zookeeper学习三

Posted ku-ku-ku

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了zookeeper学习三相关的知识,希望对你有一定的参考价值。

1.zookeeper的ACL(访问控制列表)

znode被创建时带有一个ACL列表(默认为word,表示anyone)

ACL包括:

scheme(验证方式):zookeeper提供了以下几种验证方式:

            digest:客户端用户名和密码。

            auth:不适用任何id。

            ip:IP地址验证。

            word:固定为anyone。

            super:在这种scheme情况下,对应的id拥有超级权限,可以做任何事情。

id(验证信息)

perms(权限):节点的权限主要有:

技术图片

create  对子节点的create操作

read     对本节点GetChildren和GetData操作

write     对本节点SetData操作

delete  对子节点Delete操作

admin  对本节点setAcl操作

2.用shell操作ACL

1)首先连接到zookeeper

技术图片

--1.查看ACL

技术图片

--2.给节点加上ip的ACL

技术图片

再次访问时,这样访问才行

技术图片

技术图片

--3.给节点加上digest的ACL

使用以下生成密码

test:test->test:V28q/NynI4JI3Rk54h0r8O5kMug=

技术图片

访问时就是这样

技术图片

--4.scheme中还有一个super

需要更改zkServer.sh

加入参数-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss=

技术图片

3.java的操作(ZooKeeper)

 

public class ZKAclDemo
  private static ZooKeeper zooKeeper;
  public static void main(String[] args) throws Exception
    connetionZK("");
    // getZnodeData(zooKeeper, "/test2");//注意:如果/test2目录下没有值,会报空指针
    // getZnodeAcl(zooKeeper, "/testAcl", "testAcl".getBytes());
    // setZnodeAcl(zooKeeper, "/testAcl2", "testAcl2".getBytes());
    close();
  

  /**
  * 获取数据
  * @param zooKeeper
  * @param path
  */
  public static void getZnodeData(ZooKeeper zooKeeper, String path)
    try
      zooKeeper.addAuthInfo("digest", "test:test".getBytes());
      byte[] bs = zooKeeper.getData(path, false, new Stat());
      System.out.println(new String(bs));
     catch (KeeperException e)
      e.printStackTrace();
     catch (InterruptedException e)
      e.printStackTrace();
    
  

  /**
  * 获取ACL
  * @param zooKeeper
  * @param path
  * @param bytes
  */
  public static void getZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes)
    try
      zooKeeper.create(path, bytes, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
      System.out.println("创建节点:"+path);
      List<ACL> listAcl = zooKeeper.getACL(path, new Stat());
      for (ACL acl : listAcl)
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      
     catch (KeeperException e)
      e.printStackTrace();
     catch (InterruptedException e)
      e.printStackTrace();
    
  

  /**
  * 设置ACL
  * @param zooKeeper
  * @param path
  * @param bytes
  */
  public static void setZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes)
    try
      List<ACL> listAcl = new ArrayList<ACL>();
      Id id = new Id("digest", getDigestUserPwd("testacl:testacl"));
      listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
      // listAcl.add(new ACL(ZooDefs.Perms.CREATE | ZooDefs.Perms.READ, id));//多个权限之间用 | 分隔
      String string = zooKeeper.create(path, bytes, listAcl, CreateMode.PERSISTENT);
      System.out.println("节点:"+string);

      zooKeeper.addAuthInfo("digest", "testacl:testacl".getBytes());
      // 获取该节点的acl权限信息
      List<ACL> aclList = zooKeeper.getACL(path, new Stat());
      for (ACL acl : aclList)
        System.out.println("--------------------------");
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      
     catch (NoSuchAlgorithmException e)
      e.printStackTrace();
     catch (KeeperException e)
      e.printStackTrace();
     catch (InterruptedException e)
      e.printStackTrace();
    
  

  /**
  * 使用ip同理
  */

  /**
  * 获取生成的ID
  * @param id
  * @return
  * @throws NoSuchAlgorithmException
  */
  public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException
    return DigestAuthenticationProvider.generateDigest(id);
  

  /**
  * 连接zk
  * @param zk
  * @throws IOException
  * @throws KeeperException
  * @throws InterruptedException
  */
  public static void connetionZK(String zk) throws IOException, KeeperException, InterruptedException
    //zookeeper的ip:端口
    String path = "192.168.10.150:2181";
    zooKeeper = new ZooKeeper(path, 20*1000,null);
  

  /**
  * 关闭zk
  */
  public static void close()
    try
      if (zooKeeper != null)
        zooKeeper.close();
      
     catch (InterruptedException e)
      e.printStackTrace();
    
  

4.java的操作(curator)

public class ZKAclDemo2
  public static void main(String[] args) throws Exception
    // curatorAcl_1();
    // curatorAcl_2();
    // curatorAcl_3();
    // curatorAcl_4();
  

  /**
  * 使用curator连接zk创建节点
  * @throws Exception
  */
  public static void curatorAcl_1() throws Exception
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.newClient("192.168.10.150:2181", retryPolicy);
    client.start();
    //判断是否连接上
    if (!client.blockUntilConnected(20, TimeUnit.SECONDS))
      client.close();
    
    @SuppressWarnings("deprecation")
    boolean isZkCuratorStarted = client.isStarted();
    System.out.println("状态连接中吗:"+isZkCuratorStarted);
    /***ACL***/
    List<ACL> listAcl = new ArrayList<ACL>();
    Id id = new Id("digest", getDigestUserPwd("test:test"));
    listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
    CreateBuilder createBuilder = client.create();
    ProtectACLCreateModeStatPathAndBytesable<String> pathAndBytesable =     createBuilder.creatingParentsIfNeeded();
    pathAndBytesable.withMode(CreateMode.PERSISTENT).withACL(listAcl).forPath("/curatoracl", "curatoracl".getBytes());
    if (client!=null)
      client.close();
    
    System.out.println("over...");
  

  /**
  * 使用curator连接zk获取节点数据
  * @throws Exception
  */
  public static void curatorAcl_2() throws Exception
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      //.namespace("workspace")//这句的意思会在连接的path前加上/workspace
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS))
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      byte[] bytes = client.getData().forPath("/curatoracl");
      System.out.println(new String(bytes));
    
    if (client!=null)
      client.close();
    
    System.out.println("over...");
  

  /**
  * 使用curator连接zk修改ACL
  * @throws Exception
  */
  public static void curatorAcl_3() throws Exception
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS))
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      List<ACL> aclList = new ArrayList<ACL>();
      Id id = new Id("digest", getDigestUserPwd("test2:test2"));
      aclList.add(new ACL(ZooDefs.Perms.ALL, id));
      client.setACL().withACL(aclList).forPath("/curatoracl");
    
    if (client!=null)
      client.close();
    
    System.out.println("over...");
  

  /**
  * 使用curator连接zk查看ACL
  * @throws Exception
  */
  public static void curatorAcl_4() throws Exception
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test2:test2".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS))
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      List<ACL> listAcl = client.getACL().forPath("/curatoracl");
      for (ACL acl : listAcl)
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      
    
    if (client!=null)
      client.close();
    
    System.out.println("over...");
  

  /**
  * 获取生成的ID
  * @param id
  * @return
  * @throws NoSuchAlgorithmException
  */
  public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException
    return DigestAuthenticationProvider.generateDigest(id);
  

 

以上是关于zookeeper学习三的主要内容,如果未能解决你的问题,请参考以下文章

Zookeeper 学习笔记 (详细)

2021年 全网最细大数据学习笔记:Zookeeper 集群

蚂蚁啃大象之zookeeper学习过程

zookeeper学习总结

大数据讲课笔记6.1 初识ZooKeeper

框架学习-- Kafka3.2.1命令及不使用Zookeeper启动