配置
系统: macOS Mojave
版本: 10.14.6
Zookeeper 版本: 3.4.10
启动 Zookeeper super
官方文档
zookeeper.DigestAuthenticationProvider.superDigest
(Java system property only: zookeeper.DigestAuthenticationProvider.superDigest)
By default this feature is disabled
New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode hierarchy as a "super" user. In particular no ACL checking occurs for a user authenticated as super.
org.apache.zookeeper.server.auth.DigestAuthenticationProvider can be used to generate the superDigest, call it with one parameter of "super:<password>". Provide the generated "super:<data>" as the system property value when starting each server of the ensemble.
When authenticating to a ZooKeeper server (from a ZooKeeper client) pass a scheme of "digest" and authdata of "super:<password>". Note that digest auth passes the authdata in plaintext to the server, it would be prudent to use this authentication method only on localhost (not over the network) or over an encrypted connection.
中文意思
ZooKeeper 3.2版本之后的版本默认是关闭的,需要通过配置Java系统参数zookeeper.DigestAuthenticationProvider.superDigest的开启
创建super账号
- 代码方式创建
package com.alibaba.dubbo.monitor.simple;
import java.security.NoSuchAlgorithmException;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
public class ZookeeperSuperme {
public static void main(String[] args) throws NoSuchAlgorithmException {
String m = DigestAuthenticationProvider.generateDigest("super:super");
System.out.println(m);
}
}
DigestAuthenticationProvider.generateDigest是Zookeeper Java客户端依赖包zookeeper-*.jar(*是版本号)中的,所以需要在代码中引入此依赖
执行main方法控制台打印
super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss=
2.Linux终端生成
$ echo -n super:super | openssl dgst -binary -sha1 | openssl base64
gG7s8t3oDEtIqF6DM9LlI/R+9Ss=
配置super
修改zkServer.sh140行添加
"-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss="
结果如下
nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss="\
-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &
重新Zookeeper服务生效
$zkServer restart
切换super执行操作
# 连接Zookeeper服务
$zkCli
# 切换super, digest后面的是账号,密码,密码不用加密,后台会做加密对比
[zk: localhost:2181(CONNECTED) 1] addauth digest super:super
brew services start zookeeper启动Zookeeper服务,super账号无效
services命名说明
`services` [<subcommand>]
Manage background services with macOS' `launchctl`(1) daemon manager.
If `sudo` is passed, operate on `/Library/LaunchDaemons` (started at boot).
Otherwise, operate on `~/Library/LaunchAgents` (started at login).
[`sudo`] `brew services` [`list`]:
List all managed services for the current user (or root).
[`sudo`] `brew services run` (<formula>|`--all`):
Run the service <formula> without registering to launch at login (or boot).
[`sudo`] `brew services start` (<formula>|`--all`):
Start the service <formula> immediately and register it to launch at login (or boot).
[`sudo`] `brew services stop` (<formula>|`--all`):
Stop the service <formula> immediately and unregister it from launching at login (or boot).
[`sudo`] `brew services restart` (<formula>|`--all`):
Stop (if necessary) and start the service <formula> immediately and register it to launch at login (or boot).
[`sudo`] `brew services cleanup`:
Remove all unused services.
根据services说明文档可知,当用brew services 启动服务(非sudo),会在~/Library/LaunchAgents目录下生成启动脚本,下面操作看下
- 启动Zookeeper服务
$brew services start zookeeper
- 查看服务
$brew services list
zookeeper started lemo-wu /Users/lemo-wu/Library/LaunchAgents/homebrew.mxcl.zookeeper.plist
- 查看zookeeper.plist文件
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>SERVER_JVMFLAGS</key>
<string>-Dapple.awt.UIElement=true</string>
</dict>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>homebrew.mxcl.zookeeper</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/opt/zookeeper/bin/zkServer</string>
<string>start-foreground</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>/usr/local/var</string>
</dict>
</plist>
在plist文件中看下ProgramArguments的arrary值
<array>
<string>/usr/local/opt/zookeeper/bin/zkServer</string>
<string>start-foreground</string>
</array>
所以brew services start zookeeper命令执行的是zkServer start-foreground命令,但是我们原先加的zookeeper super是加在zkServer start命令下的,在看下zkServer.sh文件确认下
# zkServer start走的start分支
start)
echo -n "Starting zookeeper ... "
if [ -f "$ZOOPIDFILE" ]; then
if kill -0 `cat "$ZOOPIDFILE"` > /dev/null 2>&1; then
echo $command already running as process `cat "$ZOOPIDFILE"`.
exit 0
fi
fi
nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss="\
-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &
if [ $? -eq 0 ]
then
case "$OSTYPE" in
*solaris*)
/bin/echo "${!}\\c" > "$ZOOPIDFILE"
;;
*)
/bin/echo -n $! > "$ZOOPIDFILE"
;;
esac
if [ $? -eq 0 ];
then
sleep 1
echo STARTED
else
echo FAILED TO WRITE PID
exit 1
fi
else
echo SERVER DID NOT START
exit 1
fi
;;
# brew services start zookeeper走的分支
start-foreground)
echo foreground
ZOO_CMD=(exec "$JAVA")
if [ "${ZOO_NOEXEC}" != "" ]; then
ZOO_CMD=("$JAVA")
fi
"${ZOO_CMD[@]}" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}"\
-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG"
;;
网友评论