输入help显示命令提示
[zk: localhost:2181(CONNECTED) 0] help
ZooKeeper -server host:port cmd args
stat path [watch]
set path data [version]
ls path [watch]
delquota [-n|-b] path
ls2 path [watch]
setAcl path acl
setquota -n|-b val path
history
redo cmdno
printwatches on|off
delete path [version]
sync path
listquota path
rmr path
get path [watch]
create [-s] [-e] path data acl
addauth scheme auth
quit
getAcl path
close
connect host:port
ls与ls2命令
[zk: localhost:2181(CONNECTED) 1] ls /
[zookeeper]
[zk: localhost:2181(CONNECTED) 2] ls /zookeeper
[quota]
[zk: localhost:2181(CONNECTED) 3] ls2 /
[zookeeper]
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1
stat
[zk: localhost:2181(CONNECTED) 4] stat /
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1
get 获取节点数据
[zk: localhost:2181(CONNECTED) 0] get /
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1
session的基本原理
客户端与服务端之间的连接存在会话
每个会话都可以设置一个超时时间
心跳结束,session则过期
Session过期,则临时节点znode会被抛弃
心跳机制:客户端向服务端的ping包请求
create命令
[zk: localhost:2181(CONNECTED) 2] ls /
[zookeeper]
[zk: localhost:2181(CONNECTED) 3] create /imooc imooc-data
Created /imooc
[zk: localhost:2181(CONNECTED) 4] get /imooc
imooc-data
cZxid = 0x6
ctime = Tue Dec 04 13:42:03 CST 2018
mZxid = 0x6
mtime = Tue Dec 04 13:42:03 CST 2018
pZxid = 0x6
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 10
numChildren = 0
[zk: localhost:2181(CONNECTED) 5] ls /
[zookeeper, imooc]
创建临时节点
[zk: localhost:2181(CONNECTED) 7] create -e /imooc/tmp imooc-data
Created /imooc/tmp
[zk: localhost:2181(CONNECTED) 8] get /imooc/tmp
imooc-data
cZxid = 0x7
ctime = Tue Dec 04 15:39:56 CST 2018
mZxid = 0x7
mtime = Tue Dec 04 15:39:56 CST 2018
pZxid = 0x7
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x100340670e00002
dataLength = 10
numChildren = 0
创建顺序节点
[zk: localhost:2181(CONNECTED) 11] create -s /imooc/sec seq
Created /imooc/sec0000000001
[zk: localhost:2181(CONNECTED) 12] create -s /imooc/sec seq
Created /imooc/sec0000000002
[zk: localhost:2181(CONNECTED) 13] create -s /imooc/sec seq
Created /imooc/sec0000000003
[zk: localhost:2181(CONNECTED) 14] create -s /imooc/sec seq
Created /imooc/sec0000000004
修改节点
[zk: localhost:2181(CONNECTED) 16] set /imooc new-data
cZxid = 0x6
ctime = Tue Dec 04 13:42:03 CST 2018
mZxid = 0xc
mtime = Tue Dec 04 15:52:13 CST 2018
pZxid = 0xb
cversion = 5
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 8
numChildren = 5
根据版本号dataVersion来修改节点,乐观锁
[zk: localhost:2181(CONNECTED) 18] set /imooc 123 1
cZxid = 0x6
ctime = Tue Dec 04 13:42:03 CST 2018
mZxid = 0xd
mtime = Tue Dec 04 15:53:50 CST 2018
pZxid = 0xb
cversion = 5
dataVersion = 2
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 5
[zk: localhost:2181(CONNECTED) 19] set /imooc 123 1
version No is not valid : /imooc
根据路径来刪除,delete指令后可以添加版本号的条件
[zk: localhost:2181(CONNECTED) 21] ls /imooc
[sec0000000003, sec0000000004, tmp, sec0000000001, sec0000000002]
[zk: localhost:2181(CONNECTED) 22] get /imooc/sec0000000001
seq
cZxid = 0x8
ctime = Tue Dec 04 15:50:09 CST 2018
mZxid = 0x8
mtime = Tue Dec 04 15:50:09 CST 2018
pZxid = 0x8
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
[zk: localhost:2181(CONNECTED) 23] delete /imooc/sec0000000001
[zk: localhost:2181(CONNECTED) 24] delete /imooc/sec0000000002 2
version No is not valid : /imooc/sec0000000002
zk特性-watcher机制-
针对每个节点的操作,都会有一个监督者-> wathcer
当监控的某个对象(znode)发生了变化,则触发watcher事件
zk中的watcher是一次性的,触发后立即销毁
(父节点,子节点)增删改都能够触发其watcher
针对不同类型的操作,触发的watcher事件也不同:
1.(子)节点创建事件
2.(子)节点删除事件
3.(子)节点数据变化事件
Watcher命令行
通过get path [watch]设置watcher
父节点增删改操作触发watcher
子节点增删改操作触发watcher
创建父节点时触发:NodeCreated
[zk: localhost:2181(CONNECTED) 18] stat /imooc watch
Node does not exist: /imooc
[zk: localhost:2181(CONNECTED) 19] create /imooc 123
WATCHER::
WatchedEvent state:SyncConnected type:NodeCreated path:/imooc
Created /imooc
修改父节点数据触发:NodeDataChanged
[zk: localhost:2181(CONNECTED) 22] get /imooc watch
456
cZxid = 0x1b
ctime = Tue Dec 04 16:13:37 CST 2018
mZxid = 0x1c
mtime = Tue Dec 04 16:15:32 CST 2018
pZxid = 0x1b
cversion = 0
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
[zk: localhost:2181(CONNECTED) 23] set /imooc 789
WATCHER::
WatchedEvent state:SyncConnected type:NodeDataChanged path:/imooc
cZxid = 0x1b
ctime = Tue Dec 04 16:13:37 CST 2018
mZxid = 0x1d
mtime = Tue Dec 04 16:16:14 CST 2018
pZxid = 0x1b
cversion = 0
dataVersion = 2
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
删除父节点触发: NodeDeleted
[zk: localhost:2181(CONNECTED) 24] get /imooc watch
789
cZxid = 0x1b
ctime = Tue Dec 04 16:13:37 CST 2018
mZxid = 0x1d
mtime = Tue Dec 04 16:16:14 CST 2018
pZxid = 0x1b
cversion = 0
dataVersion = 2
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
[zk: localhost:2181(CONNECTED) 25] delete /imooc
WATCHER::
WatchedEvent state:SyncConnected type:NodeDeleted path:/imooc
ls为父节点设置watcher,创建子节点触发:NodeChildrenChanged
[zk: localhost:2181(CONNECTED) 30] ls /imooc watch
[]
[zk: localhost:2181(CONNECTED) 31] create /imooc/abc 88
WATCHER::
WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/imooc
Created /imooc/abc
ls 为父节点设置watcher,删除子节点触发:NodeChildrenChanged
[zk: localhost:2181(CONNECTED) 32] ls /imooc watch
[abc]
[zk: localhost:2181(CONNECTED) 30] ls /imooc watch
[]
[zk: localhost:2181(CONNECTED) 31] create /imooc/abc 88
WATCHER::
WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/imooc
Created /imooc/abc
ls为父节点设置watcher,修改子节点不触发事件
[zk: localhost:2181(CONNECTED) 0] ls /imooc watch
[]
[zk: localhost:2181(CONNECTED) 1] create /imooc/xyz 99
WATCHER::
WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/imooc
Created /imooc/xyz
[zk: localhost:2181(CONNECTED) 2] ls /imooc watch
[xyz]
[zk: localhost:2181(CONNECTED) 3] set /imooc/xyz 9090
cZxid = 0x24
ctime = Tue Dec 04 16:28:12 CST 2018
mZxid = 0x25
mtime = Tue Dec 04 16:29:02 CST 2018
pZxid = 0x24
cversion = 0
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 4
numChildren = 0
要想子节点修改触发watcher事件,必须把子节点当成父节点来使用
[zk: localhost:2181(CONNECTED) 4] get /imooc/xyz watch
9090
cZxid = 0x24
ctime = Tue Dec 04 16:28:12 CST 2018
mZxid = 0x25
mtime = Tue Dec 04 16:29:02 CST 2018
pZxid = 0x24
cversion = 0
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 4
numChildren = 0
[zk: localhost:2181(CONNECTED) 5] set /imooc/xyz 8080
WATCHER::
WatchedEvent state:SyncConnected type:NodeDataChanged path:/imooc/xyz
cZxid = 0x24
ctime = Tue Dec 04 16:28:12 CST 2018
mZxid = 0x26
mtime = Tue Dec 04 16:30:31 CST 2018
pZxid = 0x24
cversion = 0
dataVersion = 2
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 4
numChildren = 0
watcher使用场景
统一资源配置
ACL(access control lists)权限控制
针对节点可以设置相关读写等权限,目的为了保障数据安全性
权限permissions可以指定不同的权限范围以及角色
ACL命令行
getAcl: 获取某个节点的acl权限信息
setAcl: 设置某个节点的acl权限信息
addauth:输入认证授权信息,注册时输入明文密码(登录)但是在zk的系统里,密码是以加密的形式存在的
ACL的构成
zk的acl通过[scheme:id:permissions]来构成权限列表
scheme: 代表采用的某种权限机制
id: 代表允许访问的用户
permissions: 权限组合字符串
scheme
world: world下只有一个id,即只有一个用户,也就是anyone,那么组合的写法就是world:anyone:[permissions]
auth: 代表认证登录,需要注册用户有权限就可以,形式为 auth:user:password:[permissions]
digest: 需要对密码加密才能访问,组合形式为digest:username:BASE64(SHA1(password)):[permissions]
auth与digest的区别就是,前者明文,后者密文
setAcl /path auth:lee:lee:cdrwa 与 setAcl /path digest:lee:BASE64(SHA1(password)):cdrwa是等价的,
在通过addauth digest lee:lee 后都能操作指定节点的权限
ip: 当设置为ip指定的ip地址,此时限制ip进行访问,比如 ip:192.168.1.1:[permissions]
super: 代表超级管理员,拥有所有的权限
permissions
权限字符串缩写 crdwa
CREATE: 创建子节点
READ: 获取节点/子节点
WRITE: 设置节点数据
DELETE: 删除子节点
ADMIN: 设置权限
world:anyone:cdrwa
先创建了一个路径/imooc/abc ,设置这个路径没有删除的权限,以后这个路径下的子节点无法删除,但是这个路径的节点还是可以删除的,也就是说delete /imooc/abc 仍然会成功执行
[zk: localhost:2181(CONNECTED) 18] create /imooc/abc aaa
Created /imooc/abc
[zk: localhost:2181(CONNECTED) 19] getAcl /imooc/abc
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 20] setAcl /imooc/abc world:anyone:crwa
cZxid = 0x2b
ctime = Tue Dec 04 19:22:30 CST 2018
mZxid = 0x2b
mtime = Tue Dec 04 19:22:30 CST 2018
pZxid = 0x2b
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
[zk: localhost:2181(CONNECTED) 21] create /imooc/abc/xyz 123
Created /imooc/abc/xyz
[zk: localhost:2181(CONNECTED) 22] delete /imooc/abc/xyz
Authentication is not valid : /imooc/abc/xyz
auth:user:pwd:cdrwa
digest:user:BASE64(SHA1(pwd)):cdrwa
addauth digest user:pwd
在setAcl /names/imooc auth:imooc:imooc:cdrwa之前得先addauth digest imooc:imooc 添加进库注册,才能设置权限。
[zk: localhost:2181(CONNECTED) 25] create /names names
Created /names
[zk: localhost:2181(CONNECTED) 26] create /names/imooc imooc
Created /names/imooc
[zk: localhost:2181(CONNECTED) 27] getAcl /names/imooc
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 28] setAcl /names/imooc auth:imooc:imooc:cdrwa
Acl is not valid : /names/imooc
[zk: localhost:2181(CONNECTED) 29] addauth digest imooc:imooc
[zk: localhost:2181(CONNECTED) 30] setAcl /names/imooc auth:imooc:imooc:cdrwa
cZxid = 0x31
ctime = Tue Dec 04 19:33:17 CST 2018
mZxid = 0x31
mtime = Tue Dec 04 19:33:17 CST 2018
pZxid = 0x31
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 5
numChildren = 0
再次添加另外的用户名和密码,会发现,后者的压缩密码跟前者的一样,所以再次匿名设置也是没问题的
setAcl /names/imooc auth::cdrwa
[zk: localhost:2181(CONNECTED) 10] getAcl /names/imooc
'digest,'imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs=
: cdrwa
[zk: localhost:2181(CONNECTED) 11] setAcl /names/imooc auth:jack:jack:cdrwa
cZxid = 0x39
ctime = Tue Dec 04 19:40:40 CST 2018
mZxid = 0x39
mtime = Tue Dec 04 19:40:40 CST 2018
pZxid = 0x39
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 5
numChildren = 0
[zk: localhost:2181(CONNECTED) 12] getAcl /names/imooc
'digest,'imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs=
: cdrwa
用明文来添加
[zk: localhost:2181(CONNECTED) 2] create /names/test ttt
Created /names/test
[zk: localhost:2181(CONNECTED) 3] getAcl /names/test
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 4] setAcl /names/test digest:imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs=:cdra
cZxid = 0x3f
ctime = Tue Dec 04 19:45:36 CST 2018
mZxid = 0x3f
mtime = Tue Dec 04 19:45:36 CST 2018
pZxid = 0x3f
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
[zk: localhost:2181(CONNECTED) 5] getAcl /names/test
'digest,'imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs=
: cdra
ctrl + c ,退出,再开启进入,需先登录才能获取数据
zk: localhost:2181(CONNECTED) 6] get /names/test
Authentication is not valid : /names/test
[zk: localhost:2181(CONNECTED) 7] addauth digest imooc:imooc
[zk: localhost:2181(CONNECTED) 8] get /names/test
ttt
cZxid = 0x3f
ctime = Tue Dec 04 19:45:36 CST 2018
mZxid = 0x3f
mtime = Tue Dec 04 19:45:36 CST 2018
pZxid = 0x3f
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
ip:192.168.43.54:cdrwa
我用了电脑windows下的无线宽带连接的ip,在远程linux环境下设置的,所以暂时无法通过该ip获取数据,后面再通过方法来设置。
[zk: localhost:2181(CONNECTED) 9] create /names/ip ip
Created /names/ip
[zk: localhost:2181(CONNECTED) 10] getAcl /names/ip
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 11] setAcl /names/ip ip:192.168.43.54:cdrwa
cZxid = 0x41
ctime = Tue Dec 04 19:51:23 CST 2018
mZxid = 0x41
mtime = Tue Dec 04 19:51:23 CST 2018
pZxid = 0x41
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
[zk: localhost:2181(CONNECTED) 12] getAcl /names/ip
'ip,'192.168.43.54
: cdrwa
[zk: localhost:2181(CONNECTED) 13] get /names/ip
Authentication is not valid : /names/ip
Super超级管理员
1.修改zkServer.sh增加super管理员
添加
"-Dzookeeper.DigestAuthenticationProvider.superDigest=imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs="
2.重启zkServer.sh,进入客户端
[zk: localhost:2181(CONNECTED) 0] get /names/test
Authentication is not valid : /names/test
[zk: localhost:2181(CONNECTED) 1] getAcl /names/test
'digest,'imooc:XwEDaL3J0JQGkRQzM0DpO6zMzZs=
: cdra
[zk: localhost:2181(CONNECTED) 2] get /names/ip
Authentication is not valid : /names/ip
[zk: localhost:2181(CONNECTED) 3] getAcl /names/ip
'ip,'192.168.43.54
: cdrwa
[zk: localhost:2181(CONNECTED) 4] addauth digest imooc:imooc
[zk: localhost:2181(CONNECTED) 5] get /names/ip
ip
cZxid = 0x41
ctime = Tue Dec 04 19:51:23 CST 2018
mZxid = 0x41
mtime = Tue Dec 04 19:51:23 CST 2018
pZxid = 0x41
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
[zk: localhost:2181(CONNECTED) 6] get /names/test
ttt
cZxid = 0x3f
ctime = Tue Dec 04 19:45:36 CST 2018
mZxid = 0x3f
mtime = Tue Dec 04 19:45:36 CST 2018
pZxid = 0x3f
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
ACL的常用使用场景
开发/测试环境分离,开发者无权操作测试库的节点,只能看
在生产环境上控制指定ip的服务可以访问相关节点,防止混乱(如果是动态ip的话,这个就是缺点了)
zk四字命令 Four Letter Words
zk可以通过它自身提供的简写命令来和服务器进行交互
需要使用到nc命令,安装:yum install nc
echo [commond] | nc [ip] [port]
[stat] 查看zk的状态信息,以及是否mode(单例模式?),用ip也行
[root@Manka ~]# echo stat | nc localhost 2181
Zookeeper version: 3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT
Clients:
/127.0.0.1:49040[0](queued=0,recved=1,sent=0)
Latency min/avg/max: 0/0/17
Received: 101
Sent: 100
Connections: 1
Outstanding: 0
Zxid: 0x4b
Mode: standalone
Node count: 11
[ruok] 查看当前zkserver是否启动,返回imok
[root@Manka ~]# echo ruok | nc localhost 2181
imok[root@Manka ~]
[dump] 列出未经处理的会话和临时节点
[conf] 查看服务器配置
[cons] 展示连接到服务器的客户端信息
[envi] 环境变量
[mntr] 监控zk健康信息
[wchs] 展示watch的信息
[wchc] 与 [wchp] session与watch 及path与watch信息,这两个命令没有加入到白名单,需要配置
内容最后添加
4lw.commands.whitelist=*
重启server才能生效