這篇繼上篇實踐篇,對zookeeper進行一些命令行的使用總結。
國內的帖子存在最大的問題,都是一般只有一篇原創,其餘的人都是複製粘貼。這就存在一個最大的問題,如果沒有實踐,沒有經過驗證就發出來,會給初學者造成困擾。
因此,在借鑑了官方文檔以及部分帖子的前提下,基本都是基於自己實踐獲得,因此如果存在一些問題是正常的,所以希望看到這篇文檔有疑問的對我提問,並針對其中的錯誤進行斧正。十分感謝。
文章目錄
一、建立客戶端連接
./zkCli.sh -server 192.168.133.14:2181
[app@node1 bin]$ ./zkCli.sh -server 192.168.133.14:2181
Connecting to 192.168.133.14:2181
2019-11-06 15:05:43,619 [myid:] - INFO [main:Environment@109] - Client environment:zookeeper.version=3.5.6-c11b7e26bc554b8523dc929761dd28808913f091, built on 10/08/2019 20:18 GMT
2019-11-06 15:05:43,623 [myid:] - INFO [main:Environment@109] - Client environment:host.name=zoo-2
2019-11-06 15:05:43,623 [myid:] - INFO [main:Environment@109] - Client environment:java.version=1.8.0_131
2019-11-06 15:05:43,627 [myid:] - INFO [main:Environment@109] - Client environment:java.vendor=Oracle Corporation
2019-11-06 15:05:43,627 [myid:] - INFO [main:Environment@109] - Client environment:java.home=/app/soft/jdk1.8.0_131/jre
2019-11-06 15:05:43,627 [myid:] - INFO [main:Environment@109] - Client environment:java.class.path=/app/soft/zookeeper/bin/../zookeeper-server/target/classes:/app/soft/zookeeper/bin/../build/classes:/app/soft/zookeeper/bin/../zookeeper-server/target/lib/*.jar:/app/soft/zookeeper/bin/../build/lib/*.jar:/app/soft/zookeeper/bin/../lib/zookeeper-jute-3.5.6.jar:/app/soft/zookeeper/bin/../lib/zookeeper-3.5.6.jar:/app/soft/zookeeper/bin/../lib/slf4j-log4j12-1.7.25.jar:/app/soft/zookeeper/bin/../lib/slf4j-api-1.7.25.jar:/app/soft/zookeeper/bin/../lib/netty-transport-native-unix-common-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-transport-native-epoll-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-transport-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-resolver-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-handler-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-common-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-codec-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/netty-buffer-4.1.42.Final.jar:/app/soft/zookeeper/bin/../lib/log4j-1.2.17.jar:/app/soft/zookeeper/bin/../lib/json-simple-1.1.1.jar:/app/soft/zookeeper/bin/../lib/jline-2.11.jar:/app/soft/zookeeper/bin/../lib/jetty-util-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/jetty-servlet-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/jetty-server-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/jetty-security-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/jetty-io-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/jetty-http-9.4.17.v20190418.jar:/app/soft/zookeeper/bin/../lib/javax.servlet-api-3.1.0.jar:/app/soft/zookeeper/bin/../lib/jackson-databind-2.9.10.jar:/app/soft/zookeeper/bin/../lib/jackson-core-2.9.10.jar:/app/soft/zookeeper/bin/../lib/jackson-annotations-2.9.10.jar:/app/soft/zookeeper/bin/../lib/commons-cli-1.2.jar:/app/soft/zookeeper/bin/../lib/audience-annotations-0.5.0.jar:/app/soft/zookeeper/bin/../zookeeper-*.jar:/app/soft/zookeeper/bin/../zookeeper-server/src/main/resources/lib/*.jar:/app/soft/zookeeper/bin/../conf:
2019-11-06 15:05:43,628 [myid:] - INFO [main:Environment@109] - Client environment:java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
2019-11-06 15:05:43,628 [myid:] - INFO [main:Environment@109] - Client environment:java.io.tmpdir=/tmp
2019-11-06 15:05:43,628 [myid:] - INFO [main:Environment@109] - Client environment:java.compiler=<NA>
2019-11-06 15:05:43,628 [myid:] - INFO [main:Environment@109] - Client environment:os.name=Linux
2019-11-06 15:05:43,629 [myid:] - INFO [main:Environment@109] - Client environment:os.arch=amd64
2019-11-06 15:05:43,629 [myid:] - INFO [main:Environment@109] - Client environment:os.version=3.10.0-957.el7.x86_64
2019-11-06 15:05:43,629 [myid:] - INFO [main:Environment@109] - Client environment:user.name=app
2019-11-06 15:05:43,629 [myid:] - INFO [main:Environment@109] - Client environment:user.home=/home/app
2019-11-06 15:05:43,629 [myid:] - INFO [main:Environment@109] - Client environment:user.dir=/app/soft/zookeeper/bin
2019-11-06 15:05:43,630 [myid:] - INFO [main:Environment@109] - Client environment:os.memory.free=13MB
2019-11-06 15:05:43,636 [myid:] - INFO [main:Environment@109] - Client environment:os.memory.max=247MB
2019-11-06 15:05:43,637 [myid:] - INFO [main:Environment@109] - Client environment:os.memory.total=15MB
2019-11-06 15:05:43,644 [myid:] - INFO [main:ZooKeeper@868] - Initiating client connection, connectString=192.168.133.14:2181 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@368102c8
2019-11-06 15:05:43,669 [myid:] - INFO [main:X509Util@79] - Setting -D jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS renegotiation
2019-11-06 15:05:43,675 [myid:] - INFO [main:ClientCnxnSocket@237] - jute.maxbuffer value is 4194304 Bytes
2019-11-06 15:05:43,697 [myid:] - INFO [main:ClientCnxn@1653] - zookeeper.request.timeout value is 0. feature enabled=
Welcome to ZooKeeper!
JLine support is enabled
2019-11-06 15:05:43,803 [myid:192.168.133.14:2181] - INFO [main-SendThread(192.168.133.14:2181):ClientCnxn$SendThread@1112] - Opening socket connection to server zoo-1/192.168.133.14:2181. Will not attempt to authenticate using SASL (unknown error)
2019-11-06 15:05:44,084 [myid:192.168.133.14:2181] - INFO [main-SendThread(192.168.133.14:2181):ClientCnxn$SendThread@959] - Socket connection established, initiating session, client: /192.168.133.15:44470, server: zoo-1/192.168.133.14:2181
2019-11-06 15:05:44,146 [myid:192.168.133.14:2181] - INFO [main-SendThread(192.168.133.14:2181):ClientCnxn$SendThread@1394] - Session establishment complete on server zoo-1/192.168.133.14:2181, sessionid = 0x100015882d00000, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
[zk: 192.168.133.14:2181(CONNECTED) 0]
二、客戶端命令
先查看幫助,看有哪些指令:
[zk: 192.168.133.14:2181(CONNECTED) 0] help
ZooKeeper -server host:port cmd args
addauth scheme auth
close
config [-c] [-w] [-s]
connect host:port
create [-s] [-e] [-c] [-t ttl] path [data] [acl]
delete [-v version] path
deleteall path
delquota [-n|-b] path
get [-s] [-w] path
getAcl [-s] path
history
listquota path
ls [-s] [-w] [-R] path
ls2 path [watch]
printwatches on|off
quit
reconfig [-s] [-v version] [[-file path] | [-members serverID=host:port1:port2;port3[,...]*]] | [-add serverId=host:port1:port2;port3[,...]]* [-remove serverId[,...]*]
redo cmdno
removewatches path [-c|-d|-a] [-l]
rmr path
set [-s] [-v version] path data
setAcl [-s] [-v version] [-R] path acl
setquota -n|-b val path
stat [-w] path
sync path
1.查詢指令
ls命令
ls [-s] [-w] [-R] path
查看某個ZNode節點下面的子節點
[zk: 192.168.133.14:2181(CONNECTED) 1] ls /
[zookeeper]
[zk: 192.168.133.14:2181(CONNECTED) 21] ls -R /
/
/test1
/zookeeper
/zookeeper/config
/zookeeper/quota
[zk: 192.168.133.14:2181(CONNECTED) 22] ls -s /
[test1, zookeeper]cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x700000015
cversion = 12
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 2
stat命令
stat path
查看節點狀態
[zk: 192.168.133.14:2181(CONNECTED) 3] stat /zookeeper
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -2
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 2
stat狀態查詢出的具體含義,可以參考這裏
2.創建指令
create命令
create [-s] [-e] [-c] [-t ttl] path [data] [acl]
acl cdrwa #其權限爲CREATE,DELETE,READ,WRITE,ADMIN權限的縮寫名稱
節點類型指定
-s 表示順序節點,-e 表示臨時節點,什麼都不帶時爲持久節點。
其實本質上只有兩類:持久節點和臨時節點。
理論篇有提到,臨時節點的存活時間爲當前session,一旦退出則節點失效;持久節點創建後除非主動去刪除,否則永遠存在。那麼順序節點是什麼?順序節點是對上述節點的補充,由zk自己維護一個數值,加在節點名稱後面,是一個高位補0的10位的數值,例如zk_test0000000002。
這麼說可能有些抽象,那麼來舉幾個例子:
- create -s -e /zk_test 創建的是一個順序的臨時節點(zk_test0000000002)
- create -s /zk_test 創建的是一個順序的持久節點(zk_test0000000003)
- create /zk_test 創建的是一個持久節點(zk_test)
場景模擬 順序的臨時節點
(1)節點創建
–客戶端連接1-- 創建一個順序的臨時節點:
[zk: 192.168.133.14:2181(CONNECTED) 49] create -s -e /zk_test
Created /zk_test0000000005
[zk: 192.168.133.14:2181(CONNECTED) 50] ls /
[zk_test0000000005, zookeeper]
–客戶端連接2-- 查看所有根目錄節點:
ls /
[zk_test0000000005, zookeeper]
(2)節點失效
–客戶端連接1–關閉客戶端連接
[zk: 192.168.133.14:2181(CONNECTED) 51] close
WATCHER::
WatchedEvent state:Closed type:None path:null
2019-11-06 16:34:12,070 [myid:] - INFO [main:ZooKeeper@1422] - Session: 0x100015882d00000 closed
–客戶端連接2-- 查看所有根目錄節點:
[zk: 192.168.133.14:2181(CONNECTED) 11] ls /
[zookeeper]
3.修改指令
set命令
set [-s] [-v version] path data
帶版本號去更新時是以樂觀鎖的原理實現的,帶了不恰當的版本號會使更新失敗:
4.刪除指令
delete指令
delete [-v version] path
[zk: 192.168.133.14:2181(CONNECTED) 36] delete /test1
WATCHER::
WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/
[zk: 192.168.133.14:2181(CONNECTED) 37] ls /
[zookeeper]
需要注意的是,刪除時必須保證其沒有子節點,否則刪除失敗:
[zk: 192.168.133.14:2181(CONNECTED) 47] ls -R /test
/test
/test/test1
/test/test2
/test/test1/test11
/test/test2/test21
[zk: 192.168.133.14:2181(CONNECTED) 48] delete /test
Node not empty: /test
deleteall
deleteall path
[zk: 192.168.133.14:2181(CONNECTED) 49] deleteall /test
[zk: 192.168.133.14:2181(CONNECTED) 50] ls /
[zookeeper]
[zk: 192.168.133.14:2181(CONNECTED) 51]
5.監控指令
setquota
zookeeper中可以往節點存放數據,但是一般來說存放數據有限,所以zookeeper提供了一個對節點配額功能。但配額功能有點雞肋,當佔用的空間超過了設置的大小時只會打印WARN級別的日誌提醒而不是直接讓超出配額的操作失敗。
setquota -n|-b val path
-n 設置最大節點個數,包括當前節點
-b 設置最大字節大小
然後查看日誌:
這裏體現出,當前節點佔用了其中一個計數。
listquota
listquota path
delquota
delquota [-n|-b] path
6.鑑權命令
zookeeper中的權限控制,簡稱ACL(Access Control List),用於控制資源的訪問權限。
getAcl
getAcl [-s] path
獲取權限信息
[zk: localhost:2181(CONNECTED) 9] getAcl /zookeeper
'world,'anyone
: cdrwa
setAcl
setAcl [-s] [-v version] [-R] path acl
給指定的目錄設置權限
1.明文加密
[zk: localhost:2181(CONNECTED) 22] create /node_test_plaintext 12
Created /node_test
[zk: localhost:2181(CONNECTED) 8] addauth digest plaintext:123456
[zk: localhost:2181(CONNECTED) 9] setAcl /node_test_plaintext auth:plaintext:123456:cdrwa
[zk: localhost:2181(CONNECTED) 10] getAcl /node_test_plaintext
'digest,'plaintext:FKcAjTOLKBpigavAWb36jCfFMk0=
: cdrwa
2.密文加密
先計算一個密文,該密文是經過SHA1及BASE64處理的密文,在SHELL中可以通過以下命令計算:
[app@test13 bin]$ echo -n plaintext:123456 | openssl dgst -binary -sha1 | openssl base64
FKcAjTOLKBpigavAWb36jCfFMk0=
[zk: localhost:2181(CONNECTED) 11] create /node_test_ciphertext 30
Created /node_test_ciphertext
[zk: localhost:2181(CONNECTED) 12] setAcl /node_test_ciphertext digest:plaintext:FKcAjTOLKBpigavAWb36jCfFMk0=:cdrwa
[zk: localhost:2181(CONNECTED) 13] getAcl /node_test_ciphertext
'digest,'plaintext:FKcAjTOLKBpigavAWb36jCfFMk0=
: cdrwa
[zk: localhost:2181(CONNECTED) 14] get /node_test_ciphertext
30
因爲在此session中進行了用戶名和密碼的校驗,而上一步明文加密時輸入了用戶名和密碼,因此可以正常查詢值。
此處新開一個客戶端連接:
[zk: localhost:2181(CONNECTED) 1] get /node_test_ciphertext
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /node_test_ciphertext
此處提示我們未鑑權,通過以下方式鑑權即可:
[zk: localhost:2181(CONNECTED) 2] addauth digest plaintext:123456
[zk: localhost:2181(CONNECTED) 3] get /node_test_ciphertext
30
這裏鑑權的問題上,很多帖子沒有講清楚的一點是,setAcl中auth和digest的區別:auth是明文,digest是密文,而在session中鑑權(addauth)時,只有digest沒有auth,實際操作時如果使用了auth會退出session。