zk 设置ACL
目录
ACL Digest设置
添加用户
|
1 |
[zk: localhost:2181(CONNECTED) 1] addauth digest admin:123456 |
生成加密密码
|
1 2 |
echo -n admin:123456 | openssl dgst -binary -sha1 | openssl base64 0uek/hZ/V9fgiM35b0Z2226acMQ= |
设置ACL
|
1 |
setAcl /asdf/wefw digest:admin:0uek/hZ/V9fgiM35b0Z2226acMQ=:cdrwa |
查看ACL
|
1 2 3 |
[zk: localhost:2181(CONNECTED) 8] getAcl /asdf/wefw 'digest,'admin:0uek/hZ/V9fgiM35b0Z2226acMQ= : cdrwa |
设置为world(所有人可访问)
|
1 2 3 4 |
[zk: localhost:2181(CONNECTED) 9] setAcl /asdf/wefw world:anyone:cdrwa [zk: localhost:2181(CONNECTED) 10] getAcl /asdf/wefw 'world,'anyone : cdrwa |
添加超级管理员
- 在zkServer.sh 中
123456789# 大约159行, start函数中,增加# -Dzookeeper.DigestAuthenticationProvider.superDigest=superadmin:vGHFzrhfHS/CfhvwQ89ccyfaWwY="# superadmin 为用户 = 后面为加密后的密码nohup "$JAVA" $ZOO_DATADIR_AUTOCREATE "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" \"-Dzookeeper.log.file=${ZOO_LOG_FILE}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" \"-Dzookeeper.DigestAuthenticationProvider.superDigest=superadmin:vGHFzrhfHS/CfhvwQ89ccyfaWwY=" \-XX:+HeapDumpOnOutOfMemoryError -XX:OnOutOfMemoryError='kill -9 %p' \-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null & - 重启服务
- 在zkCli中增加用户
1addauth digest admin:123456