1、下載安裝
1、下載
- 下載地址:https://www.apache.org/dyn/closer.cgi/zookeeper/
- 執行命令下載:wget http://mirror.bit.edu.cn/apache/zookeeper/zookeeper-3.5.6/apache-zookeeper-3.5.6-bin.tar.gz
2、安裝
- 解壓:tar -zxvf apache-zookeeper-3.5.6-bin.tar.gz
- copy到目錄:cp -R apache-zookeeper-3.5.6-bin /zjl/program/
- 創建軟鏈接:ln -s apache-zookeeper-3.5.6-bin/ /zjl/program/zookeeper
2、單機配置
1、配置
- conf目錄下提供了配置的樣例zoo_sample.cfg,要將zk運行起來,需要將其名稱修改為zoo.cfg。
- 打開zoo.cfg,可以看到默認的一些配置
- tickTime時長單位為毫秒,為zk使用的基本時間度量單位。例如,1 * tickTime是客戶端與zk服務端的心跳時間,2 * tickTime是客戶端會話的超時時間。
- tickTime的默認值為2000毫秒,更低的tickTime值可以更快地發現超時問題,但也會導致更高的網絡流量(心跳消息)和更高的CPU使用率(會話的跟蹤處理)。
- clientPortzk服務進程監聽的TCP端口,默認情況下,服務端會監聽2181端口。
- dataDir無默認配置,必須配置,用於配置存儲快照文件的目錄。如果沒有配置dataLogDir,那么事務日志也會存儲在此目錄。
2、啟動
命令:./zkServer.sh start 這個命令使得zk服務進程在后台進行。命令:./zkServer.sh start-foreground 執行此命令,可以看到大量詳細信息的輸出,以便允許查看服務器發生了什么。- 使用文本編輯器打開zkServer.cmd或者zkServer.sh文件,可以看到其會調用zkEnv.cmd或者zkEnv.sh腳本。zkEnv腳本的作用是設置zk運行的一些環境變量,例如配置文件的位置和名稱等。
3、連接
- 如果是連接同一台主機上的zk進程,那么直接運行bin/目錄下的zkCli.cmd(Windows環境下)或者zkCli.sh(Linux環境下),即可連接上zk。
- 直接執行zkCli.cmd或者zkCli.sh命令默認以主機號 127.0.0.1,端口號 2181 來連接zk,
- 如果要連接不同機器上的zk,可以使用 -server 參數,例如:
bin/zkCli.sh -server 192.168.0.1:2181
3、集群配置
1、配置
- initLimit:ZooKeeper集群模式下包含多個zk進程,其中一個進程為leader,余下的進程為follower。當follower最初與leader建立連接時,它們之間會傳輸相當多的數據,尤其是follower的數據落后leader很多。initLimit配置follower與leader之間建立連接后進行同步的最長時間。
- syncLimit:配置follower和leader之間發送消息,請求和應答的最大時間長度。
- tickTime:tickTime則是上述兩個超時配置的基本單位,例如對於initLimit,其配置值為5,說明其超時時間為 2000ms * 5 = 10秒。
- server.id=host:port1:port2:其中id為一個數字,表示zk進程的id,這個id也是dataDir目錄下myid文件的內容。host是該zk進程所在的IP地址,port1表示follower和leader交換消息所使用的端口,port2表示選舉leader所使用的端口。
- dataDir:其配置的含義跟單機模式下的含義類似,不同的是集群模式下還有一個myid文件。myid文件的內容只有一行,且內容只能為1 - 255之間的數字,這個數字亦即上面介紹server.id中的id,表示zk進程的id。
例子:
tickTime=2000 dataDir=/zjl/program/zookeeper/data clientPort=2181 initLimit=5 syncLimit=2server.1=192.168.244.128:2888:3888
server.2=192.168.244.130:2888:3888
server.3=192.168.244.131:2888:3888注意:在三台機器dataDir目錄(/zjl/program/zookeeper/data)下,分別生成一個myid文件,其內容分別為1,2,3。
命令:touch myid
2、啟動
如單機啟動,只是要分別在這三台機器上啟動zk進程,這樣我們便將zk集群啟動了起來。
3、連接
可以使用以下命令來連接一個zk集群:
./zkCli.sh -server 192.168.244.128:2181,192.168.244.130:2181,192.168.244.131:2181成功連接后,可以看到如下輸出:
從日志輸出可以看到,客戶端連接的是192.168.244.128:2181進程(連接上哪台機器的zk進程是隨機的),客戶端已成功連接上zk集群。
4、zookeeper指令
連接成功后,便可以使用命令與zk服務進行交互。
1、help
help命令會輸出zk支持的所有命令。
[zk: 127.0.0.1:2182(CONNECTED) 0] help ZooKeeper -server host:port cmd args stat path [watch] set path data [version] ls path [watch] delquota [-n|-b] path ls2 path [watch] setAcl path acl setquota -n|-b val path history redo cmdno printwatches on|off delete path [version] sync path listquota path rmr path get path [watch] create [-s] [-e] path data acl addauth scheme auth quit getAcl path close connect host:port2、ls
查看命令(
niocoder是我測試集群創建的節點,默認只有zookeeper一個節點)[zk: localhost:2181(CONNECTED) 1] ls /
[niocoder, zookeeper]
[zk: localhost:2181(CONNECTED) 2] ls /zookeeper
[quota]
[zk: localhost:2181(CONNECTED) 4] ls /zookeeper/quota
[]3、create
創建一個節點,例如:
[zk: localhost:2181(CONNECTED) 3] create /zk mydata Created /zk以上命令創建一個/zk節點,且其內容為 “myData”
4、get
顯示指定路徑下節點的信息,例如,我們檢查一下上面的/zk節點最否創建成功
[zk: localhost:2181(CONNECTED) 4] get /zk mydata cZxid = 0xb59 ctime = Thu Jun 30 11:13:24 CST 2016 mZxid = 0xb59 mtime = Thu Jun 30 11:13:24 CST 2016 pZxid = 0xb59 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 6 numChildren = 0可以看到/zk節點的內容為”myData”,且輸出包含了znode的其他信息。有關各個字段的具體含義,請參見了本博客對znode的介紹。
5、set
設置節點的內容,例如:
[zk: localhost:2181(CONNECTED) 6] set /zk "anotherData" …… [zk: localhost:2181(CONNECTED) 7] get /zk "anotherData" ……6、delete
刪除一個節點,例如:
[zk: localhost:2181(CONNECTED) 8] delete /zk [zk: localhost:2181(CONNECTED) 9] get /zk Node does not exist: /zk以上就是zk客戶端最常用的幾個命令,從這幾個命令我們也可以看到zk提供的API設計的簡單。
7、四字母命令
ZooKeeper提供了多個由4個字母構成的命令,可以使用nc或者telnet來使用這些命令。例如:
telnet 127.0.0.1 2181成功連接zk后,輸入conf
會看到以下輸出clientPort=2181 dataDir=D:\Soft\zookeeper-3.4.6\data\version-2 dataLogDir=D:\Soft\zookeeper-3.4.6\data\version-2 tickTime=2000 maxClientCnxns=60 minSessionTimeout=4000 maxSessionTimeout=40000 serverId=0或者使用nc來向zk發送4字母命令,例如:
echo conf | nc 192.168.229.161 2181其他常用的四字母命令如下表格所示:
表格:ZooKeeper提供的四字母命令
例如,mntr 命令的輸出:
echo mntr | nc 192.168.229.161 2181 zk_version 3.4.6-1569965, built on 02/20/2014 09:09 GMT zk_avg_latency 0 zk_max_latency 565 zk_min_latency 0 zk_packets_received 95353 zk_packets_sent 95713 zk_num_alive_connections 3 zk_outstanding_requests 0 zk_server_state leader zk_znode_count 20 zk_watch_count 12 zk_ephemerals_count 9 zk_approximate_data_size 1465 zk_open_file_descriptor_count 37 zk_max_file_descriptor_count 65535 zk_followers 2 - 只有leader進程才有此項輸出 zk_synced_followers 2 - 只有leader進程才有此項輸出 zk_pending_syncs 0 - 只有leader進程才有此項輸出
5、zookeeper指令2
1、普通操作
- 啟動zk服務: /zkServer.sh start
[root@localhost bin]# ./zkServer.sh ZooKeeper JMX enabled by default Using config: /usr/home/zookeeper-3.4.11/bin/../conf/zoo.cfg Usage: ./zkServer.sh {start|start-foreground|stop|restart|status|upgrade|print-cmd} # 提示要以./zkCli.sh start 啟動zk ./zkCli.sh start- 查看zk的運行狀態 :./zkServer.sh status 由於我已經配置了zk的集群,所以此處顯示狀態為leader
[root@localhost bin]# ./zkServer.sh status ZooKeeper JMX enabled by default Using config: /usr/home/zookeeper-3.4.11/bin/../conf/zoo.cfg Mode: leader- 客戶端鏈接zk
[root@localhost bin]# ./zkCli.sh ...... WatchedEvent state:SyncConnected type:None path:null [zk: localhost:2181(CONNECTED) 0]- help 查看客戶端幫助命令:
help[zk: localhost:2181(CONNECTED) 0] help ZooKeeper -server host:port cmd args stat path [watch] set path data [version] ls path [watch] delquota [-n|-b] path ls2 path [watch] setAcl path acl setquota -n|-b val path history redo cmdno printwatches on|off delete path [version] sync path listquota path rmr path get path [watch] create [-s] [-e] path data acl addauth scheme auth quit getAcl path close connect host:port [zk: localhost:2181(CONNECTED) 1]- ls 查看:ls 查看命令(niocoder是我測試集群創建的節點,默認只有zookeeper一個節點)
[zk: localhost:2181(CONNECTED) 1] ls / [niocoder, zookeeper] [zk: localhost:2181(CONNECTED) 2] ls /zookeeper [quota] [zk: localhost:2181(CONNECTED) 4] ls /zookeeper/quota []- get 獲取節點數據和更新信息:
get內容為空
cZxid :創建節點的id
ctime : 節點的創建時間
mZxid :修改節點的id
mtime :修改節點的時間
pZxid :子節點的id
cversion : 子節點的版本
dataVersion : 當前節點數據的版本
aclVersion :權限的版本
ephemeralOwner :判斷是否是臨時節點
dataLength : 數據的長度
numChildren :子節點的數量[zk: localhost:2181(CONNECTED) 7] get /zookeeper #下面空行說明節點內容為空 cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 1 [zk: localhost:2181(CONNECTED) 8]- 獲得節點的更新信息:stat
- ls命令和stat命令的整合:ls2
[zk: localhost:2181(CONNECTED) 10] ls2 /zookeeper [quota] cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 1 [zk: localhost:2181(CONNECTED) 11]- create 創建節點:create [-s] [-e] path data acl 可以注意一下各個版本的變化
#創建merryyou節點,節點的內容為merryyou [zk: localhost:2181(CONNECTED) 1] create /merryyou merryyou Created /merryyou #獲得merryyou節點內容 [zk: localhost:2181(CONNECTED) 3] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000004 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0- create -e 創建臨時節點:create -e
#創建臨時節點 [zk: localhost:2181(CONNECTED) 4] create -e /merryyou/temp merryyou Created /merryyou/temp [zk: localhost:2181(CONNECTED) 5] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000005 cversion = 1 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 1 [zk: localhost:2181(CONNECTED) 6] get /merryyou/temp merryyou cZxid = 0x200000005 ctime = Sat Jun 02 14:22:24 UTC 2018 mZxid = 0x200000005 mtime = Sat Jun 02 14:22:24 UTC 2018 pZxid = 0x200000005 cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x2000000d4500000 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 7] #斷開重連之后,臨時節點自動消失 WATCHER:: WatchedEvent state:SyncConnected type:None path:null #因為默認的心跳機制,此時查詢臨時節點還存在 [zk: localhost:2181(CONNECTED) 0] ls /merryyou [temp] #再次查詢,臨時節點消失 [zk: localhost:2181(CONNECTED) 1] ls /merryyou [] [zk: localhost:2181(CONNECTED) 2]- 創建順序節點 自動累加:create -s
# 創建順序節點,順序節點會自動累加 [zk: localhost:2181(CONNECTED) 2] create -s /merryyou/sec seq Created /merryyou/sec0000000001 [zk: localhost:2181(CONNECTED) 3] create -s /merryyou/sec seq Created /merryyou/sec0000000002- 修改節點:set path data [version]
[zk: localhost:2181(CONNECTED) 6] get /merryyou merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x200000004 mtime = Sat Jun 02 14:20:06 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 2 # 修改節點內容為new-merryyou [zk: localhost:2181(CONNECTED) 7] set /merryyou new-merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000a mtime = Sat Jun 02 14:29:23 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 12 numChildren = 2 #再次查詢,節點內容已經修改 [zk: localhost:2181(CONNECTED) 8] get /merryyou new-merryyou cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000a mtime = Sat Jun 02 14:29:23 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 12 numChildren = 2 #set 根據版本號更新 dataVersion 樂觀鎖 [zk: localhost:2181(CONNECTED) 9] set /merryyou test-merryyou 1 cZxid = 0x200000004 ctime = Sat Jun 02 14:20:06 UTC 2018 mZxid = 0x20000000b mtime = Sat Jun 02 14:31:30 UTC 2018 pZxid = 0x200000009 cversion = 4 dataVersion = 2 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 13 numChildren = 2 #因為數據的版本號已經修改為2 再次使用版本號1修改節點提交錯誤 [zk: localhost:2181(CONNECTED) 10] set /merryyou test-merryyou 1 version No is not valid : /merryyou- 刪除節點:delete path [version]
[zk: localhost:2181(CONNECTED) 13] delete /merryyou/sec000000000 sec0000000001 sec0000000002 [zk: localhost:2181(CONNECTED) 13] delete /merryyou/sec0000000001 [zk: localhost:2181(CONNECTED) 14] ls /merryyou [sec0000000002] [zk: localhost:2181(CONNECTED) 15]2、watcher通知機制
參考https://blog.csdn.net/hohoo1990/article/details/78617336
關於watcher機制大體的理解可以為,當每個節點發生變化,都會觸發watcher事件,類似於mysql的觸發器。zk中 watcher是一次性的,觸發后立即銷毀。 - stat path [watch] 設置watch事件 - get path [watch]設置watch事件 - 子節點創建和刪除時觸發watch事件,子節點修改不會觸發該事件
- 設置watch事件:stat path [watch]
#添加watch 事件 [zk: localhost:2181(CONNECTED) 18] stat /longfei watch Node does not exist: /longfei #創建longfei節點時觸發watcher事件 [zk: localhost:2181(CONNECTED) 19] create /longfei test WATCHER:: WatchedEvent state:SyncConnected type:NodeCreated path:/longfei Created /longfei- 設置watch事件:get path [watch]
#使用get命令添加watch事件 [zk: localhost:2181(CONNECTED) 20] get /longfei watch test cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000e mtime = Sat Jun 02 14:43:15 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #修改節點觸發watcher事件 [zk: localhost:2181(CONNECTED) 21] set /longfei new_test WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/longfei cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000f mtime = Sat Jun 02 14:45:06 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 22] #刪除觸發watcher事件 [zk: localhost:2181(CONNECTED) 23] get /longfei watch new_test cZxid = 0x20000000e ctime = Sat Jun 02 14:43:15 UTC 2018 mZxid = 0x20000000f mtime = Sat Jun 02 14:45:06 UTC 2018 pZxid = 0x20000000e cversion = 0 dataVersion = 1 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 [zk: localhost:2181(CONNECTED) 24] delete /longfei WATCHER:: WatchedEvent state:SyncConnected type:NodeDeleted path:/longfei [zk: localhost:2181(CONNECTED) 25]3、ACL權限控制
ZK的節點有5種操作權限:CREATE、READ、WRITE、DELETE、ADMIN 也就是 增、刪、改、查、管理權限,這5種權限簡寫為crwda(即:每個單詞的首字符縮寫)。
注:這5種權限中,delete是指對子節點的刪除權限,其它4種權限指對自身節點的操作權限身份的認證有4種方式:
- world:默認方式,相當於全世界都能訪問
- auth:代表已經認證通過的用戶(cli中可以通過addauth digest user:pwd 來添加當前上下文中的授權用戶)
- digest:即用戶名:密碼這種方式認證,這也是業務系統中最常用的
- ip:使用Ip地址認證使用[scheme:id:permissions]來表示acl權限
- 獲取某個節點的acl權限信息:getAcl
#獲取節點權限信息默認為 world:cdrwa任何人都可以訪問 [zk: localhost:2181(CONNECTED) 34] getAcl /merryyou 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 35]- 設置權限:setAcl
[zk: localhost:2181(CONNECTED) 35] create /merryyou/test test Created /merryyou/test [zk: localhost:2181(CONNECTED) 36] getAcl /merryyou/test 'world,'anyone : cdrwa #設置節點權限 crwa 不允許刪除 [zk: localhost:2181(CONNECTED) 37] setAcl /merryyou/test world:anyone:crwa cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x200000018 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #查詢剛才設置的acl權限信息 crwa 沒有刪除權限 [zk: localhost:2181(CONNECTED) 38] getAcl /merryyou/test 'world,'anyone : crwa [zk: localhost:2181(CONNECTED) 39] [zk: localhost:2181(CONNECTED) 39] create /merryyou/test/abc abc Created /merryyou/test/abc #刪除子節點的時候提交權限不足 [zk: localhost:2181(CONNECTED) 40] delete /merryyou/test/abc Authentication is not valid : /merryyou/test/abc #設置節點的權限信息為rda [zk: localhost:2181(CONNECTED) 41] setAcl /merryyou/test world:anyone:rda cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x20000001a cversion = 1 dataVersion = 0 aclVersion = 2 ephemeralOwner = 0x0 dataLength = 4 numChildren = 1 [zk: localhost:2181(CONNECTED) 42] getAcl /merryyou/test 'world,'anyone : dra #可以成功刪除 [zk: localhost:2181(CONNECTED) 43] delete /merryyou/test/abc [zk: localhost:2181(CONNECTED) 46] ls /merryyou/test [] [zk: localhost:2181(CONNECTED) 47] #設置節點信息為a admin [zk: localhost:2181(CONNECTED) 47] setAcl /merryyou/test world:anyone:a cZxid = 0x200000018 ctime = Sat Jun 02 16:18:18 UTC 2018 mZxid = 0x200000018 mtime = Sat Jun 02 16:18:18 UTC 2018 pZxid = 0x20000001d cversion = 2 dataVersion = 0 aclVersion = 3 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #獲取 設置都提示權限不足 [zk: localhost:2181(CONNECTED) 49] get /merryyou/test Authentication is not valid : /merryyou/test [zk: localhost:2181(CONNECTED) 50] set /merryyou/test 123 Authentication is not valid : /merryyou/test [zk: localhost:2181(CONNECTED) 51]- 密碼明文設置:acl Auth
[zk: localhost:2181(CONNECTED) 53] create /niocoder/merryyou merryyou Created /niocoder/merryyou #查詢默認節點權限信息 [zk: localhost:2181(CONNECTED) 54] getAcl /niocoder/merryyou 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 55] #使用auth設置節點權限信息 [zk: localhost:2181(CONNECTED) 2] setAcl /niocoder/merryyou auth:test:test:cdrwa Acl is not valid : /niocoder/merryyou # 注冊test:test 賬號密碼 [zk: localhost:2181(CONNECTED) 3] addauth digest test:test [zk: localhost:2181(CONNECTED) 4] setAcl /niocoder/merryyou auth:test:test:cdrwa cZxid = 0x200000020 ctime = Sat Jun 02 16:32:08 UTC 2018 mZxid = 0x200000020 mtime = Sat Jun 02 16:32:08 UTC 2018 pZxid = 0x200000020 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 8 numChildren = 0 #查詢節點權限信息 密碼為密文格式 [zk: localhost:2181(CONNECTED) 5] getAcl /niocoder/merryyou 'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug= : cdrwa [zk: localhost:2181(CONNECTED) 6]- 密碼密文設置:acl digest
[zk: localhost:2181(CONNECTED) 13] create /names test Created /names [zk: localhost:2181(CONNECTED) 14] getAcl /names 'world,'anyone : cdrwa #使用digest設置節點的權限信息 密碼為test密文 [zk: localhost:2181(CONNECTED) 15] setAcl /names digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:cdra cZxid = 0x400000006 ctime = Sun Jun 03 01:01:17 UTC 2018 mZxid = 0x400000006 mtime = Sun Jun 03 01:01:17 UTC 2018 pZxid = 0x400000006 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #查詢節點權限信息 [zk: localhost:2181(CONNECTED) 16] getAcl /names 'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug= : cdra #獲取節點信息提示權限不足 [zk: localhost:2181(CONNECTED) 5] get /names Authentication is not valid : /names # 注冊賬戶 [zk: localhost:2181(CONNECTED) 4] addauth digest test:test # 可以正常獲取 [zk: localhost:2181(CONNECTED) 17] get /names test cZxid = 0x400000006 ctime = Sun Jun 03 01:01:17 UTC 2018 mZxid = 0x400000006 mtime = Sun Jun 03 01:01:17 UTC 2018 pZxid = 0x400000006 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 #由於沒有設置寫權限不能修改節點 w [zk: localhost:2181(CONNECTED) 18] set /names 111 Authentication is not valid : /names [zk: localhost:2181(CONNECTED) 19] delete /names [zk: localhost:2181(CONNECTED) 20]- 控制客戶端:acl ip
[zk: localhost:2181(CONNECTED) 22] create /niocoder/ip aa Created /niocoder/ip [zk: localhost:2181(CONNECTED) 23] get /niocoder/ip aa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 # 添加ip控制的權限信息 [zk: localhost:2181(CONNECTED) 24] setAcl /niocoder/ip ip:192.168.0.68:cdrwa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: localhost:2181(CONNECTED) 25] getAcl /niocoder/ip 'ip,'192.168.0.68 : cdrwa [zk: localhost:2181(CONNECTED) 26]- 超級管理員: acl super 使用super權限需要修改zkServer.sh,添加super管理員,重啟zkServer.sh
"-Dzookeeper.DigestAuthenticationProvider.superDigest=test:V28q/NynI4JI3Rk54h0r8O5kMug=" nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationprovider.superDigest=test:V28q/NynI4JI3Rk54h0r8O5kMug=" \ -cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null & #重啟進入zkCli #由於之前設置ip權限,所以不允許訪問 [zk: localhost:2181(CONNECTED) 2] ls /niocoder/ip Authentication is not valid : /niocoder/ip #登錄賬號信息,即為管理員賬號 [zk: localhost:2181(CONNECTED) 3] addauth digest test:test #正常訪問,節點內容為空 [zk: localhost:2181(CONNECTED) 4] ls /niocoder/ip [] [zk: localhost:2181(CONNECTED) 5] get /niocoder/ip aa cZxid = 0x40000000a ctime = Sun Jun 03 01:06:47 UTC 2018 mZxid = 0x40000000a mtime = Sun Jun 03 01:06:47 UTC 2018 pZxid = 0x40000000a cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: localhost:2181(CONNECTED) 6]4、四字命令Four Letter Words
使用四字命令需要安裝
nc命令,(yum install nc)
- 查看狀態信息:stat
[root@localhost bin]# echo stat | nc 192.168.0.68 2181 Zookeeper version: 3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT Clients: /192.168.0.68:49346[0](queued=0,recved=1,sent=0) Latency min/avg/max: 0/0/4 Received: 62 Sent: 61 Connections: 1 Outstanding: 0 Zxid: 0x50000000a Mode: follower Node count: 10 [root@localhost bin]#- 查看zookeeper是否啟動:ruok
[root@localhost bin]# echo ruok | nc 192.168.0.68 2181 imok[root@localhost bin]#- 列出沒有處理的節點,臨時節點:dump
imok[root@localhost bin]# echo dump | nc 192.168.0.68 2181 SessionTracker dump: org.apache.zookeeper.server.quorum.LearnerSessionTracker@29805957 ephemeral nodes dump: Sessions with Ephemerals (0): [root@localhost bin]#- 查看服務器配置:conf
[root@localhost bin]# echo conf | nc 192.168.0.68 2181 clientPort=2181 dataDir=/usr/home/zookeeper-3.4.11/data/version-2 dataLogDir=/usr/home/zookeeper-3.4.11/data/version-2 tickTime=2000 maxClientCnxns=60 minSessionTimeout=4000 maxSessionTimeout=40000 serverId=2 initLimit=10 syncLimit=5 electionAlg=3 electionPort=3888 quorumPort=2888 peerType=0 [root@localhost bin]#- 顯示連接到服務端的信息:cons
[root@localhost bin]# echo cons | nc 192.168.0.68 2181 /192.168.0.68:49354[0](queued=0,recved=1,sent=0) [root@localhost bin]#- 顯示環境變量信息:envi
[root@localhost bin]# echo envi | nc 192.168.0.68 2181 Environment: zookeeper.version=3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT host.name=localhost java.version=1.8.0_111 java.vendor=Oracle Corporation java.home=/usr/local/jdk1.8.0_111/jre java.class.path=/usr/home/zookeeper-3.4.11/bin/../build/classes:/usr/home/zookeeper-3.4.11/bin/../build/lib/*.jar:/usr/home/zookeeper-3.4.11/bin/../lib/slf4j-log4j12-1.6.1.jar:/usr/home/zookeeper-3.4.11/bin/../lib/slf4j-api-1.6.1.jar:/usr/home/zookeeper-3.4.11/bin/../lib/netty-3.10.5.Final.jar:/usr/home/zookeeper-3.4.11/bin/../lib/log4j-1.2.16.jar:/usr/home/zookeeper-3.4.11/bin/../lib/jline-0.9.94.jar:/usr/home/zookeeper-3.4.11/bin/../lib/audience-annotations-0.5.0.jar:/usr/home/zookeeper-3.4.11/bin/../zookeeper-3.4.11.jar:/usr/home/zookeeper-3.4.11/bin/../src/java/lib/*.jar:/usr/home/zookeeper-3.4.11/bin/../conf: java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.io.tmpdir=/tmp java.compiler=<NA> os.name=Linux os.arch=amd64 os.version=3.10.0-514.10.2.el7.x86_64 user.name=root user.home=/root user.dir=/usr/home/zookeeper-3.4.11/bin [root@localhost bin]#- 查看zk的健康信息:mntr
[root@localhost bin]# echo mntr | nc 192.168.0.68 2181 zk_version 3.4.11-37e277162d567b55a07d1755f0b31c32e93c01a0, built on 11/01/2017 18:06 GMT zk_avg_latency 0 zk_max_latency 4 zk_min_latency 0 zk_packets_received 68 zk_packets_sent 67 zk_num_alive_connections 1 zk_outstanding_requests 0 zk_server_state follower zk_znode_count 10 zk_watch_count 0 zk_ephemerals_count 0 zk_approximate_data_size 124 zk_open_file_descriptor_count 32 zk_max_file_descriptor_count 4096 [root@localhost bin]#- 展示watch的信息:wchs
[root@localhost bin]# echo wchs | nc 192.168.0.68 2181 0 connections watching 0 paths Total watches:0 [root@localhost bin]#- 顯示session的watch信息 path的watch信息:wchc和wchp (需要在 配置
zoo.cfg文件中添加4lw.commands.whitelist=*)[root@localhost bin]# echo wchc | nc 192.168.0.68 2181 wchc is not executed because it is not in the whitelist. [root@localhost bin]# echo wchp | nc 192.168.0.68 2181 wchp is not executed because it is not in the whitelist.
整理自:
https://www.cnblogs.com/jimcsharp/p/8358271.html
https://blog.csdn.net/dandandeshangni/article/details/80558383