案例说明:

在KingbaseES R3集群的最新版本中增加了kingbase_monitor.sh一键修改集群用户密码的功能,本案例是对此功能的测试。

kingbaseES R3集群一键修改密码说明:

1、 命令行命令

kingbase_monitor.sh change_password user old_password new_password

kingbase_monitor.sh change_password user old_password new_password —修改集群使用的用户的密码。

2、描述

kingbase_monitor.sh change_password user old_password new_password判断用户是否为集群使用的用户,如果是则修改用户密码,如果不是则提示用户集群未使用该用户,请使用sql方式修改用户密码。

3、选项

以下是脚本执行参数:

change_password

脚本调用修改用户密码函数

user

要进行修改密码的用户,只能是集群初始化时指定的用户

old_password

用户的旧密码

new_password

用户的新密码

例:

4、注意事项

1.必须在集群所有节点状态正常的情况下才能执行修改密码操作

2.kingbase_monitor.sh change_password 用户名 '旧密码' '新密码' 使用一键修改密码功能时 旧密码,新密码参数必须使用''括起来

3.用户必须是集群流复制使用的用户才能进行修改密码,否则会提示集群未使用该用户,请使用sql alter user命令进行修改密码

kingbaseES R3集群一键修改密码测试案例:

数据库版本:

集群架构:

一、查看集群状态

[kingbase@node1 bin]$  ./ksql -U SYSTEM -W 123456 TEST -p 9999

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# show pool_nodes;

 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay

---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------

 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | false             | 0

 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | true              | 0

(2 rows)

TEST=# select * from sys_stat_replication;

 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE

------+----------+---------+------------------+---------------+-----------------+-------------+--

 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13003B50    | 0/13003B50     | 0/13003B50     | 0/13003B50      |             1 | sync

(1 row)

二、修改system用户密码

# 查看kingbase_monitor.sh功能

[kingbase@node1 bin]$ ./kingbase_monitor.sh

-----------------------------------------------------------------------

2021-03-01 16:20:55 KingbaseES automation beging...

usage: ./kingbase_monitor.sh start | stop | restart | set [--restart] | change_password user old_password new_password 

# 一键修改用户密码

[kingbase@node1 bin]$ ./kingbase_monitor.sh change_password SYSTEM '123456' '12345678'

-----------------------------------------------------------------------

2021-03-01 16:25:34 KingbaseES automation beging...

Begin alter user password

2021-03-01 16:25:55: pid 20642: LOG:  stop request sent to kingbasecluster. waiting for termination.....done.

2021-03-01 16:25:41: pid 14549: LOG:  stop request sent to kingbasecluster. waiting for termination.....done.

Alter user password OK

=注意:由以上信息获知,在修改集群用户密码时,将会stop主备库的kingbasecluster服务,在生产环境修改时,需要注意,尽量不要在业务运行期间修改。=

三、验证密码修改效果

1、验证system用户密码修改结果



测试修改SUPERMANAGER_V8ADMIN用户密码:(修改失败)

2、查看kingbasecluster 服务(所有节点)

[kingbase@node1 bin]$ netstat -an |grep 9999

unix  2      [ ACC ]     STREAM     LISTENING     2999949  @/tmp/dbus-fXYPBXlK

unix  2      [ ACC ]     STREAM     LISTENING     2999948  @/tmp/dbus-h5GlLPYf

unix  2      [ ]         STREAM     CONNECTED     2999944

[kingbase@node1 bin]$ netstat -an |grep 9000

[kingbase@node1 bin]$ netstat -an |grep 9694

3、查看kingbasecluster日志

主库:

备库:

=通过以上信息获知,system用户密码修改成功,但是主备库上的kingbasecluster服务都被stop。=

四、手工启动kingbasecluster服务(root用户)

1、root用户手工启动kingbasecluster服务

[root@node1 ~]# /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n >>/home/kingbase/cluster/kha/log/cluster.log 2>&1 &

[1] 18241

2、查看kingbasecluster进程

[root@node1 ~]# ps -ef |grep kingbase

kingbase  9254     1  0 16:13 ?        00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data

kingbase  9256  9254  0 16:13 ?        00:00:00 kingbase: logger process

kingbase  9816  9254  0 16:15 ?        00:00:00 kingbase: checkpointer process

kingbase  9817  9254  0 16:15 ?        00:00:00 kingbase: writer process

kingbase  9818  9254  0 16:15 ?        00:00:00 kingbase: wal writer process

kingbase  9819  9254  0 16:15 ?        00:00:00 kingbase: autovacuum launcher process

kingbase  9820  9254  0 16:15 ?        00:00:00 kingbase: archiver process   failed on 000000020000000000000010

kingbase  9821  9254  0 16:15 ?        00:00:00 kingbase: stats collector process

kingbase  9822  9254  0 16:15 ?        00:00:00 kingbase: bgworker: syslogical supervisor

kingbase  9903  9254  0 16:15 ?        00:00:00 kingbase: wal sender process SYSTEM 192.168.7.243(47620) streaming 0/13004420

root     13110 11490  0 14:07 pts/1    00:00:00 su - kingbase

kingbase 13112 13110  0 14:07 pts/1    00:00:00 -bash

root     18241 17531  0 16:40 pts/0    00:00:00 /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n

root     18260 18241  0 16:40 pts/0    00:00:00 kingbasecluster: watchdog

root     18310 18241  0 16:40 pts/0    00:00:00 kingbasecluster: lifecheck

root     18312 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat receiver

root     18314 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat sender

root     18315 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18316 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18317 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18318 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18319 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18320 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18321 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18322 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18323 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18324 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18325 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18326 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18327 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18328 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18329 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18330 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18334 18241  0 16:40 pts/0    00:00:00 kingbasecluster: PCP: wait for connection request

root     18335 18241  0 16:40 pts/0    00:00:00 kingbasecluster: worker process

3、验证kingbasecluster服务

[kingbase@node1 bin]$ ./ksql -U SYSTEM -W 12345678 TEST -p 9999

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# show pool_nodes;

 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay

---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------

 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | true              | 0

 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | false             | 0

(2 rows)

[kingbase@node1 bin]$ ./ksql -U SYSTEM -W 12345678 TEST

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# select * from sys_stat_replication;

 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE

------+----------+---------+------------------+---------------+-----------------+-------------+-

 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13004420    | 0/13004420     | 0/13004420     | 0/13004420      |             1 | sync

(1 row)

五、测试kingbase_monitor.sh一键重启(可选)

[kingbase@node1 bin]$ ./kingbase_monitor.sh restart

-----------------------------------------------------------------------

2021-03-01 16:48:42 KingbaseES automation beging...

2021-03-01 16:48:42 stop kingbasecluster [192.168.7.243] ...

remove status file  /home/kingbase/cluster/kha/run/kingbasecluster/kingbasecluster_status

DEL VIP NOW AT 2021-03-01 16:49:05 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:48 Done...

2021-03-01 16:48:48 stop kingbasecluster [192.168.7.248] ...

remove status file  /home/kingbase/cluster/kha/run/kingbasecluster/kingbasecluster_status

DEL VIP NOW AT 2021-03-01 16:48:53 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:53 Done...

2021-03-01 16:48:53 stop kingbase [192.168.7.243] ...

set /home/kingbase/cluster/kha/db/data down now...

2021-03-01 16:48:56 Done...

2021-03-01 16:48:57 Del kingbase VIP [192.168.7.245/24] ...

DEL VIP NOW AT 2021-03-01 16:49:16 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:58 Done...

2021-03-01 16:48:58 stop kingbase [192.168.7.248] ...

set /home/kingbase/cluster/kha/db/data down now...

2021-03-01 16:49:04 Done...

2021-03-01 16:49:05 Del kingbase VIP [192.168.7.245/24] ...

DEL VIP NOW AT 2021-03-01 16:49:05 ON enp0s3

execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]

Oprate del ip cmd end.

2021-03-01 16:49:05 Done...

......................

all stop..

ping trust ip 192.168.7.1 success ping times :[3], success times:[2]

ping trust ip 192.168.7.1 success ping times :[3], success times:[2]

start crontab kingbase position : [3]

Redirecting to /bin/systemctl restart  crond.service

start crontab kingbase position : [2]

Redirecting to /bin/systemctl restart  crond.service

ADD VIP NOW AT 2021-03-01 16:49:18 ON enp0s3

execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]

execute: /home/kingbase/cluster/kha/db/bin/arping -U 192.168.7.245 -I enp0s3 -w 1

ARPING 192.168.7.245 from 192.168.7.245 enp0s3

Sent 1 probes (1 broadcast(s))

Received 0 response(s)

ping vip 192.168.7.245 success ping times :[3], success times:[2]

ping vip 192.168.7.245 success ping times :[3], success times:[2]

now,there is a synchronous standby.

wait kingbase recovery 5 sec...

start crontab kingbasecluster line number: [6]

Redirecting to /bin/systemctl restart  crond.service

start crontab kingbasecluster line number: [3]

Redirecting to /bin/systemctl restart  crond.service

......................

all started..

...

now we check again

=======================================================================

|             ip |                       program|              [status]

[  192.168.7.243]|             [kingbasecluster]|              [active]

[  192.168.7.248]|             [kingbasecluster]|              [active]

[  192.168.7.243]|                    [kingbase]|              [active]

[  192.168.7.248]|                    [kingbase]|              [active]

=======================================================================

六、总结

 对于KingbaseES R3集群,kingbase_monitor.sh一键修改密码的功能,增加了管理员管理集群用户的方便性;但是需要注意的是,在修改集群用户密码时,将会将集群所有node的kingbasecluster服务stop,这个在生产环境使用时,需要注意。

KingbaseES R3 集群一键修改集群用户密码案例的更多相关文章

  1. KingbaseES R6 集群一键修改集群和数据库参数测试案例

    ​ 案例说明: 集群环境修改集群或数据库参数,需要在每个node上都要修改,在每个节点而执行修改操作,容易出现漏改或节点上参数不一致等错误:在KingbaseES V8R6的集群中增加了,一键修改参数 ...

  2. KingbaseES R6 集群sys_monitor.sh change_password一键修改集群用户密码

    案例说明: kingbaseES R6集群用户密码修改,需要修改两处: 1)修改数据库用户密码(alter user): 2)修改.encpwd文件中用户密码: 可以通过sys_monitor.sh ...

  3. java修改AD域用户密码使用SSL连接方式

    正常情况下,JAVA修改AD域用户属性,只能修改一些普通属性, 如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改, SSL连接的方式需要操作以下步骤: 1 ...

  4. 德邦总管 修改oracle数据库用户密码的方法

    WIN+R打开运行窗口,输入cmd进入命令行: 输入sqlplus ,输入用户名,输入口令(如果是超级管理员SYS的话需在口令之后加上as sysdba)进入sql命令行:    连接成功后,输入“s ...

  5. 修改oracle数据库用户密码的方法

    WIN+R打开运行窗口,输入cmd进入命令行: 输入sqlplus ,输入用户名,输入口令(如果是超级管理员SYS的话需在口令之后加上as sysdba)进入sql命令行:    连接成功后,输入“s ...

  6. 烦烦烦SharePoint2013 以其他用户登录和修改AD域用户密码

    sharepoint默认是没有修改AD密码 和切换 用户的功能,这里我用future的方式来实现. 部署wsp前: 部署后 点击以其他用户身份登录 点击修改用户密码: 这里的扩展才菜单我们用Custo ...

  7. SharePoint中修改密码的WEB Part之终极版:即可以修改AD,又可以修改本机用户密码的Web Part!!

    转:http://www.cnblogs.com/dosboy/archive/2007/08/01/838859.html 在网上查了那么多SharePoint密码修改的第三方开发,都有问题.总结下 ...

  8. 忘记oracle的sys密码该如何重置;附如何修改oracle数据库用户密码

    参考博客:http://blog.itpub.net/26015009/viewspace-717505/ 这里只说一种方法:使用ORAPWD.EXE 工具修改密码 打开命令提示符窗口,输入如下命令: ...

  9. SharePoint2013 以其他用户登录和修改AD域用户密码 功能

    sharepoint默认是没有修改AD密码 和切换 用户的功能,这里我用future的方式来实现. 部署wsp前: 部署后: 点击以其他用户身份登录 点击修改用户密码: 这里的扩展才菜单我们用Cust ...

随机推荐

  1. Servlet 之 Http协议

    请求消息数据格式 请求行  请求方式 请求url 请求协议或者版本 (GET    /login.html   HTTP/1.1) 请求头 请求头名称:请求头值 多个用逗号分隔 请求空行  空行分隔作 ...

  2. umask默认权限及特殊权限

    1. linux系统中,创建一个新的文件或者目录的时候,新的文件或目录都会有默认的访问权限,umask命令与文件和目录的默认访问权限有关. 用户创建一个文件,文件的默认权限为 -rw-rw-rw-(6 ...

  3. Json多层级动态结构数据解析

    一.工具 (1)GSON Google Gson是一个简单的基于Java的库,用于将Java对象序列化为JSON,反之亦然. 它是由Google开发的一个开源库. 以下几点说明为什么应该使用这个库 - ...

  4. java反射之-Javabean与Map的互转

    1.BeanUntils工具类的准备 /** * @ClassName: BeanUtils * @Description: * @Author: songwp * @Date: 9:02 2022/ ...

  5. cenos 7 zookeeper Error contacting service. It is probably not running

    zkServer.sh status 命令查看zookeeper集群的状态,发现异常 Error contacting service. It is probably not running 最开始以 ...

  6. Nginx配置解决NetCore的跨域

    使用Nginx配置解决NetCore的跨域 废话不多说,直接上Nginx配置 server { listen 80; server_name 你的Id或域名; location / { add_hea ...

  7. flex这些问题应该被理解

    flex三连问,帮助我们更好的理解布局利器 问题: flex的值 auto, none, 0, 1, initial分别是什么?有什么作用?有什么表现? flex-basis和width的区别?单值f ...

  8. 并发刺客(False Sharing)——并发程序的隐藏杀手

    并发刺客(False Sharing)--并发程序的隐藏杀手 前言 前段时间在各种社交平台"雪糕刺客"这个词比较火,简单的来说就是雪糕的价格非常高!其实在并发程序当中也有一个刺客, ...

  9. 多云部署多主模式的MGR集群,每个云一个MGR 节点,满足业务单元化改造的需求

    欢迎来到 GreatSQL社区分享的MySQL技术文章,如有疑问或想学习的内容,可以在下方评论区留言,看到后会进行解答 GreatSQL社区原创内容未经授权不得随意使用,转载请联系小编并注明来源. 本 ...

  10. 一步一图带你深入剖析 JDK NIO ByteBuffer 在不同字节序下的设计与实现

    让我们来到微观世界重新认识 Netty 在前面 Netty 源码解析系列 <聊聊 Netty 那些事儿>中,笔者带领大家从宏观世界详细剖析了 Netty 的整个运转流程.从一个网络数据包在 ...