文章目錄
1 zk的安全認證
1.1 zookeeper的ACL
ACL(Access Control List),Zookeeper作爲一個分佈式協調框架,其內部存儲的都是一些關乎分佈式系統運行時狀態的元數據,尤其是設計到一些分佈式鎖,Master選舉和協調等應用場景。我們需要有效地保障Zookeeper中的數據安全,zookeeper提供一套完善的ACL權限控制機制來保障數據的安全
ZK提供了三種模式:權限模式,權限對象,權限
- 權限模式:
Scheme,開發人員使用最多的如下四種權限模式:
ip:ip模式通過地址粒度來進行權限控制,例如配置了:ip:192.168.126.131即表示權限控制都是針對這個ip地址的,同時也支持按網段分配,比如:192.168.126.*
Digest:digest是最常用的權限控制模式,也更符合我們對權限控制的認識,其類似於username:password形式的權限標識進行權限配置,ZK會對形成的權限標識先後進行兩次編碼處理,分別是SHA-1加密算法、Base64編碼
World:World是一種最開放的權限控制模式,這種模式可看做爲特殊的digest,它僅僅是一個標識而已
Super:超級用戶模式,在超級用戶模式下可以對ZK進行任意操作 - 權限對象:指的是權限賦予的用戶或者一個指定的實體,例如
ip地址或機器等,在不同的模式下,授權對象是不同的,這種模式和權限對象一一對應 - 權限:指那些通過權限檢測後可以被允許執行的操作,在
ZK中,對數據的操作權限可以分爲五大類:
CREATE,DELETE,READ,WRITE,ADMIN
1.2 代碼說明
/**
* Zookeeper 節點授權
* @author(alienware)
* @since 2015-6-14
*/
public class ZookeeperAuth implements Watcher {
/** 連接地址 */
final static String CONNECT_ADDR = "192.168.80.88:2181";
/** 測試路徑 */
final static String PATH = "/testAuth";
final static String PATH_DEL = "/testAuth/delNode";
/** 認證類型 */
final static String authentication_type = "digest";
/** 認證正確方法 */
final static String correctAuthentication = "123456";
/** 認證錯誤方法 */
final static String badAuthentication = "654321";
static ZooKeeper zk = null;
/** 計時器 */
AtomicInteger seq = new AtomicInteger();
/** 標識 */
private static final String LOG_PREFIX_OF_MAIN = "【Main】";
private CountDownLatch connectedSemaphore = new CountDownLatch(1);
@Override
public void process(WatchedEvent event) {
try {
Thread.sleep(200);
} catch (InterruptedException e) {
e.printStackTrace();
}
if (event==null) {
return;
}
// 連接狀態
KeeperState keeperState = event.getState();
// 事件類型
EventType eventType = event.getType();
// 受影響的path
String path = event.getPath();
String logPrefix = "【Watcher-" + this.seq.incrementAndGet() + "】";
System.out.println(logPrefix + "收到Watcher通知");
System.out.println(logPrefix + "連接狀態:\t" + keeperState.toString());
System.out.println(logPrefix + "事件類型:\t" + eventType.toString());
if (KeeperState.SyncConnected == keeperState) {
// 成功連接上ZK服務器
if (EventType.None == eventType) {
System.out.println(logPrefix + "成功連接上ZK服務器");
connectedSemaphore.countDown();
}
} else if (KeeperState.Disconnected == keeperState) {
System.out.println(logPrefix + "與ZK服務器斷開連接");
} else if (KeeperState.AuthFailed == keeperState) {
System.out.println(logPrefix + "權限檢查失敗");
} else if (KeeperState.Expired == keeperState) {
System.out.println(logPrefix + "會話失效");
}
System.out.println("--------------------------------------------");
}
/**
* 創建ZK連接
*
* @param connectString
* ZK服務器地址列表
* @param sessionTimeout
* Session超時時間
*/
public void createConnection(String connectString, int sessionTimeout) {
this.releaseConnection();
try {
zk = new ZooKeeper(connectString, sessionTimeout, this);
//添加節點授權
zk.addAuthInfo(authentication_type,correctAuthentication.getBytes());
System.out.println(LOG_PREFIX_OF_MAIN + "開始連接ZK服務器");
//倒數等待
connectedSemaphore.await();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 關閉ZK連接
*/
public void releaseConnection() {
if (this.zk!=null) {
try {
this.zk.close();
} catch (InterruptedException e) {
}
}
}
/**
*
* <B>方法名稱:</B>測試函數<BR>
* <B>概要說明:</B>測試認證<BR>
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
ZookeeperAuth testAuth = new ZookeeperAuth();
testAuth.createConnection(CONNECT_ADDR,2000);
List<ACL> acls = new ArrayList<ACL>(1);
for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
acls.add(ids_acl);
}
try {
zk.create(PATH, "init content".getBytes(), acls, CreateMode.PERSISTENT);
System.out.println("使用授權key:" + correctAuthentication + "創建節點:"+ PATH + ", 初始內容是: init content");
} catch (Exception e) {
e.printStackTrace();
}
try {
zk.create(PATH_DEL, "will be deleted! ".getBytes(), acls, CreateMode.PERSISTENT);
System.out.println("使用授權key:" + correctAuthentication + "創建節點:"+ PATH_DEL + ", 初始內容是: init content");
} catch (Exception e) {
e.printStackTrace();
}
// 獲取數據
getDataByNoAuthentication();
getDataByBadAuthentication();
getDataByCorrectAuthentication();
// 更新數據
updateDataByNoAuthentication();
updateDataByBadAuthentication();
updateDataByCorrectAuthentication();
// 刪除數據
deleteNodeByBadAuthentication();
deleteNodeByNoAuthentication();
deleteNodeByCorrectAuthentication();
//
Thread.sleep(1000);
deleteParent();
//釋放連接
testAuth.releaseConnection();
}
/** 獲取數據:採用錯誤的密碼 */
static void getDataByBadAuthentication() {
String prefix = "[使用錯誤的授權信息]";
try {
ZooKeeper badzk = new ZooKeeper(CONNECT_ADDR, 2000, null);
//授權
badzk.addAuthInfo(authentication_type,badAuthentication.getBytes());
Thread.sleep(2000);
System.out.println(prefix + "獲取數據:" + PATH);
System.out.println(prefix + "成功獲取數據:" + badzk.getData(PATH, false, null));
} catch (Exception e) {
System.err.println(prefix + "獲取數據失敗,原因:" + e.getMessage());
}
}
/** 獲取數據:不採用密碼 */
static void getDataByNoAuthentication() {
String prefix = "[不使用任何授權信息]";
try {
System.out.println(prefix + "獲取數據:" + PATH);
ZooKeeper nozk = new ZooKeeper(CONNECT_ADDR, 2000, null);
Thread.sleep(2000);
System.out.println(prefix + "成功獲取數據:" + nozk.getData(PATH, false, null));
} catch (Exception e) {
System.err.println(prefix + "獲取數據失敗,原因:" + e.getMessage());
}
}
/** 採用正確的密碼 */
static void getDataByCorrectAuthentication() {
String prefix = "[使用正確的授權信息]";
try {
System.out.println(prefix + "獲取數據:" + PATH);
System.out.println(prefix + "成功獲取數據:" + zk.getData(PATH, false, null));
} catch (Exception e) {
System.out.println(prefix + "獲取數據失敗,原因:" + e.getMessage());
}
}
/**
* 更新數據:不採用密碼
*/
static void updateDataByNoAuthentication() {
String prefix = "[不使用任何授權信息]";
System.out.println(prefix + "更新數據: " + PATH);
try {
ZooKeeper nozk = new ZooKeeper(CONNECT_ADDR, 2000, null);
Thread.sleep(2000);
Stat stat = nozk.exists(PATH, false);
if (stat!=null) {
nozk.setData(PATH, prefix.getBytes(), -1);
System.out.println(prefix + "更新成功");
}
} catch (Exception e) {
System.err.println(prefix + "更新失敗,原因是:" + e.getMessage());
}
}
/**
* 更新數據:採用錯誤的密碼
*/
static void updateDataByBadAuthentication() {
String prefix = "[使用錯誤的授權信息]";
System.out.println(prefix + "更新數據:" + PATH);
try {
ZooKeeper badzk = new ZooKeeper(CONNECT_ADDR, 2000, null);
//授權
badzk.addAuthInfo(authentication_type,badAuthentication.getBytes());
Thread.sleep(2000);
Stat stat = badzk.exists(PATH, false);
if (stat!=null) {
badzk.setData(PATH, prefix.getBytes(), -1);
System.out.println(prefix + "更新成功");
}
} catch (Exception e) {
System.err.println(prefix + "更新失敗,原因是:" + e.getMessage());
}
}
/**
* 更新數據:採用正確的密碼
*/
static void updateDataByCorrectAuthentication() {
String prefix = "[使用正確的授權信息]";
System.out.println(prefix + "更新數據:" + PATH);
try {
Stat stat = zk.exists(PATH, false);
if (stat!=null) {
zk.setData(PATH, prefix.getBytes(), -1);
System.out.println(prefix + "更新成功");
}
} catch (Exception e) {
System.err.println(prefix + "更新失敗,原因是:" + e.getMessage());
}
}
/**
* 不使用密碼 刪除節點
*/
static void deleteNodeByNoAuthentication() throws Exception {
String prefix = "[不使用任何授權信息]";
try {
System.out.println(prefix + "刪除節點:" + PATH_DEL);
ZooKeeper nozk = new ZooKeeper(CONNECT_ADDR, 2000, null);
Thread.sleep(2000);
Stat stat = nozk.exists(PATH_DEL, false);
if (stat!=null) {
nozk.delete(PATH_DEL,-1);
System.out.println(prefix + "刪除成功");
}
} catch (Exception e) {
System.err.println(prefix + "刪除失敗,原因是:" + e.getMessage());
}
}
/**
* 採用錯誤的密碼刪除節點
*/
static void deleteNodeByBadAuthentication() throws Exception {
String prefix = "[使用錯誤的授權信息]";
try {
System.out.println(prefix + "刪除節點:" + PATH_DEL);
ZooKeeper badzk = new ZooKeeper(CONNECT_ADDR, 2000, null);
//授權
badzk.addAuthInfo(authentication_type,badAuthentication.getBytes());
Thread.sleep(2000);
Stat stat = badzk.exists(PATH_DEL, false);
if (stat!=null) {
badzk.delete(PATH_DEL, -1);
System.out.println(prefix + "刪除成功");
}
} catch (Exception e) {
System.err.println(prefix + "刪除失敗,原因是:" + e.getMessage());
}
}
/**
* 使用正確的密碼刪除節點
*/
static void deleteNodeByCorrectAuthentication() throws Exception {
String prefix = "[使用正確的授權信息]";
try {
System.out.println(prefix + "刪除節點:" + PATH_DEL);
Stat stat = zk.exists(PATH_DEL, false);
if (stat!=null) {
zk.delete(PATH_DEL, -1);
System.out.println(prefix + "刪除成功");
}
} catch (Exception e) {
System.out.println(prefix + "刪除失敗,原因是:" + e.getMessage());
}
}
/**
* 使用正確的密碼刪除節點
*/
static void deleteParent() throws Exception {
try {
Stat stat = zk.exists(PATH_DEL, false);
if (stat == null) {
zk.delete(PATH, -1);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
2 zk的實際應用
2.1 在eclipse中添加工具
在eclipse中添加zookeeper管理工具:zookeeperBrowser ,其地址:http://www.massedynamic.org/eclipse/updates/
希望zookeeper對分佈式系統的配置文件進行管理,也就是說多個服務器進行watcher,zookeeper節點發生變化,則我們實時更新配置文件,我們要完成多個應用服務器註冊watcher,然後去實現實時觀察數據的變化,然後反饋給媒體服務器變更的數據信息,觀察zookeeper節點
2.2 代碼說明
2.2.1 服務器端
public class ZKWatcher implements Watcher {
/** zk變量 */
private ZooKeeper zk = null;
/** 父節點path */
static final String PARENT_PATH = "/super";
/** 信號量設置,用於等待zookeeper連接建立之後 通知阻塞程序繼續向下執行 */
private CountDownLatch connectedSemaphore = new CountDownLatch(1);
private List<String> cowaList = new CopyOnWriteArrayList<String>();
/** zookeeper服務器地址 */
public static final String CONNECTION_ADDR = "192.168.80.88:2181,192.168.80.87:2181,192.168.80.86:2181";
/** 定義session失效時間 */
public static final int SESSION_TIMEOUT = 30000;
public ZKWatcher() throws Exception{
zk = new ZooKeeper(CONNECTION_ADDR, SESSION_TIMEOUT, this);
System.out.println("開始連接ZK服務器");
connectedSemaphore.await();
}
@Override
public void process(WatchedEvent event) {
// 連接狀態
KeeperState keeperState = event.getState();
// 事件類型
EventType eventType = event.getType();
// 受影響的path
String path = event.getPath();
System.out.println("受影響的path : " + path);
if (KeeperState.SyncConnected == keeperState) {
// 成功連接上ZK服務器
if (EventType.None == eventType) {
System.out.println("成功連接上ZK服務器");
connectedSemaphore.countDown();
try {
if(this.zk.exists(PARENT_PATH, false) == null){
this.zk.create(PARENT_PATH, "root".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
}
List<String> paths = this.zk.getChildren(PARENT_PATH, true);
for (String p : paths) {
System.out.println(p);
this.zk.exists(PARENT_PATH + "/" + p, true);
}
} catch (KeeperException | InterruptedException e) {
e.printStackTrace();
}
}
//創建節點
else if (EventType.NodeCreated == eventType) {
System.out.println("節點創建");
try {
this.zk.exists(path, true);
} catch (KeeperException | InterruptedException e) {
e.printStackTrace();
}
}
//更新節點
else if (EventType.NodeDataChanged == eventType) {
System.out.println("節點數據更新");
try {
//update nodes call function
this.zk.exists(path, true);
} catch (KeeperException | InterruptedException e) {
e.printStackTrace();
}
}
//更新子節點
else if (EventType.NodeChildrenChanged == eventType) {
System.out.println("子節點 ... 變更");
try {
List<String> paths = this.zk.getChildren(path, true);
if(paths.size() >= cowaList.size()){
paths.removeAll(cowaList);
for(String p : paths){
this.zk.exists(path + "/" + p, true);
//this.zk.getChildren(path + "/" + p, true);
System.out.println("這個是新增的子節點 : " + path + "/" + p);
//add new nodes call function
}
cowaList.addAll(paths);
} else {
cowaList = paths;
}
System.out.println("cowaList: " + cowaList.toString());
System.out.println("paths: " + paths.toString());
} catch (KeeperException | InterruptedException e) {
e.printStackTrace();
}
}
//刪除節點
else if (EventType.NodeDeleted == eventType) {
System.out.println("節點 " + path + " 被刪除");
try {
//delete nodes call function
this.zk.exists(path, true);
} catch (KeeperException | InterruptedException e) {
e.printStackTrace();
}
}
else ;
}
else if (KeeperState.Disconnected == keeperState) {
System.out.println("與ZK服務器斷開連接");
}
else if (KeeperState.AuthFailed == keeperState) {
System.out.println("權限檢查失敗");
}
else if (KeeperState.Expired == keeperState) {
System.out.println("會話失效");
}
else ;
System.out.println("--------------------------------------------");
}
}
2.2.2 客戶端一
public class Client1 {
public static void main(String[] args) throws Exception{
ZKWatcher myWatcher = new ZKWatcher();
Thread.sleep(100000000);
}
}
2.2.3 客戶端二
public class Client2 {
public static void main(String[] args) throws Exception{
ZKWatcher myWatcher = new ZKWatcher();
Thread.sleep(100000000);
}
}
2.2.4 測試端
public class Test {
/** zookeeper地址 */
static final String CONNECT_ADDR = "192.168.1.106:2181,192.168.1.107:2181,192.168.1.108:2181";
/** session超時時間 */
static final int SESSION_OUTTIME = 2000;//ms
/** 信號量,阻塞程序執行,用於等待zookeeper連接成功,發送成功信號 */
static final CountDownLatch connectedSemaphore = new CountDownLatch(1);
public static void main(String[] args) throws Exception{
ZooKeeper zk = new ZooKeeper(CONNECT_ADDR, SESSION_OUTTIME, new Watcher(){
@Override
public void process(WatchedEvent event) {
//獲取事件的狀態
KeeperState keeperState = event.getState();
EventType eventType = event.getType();
//如果是建立連接
if(KeeperState.SyncConnected == keeperState){
if(EventType.None == eventType){
//如果建立連接成功,則發送信號量,讓後續阻塞程序向下執行
connectedSemaphore.countDown();
System.out.println("zk 建立連接");
}
}
}
});
//進行阻塞
connectedSemaphore.await();
// //創建子節點
// zk.create("/super/c1", "c1".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
//創建子節點
// zk.create("/super/c2", "c2".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
//創建子節點
zk.create("/super/c3", "c3".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
//創建子節點
// zk.create("/super/c4", "c4".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
// zk.create("/super/c4/c44", "c44".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
//獲取節點信息
// byte[] data = zk.getData("/testRoot", false, null);
// System.out.println(new String(data));
// System.out.println(zk.getChildren("/testRoot", false));
//修改節點的值
// zk.setData("/super/c1", "modify c1".getBytes(), -1);
// zk.setData("/super/c2", "modify c2".getBytes(), -1);
// byte[] data = zk.getData("/super/c2", false, null);
// System.out.println(new String(data));
// //判斷節點是否存在
// System.out.println(zk.exists("/super/c3", false));
// //刪除節點
// zk.delete("/super/c3", -1);
zk.close();
}
}