设置zookeeper白名单
一、白名单方式
# 设置zookeeper白名单
# /usr/local/zookeeper-3.4.13/bin/zkCli.sh -server 127.0.0.1:2181
> setAcl /zookeeper ip:127.0.0.1:cdrwa
> setAcl /dubbo ip:127.0.0.1:cdrwa
> getAcl /zookeeper
> getAcl /dubbo
二、用户账号认证
1 加密用户密码
# echo -n admin:shuncom2004 | openssl dgst -binary -sha1 | openssl base64
j9pfb5lKAqerIC8/RmfV2Iq+1HQ=
2 设置权限
# /usr/local/zookeeper-3.4.13/bin/zkCli.sh -server 127.0.0.1:2181
> setAcl /zookeeper digest:admin:j9pfb5lKAqerIC8/RmfV2Iq+1HQ=:cdrwa
> getAcl /zookeeper
'digest,'admin:j9pfb5lKAqerIC8/RmfV2Iq+1HQ=
: cdrwa
> ls /zookeeper
Authentication is not valid : /zookeeper
# 授权登录
> addauth digest admin:shuncom2004
> ls /zookeeper
[quota]
三、老平台端口防火墙
# vsftpd相关
firewall-cmd --add-port=33880/tcp --permanent
firewall-cmd --add-port=10001-10005/tcp --permanent
firewall-cmd --add-port=30080/tcp --permanent
# 驱动
firewall-cmd --add-port=6011/tcp --permanent
firewall-cmd --add-port=6013/tcp --permanent
firewall-cmd --add-port=6014/tcp --permanent
firewall-cmd --add-port=6012/udp --permanent
# tomcat
firewall-cmd --add-port=8080/tcp --permanent
# shuncom-connect.jar
firewall-cmd --add-port=8088/tcp --permanent
firewall-cmd --add-port=8089/tcp --permanent
firewall-cmd --add-port=8094/tcp --permanent
firewall-cmd --add-port=8099/tcp --permanent
firewall-cmd --add-port=8091/tcp --permanent
# connect2-server.jar
firewall-cmd --add-port=8074/tcp --permanent
firewall-cmd --add-port=9097/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
No Comments