1. Linux开启客户端使用的命令

 ./zkCli.sh
[root@centos7 bin]# ./zkCli.sh
..........
[zk: localhost:2181(CONNECTED) 0] 

2. ls与ls2的区别

ls:是只查看节点
ls2;是查看节点和状态信息,新版本zookeeper使用命令:`ls -s path` 取代ls2命令。
[zk: localhost:2181(CONNECTED) 7] ls /
[zookeeper]
[zk: localhost:2181(CONNECTED) 9] ls -s /
[zookeeper]
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1

3. get与stat命令

stat:它是status单词的缩写,主要是查看节点的状态信息。
get:取出当前节点的数据。
[zk: localhost:2181(CONNECTED) 10] stat /
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1
[zk: localhost:2181(CONNECTED) 11] get /

cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x0
cversion = -1
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 1

状态信息说明:

  • cZxid:ZooKeeper为节点分配的id;
  • ctime:节点的创建时间;
  • mZxid:修改ZooKeeper分配的id;
  • mtime:节点的修改时间;
  • pZxid:子节点的id;
  • cversion:子节点的version;
  • dataversion:当前节点数据的版本号;
  • aclversion:指权限版本的变化;
  • ephemeralOwner:如果值为0x0则节点为持久节点,反之则为临时节点
  • dataLength:指数据的长度;
  • numChildren:当前节点下有多少个子节点。

4. ZK特性之session基本原理

  • 客户端与服务端之间的连接存在会话
  • 每个会话都会可以设置一个超时时间
  • 心跳结束,session则过期
  • Session过期,则临时节点znode会被抛弃
  • 心跳机制:客户端向服务端的ping包请求

5. create命令

创建操作

create [-s] [-e] path data acl

选参说明:

  • -s:创建顺序节点
  • -e:创建临时节点

创建默认节点语法:
create /节点路径 节点数据

[zk: localhost:2181(CONNECTED) 1] create /test test-data
Created /test

创建临时节点语法:
create -e /节点路径 节点数据

[zk: localhost:2181(CONNECTED) 3] create -e /test/test2 test-data2
Created /test/test2
[zk: localhost:2181(CONNECTED) 4] get /test/test2
test-data2

创建顺序节点语法:
create -s /节点路径 节点数据
设置的节点路径会被重命名为序列数

[zk: localhost:2181(CONNECTED) 5] create -s /test/sec seq
Created /test/sec0000000001
[zk: localhost:2181(CONNECTED) 8] get /test/sec0000000001
seq

如何删除临时节点?
如果客户端不与服务端连接,则节点的心跳机制也会停止(心跳机制也有时间段的,不是说客户端不与服务端连接就马上停止,得过了心跳机制设置的时间才会停止),ZooKeeper也会自动删除临时节点。

6. set命令

修改操作

set path data [version]
[zk: localhost:2181(CONNECTED) 9] get /test
test-data
[zk: localhost:2181(CONNECTED) 10] set /test new-data
[zk: localhost:2181(CONNECTED) 12] get /test
new-data

7. delete命令

删除操作

delete path [version]
[zk: localhost:2181(CONNECTED) 21] delete /test/sec0000000001
[zk: localhost:2181(CONNECTED) 22] ls /test
[test2]

8. ZK特性之watch机制

  • 针对每个节点的操作,都会有一个监督者→wathcer
  • 当监控的某个对象( znode )发生了变化,则触发watcher事件
  • zk中的watcher是一次性的,触发后立即销毁(可以设置为永久型)
  • 父节点,子节点增删改都能够触发其watcher
  • 针对不同类型的操作,触发的watcher事件也不同︰
    1.(子)节点创建事件
    2.(子)节点删除事件
    3.(子)节点数据变化事件

9. Watch命令

通过get path [watch]设置watcher

9.1 父节点操作

创建父节点触发:NodeCreated

[zk: localhost:2181(CONNECTED) 4] stat /test2 watch
'stat path [watch]' has been deprecated. Please use 'stat [-w] path' instead.
Node does not exist: /test2
[zk: localhost:2181(CONNECTED) 5] create /test2 123

WATCHER::

WatchedEvent state:SyncConnected type:NodeCreated path:/test2
Created /test2

修改父节点数据触发:NodeDataChanged

[zk: localhost:2181(CONNECTED) 13] get /test2 watch
'get path [watch]' has been deprecated. Please use 'get [-s] [-w] path' instead.
123
[zk: localhost:2181(CONNECTED) 14] set /test2 789

WATCHER::

WatchedEvent state:SyncConnected type:NodeDataChanged path:/test2

删除父节点触发:NodeDeleted

[zk: localhost:2181(CONNECTED) 15] get /test2 watch
'get path [watch]' has been deprecated. Please use 'get [-s] [-w] path' instead.
789
[zk: localhost:2181(CONNECTED) 16] delete /test2

WATCHER::

WatchedEvent state:SyncConnected type:NodeDeleted path:/test2

9.2 子节点操作

ls 为父节点设置watcher,创建子节点触发∶NodeChildrenChanged

[zk: localhost:2181(CONNECTED) 0] ls /
[test, zookeeper]
[zk: localhost:2181(CONNECTED) 1] ls /test
[]
[zk: localhost:2181(CONNECTED) 2] ls /test watch
'ls path [watch]' has been deprecated. Please use 'ls [-w] path' instead.
[]
[zk: localhost:2181(CONNECTED) 4] create /test/abc 88

WATCHER::

WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/test
Created /test/abc

ls 为父节点设置watcher,删除子节点触发:NodeChildrenChanged

[zk: localhost:2181(CONNECTED) 6] ls /test watch
'ls path [watch]' has been deprecated. Please use 'ls [-w] path' instead.
[abc]
[zk: localhost:2181(CONNECTED) 7] delete /test/abc

WATCHER::

WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/test

Is 为父节点设置watcher,修改子节点不触发事件

下面例子,我们是把xyz当成子节点来设置

[zk: localhost:2181(CONNECTED) 9] create /test/xyz 99
Created /test/xyz
[zk: localhost:2181(CONNECTED) 10] ls /test watch
'ls path [watch]' has been deprecated. Please use 'ls [-w] path' instead.
[xyz]
[zk: localhost:2181(CONNECTED) 11] set /test/xyz 9090
[zk: localhost:2181(CONNECTED) 13] get /test/xyz
9090

下面例子,我们是把xyz当成父节点来设置,这样就可以触发子节点

[zk: localhost:2181(CONNECTED) 15] get /test/xyz watch
'get path [watch]' has been deprecated. Please use 'get [-s] [-w] path' instead.
9090
[zk: localhost:2181(CONNECTED) 17] set /test/xyz 8080

WATCHER::

WatchedEvent state:SyncConnected type:NodeDataChanged path:/test/xyz

9.3 Watcher使用场景

  • 统一资源配置

10. ACL

ACL(access control lists)权限控制

  • 针对节点可以设置相关读写等权限,目的为了保障数据安全性
  • 权限permissions可以指定不同的权限范围以及角色

11. ACL命令

11.1 acl语法

  • getAcl:获取某个节点的acl权限信息
  • setAcl :设置某个节点的acl权限信息
  • addauth :输入认证授权信息,注册时输入明文密码(登录)但是在zk的系统里,密码是以加密的形式存在

查看默认的形式:

[zk: localhost:2181(CONNECTED) 4] create /test/abc 123
Created /test/abc
[zk: localhost:2181(CONNECTED) 6] getAcl /test/abc
'world,'anyone
: cdrwa

11.2 acl总体构成

zk的acl通过[scheme : id : permissions]来构成权限列表

- scheme :代表采用的某种权限机制
- id:代表允许访问的用户
- permissions:权限组合字符串

11.3 acl的构成-scheme与id

  • scheme:

    • world : world下只有一个id,即只有一个用户,也就是anyone,那么组合的写法就是world:anyone:[permissions]
    • auth :代表认证登录,需要注册用户有权限就可以,使用的是明文密码,形式为auth:user:password:[permissions]
    • digest :需要对密码加密才能访问,使用的是加密密码,组合形式为
      digest: username:BASE64(SHA1(password)) :[permissions]
    • ip :当设置为ip指定的ip地址,此时限制ip进行访问,比如ip:192.168.1.1:[permissions]
    • super:代表超级管理员,拥有所有的权限
  • id:

    • 默认为anyone

11.3.1 word

查看默认权限

[zk: localhost:2181(CONNECTED) 2] create /test/ab 888
Created /test/ab
[zk: localhost:2181(CONNECTED) 3] getAcl /test/ab
'world,'anyone
: cdrwa

设置word

[zk: localhost:2181(CONNECTED) 9] setAcl /test/ab world:anyone:crwa
[zk: localhost:2181(CONNECTED) 10] getAcl /test/ab
'world,'anyone
: crwa
[zk: localhost:2181(CONNECTED) 11] create /test/ab/xyz 123
Created /test/ab/xyz
[zk: localhost:2181(CONNECTED) 12] delete /test/ab/xyz
Insufficient permission : /test/ab/xyz
[zk: localhost:2181(CONNECTED) 15] setAcl /test/ab world:anyone:rda
[zk: localhost:2181(CONNECTED) 16] getAcl /test/ab
'world,'anyone
: dra
[zk: localhost:2181(CONNECTED) 17] delete /test/ab/xyz
[zk: localhost:2181(CONNECTED) 19] setAcl /test/ab world:anyone:a
[zk: localhost:2181(CONNECTED) 20] set /test/ab 123
Insufficient permission : /test/ab
[zk: localhost:2181(CONNECTED) 21] setAcl /test/ab world:anyone:wa
[zk: localhost:2181(CONNECTED) 22] getAcl /test/ab
'world,'anyone
: wa
[zk: localhost:2181(CONNECTED) 23] set /test/ab 123
[zk: localhost:2181(CONNECTED) 24] get /test/ab
Insufficient permission : /test/ab
[zk: localhost:2181(CONNECTED) 26] setAcl /test/ab world:anyone:rwa
[zk: localhost:2181(CONNECTED) 27] get /test/ab
123

11.3.2 auth

[zk: localhost:2181(CONNECTED) 2] create /names 
Created /names
[zk: localhost:2181(CONNECTED) 3] create /names/test test
Created /names/test
[zk: localhost:2181(CONNECTED) 4] getAcl /names/test
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 5] setAcl /names/test auth:test:test:crdwa
Acl is not valid : /names/test
[zk: localhost:2181(CONNECTED) 6] addauth digest test:test
[zk: localhost:2181(CONNECTED) 7] setAcl /names/test auth:test:test:crdwa
[zk: localhost:2181(CONNECTED) 8] getAcl /names/test
'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug=
: cdrwa
[zk: localhost:2181(CONNECTED) 11] setAcl /names/test auth:wer:wer:crdwa  
#此时发现这里的密码跟上次是一样的,主要是系统是按照默认的设置来的,即addauth digest test:test
[zk: localhost:2181(CONNECTED) 12] getAcl /names/test
'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug=
: cdrwa
[zk: localhost:2181(CONNECTED) 13] setAcl /names/test auth::crdwa #可以采用匿名的方式设置,按照默认值来处理
[zk: localhost:2181(CONNECTED) 14] getAcl /names/test
'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug=
: cdrwa

11.3.3 digest

[zk: localhost:2181(CONNECTED) 3] ls /names
[]
[zk: localhost:2181(CONNECTED) 4] create /names/test ttt
Created /names/test
[zk: localhost:2181(CONNECTED) 5] getAcl /names/test
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 9] setAcl /names/test digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:crda
[zk: localhost:2181(CONNECTED) 12] getAcl /names/test
Insufficient permission : /names/test
[zk: localhost:2181(CONNECTED) 15] addauth digest test:test
[zk: localhost:2181(CONNECTED) 16] getAcl /names/test
'digest,'test:V28q/NynI4JI3Rk54h0r8O5kMug=
: cdra

11.3.4 ip

[zk: localhost:2181(CONNECTED) 6] create /names/ip ip
Created /names/ip
[zk: localhost:2181(CONNECTED) 7] get /names/ip
ip
[zk: localhost:2181(CONNECTED) 8] getAcl /names/ip
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 9] setAcl /names/ip ip:192.168.1.X:crwda
[zk: localhost:2181(CONNECTED) 10] getAcl /names/ip
Insufficient permission : /names/ip

11.3.5 super

使用super命令前需要设置:

  • 1、修改zkServer.sh增加super管理员
  • 2、重启zkServer.sh
"zookeeper.DigestAuthenticationProvider.superDigest=test:V28q/NynI4JI3Rk54h0r8O5kMug="
[root@centos7 bin]# vim zkServer.sh
......
[root@centos7 bin]# ./zkServe.sh restart

在这里插入图片描述

[zk: localhost:2181(CONNECTED) 0] ls /
[names, test, zookeeper]
[zk: localhost:2181(CONNECTED) 1] ls /names/ip
Insufficient permission : /names/ip
[zk: localhost:2181(CONNECTED) 2] get /names/ip
Insufficient permission : /names/ip
[zk: localhost:2181(CONNECTED) 3] getAcl /names/ip
Insufficient permission : /names/ip
[zk: localhost:2181(CONNECTED) 4] addauth digest test:test
[zk: localhost:2181(CONNECTED) 5] ls /names/ip
[]
[zk: localhost:2181(CONNECTED) 6] get /names/ip
ip
[zk: localhost:2181(CONNECTED) 7] getAcl /names/ip
'ip,'192.168.1.X
: cdrwa

11.4 acl的构成-permissions

权限字符串缩写crdwa

  • CREATE:创建子节点
  • READ:获取节点/子节点
  • DELETE:删除子节点
  • WRITE:设置节点数据
  • ADMIN:设置权限

11.5 ACL使用场景

  • 开发/测试环境分离,开发者无权操作测试库的节点,只能看
  • 生产环境上控制指定ip的服务可以访问相关节点,防止混乱

12.ZooKeeper四字命令

  • zk可以通过它自身提供的简写命令来和服务器进行交互
  • 需要使用到nc命令,安装:yum install nc
  • echo [commond] | nc [ip] [port]

官网了解四字命令:https://zookeeper.apache.org/doc/r3.7.0/zookeeperAdmin.html#sc_4lw

12.1 stat命令

  • [stat]查看zk的状态信息,以及是否mode
[root@centos7 ~]# echo stat | nc 192.168.XX.XX 2181
stat is not executed because it is not in the whitelist.

出现上面这个问题表示有可能配置中未开启四字命令
在/conf/zoo.fig配置

[root@centos7 conf]# vim zoo.cfg 
......
#开启四字命令
4lw.commands.whitelist=*

记得重启服务!

[root@centos7 bin]# echo stat | nc 192.168.1.21 2181
Zookeeper version: 3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on 04/08/2021 16:35 GMT
Clients:
 /192.168.1.21:37778[0](queued=0,recved=1,sent=0)

Latency min/avg/max: 0/0.0/0
Received: 1
Sent: 0
Connections: 1
Outstanding: 0
Zxid: 0x54
Mode: standalone
Node count: 10

12.2 ruok命令

  • [ruok]查看当前zkserver是否启动,返回imok
[root@centos7 ~]# echo ruok | nc localhost 2181
imok[root@centos7 ~]# 

12.3 dump命令

  • [dump]列出未经处理的会话和临时节点
[root@centos7 ~]# echo dump | nc localhost 2181
SessionTracker dump:
Session Sets (1)/(1):
1 expire at Sun Jun 06 17:45:03 CST 2021:
        0x100014251cf0001
ephemeral nodes dump:
Sessions with Ephemerals (0):
Connections dump:
Connections Sets (3)/(2):
0 expire at Sun Jun 06 17:44:45 CST 2021:
1 expire at Sun Jun 06 17:44:55 CST 2021:
        ip: /0:0:0:0:0:0:0:1:39030 sessionId: 0x0
1 expire at Sun Jun 06 17:45:05 CST 2021:
        ip: /0:0:0:0:0:0:0:1:39028 sessionId: 0x100014251cf0001

在客户端创建临时节点,用dump命令查看:

[root@centos7 ~]# echo dump | nc localhost 2181
SessionTracker dump:
Session Sets (4)/(1):
0 expire at Sun Jun 06 17:46:47 CST 2021:
0 expire at Sun Jun 06 17:46:55 CST 2021:
0 expire at Sun Jun 06 17:47:05 CST 2021:
1 expire at Sun Jun 06 17:47:11 CST 2021:
        0x100014251cf0001
ephemeral nodes dump:
Sessions with Ephemerals (1):
0x100014251cf0001:
        /names/rom
        /names/tmp-dump
Connections dump:
Connections Sets (3)/(2):
0 expire at Sun Jun 06 17:46:55 CST 2021:
1 expire at Sun Jun 06 17:47:05 CST 2021:
        ip: /0:0:0:0:0:0:0:1:39032 sessionId: 0x0
1 expire at Sun Jun 06 17:47:15 CST 2021:
        ip: /0:0:0:0:0:0:0:1:39028 sessionId: 0x100014251cf0001

12.4 conf命令

  • [conf] 查看服务器配置
[root@centos7 ~]# echo conf | nc localhost 2181
clientPort=2181
secureClientPort=-1
dataDir=/usr/local/zookeeper/dataDir/version-2
dataDirSize=268435520
dataLogDir=/usr/local/zookeeper/dataLogDir/version-2
dataLogSize=3105
tickTime=2000
maxClientCnxns=60
minSessionTimeout=4000
maxSessionTimeout=40000
clientPortListenBacklog=-1
serverId=0

12.5 cons命令

  • [cons]展示连接到服务器的客户端信息
[root@centos7 ~]# echo cons | nc localhost 2181
 /0:0:0:0:0:0:0:1:39028[1](queued=0,recved=35,sent=35,sid=0x100014251cf0001,lop=PING,est=1622972672134,to=30000,lcxid=0x3,lzxid=0x59,lresp=21984638,llat=0,minlat=0,avglat=1,maxlat=14)
 /0:0:0:0:0:0:0:1:39036[0](queued=0,recved=1,sent=0)

12.6 envi命令

  • [envi] 环境变量
[root@centos7 ~]# echo envi | nc localhost 2181
Environment:
zookeeper.version=3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on 04/08/2021 16:35 GMT
host.name=ec2-3-223-115-185.compute-1.amazonaws.com
java.version=1.8.0_60
java.vendor=Oracle Corporation
java.home=/usr/java/jdk1.8.0_60/jre
......

12.7 mntr命令

  • [mntr]监控zk健康信息
[root@centos7 ~]# echo mntr | nc localhost 2181
zk_version      3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on 04/08/2021 16:35 GMT
zk_server_state standalone
zk_ephemerals_count     2
zk_num_alive_connections        2
zk_avg_latency  1.6491
zk_outstanding_requests 0
zk_znode_count  12
zk_global_sessions      1
zk_non_mtls_remote_conn_count   0
zk_last_client_response_size    16
zk_packets_sent 66
zk_packets_received     67
zk_max_client_response_size     118
zk_connection_drop_probability  0.0
zk_watch_count  0
......

12.8 wchs命令

  • [wchs]展示watch的信息
[root@centos7 ~]# echo wchs | nc localhost 2181
0 connections watching 0 paths
Total watches:0

12.9 wchc与wchp命令

  • [wchc] 与[wchp] :session与watch及 path与watch信息
[root@centos7 ~]# echo wchc | nc localhost 2181
[root@centos7 ~]# echo wchp | nc localhost 2181
Logo

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐