Zookeeper 配置超级用户(Windows/Linux)
一、windows配置Zookeeper超级用户
windows修改修改zkServer.cmd文件
1.zookeeper单机配置超级用户
/**
* zk设置超级管理员 :适合linx和windows配置的方式
*/
@Test
public void testZkSuper(){
//用户 super:admin
try {
String m = DigestAuthenticationProvider.generateDigest("super:admin");
System.out.println(m);
//返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
找到zookeeper安装位置:配置zkServer.cmd
找到这一行代码:
call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*
添加 "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="
添加后效果:
call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs=" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*
关闭zk,重新启动zkServer.cmd
调用代码测试:
/**
* zk设置超级管理员 :适合linx和windows配置的方式
*/
@Test
public void testZkSuper(){
//用户 super:admin
try {
String m = DigestAuthenticationProvider.generateDigest("super:admin");
System.out.println(m);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
//返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
//=======================================以下是设置不同用户具有节点的不同使用权限:读,写/添加,改,删等===================================================
@Test
public void testSuperServer() {
List acls = new ArrayList(6);
try {
Id id1 = new Id("digest", DigestAuthenticationProvider.generateDigest("user1:123456"));
ACL acl1 = new ACL(ZooDefs.Perms.WRITE, id1);
Id id2 = new Id("digest", DigestAuthenticationProvider.generateDigest("user2:123456"));
ACL acl2 = new ACL(ZooDefs.Perms.READ, id2);
Id id3 = new Id("digest", DigestAuthenticationProvider.generateDigest("user3:123456"));
ACL acl3 = new ACL(ZooDefs.Perms.DELETE, id3);
Id id4 = new Id("digest", DigestAuthenticationProvider.generateDigest("user4:123456"));
ACL acl4 = new ACL(ZooDefs.Perms.ADMIN, id4);
Id id5 = new Id("digest", DigestAuthenticationProvider.generateDigest("user5:123456"));
ACL acl5 = new ACL(ZooDefs.Perms.CREATE, id5);
Id id6 = new Id("digest", DigestAuthenticationProvider.generateDigest("user6:123456"));
ACL acl6 = new ACL(ZooDefs.Perms.ALL, id6);
acls.add(acl1);
acls.add(acl2);
acls.add(acl3);
acls.add(acl4);
acls.add(acl5);
acls.add(acl6);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
ZooKeeper zk = null;
try {
zk = new ZooKeeper("127.0.0.1:2181", 300000, new Watcher() {
// 监控所有被触发的事件
public void process(WatchedEvent event) {
System.out.println("已经触发了" + event.getType() + "事件!");
}
});
if (zk.exists("/test", true) == null) {
System.out.println(zk.create("/test", "ACL测试".getBytes(), acls, CreateMode.PERSISTENT));
}
} catch (IOException e) {
e.printStackTrace();
} catch (KeeperException e1) {
e1.printStackTrace();
} catch (InterruptedException e1) {
e1.printStackTrace();
}
}
/**
* 测试权限-测试配置的超级用户是否成功
*/
@Test
public void testSuperClient() {
try {
ZooKeeper zk = new ZooKeeper("127.0.0.1:2181", 300000, new Watcher() {
// 监控所有被触发的事件
public void process(WatchedEvent event) {
System.out.println("已经触发了" + event.getType() + "事件!");
}
});
//zk 配置的超级用户super:admin
zk.addAuthInfo("digest", "super:admin".getBytes());
System.out.println(new String(zk.getData("/test", null, null)));
zk.setData("/test", "I change!".getBytes(), -1);
//zk.delete("/test",-1);
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
执行测试后,使用zktools可视化工具查看是否成功。
工具下载地址:zktools可视化 提取码:zv2f
执行流程说明:
- 执行testZkSuper生成super:xQJmxLMiHGwaqBvst5y6rkB6HQs=,配置zk中的zkServer.cmd,重启zkServer.cmd
- zktools可视化连接zk,可以查看zk的所有节点 (在没有执行testSuperServer这个方法配置权限前)
- 执行testSuperServer这个方法配置权限后,zktools可视化不能连接查看zk的任何
- 执行testSuperClient,测试配置的超级用户可以查看/test节点信息
- //zk.delete("/test",-1); 放开这个注释,再执行testSuperClient,然后用zktools可视化连接zk,这时能够连接查看zk的所有节点,说明删除成功!
2.zookeeper伪集群配置超级用户
zookeeper伪集群配置超级用户是与单机配置一样,
区别在于在每个zkServer-*.cmd 都要配置
添加后效果:
call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs=" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*
关闭所有zkServer.cmd,重新启动伪集群的所有zkServer-*.cmd
连接改成:集群的所有配置ip:端口
ZooKeeper zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
// 监控所有被触发的事件
public void process(WatchedEvent event) {
System.out.println("已经触发了" + event.getType() + "事件!");
}
});
二、Linux配置超级用户
Linux修改zkServer.sh文件
那么打开zk目录下的/bin/zkServer.sh服务器脚本文件,找到如下一行
nohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}"
这就是脚本中启动zk的命令,默认只有以上两个配置项,我们需要加一个超管的配置项:
"-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="
第一个等号之后的就是刚才用户名密码的哈希值。
那么修改以后这条完整命令变成了:
nohup $JAVA "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs="\
-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &
之后启动zk/zk集群.
代码测试:
/**
* zk设置超级管理员 :适合linx和windows配置的方式
*/
@Test
public void testZkSuper(){
//用户 super:admin
try {
String m = DigestAuthenticationProvider.generateDigest("super:admin");
System.out.println(m);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
//返回的结果 super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
@Test
public void testSuperServer() {
List acls = new ArrayList(2);
try {
Id id1 = new Id("digest", DigestAuthenticationProvider.generateDigest("fish:fishpw"));
ACL acl1 = new ACL(ZooDefs.Perms.WRITE, id1);
Id id2 = new Id("digest", DigestAuthenticationProvider.generateDigest("qsd:qsdpw"));
ACL acl2 = new ACL(ZooDefs.Perms.READ, id2);
acls.add(acl1);
acls.add(acl2);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
ZooKeeper zk = null;
try {
zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
// 监控所有被触发的事件
public void process(WatchedEvent event) {
System.out.println("已经触发了" + event.getType() + "事件!");
}
});
if (zk.exists("/test", true) == null) {
System.out.println(zk.create("/test", "ACL测试".getBytes(), acls, CreateMode.PERSISTENT));
}
} catch (IOException e) {
e.printStackTrace();
} catch (KeeperException e1) {
e1.printStackTrace();
} catch (InterruptedException e1) {
e1.printStackTrace();
}
}
@Test
public void testSuperClient() {
try {
ZooKeeper zk = new ZooKeeper("127.0.0.1:2183,127.0.0.1:2184,127.0.0.1:2185", 300000, new Watcher() {
// 监控所有被触发的事件
public void process(WatchedEvent event) {
System.out.println("已经触发了" + event.getType() + "事件!");
}
});
zk.addAuthInfo("digest", "super:superpw".getBytes());
System.out.println(new String(zk.getData("/test", null, null)));
zk.setData("/test", "I change!".getBytes(), -1);
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}