Skip to content

Clickhouse 配置zookeeper ACL

背景

在生产环境中使用Clickhouse被检查出zookeeper无认证,需要添加认证以保证安全。

操作过程

首先在官方文档中查找,在配置参数设置 找到相关配置。

<zookeeper>
    <node>
        <host>example1</host>
        <port>2181</port>
    </node>
    <node>
        <host>example2</host>
        <port>2181</port>
    </node>
    <session_timeout_ms>30000</session_timeout_ms>
    <operation_timeout_ms>10000</operation_timeout_ms>
    <!-- Optional. Chroot suffix. Should exist. -->
    <root>/path/to/zookeeper/node</root>
    <!-- 这里密码是明文 -->
    <!-- Optional. Zookeeper digest ACL string. -->
    <identity>user:password</identity>
</zookeeper>

官方参数定义:

session_timeout — Maximum timeout for the client session in milliseconds.
root — The znode that is used as the root for znodes used by the ClickHouse server. Optional.
identity — User and password, that can be required by ZooKeeper to give access to requested znodes. Optional.

常见问题

  1. zookeeper 是否添加相关权限
    # 添加账号密码
    addauth digest clickhouse:myPassword
    # 授权
    setAcl / auth:clickhouse:myPassword:cdrwa
  2. 配置问题
    1. 是否正确配置账号密码
    2. 配置完成需要重启才生效
发表评论

电子邮件地址不会被公开。 必填项已用*标注