1, Zookeeper common commands
1. Common commands on the server
Previously, Zookeeper was installed using Docker. We can use / bin / zkserver SH this script performs server related operations:
- Start ZK service: SH bin / zkserver sh start
- Check ZK service status: SH bin / zkserver sh status
- Stop ZK service: SH bin / zkserver sh stop
- Restart ZK service: SH bin / zkserver sh restart
docker enters the Zookeeper service that has been started:
[root@centos7 ~]# docker exec -it 9bb8ce0a893f /bin/bash root@9bb8ce0a893f:/apache-zookeeper-3.6.3-bin#
2. zkCli client common commands
We can use / bin / zkcli SH this script performs related operations with the server.
2.1 connecting zk server
Use zkcli SH - server IP: connect the port to ZooKeeper service.
root@9bb8ce0a893f:/apache-zookeeper-3.6.3-bin/bin# zkCli.sh -server 192.168.198.110:2181 Connecting to 192.168.198.110:2181
After the connection is successful, the system will output the relevant environment and configuration information of ZooKeeper. You can use the command to interact with ZK service. For example:
- Help: help command. View all commands supported by ZK
- quit: exit the client
- ls path: view the nodes in the directory
- ls -s path: view the node and status information under the directory
- stat: it is the abbreviation of the word status. It is mainly used to view the status information of nodes.
2.2 ls command
ls command: view the node information under the directory
Command format: ls [-s] [-w] [-R] path
- -s: Displays node details, including status information
- -w: Add a watch monitor
- -R: List the cascading nodes of the node
- path: displays the node / file in a directory
[zk: 192.168.198.110:2181(CONNECTED) 9] ls /zookeeper [config, quota] [zk: 192.168.198.110:2181(CONNECTED) 10] ls -s /zookeeper [config, quota] cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -2 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 2 [zk: 192.168.198.110:2181(CONNECTED) 11] ls -R /zookeeper /zookeeper /zookeeper/config /zookeeper/quota
2.2 stat command
stat command: View node status.
Command format: stat [-w] path
- -w: Add watch
- path: view the status of nodes in a directory
[zk: 192.168.198.110:2181(CONNECTED) 12] stat /zookeeper cZxid = 0x0 ctime = Thu Jan 01 00:00:00 UTC 1970 mZxid = 0x0 mtime = Thu Jan 01 00:00:00 UTC 1970 pZxid = 0x0 cversion = -2 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 2
2.3 create command
create command: creates a node. The default is a persistent node
Command format: create [-s] [-e] [-c] [-t ttl] path [data] [acl]
- -s: Ordered node
- -e: Temporary node, without default, is a persistent node
- -t ttl: node with expiration time, for example: create ‐ t 10 /ttl
Znode is generally divided into four types:
- persistent
- Temporary (ephemeral)
- persistent_sequential
- ephemeral_sequential
1) Create persistent node
[zk: 192.168.198.110:2181(CONNECTED) 12] create /p_node1 Created /p_node1
2) Create temporary node
[zk: 192.168.198.110:2181(CONNECTED) 5] create -e /p_node1/e_node1 Created /p_node1/e_node1 [zk: 192.168.198.110:2181(CONNECTED) 7] create -e /p_node1/e_node2 "node data" Created /p_node1/e_node2
- Temporary node, ephemeralOwner field status is not empty
3) Create order node
Note: the settable node path will be renamed to the sequence number. When not set, the number of node sequences starts with prefix 0
[zk: 192.168.198.110:2181(CONNECTED) 13] create -s /p_node2/ Node does not exist: /p_node2/ [zk: 192.168.198.110:2181(CONNECTED) 15] create /p_node2 Created /p_node2 [zk: 192.168.198.110:2181(CONNECTED) 16] create -s /p_node2/ Created /p_node2/0000000000 [zk: 192.168.198.110:2181(CONNECTED) 17] create -s /p_node2/ Created /p_node2/0000000001 [zk: 192.168.198.110:2181(CONNECTED) 18] create -s /p_node2/seq_ Created /p_node2/seq_0000000002 [zk: 192.168.198.110:2181(CONNECTED) 19] create -s /p_node2/seq_ Created /p_node2/seq_0000000003
4) Create ttl node
Syntax: create create ‐ t expiration time / node path node data
- It is disabled by default and needs to be in zoo Add extendedTypesEnabled=true in CFG to enable. Note: ttl cannot be used for temporary nodes.
[zk: 192.168.198.110:2181(CONNECTED) 25] create -t 10 /p_node1/ttl_node KeeperErrorCode = Unimplemented for /p_node1/ttl_node [zk: 192.168.198.110:2181(CONNECTED) 27] ls -R /p_node1 /p_node1 /p_node1/e_node1 /p_node1/e_node2
2.4 set command
set command: modify node content
Command format: set [-s] [-v version] path data
- -s: Update node data and display node status information
- -v specifies the data version number. If the specified data version number is inconsistent with the current data version number, the update fails.
[zk: 192.168.198.110:2181(CONNECTED) 36] set /p_node1/e_node1 "set data1" [zk: 192.168.198.110:2181(CONNECTED) 37] set -s /p_node1/e_node1 "set data2" cZxid = 0x6c ctime = Fri May 13 09:55:49 UTC 2022 mZxid = 0x80 mtime = Fri May 13 10:15:46 UTC 2022 pZxid = 0x6c cversion = 0 dataVersion = 6 aclVersion = 0 ephemeralOwner = 0x100002513c80001 dataLength = 9 numChildren = 0
2.5 get command
Get command: get node / file content
Command format: get [-s] [-w] path
- -s: View node data and node status information
- -w add a watch. When the node data changes, the client will be notified (the notification is one-time).
[zk: 192.168.198.110:2181(CONNECTED) 38] get /p_node1/e_node1 set data2 [zk: 192.168.198.110:2181(CONNECTED) 39] get -s /p_node1/e_node1 set data2 cZxid = 0x6c ctime = Fri May 13 09:55:49 UTC 2022 mZxid = 0x80 mtime = Fri May 13 10:15:46 UTC 2022 pZxid = 0x6c cversion = 0 dataVersion = 6 aclVersion = 0 ephemeralOwner = 0x100002513c80001 dataLength = 9 numChildren = 0
2.6 deleting nodes
1) delete command
delete command: only nodes without child nodes can be deleted. If it has child nodes, it cannot be deleted
Command format: delete [-v version] path
2) deleteall command
deleteall command: cascade delete the node and child nodes.
Command format: deleteall path [-b batch size]
[zk: 192.168.198.110:2181(CONNECTED) 43] delete /p_node2/seq_0000000002 [zk: 192.168.198.110:2181(CONNECTED) 44] ls -R /p_node2 /p_node2 /p_node2/0000000000 /p_node2/0000000001 /p_node2/seq_0000000003 [zk: 192.168.198.110:2181(CONNECTED) 45] deleteall /p_node2 [zk: 192.168.198.110:2181(CONNECTED) 46] ls -R /p_node2 Node does not exist: /p_node2
Other commands:
- History: displays the history of the last 11 commands executed
- getAllChildrenNumber: get the number of all descendant nodes under the node
- getEphemerals: get all temporary nodes created by the current client
- ACL commands and listening commands are used separately.
2, ACL command
Zookeeper uses ACL(Access Control Lists) policy to control permissions, which is similar to the permission control of UNIX file system. Purpose to ensure data security
1. Overall composition of ACL
The ACL(Access Control List) of Zookeeper is divided into three dimensions: scheme, id and permission.
It is usually expressed as: scheme:id:permission to form a permission list.
- scheme: represents the use of a certain permission mechanism
- id: represents the user allowed to access
- Permissions: represents permissions (combined string)
1) scheme: Permission Policy
- World: there is only one id in the world, that is, there is only one user, that is, anyone. Then the combination is written as world:anyone:[permissions]. world:anyone stands for anyone. The nodes in zookeeper that have permission for everyone belong to world:anyone.
- If the user has permission, it can be registered in the form of [auth: permission] in plaintext.
It does not need an id, and any user who passes authentication has permission (zookeeper supports authentication through kerberos and authentication in the form of username/password). - digest: you need to encrypt the password to access. The encrypted password is used. The combination form is
digest: username:BASE64(SHA1(password)) :[permissions]. - ip: its corresponding id is the ip address of the client. When setting, you can set an ip segment to restrict ip access. For example, ip:192.168.1.1:[permissions]
- Super: represents the super administrator and has all permissions
2) id: user
id is the verification mode, and the value of id is different for different scheme s. The default is anyone.
- When scheme is auth, id is username:password
- When scheme is digest, id is username:BASE64(SHA1(password))
- When scheme is ip, id is the ip address of the client.
- When scheme is world, id is: anyone.
3) Permission: permission
Zookeeper defines five permissions:
- CREATE ©: Permission to create child nodes. Allow to create child nodes;
- DELETE(d): the permission to delete a node. Allow to delete child nodes;
- READ ®: Permission to read node data. Allow to obtain data from the node and list its child nodes;
- WRITE(w): permission to modify node data. Allow setting data for nodes;
- ADMIN(a): set the permissions of child nodes and allow setting permissions for nodes.
CREATE, READ, WRITE, DELETE and ADMIN are the add, DELETE, modify, query and manage permissions. These five permissions are abbreviated as crwda (the abbreviation of the first character of the word).
2. ACL command operation
2.1 getAcl command
getAcl command: View ACL information of the specified node
Command format: getAcl [-s] path
- -s: View node details
[zk: 192.168.198.110:2181(CONNECTED) 15] getAcl /p_node1 'world,'anyone : cdrwa [zk: 192.168.198.110:2181(CONNECTED) 17] getAcl -s /p_node1 'world,'anyone : cdrwa cZxid = 0x67 ctime = Fri May 13 09:53:38 UTC 2022 mZxid = 0x67 mtime = Fri May 13 09:53:38 UTC 2022 pZxid = 0x83 cversion = 6 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 0
2.2 setAcl command
Command information of ACL node: setAcl
Command format: setAcl [-s] [-v version] [-R] path acl
[zk: 192.168.198.110:2181(CONNECTED) 21] create /testAcl Created /testAcl # Set acl permissions for this node [zk: 192.168.198.110:2181(CONNECTED) 22] setAcl /testAcl world:anyone:crwa [zk: 192.168.198.110:2181(CONNECTED) 23] getAcl /testAcl 'world,'anyone : crwa # Create child node [zk: 192.168.198.110:2181(CONNECTED) 24] create /testAcl/xyz " xyz-data" Created /testAcl/xyz # The prompt cannot be deleted because there is no d permission [zk: 192.168.198.110:2181(CONNECTED) 25] delete /testAcl/xyz Insufficient permission : /testAcl/xyz
2.3 addauth command
addauth command: add an authenticated user
Command format: addauth scheme auth
- scheme: (Digest: the authorization method) the format is: digest username:password
- auth: assign permissions, crwda. If not writing indicates creating a user, you can set permissions through the setAcl command
We create a user and assign permissions:
[zk: 192.168.198.110:2181(CONNECTED) 27] addauth digest charge_admin:123456 crwda [zk: 192.168.198.110:2181(CONNECTED) 28] addauth digest charge_crw:123456 crw
Set a user for a node. The user can only operate within the assigned permission.
# Add a user [zk: 192.168.198.110:2181(CONNECTED) 13] addauth digest user1:123456 # Set user permissions for nodes [zk: 192.168.198.110:2181(CONNECTED) 14] setAcl /testAcl auth:user1:123456:crwa # View node permissions. Passwords are stored in ciphertext [zk: 192.168.198.110:2181(CONNECTED) 15] getAcl /testAcl 'digest,'user1:HYGa7IZRm2PUBFiFFu8xY2pPP/s= : crwa [zk: 192.168.198.110:2181(CONNECTED) 16] create /testAcl/ztest "data" Created /testAcl/ztest # The prompt cannot be deleted because the user does not have d permission [zk: 192.168.198.110:2181(CONNECTED) 17] delete /testAcl/ztest Insufficient permission : /testAcl/ztest
Without permission, we quit, re-enter the client and operate the / testAcl node.
#Cannot access without user rights [zk: 192.168.198.110:2181(CONNECTED) 0] ls /testAcl Insufficient permission : /testAcl [zk: 192.168.198.110:2181(CONNECTED) 1] create /testAcl/ztest2 Insufficient permission : /testAcl/ztest2 # After adding permissions again, you can access [zk: 192.168.198.110:2181(CONNECTED) 2] addauth digest user1:123456 [zk: 192.168.198.110:2181(CONNECTED) 3] create /testAcl/ztest2 Created /testAcl/ztest2 [zk: 192.168.198.110:2181(CONNECTED) 4] ls -R /testAcl /testAcl /testAcl/xyz /testAcl/ztest /testAcl/ztest2 # The prompt cannot be deleted because the user does not have d permission [zk: 192.168.198.110:2181(CONNECTED) 5] delete /testAcl/ztest2 Insufficient permission : /testAcl/ztest2
# The prompt cannot be deleted because the user does not have permission on this node [zk: 192.168.198.110:2181(CONNECTED) 7] addauth digest charge_crw:123456 [zk: 192.168.198.110:2181(CONNECTED) 8] delete /testAcl/ztest2 Insufficient permission : /testAcl/ztest2 [zk: 192.168.198.110:2181(CONNECTED) 9] addauth digest charge_admin:123456 [zk: 192.168.198.110:2181(CONNECTED) 10] delete /testAcl/ztest2 Insufficient permission : /testAcl/ztest2
For the commands related to permission policy scheme, see the reference article.
3, Listening command
A common function of Zookeeper is watcher (event listener), which allows users to register watcher on the specified node (register and listen for events of interest). When some specific events of interest occur, the Watcher will be triggered, and the Zookeeper service end will notify the interested clients of the events. This mechanism is an important feature of Zookeeper's implementation of distributed coordination services.
Monitoring mechanism: the client can monitor the change of the node. When the node changes, the corresponding event will be triggered. When the event is triggered, the client will receive a packet indicating that the node has changed.
1. One time monitoring
1.1 monitoring node directory changes
Listening node directory change: the child node of the listening node changes, which is triggered when the child node changes.
Command format: ls -w path
#Create node [zk: 192.168.198.110:2181(CONNECTED) 13] create /watch_node Created /watch_node #Listen for node directory changes [zk: 192.168.198.110:2181(CONNECTED) 14] ls -w /watch_node [] [zk: 192.168.198.110:2181(CONNECTED) 15] create /watch_node/w1 data1 WATCHER:: WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/watch_node Created /watch_node/w1 [zk: 192.168.198.110:2181(CONNECTED) 17] create /watch_node/w2 data2 Created /watch_node/w2
One time monitoring. It will be deleted after triggering and cannot be triggered again.
1.2 monitoring node data changes
Monitor node data change: triggered when the node data changes. Data changes of child nodes will not be triggered.
Command format: get -w path
# Monitoring node data changes [zk: 192.168.198.110:2181(CONNECTED) 18] get -w /watch_node null [zk: 192.168.198.110:2181(CONNECTED) 19] set /watch_node data WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/watch_node [zk: 192.168.198.110:2181(CONNECTED) 20] set /watch_node data2
One time monitoring. It will be deleted after triggering and cannot be triggered again.
2. Permanent monitoring
After zookeeper version 3.6.0, the client can create permanent monitoring on the node, and the permanent monitoring will not be deleted after being triggered.
Command format: addWatch [-m mode] path
When creating a permanent listener, you can specify the mode through - m. there are two modes:
- PERSISTENT
- PERSISTENT_RECURSIVE, do not specify, use persistent by default_ Recursive mode.
2.1 PERSISTENT
- PERSISTENT: the data change of this node and the change of child nodes will trigger corresponding events, and the data change of child nodes will not trigger.
[zk: 192.168.198.110:2181(CONNECTED) 29] create /watch_node2 # Listening node PERSISTENT [zk: 192.168.198.110:2181(CONNECTED) 30] addWatch -m PERSISTENT /watch_node2 [zk: 192.168.198.110:2181(CONNECTED) 31] set /watch_node2 data1 WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/watch_node2 [zk: 192.168.198.110:2181(CONNECTED) 32] create /watch_node2/w1 data WATCHER::Created /watch_node2/w1 WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/watch_node2 #Data changes of child nodes will not be triggered [zk: 192.168.198.110:2181(CONNECTED) 33] set /watch_node2/w1 data1 [zk: 192.168.198.110:2181(CONNECTED) 34] delete /watch_node2/w1 WATCHER:: WatchedEvent state:SyncConnected type:NodeChildrenChanged path:/watch_node2
2.2 PERSISTENT_RECURSIVE
- PERSISTENT_RECURSIVE: the data change of this node and the directory or data change of all descendant nodes will trigger corresponding events.
[zk: 192.168.198.110:2181(CONNECTED) 39] create /watch_node3 # Listening node PERSISTENT_RECURSIVE [zk: 192.168.198.110:2181(CONNECTED) 40] addWatch -m PERSISTENT_RECURSIVE /watch_node3 [zk: 192.168.198.110:2181(CONNECTED) 41] set /watch_node3 data1 WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/watch_node3 [zk: 192.168.198.110:2181(CONNECTED) 42] create /watch_node3/w1 WATCHER:: WatchedEvent state:SyncConnected type:NodeCreated path:/watch_node3/w1 Created /watch_node3/w1 #The data change of child nodes will also be triggered [zk: 192.168.198.110:2181(CONNECTED) 43] set /watch_node3/w1 data1 WATCHER:: WatchedEvent state:SyncConnected type:NodeDataChanged path:/watch_node3/w1 [zk: 192.168.198.110:2181(CONNECTED) 44] delete /watch_node3/w1 WATCHER:: WatchedEvent state:SyncConnected type:NodeDeleted path:/watch_node3/w1
4, Common four word commands for ZooKeeper
Zookeeper supports some specific four word commands to interact with it. Users can obtain the current status and relevant information of zookeeper service. Users can submit corresponding commands to zookeeper through telenet or nc (netcat) on the client.
Four word command format: echo [command] | nc [ip] [port]
You need to turn on the quadword command and install nc.
1) Open four word command
If stat is not executed because it is not in the whitelist The whitelist problem indicates that the four word command may not be enabled in the configuration.
root@9bb8ce0a893f:/apache-zookeeper-3.6.3-bin# ls /conf/ configuration.xsl log4j.properties zoo.cfg zoo_sample.cfg
In zoo Add configuration items to the cfg file to release these instructions
#Open four word command 4lw.commands.whitelist=*
2) Install nc
# centos yum install nc
The four word commands commonly used by ZooKeeper are as follows:
Reference article:
- zkCli command to view official documents:
- A complete collection of common commands of ZooKeeper (ACL mechanism / quadword command): https://blog.csdn.net/yearingforthefuture/article/details/117574486
– hungry for knowledge, foolish for modesty.