Zookeeper Dubbo IP 白名单
程序员文章站
2022-05-19 08:18:30
...
- zookeeper的节点概念
zookeeper入门系列:概述
总的来说 dubbo 体现在zookeeper中就是一个节点:/dubbo
-
使用zkCli.sh 连接zookeeper
/local/zookeeper-3.4.5/bin/zkCli.sh # 启动客户端 connect 172.16.103.33:2181 # 连接上目标zookeeper ls / # 查看根节点下的所有节点 setAcl /dubbo ip:172.16.103.33:cdrwa # 设置IP白名单
关于IP地址段
IP地址网段表示法
关于 ip段协议 设置失败 解决方案 使用zkClient (javaAPI解决)
详见下面的 zkClient部分
10/16 补充 用户名密码方案
-
客户端连接zookeeper
./zkCli.sh
-
使用java生成密码
generateDigest("用户名:密码")
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; import org.junit.Test; import java.security.NoSuchAlgorithmException; /** * @author luwenlong * @date 2017/10/13 * @description 类描述 */ public class PasswordBuilder { @Test public void generate() { try { System.out.println(DigestAuthenticationProvider.generateDigest("luwfls:luwfls")); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
设置dubbo的密码权限(这里的密码是加密后的不要使用明文密码)
setAcl /dubbo digest:luwfls:dbshuAKWkOXQro563C0o+16AAR4=:cdrwa
附超级权限设置方法,以供设置密码错误或忘记密码
-
编辑
zkServer.sh 109行
nohup "$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" "-Dzookeeper.DigestAuthenticationProvider.superDigest=super:g9oN2HttPfn8MMWJZ2r45Np/LIA=" \
-
重启zookeeper
./zkServer.sh restart
-
验证
./zkCli.sh ##连接 addauth digest:luwfls:luwfls ## 相当于超级管理员登陆 setAcl /dubbo digest:用户名:加密后的密码:权限 ## 以超级管理员身份设置新密码
11/02 补充zkClient 方案
- 前提 需参考上一步,设置完超级管理员之后可使用超级管理员权限使用
- demo的github地址
- 简介
import org.I0Itec.zkclient.ZkClient;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import org.junit.Test;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/**
* @author luwenlong
* @date 2017/10/17 0017
* @description zookeeper 管理
*/
public class ZKManager {
private static final String ZKADDRESS = "172.16.101.130:2190";
private static final String SUPERAUTH = "super:superpw";
private static final String LUWFLS = "luwfls:luwfls";
private static final String DIGEST = "digest";
private static ZkClient zkClient = new ZkClient(ZKADDRESS);
@Test
public void testZooKeeperConnect() throws IOException {
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
//zooKeeper.addAuthInfo(DIGEST,"super:superpw".getBytes());
ZooKeeper.States state = zooKeeper.getState();
System.out.println("状态: "+state);
}
/**
* 超级管理员身份 修改根目录权限 为 任何人任何权限
*/
@Test
public void setRootWorldCDRWA() throws Exception {
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo(DIGEST,SUPERAUTH.getBytes());
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("world","anyone")));
zooKeeper.setACL("/dubbo",acls,13);
}
/**
* 设置IP段 白名单
* 有问题 KeeperErrorCode = InvalidACL for /dubbo
*/
@Test
public void setIPS() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo(DIGEST,LUWFLS.getBytes());
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.33")));
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.60")));
//当前version 可理解为乐观锁的最后一个版本号(屁民理论)
zooKeeper.setACL("/dubbo",acls,zooKeeper.exists("/dubbo",false).getAversion());
}
/**
* 查询权限
*/
@Test
public void getAcl() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo("digest","luwfls:luwfls".getBytes());
ZooKeeper.States state = zooKeeper.getState();
System.out.printf("state " + state);
List<ACL> acl = zooKeeper.getACL("/dubbo", new Stat());
acl.forEach(acl1 -> System.out.println(acl1));
}
/**
* 查询 节点版本 version
* 更改权限的时候需要设置 当前节点的 可用版本号 Stat.aversion
*/
@Test
public void queryVersion() throws Exception{
ZooKeeper zooKeeper = new ZooKeeper(ZKADDRESS, 500, watchedEvent -> System.out.println("已经触发了" + watchedEvent.getType() + "事件!"));
zooKeeper.addAuthInfo("digest","luwfls:luwfls".getBytes());
Stat stat = zooKeeper.exists("/dubbo", false);
System.out.println(String.format("version %s cversion %s aversion %s ", stat.getVersion(),stat.getCversion(),stat.getAversion()));
System.out.println(stat);
}
/**
* 创建节点
*/
@Test
public void testCreatePersistent() {
zkClient.createPersistent("/test123");
}
}
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.33")));
acls.add(new ACL(ZooDefs.Perms.ALL,new Id("ip","172.16.103.60")));
//当前version 可理解为乐观锁的最后一个版本号(屁民理论)
zooKeeper.setACL("/test123",acls,zooKeeper.exists("/test123",false).getAversion());
通过上面的代码 设置了两个IP加入白名单。
推荐阅读
-
spring Boot环境下dubbo+zookeeper的一个基础讲解与示例
-
解决dubbo注册zookeeper默认内网ip注册
-
Dubbo+Zookeeper(一)Zookeeper初识
-
php实现ip白名单黑名单功能
-
SpringBoot+Dubbo+Zookeeper整合搭建简单的分布式应用
-
PHP 限制访问ip白名单
-
微信公众号如IP白名单在哪里? 微信公众平台ip白名单配置方法
-
centOS7 下利用iptables配置IP地址白名单的方法
-
带着新人学springboot的应用12(springboot+Dubbo+Zookeeper 下)
-
带着新人学springboot的应用11(springboot+Dubbo+Zookeeper 上)