zookeeper安装配置
1、下载安装
1、下载
- 下载地址:https://www.apache.org/dyn/closer.cgi/zookeeper/
- 执行命令下载:wget http://mirror.bit.edu.cn/apache/zookeeper/zookeeper-3.5.6/apache-zookeeper-3.5.6-bin.tar.gz
2、安装
- 解压:tar -zxvf apache-zookeeper-3.5.6-bin.tar.gz
- copy到目录:cp -R apache-zookeeper-3.5.6-bin /zjl/program/
- 创建软链接:ln -s apache-zookeeper-3.5.6-bin/ /zjl/program/zookeeper
2、单机配置
1、配置
- conf目录下提供了配置的样例zoo_sample.cfg,要将zk运行起来,需要将其名称修改为zoo.cfg。
- 打开zoo.cfg,可以看到默认的一些配置
- tickTime时长单位为毫秒,为zk使用的基本时间度量单位。例如,1 * tickTime是客户端与zk服务端的心跳时间,2 * tickTime是客户端会话的超时时间。
- tickTime的默认值为2000毫秒,更低的tickTime值可以更快地发现超时问题,但也会导致更高的网络流量(心跳消息)和更高的CPU使用率(会话的跟踪处理)。
- clientPortzk服务进程监听的TCP端口,默认情况下,服务端会监听2181端口。
- dataDir无默认配置,必须配置,用于配置存储快照文件的目录。如果没有配置dataLogDir,那么事务日志也会存储在此目录。
2、启动
命令:./zkServer.sh start 这个命令使得zk服务进程在后台进行。命令:./zkServer.sh start-foreground 执行此命令,可以看到大量详细信息的输出,以便允许查看服务器发生了什么。- 使用文本编辑器打开zkServer.cmd或者zkServer.sh文件,可以看到其会调用zkEnv.cmd或者zkEnv.sh脚本。zkEnv脚本的作用是设置zk运行的一些环境变量,例如配置文件的位置和名称等。
3、连接
- 如果是连接同一台主机上的zk进程,那么直接运行bin/目录下的zkCli.cmd(Windows环境下)或者zkCli.sh(Linux环境下),即可连接上zk。
- 直接执行zkCli.cmd或者zkCli.sh命令默认以主机号 127.0.0.1,端口号 2181 来连接zk,
- 如果要连接不同机器上的zk,可以使用 -server 参数,例如:
bin/zkCli.sh -server 192.168.0.1:2181
3、集群配置
1、配置
- initLimit:ZooKeeper集群模式下包含多个zk进程,其中一个进程为leader,余下的进程为follower。当follower最初与leader建立连接时,它们之间会传输相当多的数据,尤其是follower的数据落后leader很多。initLimit配置follower与leader之间建立连接后进行同步的最长时间。
- syncLimit:配置follower和leader之间发送消息,请求和应答的最大时间长度。
- tickTime:tickTime则是上述两个超时配置的基本单位,例如对于initLimit,其配置值为5,说明其超时时间为 2000ms * 5 = 10秒。
- server.id=host:port1:port2:其中id为一个数字,表示zk进程的id,这个id也是dataDir目录下myid文件的内容。host是该zk进程所在的IP地址,port1表示follower和leader交换消息所使用的端口,port2表示选举leader所使用的端口。
- dataDir:其配置的含义跟单机模式下的含义类似,不同的是集群模式下还有一个myid文件。myid文件的内容只有一行,且内容只能为1 - 255之间的数字,这个数字亦即上面介绍server.id中的id,表示zk进程的id。
例子:
tickTime=2000 dataDir=/zjl/program/zookeeper/data clientPort=2181 initLimit=5 syncLimit=2server.1=192.168.244.128:2888:3888
server.2=192.168.244.130:2888:3888
server.3=192.168.244.131:2888:3888注意:在三台机器dataDir目录(/zjl/program/zookeeper/data)下,分别生成一个myid文件,其内容分别为1,2,3。
命令:touch myid
2、启动
如单机启动,只是要分别在这三台机器上启动zk进程,这样我们便将zk集群启动了起来。
3、连接
可以使用以下命令来连接一个zk集群:
./zkCli.sh -server 192.168.244.128:2181,192.168.244.130:2181,192.168.244.131:2181成功连接后,可以看到如下输出:
从日志输出可以看到,客户端连接的是192.168.244.128:2181进程(连接上哪台机器的zk进程是随机的),客户端已成功连接上zk集群。
4、zookeeper指令
连接成功后,便可以使用命令与zk服务进行交互。
1、help
help命令会输出zk支持的所有命令。
[zk: 127.0.0.1:2182(CONNECTED) 0] help ZooKeeper -server host:port cmd args stat path [watch] set path data [version] ls path [watch] delquota [-n|-b] path ls2 path [watch] setAcl path acl setquota -n|-b val path history redo cmdno printwatches on|off delete path [version] sync path listquota path rmr path get path [watch] create [-s] [-e] path data acl addauth scheme auth quit getAcl path close connect host:port2、ls
查看命令(
niocoder是我测试集群创建的节点,默认只有zookeeper一个节点)[zk: localhost:2181(CONNECTED) 1] ls /
[niocoder, zookeeper]
[zk: localhost:2181(CONNECTED) 2] ls /zookeeper
[quota]
[zk: localhost:2181(CONNECTED) 4] ls /zookeeper/quota
[]3、create
创建一个节点,例如:
[zk: localhost:2181(CONNECTED) 3] create /zk mydata Created /zk以上命令创建一个/zk节点,且其内容为 “myData”
4、get
显示指定路径下节点的信息,例如,我们检查一下上面的/zk节点最否创建成功
[zk: localhost:2181(CONNECTED) 4] get /zk mydata cZxid = 0xb59 ctime = Thu Jun 30 11:13:24 CST 2016 mZxid = 0xb59 mtime = Thu Jun 30 11:13:24 CST 2016 pZxid = 0xb59 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 6 numChildren = 0可以看到/zk节点的内容为”myData”,且输出包含了znode的其他信息。有关各个字段的具体含义,请参见了本博客对znode的介绍。
5、set
设置节点的内容,例如:
[zk: localhost:2181(CONNECTED) 6] set /zk "anotherData" …… [zk: localhost:2181(CONNECTED) 7] get /zk "anotherData" ……6、delete
删除一个节点,例如:
[zk: localhost:2181(CONNECTED) 8] delete /zk [zk: localhost:2181(CONNECTED) 9] get /zk Node does not exist: /zk以上就是zk客户端最常用的几个命令,从这几个命令我们也可以看到zk提供的API设计的简单。
7、四字母命令
ZooKeeper提供了多个由4个字母构成的命令,可以使用nc或者telnet来使用这些命令。例如:
telnet 127.0.0.1 2181成功连接zk后,输入conf
会看到以下输出clientPort=2181 dataDir=D:\Soft\zookeeper-3.4.6\data\version-2 dataLogDir=D:\Soft\zookeeper-3.4.6\data\version-2 tickTime=2000 maxClientCnxns=60 minSessionTimeout=4000 maxSessionTimeout=40000 serverId=0或者使用nc来向zk发送4字母命令,例如:
echo conf | nc 192.168.229.161 2181其他常用的四字母命令如下表格所示:
表格:ZooKeeper提供的四字母命令
例如,mntr 命令的输出:
echo mntr | nc 192.168.229.161 2181 zk_version 3.4.6-1569965, built on 02/20/2014 09:09 GMT zk_avg_latency 0 zk_max_latency 565 zk_min_latency 0 zk_packets_received 95353 zk_packets_sent 95713 zk_num_alive_connections 3 zk_outstanding_requests 0 zk_server_state leader zk_znode_count 20 zk_watch_count 12 zk_ephemerals_count 9 zk_approximate_data_size 1465 zk_open_file_descriptor_count 37 zk_max_file_descriptor_count 65535 zk_followers 2 - 只有leader进程才有此项输出 zk_synced_followers 2 - 只有leader进程才有此项输出 zk_pending_syncs 0 - 只有leader进程才有此项输出
5、zookeeper指令2
1、普通操作
- 启动zk服务: /zkServer.sh start
[root@localhost bin]# ./zkServer.sh ZooKeeper JMX enabled by default Using config: /usr/home/zookeeper-3.4.11/bin/../conf/zoo.cfg Usage: ./zkServer.sh {start|start-foreground|stop|restart|status|upgrade|print-cmd} # 提示要以./zkCli.sh start 启动zk ./zkCli.sh start- 查看zk的运行状态 :./zkServer.sh status 由于我已经配置了zk的集群,所以此处显示状态为leader
[root@localhost bin]# ./zkServer.sh status ZooKeeper JMX enabled by default Using config: /usr/home/zookeeper-3.4.11/bin/../conf/zoo.cfg Mode: leader- 客户端链接zk
[root@localhost bin]# ./zkCli.sh ...... WatchedEvent state:SyncConnected type:None path:null [zk: localhost:2181(CONNECTED) 0]- help 查看客户端帮助命令:
help[zk: localhost:2181(CONNECTED) 0] help ZooKeeper -server host:port cmd args stat path [watch] set path data [version] ls path [watch] delquota [-n|-b] path ls2 path [watch] setAcl path acl setquota -n|-b val path history redo cmdno printwatches on|off delete path [version] sync path listquota path rmr path get path [watch] create [-s] [-e] path data acl addauth scheme auth quit getAcl path close connect host:port [zk: localhost:2181(CONNECTED) 1]- ls 查看:ls 查看命令(niocoder是我测试集群创建的节点,默认只有zookeeper一个节点)
[zk: localhost:2181(CONNECTED) 1] ls / [niocoder, zookeeper] [zk: localhost:2181(CONNECTED) 2] ls /zookeeper [quota] [zk: localhost:2181(CONNECTED) 4] ls /zookeeper/quota []- get 获取节点数据和更新信息:
get内容为空
cZxid :创建节点的id
ctime : 节点的创建时间
mZxid :修改节点的id
mtime :修改节点的时间
pZxid :子节点的id
cversion : 子节点的版本
dataVersion : 当前节点数据的版本
aclVersion :权限的版本
ephemeralOwner :判断是否是临时节点
dataLength : 数据的长度
numChildren :子节点的数量[zk: localhost:2181(CONNECTED) 7] get /zookeeper #下面空行说明节点内容为空 cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 1 [zk: localhost:2181(CONNECTED) 8]- 获得节点的更新信息:stat
- ls命令和stat命令的整合:ls2
[zk: localhost:2181(CONNECTED) 10] ls2 /zookeeper [quota] cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 1 [zk: localhost:2181(CONNECTED) 11]- create 创建节点:create [-s] [-e] path data acl 可以注意一下各个版本的变化
#创建merryyou节点,节点的内容为merryyou [zk: localhost:2181(CONNECTED) 1] create /merryyou merryyou Created /merryyou #获得merryyou节点内容 [zk: localhost:2181(CONNECTED) 3] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000004 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0- create -e 创建临时节点:create -e
#创建临时节点 [zk: localhost:2181(CONNECTED) 4] create -e /merryyou/temp merryyou Created /merryyou/temp [zk: localhost:2181(CONNECTED) 5] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000005 cversion = 1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 1 [zk: localhost:2181(CONNECTED) 6] get /merryyou/temp merryyou cZxid = 0x200000005 ctime = Sat Jun 02 14:22:24 UTC 2018 mZxid = 0x200000005 mtime = Sat Jun 02 14:22:24 UTC 2018 pZxid = 0x200000005 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x2000000d4500000 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 7] #断开重连之后,临时节点自动消失 WATCHER:: WatchedEvent state:SyncConnected type:None path:null #因为默认的心跳机制,此时查询临时节点还存在 [zk: localhost:2181(CONNECTED) 0] ls /merryyou [temp] #再次查询,临时节点消失 [zk: localhost:2181(CONNECTED) 1] ls /merryyou [] [zk: localhost:2181(CONNECTED) 2]- 创建顺序节点 自动累加:create -s
# 创建顺序节点,顺序节点会自动累加 [zk: localhost:2181(CONNECTED) 2] create -s /merryyou/sec seq Created /merryyou/sec0000000001 [zk: localhost:2181(CONNECTED) 3] create -s /merryyou/sec seq Created /merryyou/sec0000000002- 修改节点:set path data [version]
[zk: localhost:2181(CONNECTED) 6] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 2 # 修改节点内容为new-merryyou [zk: localhost:2181(CONNECTED) 7] set /merryyou new-merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000a mtime = Sat Jun 02 14:29:23 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 12 numChildren = 2 #再次查询,节点内容已经修改 [zk: localhost:2181(CONNECTED) 8] get /merryyou new-merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000a mtime = Sat Jun 02 14:29:23 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 12 numChildren = 2 #set 根据版本号更新 dataVersion 乐观锁 [zk: localhost:2181(CONNECTED) 9] set /merryyou test-merryyou 1 cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000b mtime = Sat Jun 02 14:31:30 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 2 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 13 numChildren = 2 #因为数据的版本号已经修改为2 再次使用版本号1修改节点提交错误 [zk: localhost:2181(CONNECTED) 10] set /merryyou test-merryyou 1 version No is not valid : /merryyou- 删除节点:delete path [version]
[zk: localhost:2181(CONNECTED) 13] delete /merryyou/sec000000000 sec0000000001 sec0000000002 [zk: localhost:2181(CONNECTED) 13] delete /merryyou/sec0000000001 [zk: localhost:2181(CONNECTED) 14] ls /merryyou [sec0000000002] [zk: localhost:2181(CONNECTED) 15]2、watcher通知机制
参考https://blog.csdn.net/hohoo1990/article/details/78617336
关于watcher机制大体的理解可以为,当每个节点发生变化,都会触发watcher事件,类似于mysql的触发器。zk中 watcher是一次性的,触发后立即销毁。 - stat path [watch] 设置watch事件 - get path [watch]设置watch事件 - 子节点创建和删除时触发watch事件,子节点修改不会触发该事件
- 设置watch事件:stat path [watch]
#添加watch 事件 [zk: localhost:2181(CONNECTED) 18] stat /longfei watch Node does not exist: /longfei #创建longfei节点时触发watcher事件 [zk: localhost:2181(CONNECTED) 19] create /longfei test WATCHER:: WatchedEvent state:SyncConnected type:NodeCreated path:/longfei Created /longfei- 设置watch事件:get path [watch]
#使用get命令添加watch事件 [zk: localhost:2181(CONNECTED) 20] get /longfei watch test cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000e mtime = Sat Jun 02 14:43:15 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #修改节点触发watcher事件 [zk: localhost:2181(CONNECTED) 21] set /longfei new_test WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/longfei cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000f mtime = Sat Jun 02 14:45:06 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 22] #删除触发watcher事件 [zk: localhost:2181(CONNECTED) 23] get /longfei watch new_test cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000f mtime = Sat Jun 02 14:45:06 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 24] delete /longfei WATCHER:: WatchedEvent state:SyncConnected type:NodeDeleted path:/longfei [zk: localhost:2181(CONNECTED) 25]3、ACL权限控制
ZK的节点有5种操作权限:CREATE、READ、WRITE、DELETE、ADMIN 也就是 增、删、改、查、管理权限,这5种权限简写为crwda(即:每个单词的首字符缩写)。
注:这5种权限中,delete是指对子节点的删除权限,其它4种权限指对自身节点的操作权限身份的认证有4种方式:
- world:默认方式,相当于全世界都能访问
- auth:代表已经认证通过的用户(cli中可以通过addauth digest user:pwd 来添加当前上下文中的授权用户)
- digest:即用户名:密码这种方式认证,这也是业务系统中最常用的
- ip:使用Ip地址认证使用[scheme:id:permissions]来表示acl权限
- 获取某个节点的acl权限信息:getAcl
#获取节点权限信息默认为 world:cdrwa任何人都可以访问 [zk: localhost:2181(CONNECTED) 34] getAcl /merryyou 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 35]- 设置权限:setAcl
[zk: localhost:2181(CONNECTED) 35] create /merryyou/test test Created /merryyou/test [zk: localhost:2181(CONNECTED) 36] getAcl /merryyou/test 'world,'anyone : cdrwa #设置节点权限 crwa 不允许删除 [zk: localhost:2181(CONNECTED) 37] setAcl /merryyou/test world:anyone:crwa cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x200000018 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #查询刚才设置的acl权限信息 crwa 没有删除权限 [zk: localhost:2181(CONNECTED) 38] getAcl /merryyou/test 'world,'anyone : crwa [zk: localhost:2181(CONNECTED) 39] [zk: localhost:2181(CONNECTED) 39] create /merryyou/test/abc abc Created /merryyou/test/abc #删除子节点的时候提交权限不足 [zk: localhost:2181(CONNECTED) 40] delete /merryyou/test/abc Authentication is not valid : /merryyou/test/abc #设置节点的权限信息为rda [zk: localhost:2181(CONNECTED) 41] setAcl /merryyou/test world:anyone:rda cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x20000001a cversion = 1 dataVersion = 0 aclVersion = 2 ephemeralOwner = 0x0 dataLength = 4 numChildren = 1 [zk: localhost:2181(CONNECTED) 42] getAcl /merryyou/test 'world,'anyone : dra #可以成功删除 [zk: localhost:2181(CONNECTED) 43] delete /merryyou/test/abc [zk: localhost:2181(CONNECTED) 46] ls /merryyou/test [] [zk: localhost:2181(CONNECTED) 47] #设置节点信息为a admin [zk: localhost:2181(CONNECTED) 47] setAcl /merryyou/test world:anyone:a cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x20000001d cversion = 2 dataVersion = 0 aclVersion = 3 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #获取 设置都提示权限不足 [zk: localhost:2181(CONNECTED) 49] get /merryyou/test Authentication is not valid : /merryyou/test [zk: localhost:2181(CONNECTED) 50] set /merryyou/test 123 Authentication is not valid : /merryyou/test [zk: localhost:2181(CONNECTED) 51]- 密码明文设置:acl Auth
[zk: localhost:2181(CONNECTED) 53] create /niocoder/merryyou merryyou Created /niocoder/merryyou #查询默认节点权限信息 [zk: localhost:2181(CONNECTED) 54] getAcl /niocoder/merryyou 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 55] #使用auth设置节点权限信息 [zk: localhost:2181(CONNECTED) 2] setAcl /niocoder/merryyou auth:test:test:cdrwa Acl is not valid : /niocoder/merryyou # 注册test:test 账号密码 [zk: localhost:2181(CONNECTED) 3] addauth digest test:test [zk: localhost:2181(CONNECTED) 4] setAcl /niocoder/merryyou auth:test:test:cdrwa cZxid = 0x200000020 ctime = Sat Jun 02 16:32:08 UTC 2018 mZxid = 0x200000020 mtime = Sat Jun 02 16:32:08 UTC 2018 pZxid = 0x200000020 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 #查询节点权限信息 密码为密文格式 [zk: localhost:2181(CONNECTED) 5] getAcl /niocoder/merryyou 'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug= : cdrwa [zk: localhost:2181(CONNECTED) 6]- 密码密文设置:acl digest
[zk: localhost:2181(CONNECTED) 13] create /names test Created /names [zk: localhost:2181(CONNECTED) 14] getAcl /names 'world,'anyone : cdrwa #使用digest设置节点的权限信息 密码为test密文 [zk: localhost:2181(CONNECTED) 15] setAcl /names digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:cdra cZxid = 0x400000006 ctime = Sun Jun 03 01:01:17 UTC 2018 mZxid = 0x400000006 mtime = Sun Jun 03 01:01:17 UTC 2018 pZxid = 0x400000006 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #查询节点权限信息 [zk: localhost:2181(CONNECTED) 16] getAcl /names 'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug= : cdra #获取节点信息提示权限不足 [zk: localhost:2181(CONNECTED) 5] get /names Authentication is not valid : /names # 注册账户 [zk: localhost:2181(CONNECTED) 4] addauth digest test:test # 可以正常获取 [zk: localhost:2181(CONNECTED) 17] get /names test cZxid = 0x400000006 ctime = Sun Jun 03 01:01:17 UTC 2018 mZxid = 0x400000006 mtime = Sun Jun 03 01:01:17 UTC 2018 pZxid = 0x400000006 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #由于没有设置写权限不能修改节点 w [zk: localhost:2181(CONNECTED) 18] set /names 111 Authentication is not valid : /names [zk: localhost:2181(CONNECTED) 19] delete /names [zk: localhost:2181(CONNECTED) 20]- 控制客户端:acl ip
[zk: localhost:2181(CONNECTED) 22] create /niocoder/ip aa Created /niocoder/ip [zk: localhost:2181(CONNECTED) 23] get /niocoder/ip aa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 # 添加ip控制的权限信息 [zk: localhost:2181(CONNECTED) 24] setAcl /niocoder/ip ip:192.168.0.68:cdrwa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: localhost:2181(CONNECTED) 25] getAcl /niocoder/ip 'ip,'192.168.0.68 : cdrwa [zk: localhost:2181(CONNECTED) 26]- 超级管理员: acl super 使用super权限需要修改zkServer.sh,添加super管理员,重启zkServer.sh
"-Dzookeeper.DigestAuthenticationProvider.superDigest=test:V28q/NynI4JI3Rk54h0r8O5kMug=" nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationprovider.superDigest=test:V28q/NynI4JI3Rk54h0r8O5kMug=" \ -cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null & #重启进入zkCli #由于之前设置ip权限,所以不允许访问 [zk: localhost:2181(CONNECTED) 2] ls /niocoder/ip Authentication is not valid : /niocoder/ip #登录账号信息,即为管理员账号 [zk: localhost:2181(CONNECTED) 3] addauth digest test:test #正常访问,节点内容为空 [zk: localhost:2181(CONNECTED) 4] ls /niocoder/ip [] [zk: localhost:2181(CONNECTED) 5] get /niocoder/ip aa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: localhost:2181(CONNECTED) 6]4、四字命令Four Letter Words
使用四字命令需要安装
nc命令,(yum install nc)
- 查看状态信息:stat
[root@localhost bin]# echo stat | nc 192.168.0.68 2181 Zookeeper version: 3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT Clients: /192.168.0.68:49346[0](queued=0,recved=1,sent=0) Latency min/avg/max: 0/0/4 Received: 62 Sent: 61 Connections: 1 Outstanding: 0 Zxid: 0x50000000a Mode: follower Node count: 10 [root@localhost bin]#- 查看zookeeper是否启动:ruok
[root@localhost bin]# echo ruok | nc 192.168.0.68 2181 imok[root@localhost bin]#- 列出没有处理的节点,临时节点:dump
imok[root@localhost bin]# echo dump | nc 192.168.0.68 2181 SessionTracker dump: org.apache.zookeeper.server.quorum.LearnerSessionTracker@29805957 ephemeral nodes dump: Sessions with Ephemerals (0): [root@localhost bin]#- 查看服务器配置:conf
[root@localhost bin]# echo conf | nc 192.168.0.68 2181 clientPort=2181 dataDir=/usr/home/zookeeper-3.4.11/data/version-2 dataLogDir=/usr/home/zookeeper-3.4.11/data/version-2 tickTime=2000 maxClientCnxns=60 minSessionTimeout=4000 maxSessionTimeout=40000 serverId=2 initLimit=10 syncLimit=5 electionAlg=3 electionPort=3888 quorumPort=2888 peerType=0 [root@localhost bin]#- 显示连接到服务端的信息:cons
[root@localhost bin]# echo cons | nc 192.168.0.68 2181 /192.168.0.68:49354[0](queued=0,recved=1,sent=0) [root@localhost bin]#- 显示环境变量信息:envi
[root@localhost bin]# echo envi | nc 192.168.0.68 2181 Environment: zookeeper.version=3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT host.name=localhost java.version=1.8.0_111 java.vendor=Oracle Corporation java.home=/usr/local/jdk1.8.0_111/jre java.class.path=/usr/home/zookeeper-3.4.11/bin/../build/classes:/usr/home/zookeeper-3.4.11/bin/../build/lib/*.jar:/usr/home/zookeeper-3.4.11/bin/../lib/slf4j-log4j12-1.6.1.jar:/usr/home/zookeeper-3.4.11/bin/../lib/slf4j-api-1.6.1.jar:/usr/home/zookeeper-3.4.11/bin/../lib/netty-3.10.5.Final.jar:/usr/home/zookeeper-3.4.11/bin/../lib/log4j-1.2.16.jar:/usr/home/zookeeper-3.4.11/bin/../lib/jline-0.9.94.jar:/usr/home/zookeeper-3.4.11/bin/../lib/audience-annotations-0.5.0.jar:/usr/home/zookeeper-3.4.11/bin/../zookeeper-3.4.11.jar:/usr/home/zookeeper-3.4.11/bin/../src/java/lib/*.jar:/usr/home/zookeeper-3.4.11/bin/../conf: java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.io.tmpdir=/tmp java.compiler=<NA> os.name=Linux os.arch=amd64 os.version=3.10.0-514.10.2.el7.x86_64 user.name=root user.home=/root user.dir=/usr/home/zookeeper-3.4.11/bin [root@localhost bin]#- 查看zk的健康信息:mntr
[root@localhost bin]# echo mntr | nc 192.168.0.68 2181 zk_version 3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT zk_avg_latency 0 zk_max_latency 4 zk_min_latency 0 zk_packets_received 68 zk_packets_sent 67 zk_num_alive_connections 1 zk_outstanding_requests 0 zk_server_state follower zk_znode_count 10 zk_watch_count 0 zk_ephemerals_count 0 zk_approximate_data_size 124 zk_open_file_descriptor_count 32 zk_max_file_descriptor_count 4096 [root@localhost bin]#- 展示watch的信息:wchs
[root@localhost bin]# echo wchs | nc 192.168.0.68 2181 0 connections watching 0 paths Total watches:0 [root@localhost bin]#- 显示session的watch信息 path的watch信息:wchc和wchp (需要在 配置
zoo.cfg文件中添加4lw.commands.whitelist=*)[root@localhost bin]# echo wchc | nc 192.168.0.68 2181 wchc is not executed because it is not in the whitelist. [root@localhost bin]# echo wchp | nc 192.168.0.68 2181 wchp is not executed because it is not in the whitelist.
整理自:
https://www.cnblogs.com/jimcsharp/p/8358271.html
https://blog.csdn.net/dandandeshangni/article/details/80558383
