zopkeeper-curator基本操作
zopkeeper-curator操作
zookeeper環境信息請參考上一篇zookeeper環境搭建
1. zookeeper節點特性
- 持久化節點
- 臨時節點
- 順序節點
- ttl和容器節點
- 臨時節點不能創建子節點
- 同一級別不能存在相同的名稱
2. 查看node節點狀態
通過客戶端登陸
/zkCli.sh -server 114.55.254.108:2181
查詢節點狀體
[zk: 114.55.254.108:2181(CONNECTED) 0] ls /
[path, zookeeper]
[zk: 114.55.254.108:2181(CONNECTED) 1] stat /zookeeper
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1
3. curator基本操作
3.1 依賴jar包
請選用下面jar包版本,不然可能會出現版本不兼容問題,導致連接出錯
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>3.4.10</version>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
<version>2.12.0</version>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
<version>2.12.0</version>
</dependency>
3.2 建立連接
public class CuratorDemo {
public static void main(String[] args) {
CuratorFramework curatorFramework = CuratorFrameworkFactory.builder().
connectString("114.55.254.108:2181,114.55.254.108:2182,114.55.254.108:2183").
sessionTimeoutMs(5000).
// ExponentialBackoffRetry 重試指定次數
// ReTryOneTime 僅重試一次
retryPolicy(new ExponentialBackoffRetry(1000,3)).
build();
curatorFramework.start(); //啓動
}
3.3 增刪改查
private static void createNode(CuratorFramework curatorFramework){
try {
curatorFramework.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).forPath("/data/node", "test".getBytes());
System.out.println("create node sucess");
} catch (Exception e) {
e.printStackTrace();
}
}
private static void updateNode(CuratorFramework curatorFramework){
try {
curatorFramework.setData().forPath("/data/node", "update".getBytes());
System.out.println("update node sucess");
} catch (Exception e) {
e.printStackTrace();
}
}
private static void deleteNode(CuratorFramework curatorFramework){
try {
Stat stat = new Stat();
String value = new String(curatorFramework.getData().storingStatIn(stat).forPath("/data/node"));
//刪除時請注意version
curatorFramework.delete().withVersion(stat.getCversion()).forPath("/data/node");
System.out.println("delete node sucess, value = " + value);
} catch (Exception e) {
e.printStackTrace();
}
}
4. ACL權限
4.1 ACL權限特性
- ZooKeeper 的權限控制是基於每個 znode 節點的,需要對每個節點設置權限
- 每個 znode 支持設置多種權限控制方案和多個權限
- 子節點不會繼承父節點的權限,客戶端無權訪問某節點,但可能可以訪問它的子節點
4.2 操作節點權限種類
public interface Perms {
int READ = 1;
int WRITE = 2;
int CREATE = 4;
int DELETE = 8;
int ADMIN = 16;
int ALL = 31;
}
| 類型 | 作用 |
|---|---|
| create | 創建節點 |
| read | 獲取節點/子節點 |
| write | 設置節點數據 |
| delete | 刪除子節點 |
| admin | 設置節點訪問控制列表權限 |
| all | 所有權限 |
4.3 scheme權限類型
ip/digest/world/super/auth/x509
| 方案 | 作用 |
|---|---|
| 方案 | 描述 |
| world | anyone,所有人擁有所有權限(默認) |
| ip | 用 IP 地址認證,可以用網段表示範圍。 |
| auth | 用“用戶名:密碼”方式認證 |
| digest | 用“用戶名:密碼”+ 摘要 方式認證 |
| super | 超級管理員 |
| x509 | X.509是密碼學裏公鑰證書的格式標準 |
4.4 內置Ids權限類型
public interface Ids {
Id ANYONE_ID_UNSAFE = new Id("world", "anyone");
Id AUTH_IDS = new Id("auth", "");
ArrayList<ACL> OPEN_ACL_UNSAFE = new ArrayList(Collections.singletonList(new ACL(31, ANYONE_ID_UNSAFE)));
ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new ACL(31, AUTH_IDS)));
ArrayList<ACL> READ_ACL_UNSAFE = new ArrayList(Collections.singletonList(new ACL(1, ANYONE_ID_UNSAFE)));
}
4.5 創建node設置權限
public class AclDemo {
public static void main(String[] args) {
CuratorFramework curatorFramework = CuratorFrameworkFactory.builder().
connectString("114.55.254.108:2181,114.55.254.108:2182,114.55.254.108:2183").
sessionTimeoutMs(5000).
// ExponentialBackoffRetry 重試指定次數
// ReTryOneTime 僅重試一次
retryPolicy(new ExponentialBackoffRetry(1000,3)).
build();
curatorFramework.start(); //啓動
try {
List<ACL> list = new ArrayList<>();
ACL acl = new ACL(ZooDefs.Perms.READ,new Id("digest", DigestAuthenticationProvider.generateDigest("admin:admin")));
list.add(acl);
curatorFramework.create().withACL(list).forPath("/acl","acl".getBytes());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
上面設置只讀權限且指定賬號密碼,在客戶端進行訪問
[zk: 114.55.254.108:2181(CONNECTED) 27] get /acl
Authentication is not valid : /acl
通過addauth進行設置
[zk: 114.55.254.108:2181(CONNECTED) 28] addauth digest admin:admin
[zk: 114.55.254.108:2181(CONNECTED) 29] get /acl
acl
cZxid = 0x100000027
ctime = Tue Mar 03 23:54:39 CST 2020
mZxid = 0x100000027
mtime = Tue Mar 03 23:54:39 CST 2020
pZxid = 0x100000027
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0
設置之後可以獲取指定node的信息,但是依然沒有其他權限,除了刪除權限,在3.4之前的版本默認都有刪除權限(添加後重新進行刪除,依然刪除成功)
3.4版本默認沒有刪除權限,但是可以在zk上配置一個超級用戶
[zk: 114.55.254.108:2181(CONNECTED) 30] set /acl acl-test
Authentication is not valid : /acl
[zk: 114.55.254.108:2181(CONNECTED) 34] delete /acl
[zk: 114.55.254.108:2181(CONNECTED) 35] ls /
[path, zookeeper, data, node1]
4.6 修改已有node權限
try {
List<ACL> list = new ArrayList<>();
ACL acl = new ACL(ZooDefs.Perms.READ,new Id("digest", DigestAuthenticationProvider.generateDigest("admin:admin")));
list.add(acl);
curatorFramework.setACL().withACL(list).forPath("/acl");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}