Zookeeper Dubbo IP 白名单
zookeeper的节点概念zookeeper入门系列:概述总的来说 dubbo 体现在zookeeper中就是一个节点:/dubbo使用zkCli.sh 连接zookeeper/local/zookeeper-3.4.5/bin/zkCli.sh# 启动客户端connect 172.16.103.33:2181# 连接上目标zookeeperls /
·
- zookeeper的节点概念
zookeeper入门系列:概述
总的来说 dubbo 体现在zookeeper中就是一个节点:/dubbo 使用zkCli.sh 连接zookeeper
/local/zookeeper-3.4.5/bin/zkCli.sh # 启动客户端 connect 172.16.103.33:2181 # 连接上目标zookeeper ls / # 查看根节点下的所有节点 setAcl /dubbo ip:172.16.103.33:cdrwa # 设置IP白名单
关于IP地址段
IP地址网段表示法
关于 ip段协议 设置失败 解决方案 使用zkClient (javaAPI解决)
详见下面的 zkClient部分
10/16 补充 用户名密码方案
客户端连接zookeeper
./zkCli.sh使用java生成密码
generateDigest("用户名:密码")import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; import org.junit.Test; import java.security.NoSuchAlgorithmException; /** * @author luwenlong * @date 2017/10/13 * @description 类描述 */ public class PasswordBuilder { @Test public void generate() { try { System.out.println(DigestAuthenticationProvider.generateDigest("luwfls:luwfls")); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } } }设置dubbo的密码权限(这里的密码是加密后的不要使用明文密码)
setAcl /dubbo digest:luwfls:dbshuAKWkOXQro563C0o+16AAR4=:cdrwa
附超级权限设置方法,以供设置密码错误或忘记密码
编辑
zkServer.sh 109行nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:g9oN2HttPfn8MMWJZ2r45Np/LIA=" \重启zookeeper
./zkServer.sh restart验证
./zkCli.sh ##连接 addauth digest:luwfls:luwfls ## 相当于超级管理员登陆 setAcl /dubbo digest:用户名:加密后的密码:权限 ## 以超级管理员身份设置新密码
11/02 补充zkClient 方案
- 前提 需参考上一步,设置完超级管理员之后可使用超级管理员权限使用
- demo的github地址
- 简介
import org.I0Itec.zkclient.ZkClient;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import org.junit.Test;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/**
* @author luwenlong
* @date 2017/10/17 0017
* @description zookeeper 管理
*/
public class ZKManager {
private static final String ZKADDRESS = "172.16.101.130:2190";
private static final String SUPERAUTH = "super:superpw";
private static final String LUWFLS = "luwfls:luwfls";
private static final String DIGEST = "digest";
private static ZkClient zkClient = new ZkClient(ZKADDRESS);
@Test
public void testZooKeeperConnect() throws IOException {
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
//zooKeeper.addAuthInfo(DIGEST,"super:superpw".getBytes());
ZooKeeper.States state = zooKeeper.getState();
System.out.println("状态: "+state);
}
/**
* 超级管理员身份 修改根目录权限 为 任何人任何权限
*/
@Test
public void setRootWorldCDRWA() throws Exception {
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo(DIGEST,SUPERAUTH.getBytes());
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("world","anyone")));
zooKeeper.setACL("/dubbo",acls,13);
}
/**
* 设置IP段 白名单
* 有问题 KeeperErrorCode = InvalidACL for /dubbo
*/
@Test
public void setIPS() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo(DIGEST,LUWFLS.getBytes());
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.33")));
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.60")));
//当前version 可理解为乐观锁的最后一个版本号(屁民理论)
zooKeeper.setACL("/dubbo",acls,zooKeeper.exists("/dubbo",false).getAversion());
}
/**
* 查询权限
*/
@Test
public void getAcl() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo("digest","luwfls:luwfls".getBytes());
ZooKeeper.States state = zooKeeper.getState();
System.out.printf("state " + state);
List<ACL> acl = zooKeeper.getACL("/dubbo", new Stat());
acl.forEach(acl1 -> System.out.println(acl1));
}
/**
* 查询 节点版本 version
* 更改权限的时候需要设置 当前节点的 可用版本号 Stat.aversion
*/
@Test
public void queryVersion() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo("digest","luwfls:luwfls".getBytes());
Stat stat = zooKeeper.exists("/dubbo", false);
System.out.println(String.format("version %s cversion %s aversion %s ", stat.getVersion(),stat.getCversion(),stat.getAversion()));
System.out.println(stat);
}
/**
* 创建节点
*/
@Test
public void testCreatePersistent() {
zkClient.createPersistent("/test123");
}
}
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.33")));
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.60")));
//当前version 可理解为乐观锁的最后一个版本号(屁民理论)
zooKeeper.setACL("/test123",acls,zooKeeper.exists("/test123",false).getAversion());通过上面的代码 设置了两个IP加入白名单。
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
5
0- 0
已为社区贡献1条内容
所有评论(0)