(CONNECTED) 34] setAcl /node1 world:anyone:cdrwa[zk: localhost:2181(CONNECTED) 35] create /node1/node2 "node2"Created /node1/node2- IP模式:
需要两台虚拟机一起授权的话需要用逗号将授权列表隔开:setAcl /ipNode ip:192.168.103.133:cdrwa,ip:192.168.103.132:cdrwa
[zk: localhost:2181(CONNECTED) 8] create /ipNode "ipNode"Created /ipNode[zk: localhost:2181(CONNECTED) 9] get -s /ipNodeipNodecZxid = 0x65ctime = Wed Jul 29 23:22:23 CST 2020mZxid = 0x65mtime = Wed Jul 29 23:22:23 CST 2020pZxid = 0x65cversion = 0dataVersion = 0aclVersion = 0ephemeralOwner = 0x0dataLength = 6numChildren = 0[zk: localhost:2181(CONNECTED) 10] setAcl /ipNode ip:192.168.16.81:ra[zk: localhost:2181(CONNECTED) 11] get -s /ipNodeorg.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /ipNode- auth模式:
命令:addauth digest :setAcl auth::
//认证用户[zk: localhost:2181(CONNECTED) 36] addauth digest qxy:123456[zk: localhost:2181(CONNECTED) 37] get -s /node1set node1cZxid = 0x55ctime = Wed Jul 29 22:05:16 CST 2020mZxid = 0x58mtime = Wed Jul 29 22:31:29 CST 2020pZxid = 0x5ccversion = 2dataVersion = 1aclVersion = 2ephemeralOwner = 0x0dataLength = 9numChildren = 2//设置认证用户[zk: localhost:2181(CONNECTED) 38] setAcl /node1 auth:qxy:cdrwa//退出,重新进入[zk: localhost:2181(CONNECTED) 39] quitWATCHER::WatchedEvent state:Closed type:None path:null2020-07-29 22:58:56,574 [myid:] - INFO [main:ZooKeeper@1422] - Session: 0x10029ab39130009 closed2020-07-29 22:58:56,574 [myid:] - INFO [main-EventThread:ClientCnxn$EventThread@524] - EventThread shut down for session: 0x10029ab39130009//未用户认证,无法获取节点信息[zk: localhost:2181(CONNECTED) 0] get -s /node1org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /node1//认证用户,注意此处密码错误,不会提示错误,但是无法访问节点[zk: localhost:2181(CONNECTED) 1] addauth digest qxy:123456[zk: localhost:2181(CONNECTED) 2] get -s /node1set node1cZxid = 0x55ctime = Wed Jul 29 22:05:16 CST 2020mZxid = 0x58mtime = Wed Jul 29 22:31:29 CST 2020pZxid = 0x5ccversion = 2dataVersion = 1aclVersion = 3ephemeralOwner = 0x0dataLength = 9numChildren = 2- Digest模式:
命令:setAcl digest:::
密码是经过SHA1以及BASE64处理的密文,在shell 中可以通过以下命令计算:
echo -n : | openssl dgst -binary -sha1 | openssl base64建立新的窗口,计算密码
[root@izbp14najjyuhkvm4qbic7z bin]# echo -n qxy:123456 | openssl dgst -binary -sha1 | openssl base64hDF4uLZvMJqOX2ekKFa6kSz9HNo=实战:
[zk: localhost:2181(CONNECTED) 5] create /digestNode "digestNode"Created /digestNode[zk: localhost:2181(CONNECTED) 2] setAcl /digestNode digest:qxy:hDF4uLZvMJqOX2ekKFa6kSz9HNo=:cdrwa[zk: localhost:2181(CONNECTED) 3] get /digestNodeorg.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /digestNode[zk: localhost:2181(CONNECTED) 2] setAcl /digestNode digest:qxy:hDF4uLZvMJqOX2ekKFa6kSz9HNo=:cdrwa[zk: localhost:2181(CONNECTED) 3] get /digestNodeorg.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /digestNode[zk: localhost:2181(CONNECTED) 4] getAcl /digestNodeAuthentication is not valid : /digestNode[zk: localhost:2181(CONNECTED) 5] addauth digest qxy:123456[zk: localhost:2181(CONNECTED) 6] getAcl /digestNode'digest,'qxy:hDF4uLZvMJqOX2ekKFa6kSz9HNo=: cdrwa[zk: localhost:2181(CONNECTED) 7] get /digestNodedigestNode作者:溪~源
原文链接:https://blog.youkuaiyun.com/xuan_lu/article/details/107675047
扫一扫
355
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
