Zookeeper 配置超级用户(Windows Linux)

Zookeeper 配置超级用户(Windows/Linux)

Zookeeper配置超级用户目录.png

一、windows配置Zookeeper超级用户

windows修改修改zkServer.cmd文件

1.zookeeper单机配置超级用户

/**
 * zk设置超级管理员 :适合linx和windows配置的方式
 */
@Test
public void testZkSuper(){
    //用户 super:admin
    try {
        String m = DigestAuthenticationProvider.generateDigest("super:admin");
        System.out.println(m);
//返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
}

找到zookeeper安装位置:配置zkServer.cmd


zk单机配置超级用户.png

找到这一行代码:

call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*

添加 "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="
添加后效果:

call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs=" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*

关闭zk,重新启动zkServer.cmd
调用代码测试:


    /**
     * zk设置超级管理员 :适合linx和windows配置的方式
     */
    @Test
    public void testZkSuper(){
        //用户 super:admin
        try {
            String m = DigestAuthenticationProvider.generateDigest("super:admin");
            System.out.println(m);

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    }
    //返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=

//=======================================以下是设置不同用户具有节点的不同使用权限:读,写/添加,改,删等===================================================

    @Test
    public void testSuperServer() {
        List<ACL> acls = new ArrayList<ACL>(6);
        try {
            Id id1 = new Id("digest", DigestAuthenticationProvider.generateDigest("user1:123456"));
            ACL acl1 = new ACL(ZooDefs.Perms.WRITE, id1);

            Id id2 = new Id("digest", DigestAuthenticationProvider.generateDigest("user2:123456"));
            ACL acl2 = new ACL(ZooDefs.Perms.READ, id2);

            Id id3 = new Id("digest", DigestAuthenticationProvider.generateDigest("user3:123456"));
            ACL acl3 = new ACL(ZooDefs.Perms.DELETE, id3);

            Id id4 = new Id("digest", DigestAuthenticationProvider.generateDigest("user4:123456"));
            ACL acl4 = new ACL(ZooDefs.Perms.ADMIN, id4);

            Id id5 = new Id("digest", DigestAuthenticationProvider.generateDigest("user5:123456"));
            ACL acl5 = new ACL(ZooDefs.Perms.CREATE, id5);

            Id id6 = new Id("digest", DigestAuthenticationProvider.generateDigest("user6:123456"));
            ACL acl6 = new ACL(ZooDefs.Perms.ALL, id6);

            acls.add(acl1);
            acls.add(acl2);
            acls.add(acl3);
            acls.add(acl4);
            acls.add(acl5);
            acls.add(acl6);
        } catch (NoSuchAlgorithmException e1) {
            e1.printStackTrace();
        }

        ZooKeeper zk = null;
        try {
            zk = new ZooKeeper("127.0.0.1:2181", 300000, new Watcher() {
                // 监控所有被触发的事件
                public void process(WatchedEvent event) {
                    System.out.println("已经触发了" + event.getType() + "事件!");
                }
            });
            if (zk.exists("/test", true) == null) {
                System.out.println(zk.create("/test", "ACL测试".getBytes(), acls, CreateMode.PERSISTENT));
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (KeeperException e1) {
            e1.printStackTrace();
        } catch (InterruptedException e1) {
            e1.printStackTrace();
        }
    }

    /**
     * 测试权限-测试配置的超级用户是否成功
     */
    @Test
    public void testSuperClient() {
        try {
            ZooKeeper zk = new ZooKeeper("127.0.0.1:2181", 300000, new Watcher() {
                // 监控所有被触发的事件
                public void process(WatchedEvent event) {
                    System.out.println("已经触发了" + event.getType() + "事件!");
                }
            });
            //zk 配置的超级用户super:admin
            zk.addAuthInfo("digest", "super:admin".getBytes());
            System.out.println(new String(zk.getData("/test", null, null)));
            zk.setData("/test", "I change!".getBytes(), -1);
            //zk.delete("/test",-1);
        } catch (KeeperException e) {
            e.printStackTrace();
        } catch (InterruptedException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

执行测试后,使用zktools可视化工具查看是否成功。
工具下载地址:zktools可视化 提取码:zv2f

执行流程说明:

  • 执行testZkSuper生成super:xQJmxLMiHGwaqBvst5y6rkB6HQs=,配置zk中的zkServer.cmd,重启zkServer.cmd
  • zktools可视化连接zk,可以查看zk的所有节点 (在没有执行testSuperServer这个方法配置权限前)
  • 执行testSuperServer这个方法配置权限后,zktools可视化不能连接查看zk的任何
  • 执行testSuperClient,测试配置的超级用户可以查看/test节点信息
  • //zk.delete("/test",-1); 放开这个注释,再执行testSuperClient,然后用zktools可视化连接zk,这时能够连接查看zk的所有节点,说明删除成功!

2.zookeeper伪集群配置超级用户

zookeeper伪集群配置超级用户是与单机配置一样,
区别在于在每个zkServer-*.cmd 都要配置


zk伪集群配置超级用户.png

添加后效果:

call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs=" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*

关闭所有zkServer.cmd,重新启动伪集群的所有zkServer-*.cmd
连接改成:集群的所有配置ip:端口

ZooKeeper zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
    // 监控所有被触发的事件
    public void process(WatchedEvent event) {
        System.out.println("已经触发了" + event.getType() + "事件!");
    }
});

二、Linux配置超级用户

Linux修改zkServer.sh文件

那么打开zk目录下的/bin/zkServer.sh服务器脚本文件,找到如下一行

nohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}"

这就是脚本中启动zk的命令,默认只有以上两个配置项,我们需要加一个超管的配置项:

"-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="

第一个等号之后的就是刚才用户名密码的哈希值。
那么修改以后这条完整命令变成了:

nohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="\
    -cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &

之后启动zk/zk集群.
代码测试:

         /**
        * zk设置超级管理员 :适合linx和windows配置的方式
         */
        @Test
        public void testZkSuper(){
            //用户 super:admin
            try {
                String m = DigestAuthenticationProvider.generateDigest("super:admin");
                System.out.println(m);
    
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
        }
        //返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=

@Test
public void testSuperServer() {
List<ACL> acls = new ArrayList<ACL>(2);
try {
        Id id1 = new Id("digest", DigestAuthenticationProvider.generateDigest("fish:fishpw"));
        ACL acl1 = new ACL(ZooDefs.Perms.WRITE, id1);
        Id id2 = new Id("digest", DigestAuthenticationProvider.generateDigest("qsd:qsdpw"));
        ACL acl2 = new ACL(ZooDefs.Perms.READ, id2);
 
        acls.add(acl1);
        acls.add(acl2);
    } catch (NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    }
 
    ZooKeeper zk = null;
    try {
        zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
            // 监控所有被触发的事件
            public void process(WatchedEvent event) {
                System.out.println("已经触发了" + event.getType() + "事件!");
            }
        });
        if (zk.exists("/test", true) == null) {
            System.out.println(zk.create("/test", "ACL测试".getBytes(), acls, CreateMode.PERSISTENT));
        }
    } catch (IOException e) {
        e.printStackTrace();
    } catch (KeeperException e1) {
        e1.printStackTrace();
    } catch (InterruptedException e1) {
        e1.printStackTrace();
    }
}
 
@Test
public void testSuperClient() {
    try {
        ZooKeeper zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
            // 监控所有被触发的事件
            public void process(WatchedEvent event) {
                System.out.println("已经触发了" + event.getType() + "事件!");
            }
        });
        zk.addAuthInfo("digest", "super:superpw".getBytes());
        System.out.println(new String(zk.getData("/test", null, null)));
        zk.setData("/test", "I change!".getBytes(), -1);
    } catch (KeeperException e) {
        e.printStackTrace();
    } catch (InterruptedException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
}

推荐阅读更多精彩内容