zookeeper学习笔记1
zookeeper学习也有一段时间了,为以后有机会开发分布式服务做些准备。
今天先做下记录:
[zk: localhost:2181(CONNECTED) 1] help
ZooKeeper -server host:port cmd args
connect host:port
get path [watch]
ls path [watch]
set path data [version]
delquota [-n|-b] path
quit
printwatches on|off
create [-s] [-e] path data acl
stat path [watch]
close
ls2 path [watch]
history
listquota path
setAcl path acl
getAcl path
sync path
redo cmdno
addauth scheme auth
delete path [version]
setquota -n|-b val path
1.create [-s] [-e] path data acl
其中”-s”表示创建一个顺序自动编号的节点,”-e”表示创建一个临时节点.默认为持久性节点
例如:
创建一个持久性节点和临时节点
[zk: localhost:2181(CONNECTED) 7] create /test null Created /test [zk: localhost:2181(CONNECTED) 8] create -e /test0 null Created /test0
当会话退出,临时节点将会自动删除,并且临时节点无子节点。
创建一个顺序自动编号的节点,ACL为使用digest(用户名:test 密码:test),权限为所有(rwcda)。关于digest的产生,base64.b64encode(hashlib.new("sha1", auth).digest())方法;通过向此方法指定原始的用户名和密码即可获得”digest”之后的字符串,比如传入auth="test:test",将会得到'test:V28q/NynI4JI3Rk54h0r8O5kMug=',其内部原理是将”密码”部分进行加密操作.
[zk: localhost:2181(CONNECTED) 1] create -s /test/test null digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:rwcda /test/test0000000004 [zk: localhost:2181(CONNECTED) 2] getAcl /test/test 'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug= : cdrwa
这样的话,如果我不授权的话,是不允许查看的。所以:
[zk: localhost:2181(CONNECTED) 1] addauth digest test:test /test/test0000000004 [zk: localhost:2181(CONNECTED) 2] get /test/test0000000004 null cZxid = 0x1000001b6 ctime = Fri Dec 19 16:17:35 CST 2014 mZxid = 0x1000001b6 mtime = Fri Dec 19 16:17:35 CST 2014 pZxid = 0x1000001b6 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0
那么python代码如何创建一个带有digest认证的节点呢?
#/usr/bin/env python
#coding:utf8
import zookeeper
import time
import base64
import hashlib
auth="badboy:test"
user="badboy"
sha1 = "%s:%s" % (user, base64.b64encode(hashlib.new("sha1", auth).digest()))
acl = [{"perms":0x1f, "scheme":"digest", "id" :sha1}]
handler = zookeeper.init("localhost:2181")
zookeeper.create(handler,'/node',"zkpython",acl)
命令行下查看:
[zk: localhost:2181(CONNECTED) 1] getAcl /node
'digest,'badboy:TiLddZ4sxlajgN4vNV2KuxmOduY=
: cdrwa
[zk: localhost:2181(CONNECTED) 2] addauth digest badboy:test /node
[zk: localhost:2181(CONNECTED) 3] get /node
zkpython
cZxid = 0x1000001dd
ctime = Fri Dec 19 16:37:41 CST 2014
mZxid = 0x1000001dd
mtime = Fri Dec 19 16:37:41 CST 2014
pZxid = 0x1000001dd
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
脚本下如何访问一个digest加密的节点呢?
#!/usr/bin/env python
#coding:utf8
auth="badboy:test"
handler = zookeeper.init("192.168.x.5:2181")
zookeeper.add_auth(handler, auth , None)
zookeeper.get(handler,"/node")
如何使用ip认证
命令行添加:
create /test/test1 hello ip:192.168.x.3:r 意思是说只允许192.168.x.3这个客户端以只读方式连接
脚本方式添加:
acl=[{"perms":0x1f, "scheme":"ip", "id":"192.168.x.3"}]
zookeeper.create(handler,'/test/test2',"hello world",acl)
注意:命令行添加的内容不能带有空格,及时加双引号也会报错.
2.setAcl path acl和getAcl path
给某个znode节点重新设置访问权限,需要注意的是ZooKeeper中的目录节点权限都不具有传递性,父znode节点的权限不能传递给子目录节点。在create中已经介绍了ACL的设置方法,可以设置一系列ACL规则(即指定一系列ACL对象,如acl=[{'perms':0x1f,"scheme":"ip","id":"x.x.x.x"},{'perms':0x1f,"scheme":"digest","id":"经过sha1加密的信息"}]此处使用了两种认证)。List getACL(String path, Stat stat)
返回某个znode节点的ACL对象的列表。
例如zkCli中设置某个ACL规则:
[zk: localhost:2181(CONNECTED) 12] getAcl /test
'world,'anyone
: cdrwa
原先是任何人都有cdrwa权限,现重新设置需要digest授权的用户才有只读权限.
setAcl /test digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:r
再看下:
[zk: localhost:2181(CONNECTED) 2] getAcl /test
'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug=
: r
3.get path [watch]和set path data [version]
get是获取Znode的数据及相关属性,而set是修改此Znode的数据.
4.ls path [watch]
查看Znode的子节点
5.stat path [watch]
查看Znode的属性
6.delete path [version]
删除Znode,前提若有子节点,先删除其子节点
7.addauth scheme auth
认证授权,若某个节点需要认证后才能查看,就需要此命令,前面的例子已经给出.
本文仅供参考.