如何使用 zkCli 从 ZooKeeper 访问受保护的 znode? [英] How to access a protected znode from ZooKeeper using zkCli?

问题描述

我使用以下方法创建了一个 znode:

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh create/mynode content digest:user:pass:cdrwa

现在如何使用 zkCli.sh 工具访问 znode?

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh get/mynode连接到本地主机:2181观察者::WatchedEvent 状态:SyncConnected 类型:无路径:空身份验证无效:/mynodezookeeper-0:/opt/zookeeper/bin #

getAcl 显示以下内容:

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh getAcl/mynode连接到本地主机:2181观察者::WatchedEvent 状态:SyncConnected 类型:无路径:空'摘要，'用户:通过: cdrwazookeeper-0:/opt/zookeeper/bin #

解决方案

您需要使用散列密码创建摘要 ACL.

ZooKeeper 程序员指南<块引用>

digest 使用 username:password 字符串生成 MD5 哈希值，然后将其用作 ACL ID 身份.身份验证是通过以明文形式发送用户名:密码来完成的.在 ACL 中使用时，表达式将是 username:base64 编码的 SHA1 密码摘要.

生成散列密码

$ java -cp "./zookeeper-3.4.13.jar:./lib/slf4j-api-1.7.25.jar" \org.apache.zookeeper.server.auth.DigestAuthenticationProvider 用户:passSLF4J:无法加载类org.slf4j.impl.StaticLoggerBinder".SLF4J:默认为无操作 (NOP) 记录器实现SLF4J:有关更多详细信息，请参阅 http://www.slf4j.org/codes.html#StaticLoggerBinder.用户:通行证->用户:smGaoVKd/cQkjm7b88GyorAUz20=

使用哈希密码创建节点

[zk: zookeeper(CONNECTED) 0] create/mynode content digest:user:smGaoVKd/cQkjm7b88GyorAUz20=:cdrwa创建/mynode

访问受保护节点

[zk: zookeeper(CONNECTED) 1] 获取/mynode身份验证无效:/mynode[zk: zookeeper(CONNECTED) 2] addauth 摘要用户:pass[zk: zookeeper(CONNECTED) 3] 获取/mynode内容cZxid = 0x14ctime = 格林威治标准时间 2018 年 9 月 12 日星期三 19:37:48mZxid = 0x14mtime = 格林威治标准时间 2018 年 9 月 12 日星期三 19:37:48pZxid = 0x14转换 = 0数据版本 = 0acl 版本 = 0临时所有者 = 0x0数据长度 = 7数量儿童 = 0

I have created a znode using:

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh create /mynode content digest:user:pass:cdrwa

How to access the znode using the zkCli.sh utility now?

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh get /mynode
Connecting to localhost:2181

WATCHER::

WatchedEvent state:SyncConnected type:None path:null
Authentication is not valid : /mynode
zookeeper-0:/opt/zookeeper/bin #

The getAcl is showing the following:

zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh getAcl /mynode
Connecting to localhost:2181

WATCHER::

WatchedEvent state:SyncConnected type:None path:null
'digest,'user:pass
: cdrwa
zookeeper-0:/opt/zookeeper/bin #

解决方案

You need to create the digest ACL using the hashed password.

ZooKeeper Programmer's Guide

digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.

Generate the hashed password

$ java -cp "./zookeeper-3.4.13.jar:./lib/slf4j-api-1.7.25.jar" \
org.apache.zookeeper.server.auth.DigestAuthenticationProvider user:pass
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
user:pass->user:smGaoVKd/cQkjm7b88GyorAUz20=

Create a node using the hashed password

[zk: zookeeper(CONNECTED) 0] create /mynode content digest:user:smGaoVKd/cQkjm7b88GyorAUz20=:cdrwa
Created /mynode

Accessing the protected node

[zk: zookeeper(CONNECTED) 1] get /mynode
Authentication is not valid : /mynode
[zk: zookeeper(CONNECTED) 2] addauth digest user:pass
[zk: zookeeper(CONNECTED) 3] get /mynode
content
cZxid = 0x14
ctime = Wed Sep 12 19:37:48 GMT 2018
mZxid = 0x14
mtime = Wed Sep 12 19:37:48 GMT 2018
pZxid = 0x14
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 7
numChildren = 0

这篇关于如何使用 zkCli 从 ZooKeeper 访问受保护的 znode?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！