ZooKeeper 3节点部署 (Docker-compose部署)以及 ACL 设置
资源清单
| 主机 | IP |
|---|---|
| ZooKeeper节点1 | 10.0.0.1 |
| ZooKeeper节点2 | 10.0.0.2 |
| ZooKeeper节点3 | 10.0.0.3 |
| 软件 | 版本 |
|---|---|
| docker | 20.10.12 |
| docker-compose | 1.23.1 |
| ZooKeeper镜像 | 3.8.0 |
| 服务 | 端口 |
|---|---|
| ZooKeeper | 2181,2888,3888 |
一、Docker 安装
1. 使用国内 yum 源
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2. 卸载旧版本的 docker
## 如果主机上已经有docker存在且不是想要安装的版本,需要先进行卸载。
# yum remove -y docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine \
container*
3. 安装 Docker20.10 版本
# yum -y install docker-ce-20.10.12-3.el7 docker-ce-cli-20.10.12-3.el7 vim
4. 设置镜像加速
# mkdir /etc/docker
# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxxxxx.mirror.aliyuncs.com"]
}
5. 启动 docker
# systemctl start docker
# systemctl enable docker
# systemctl status docker
二、Docker-compose 安装
1. Docker-compose 安装
## github.com 可能访问超时,可以使用下面的获取下载下来后上传服务器即可
# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# curl -k "https://dl.cactifans.com/zabbix_docker/docker-compose" -o /usr/bin/docker-compose
# chmod a+x /usr/bin/docker-compose
2. 查看 docker-compose 版本
# docker-compose version
三、Zookeeper 3节点 安装
1. 详细的 docker-compose.yml 文件信息
其他
2个主机节点修改对应的参数即可
version: '3'
services:
zk1: # [ zk2 | zk3 ]
image: zookeeper:3.8.0
restart: always
privileged: true
hostname: zk1 # [ zk2 | zk3 ]
container_name: zk1 # [ zk2 | zk3 ]
ports:
- 2181:2181
- 2888:2888
- 3888:3888
volumes: # 挂载数据
- /data/zookeeper/data:/data
- /data/zookeeper/log:/datalog
environment:
ZOO_MY_ID: 1 # [ 2 | 3 ]
ZOO_SERVERS: server.1=zk1:2888:3888;2181 server.2=zk2:2888:3888;2181 server.3=zk3:2888:3888;2181 # [ server.2=0.0.0.0 | server.3=0.0.0.0 ]
extra_hosts: # 设置容器 hosts
- "zk1:10.0.0.1"
- "zk2:10.0.0.2"
- "zk3:10.0.0.3"
2. 安装服务
3台主机中执行以下命令
# mkdir /data/zookeeper/{data,log} -pv
# cd /data/zookeeper
# cat << EOF >> docker-compose.yml
version: '3'
services:
zk1: # [ zk2 | zk3 ]
image: zookeeper:3.8.0
restart: always
privileged: true
hostname: zk1 # [ zk2 | zk3 ]
container_name: zk1 # [ zk2 | zk3 ]
ports:
- 2181:2181
- 2888:2888
- 3888:3888
volumes: # 挂载数据
- /data/zookeeper/data:/data
- /data/zookeeper/log:/datalog
environment:
ZOO_MY_ID: 1 # [ 2 | 3 ]
ZOO_SERVERS: server.1=zk1:2888:3888;2181 server.2=zk2:2888:3888;2181 server.3=zk3:2888:3888;2181 # [ server.2=0.0.0.0 | server.3=0.0.0.0 ]
extra_hosts: # 设置容器 hosts
- "zk1:10.0.0.1"
- "zk2:10.0.0.2"
- "zk3:10.0.0.3"
EOF
# docker-compose up -d
四、 Zookeeper ACL 设置
Zookeeper集群中,随机找一个节点登陆设置ACL规则即可
# docker exec -it zk1 zkCli.sh
## Zookeeper 控制台
### 新增代码访问用户 user (测试账户)
[zk: localhost:2181(CONNECTED) 0] addauth digest user:123456
### 设置对跟路径的访问权限,此处使用 password 加密后密文,详细密文在上个步骤中会提供
[zk: localhost:2181(CONNECTED) 0] setAcl / digest:user:MTIzNDU2Cg==:cdrwa
### 设置 mesos 集群路径的访问权限
[zk: localhost:2181(CONNECTED) 0] setAcl /mesos digest:user:MTIzNDU2Cg==:cdrwa
[zk: localhost:2181(CONNECTED) 0] setAcl /mesos/log_replicas digest:user:MTIzNDU2Cg==:cdrwa
### 设置 elassticjob-cloud 集群访问权限
[zk: localhost:2181(CONNECTED) 0] setAcl /elasticjob-cloud digest:user:MTIzNDU2Cg==:cdrwa
[zk: localhost:2181(CONNECTED) 0] setAcl /elasticjob-cloud/ha digest:user:MTIzNDU2Cg==:cdrwa
[zk: localhost:2181(CONNECTED) 0] setAcl /elasticjob-cloud/ha/election digest:user:MTIzNDU2Cg==:cdrwa
