如何使用 zkCli 从 ZooKeeper 访问受保护的 znode? [英] How to access a protected znode from ZooKeeper using zkCli?
问题描述
我使用以下方法创建了一个 znode:
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh create/mynode content digest:user:pass:cdrwa
现在如何使用 zkCli.sh 工具访问 znode?p>
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh get/mynode连接到本地主机:2181观察者::WatchedEvent 状态:SyncConnected 类型:无路径:空身份验证无效:/mynodezookeeper-0:/opt/zookeeper/bin #
getAcl 显示以下内容:
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh getAcl/mynode连接到本地主机:2181观察者::WatchedEvent 状态:SyncConnected 类型:无路径:空'摘要,'用户:通过: cdrwazookeeper-0:/opt/zookeeper/bin #
您需要使用散列密码创建摘要 ACL.
ZooKeeper 程序员指南><块引用>
digest 使用 username:password 字符串生成 MD5 哈希值,然后将其用作 ACL ID 身份.身份验证是通过以明文形式发送用户名:密码来完成的.在 ACL 中使用时,表达式将是 username:base64 编码的 SHA1 密码摘要.
生成散列密码
$ java -cp "./zookeeper-3.4.13.jar:./lib/slf4j-api-1.7.25.jar" \org.apache.zookeeper.server.auth.DigestAuthenticationProvider 用户:passSLF4J:无法加载类org.slf4j.impl.StaticLoggerBinder".SLF4J:默认为无操作 (NOP) 记录器实现SLF4J:有关更多详细信息,请参阅 http://www.slf4j.org/codes.html#StaticLoggerBinder.用户:通行证->用户:smGaoVKd/cQkjm7b88GyorAUz20=
使用哈希密码创建节点
[zk: zookeeper(CONNECTED) 0] create/mynode content digest:user:smGaoVKd/cQkjm7b88GyorAUz20=:cdrwa创建/mynode
访问受保护节点
[zk: zookeeper(CONNECTED) 1] 获取/mynode身份验证无效:/mynode[zk: zookeeper(CONNECTED) 2] addauth 摘要用户:pass[zk: zookeeper(CONNECTED) 3] 获取/mynode内容cZxid = 0x14ctime = 格林威治标准时间 2018 年 9 月 12 日星期三 19:37:48mZxid = 0x14mtime = 格林威治标准时间 2018 年 9 月 12 日星期三 19:37:48pZxid = 0x14转换 = 0数据版本 = 0acl 版本 = 0临时所有者 = 0x0数据长度 = 7数量儿童 = 0
I have created a znode using:
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh create /mynode content digest:user:pass:cdrwa
How to access the znode using the zkCli.sh utility now?
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh get /mynode
Connecting to localhost:2181
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
Authentication is not valid : /mynode
zookeeper-0:/opt/zookeeper/bin #
The getAcl is showing the following:
zookeeper-0:/opt/zookeeper/bin # ./zkCli.sh getAcl /mynode
Connecting to localhost:2181
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
'digest,'user:pass
: cdrwa
zookeeper-0:/opt/zookeeper/bin #
You need to create the digest ACL using the hashed password.
digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.
Generate the hashed password
$ java -cp "./zookeeper-3.4.13.jar:./lib/slf4j-api-1.7.25.jar" \
org.apache.zookeeper.server.auth.DigestAuthenticationProvider user:pass
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
user:pass->user:smGaoVKd/cQkjm7b88GyorAUz20=
Create a node using the hashed password
[zk: zookeeper(CONNECTED) 0] create /mynode content digest:user:smGaoVKd/cQkjm7b88GyorAUz20=:cdrwa
Created /mynode
Accessing the protected node
[zk: zookeeper(CONNECTED) 1] get /mynode
Authentication is not valid : /mynode
[zk: zookeeper(CONNECTED) 2] addauth digest user:pass
[zk: zookeeper(CONNECTED) 3] get /mynode
content
cZxid = 0x14
ctime = Wed Sep 12 19:37:48 GMT 2018
mZxid = 0x14
mtime = Wed Sep 12 19:37:48 GMT 2018
pZxid = 0x14
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 7
numChildren = 0
这篇关于如何使用 zkCli 从 ZooKeeper 访问受保护的 znode?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!