其他分享
首页 > 其他分享> > zookeeper08-权限管理、配额管理和多租赁

zookeeper08-权限管理、配额管理和多租赁

作者:互联网

1、权限管理

1.1、ACL列表释义

1、验证模式(scheme)

2、Zookeeper用户(id)

3、权限列表(permissions)

1.2、示例

1、使用super验证模式

]# java $JAVA_OPTS org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:asdf 
super:asdf->super:T+4Qoey4ZZ8Fnni1Yl2GZtbH2W4=
--配置超级管理员用户和密码
]# vim /etc/profile
export SERVER_JVMFLAGS
SERVER_JVMFLAGS=-Dzookeeper.DigestAuthenticationProvider.superDigest=super:T+4Qoey4ZZ8Fnni1Yl2GZtbH2W4=

--使超级管理员用户生效
]# source /etc/profile
]# zkServer.sh restart

--使用超级管理员用户
]# zkCli.sh
[zk: localhost:2181(CONNECTED) 0] addauth digest super:asdf

2、使用world验证模式

[zk: localhost:2181(CONNECTED) 0] getAcl /
'world,'anyone: cdrwa
[zk: localhost:2181(CONNECTED) 1] setAcl / world:anyone:crw
[zk: localhost:2181(CONNECTED) 3] getAcl /
'world,'anyone: crw

3、使用auth验证模式

将设置一个znode的权限为:scheme是auth,id是cdz,permissions是cra。

[zk: localhost:2181(CONNECTED) 0] create /auth
Created /auth
[zk: localhost:2181(CONNECTED) 1] setAcl /auth auth:cdz:cdz:cra
Acl is not valid : /auth                                              --报错原因是没有cdz用户
[zk: localhost:2181(CONNECTED) 2] addauth digest cdz:123456           --使用addauth添加cdz用户,密码为123456,模式是digest
[zk: localhost:2181(CONNECTED) 3] setAcl /auth auth:cdz:123456:cra    --为/auth znode添加Acl权限
[zk: localhost:2181(CONNECTED) 4] getAcl /auth
'digest,'cdz:hGq0vr1Ww1PViRKdAf5fa9ua7q8=
: cra
[zk: localhost:2181(CONNECTED) 0] getAcl /auth 
Authentication is not valid : /auth                            --读取失败,是因为没有登录cdz
[zk: localhost:2181(CONNECTED) 1] addauth digest cdz:123456    --登录cdz
[zk: localhost:2181(CONNECTED) 2] getAcl /auth 
'digest,'cdz:hGq0vr1Ww1PViRKdAf5fa9ua7q8=                      --读取成功
: cra

4、使用digest验证模式

[zk: localhost:2181(CONNECTED) 0] create /digest
Created /digest
[zk: localhost:2181(CONNECTED) 1] getAcl /digest 
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 2] setAcl /digest digest:asd:hGq0vr1Ww1PViRKdAf5fa9ua7q8=:ca
[zk: localhost:2181(CONNECTED) 3] getAcl /digest
Authentication is not valid : /digest
[zk: localhost:2181(CONNECTED) 4] addauth digest super:asdf
[zk: localhost:2181(CONNECTED) 5] getAcl /digest
'digest,'asd:hGq0vr1Ww1PViRKdAf5fa9ua7q8=
: ca

5、使用ip验证模式

[zk: localhost:2181(CONNECTED) 0] create /ip
Created /ip
[zk: localhost:2181(CONNECTED) 1] getAcl /ip 
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 2] setAcl /ip ip:127.0.0.1:ra
[zk: localhost:2181(CONNECTED) 3] getAcl /ip 
'ip,'127.0.0.1
: ra

2、配额管理

[zk: localhost:2181(CONNECTED) 0] create /application ""
Created /application
[zk: localhost:2181(CONNECTED) 1] create /application/superApp "super"
Created /application/superApp
[zk: localhost:2181(CONNECTED) 2] setquota -b 10 /application/superApp
[zk: localhost:2181(CONNECTED) 3] listquota /application/superApp
absolute path is /zookeeper/quota/application/superApp/zookeeper_limits
Output quota for /application/superApp count=-1,bytes=10
Output stat for /application/superApp count=1,bytes=5
[zk: localhost:2181(CONNECTED) 4] create /application/superApp/lotsOfData "ThisIsALotOfData"
--cat /usr/local/apache-zookeeper-3.5.9-bin/logs/zookeeper-root-server-localhost.localdomain.out
2022-01-18 06:40:19,251 [myid:1] - WARN  [CommitProcWorkThread-1:DataTree@386] - Quota exceeded: /application/superApp bytes=21 limit=10

3、多租赁配置

4、通过JMX进行监控

--安装JDK
]# tar zvfx jdk-8u291-linux-x64.tar.gz -C /usr/local/

--在图形界面下执行命令
]# /usr/local/jdk1.8.0_291/bin/jconsole

1

标签:zk,管理,zookeeper08,2181,CONNECTED,digest,配额,znode,localhost
来源: https://www.cnblogs.com/maiblogs/p/15802986.html