当前位置:网站首页>Etcd cluster permission management and account password usage
Etcd cluster permission management and account password usage
2022-07-03 14:19:00 【Development, operation and maintenance Xuande public】
List of articles
1. Examples of operation
1.1 Environmental statement
| node | IP |
|---|---|
| etcd1 | 10.10.239.31:1379 |
| etcd2 | 10.10.239.31:2379 |
| etcd3 | 10.10.239.31:3379 |
1.2 establish root user
root Users have all their own permissions , So just create the user , Open the authentication and you have all permissions .
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user add root
- Output is as follows
Password of root:
Type password of root again for confirmation:
User root created
User password is required for interaction
1.3 Turn on Authentication
- Turn on Authentication
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 auth enable
- test : Use user actions
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' put name "guanyu"
OK
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' get name
name
guanyu
- test : Do not use the user password to operate and report an error
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl get name
{
"level":"warn","ts":"2022-07-02T08:11:34.599Z","logger":"etcd-client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00014c000/127.0.0.1:2379","attempt":0,"error":"rpc error: code = InvalidArgument desc = etcdserver: user name is empty"}
Error: etcdserver: user name is empty
- If you decide to publish root user , Then it's OK to get here
- If you want to hide high permission root user , And publish ordinary users , Then continue to operate
1.4 General user management
1.4.1 Create a normal user
- Create a read user
Because password access has been enabled before , So here we need to add users and passwords . Of course, there is no need to add .
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user add myRead
- Create a write user
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user add myWrite
- Create read-write users
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user list
- To view the user
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user add myReadWrite
Output :
myRead
myReadWrite
myWrite
root
1.4.2 Create the role
- Create read roles
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role add roleRead
- Create a writing role
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role add roleWrite
- Create a read-write role
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role add roleReadWrite
- Check out the characters
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role list
result
roleRead
roleReadWrite
roleWrite
root
1.4.3 Empowering roles
- Read role grants read permission
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role grant-permission roleRead read /xishu/*
- Write role grants write permission
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role grant-permission roleWrite write /xishu/*
- Read / write role grants read / write permission
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role grant-permission roleReadWrite readwrite /xishu/*
- View role permissions
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 role get roleReadWrite
Results show
Role roleReadWrite
KV Read:
/xishu/*
KV Write:
/xishu/*
1.4.4 Bind roles to users
- Read user binding read role
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user grant-role myRead roleRead
- Write user binding write role
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user grant-role myWrite roleWrite
- Read corner users are bound to read and write roles
I have no name!@555187fb758c:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user grant-role myReadWrite roleReadWrite
- View results
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='root' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 user get myReadWrite
Output
User: myReadWrite
Roles: roleReadWrite
1.1.5 test
- Write two pieces of data with write account
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='myWrite' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 put /xishu/name "liubei"
OK
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='myWrite' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 put /xishu/age "28"
OK
- Read it with the read account
I have no name!@75cdaac66149:/opt/bitnami/etcd$ etcdctl --user='myRead' --password='[email protected]' --endpoints http://10.10.239.31:1379,http://10.10.239.31:2379,http://10.10.239.31:3379 get /xishu/age
/xishu/age
28
2. Common commands for permissions
2.1 User management
Create user
etcdctl user add user name
Delete user
etcdctl user del user name
Change Password
etcdctl user passwd user name
View all users
etcdctl user list
View the specified user and binding role
etcdctl user get user name
2.2 role
Add roles
etcdctl role add The role of
Empowering roles
etcdctl grant-permission The role of [read|write|readwrite] Range
The scope is as follows :
/xishu/*,/liubei
Reclaim role empowerment
etcdctl role revoke-permission The role of Recycled range
Delete the role
etcdctl role del The role of
Querying role list
etcdctl role list
Query the permissions of the specified role
etcdctl role get The role of
2.3 user & role
User binding role
etcdctl user grant-role user name The role of
Reclaim user binding permissions
etcdctl user revoke-role user name The role of
2.4 privilege use
etcdctl --user=' user name ' --password=' password ' ……
边栏推荐
- 修改数据库中的记录为什么报这个错
- Simulated access
- Redis: redis data structure and key operation commands
- Collection of mobile adaptation related articles
- FPGA test method takes mentor tool as an example
- Leetcode (4) - - trouver la médiane de deux tableaux ordonnés positifs
- Jiuyi cloud black free encryption free version source code
- Back to top implementation
- Leetcode(4)——尋找兩個正序數組的中比特數
- Statistical capital consonants
猜你喜欢
Generate directories from web content
Redis: operation command of string type data
JVM class loading
八大排序
Exercise 6-2 using functions to sum special A-string sequences
Metal organic framework MOFs loaded with non steroidal anti-inflammatory drugs | zif-8 wrapped Prussian blue loaded quercetin (preparation method)
QT learning 19 standard dialog box in QT (top)
[email protected] Nanoparticles) | nano metal organic framework carry"/>Metal organic framework material zif-8 containing curcumin( [email protected] Nanoparticles) | nano metal organic framework carry
Programmable logic device software testing
7-15 calculation of PI
随机推荐
Exercise 6-6 use a function to output an integer in reverse order
别再问自己适不适合做软件测试了
Selective sorting
Redis: operation command of string type data
JS matrix zero
必贝特医药冲刺科创板:年营收97万亏损1.37亿 拟募资20亿
愉悦资本新双币基金近40亿元完成首次关账
7-28 monkeys choose King (Joseph problem)
7-16 find the set of integers that meet the given conditions
etcd集群权限管理和账号密码使用
Find specified characters
String sort
QT learning 17 dialog box and its types
Generate directories from web content
7-6 mixed type data format input
How to delete an attribute or method of an object
Vite project commissioning
Zabbix添加Calculated items后保存页面成空白
全文检索引擎Solr系列—–全文检索基本原理
Exercise 10-3 recursive implementation of exponential functions