案例说明:

在KingbaseES R3集群的最新版本中增加了kingbase_monitor.sh一键修改集群用户密码的功能,本案例是对此功能的测试。

kingbaseES R3集群一键修改密码说明:

1、 命令行命令

kingbase_monitor.sh change_password user old_password new_password

kingbase_monitor.sh change_password user old_password new_password —修改集群使用的用户的密码。

2、描述

kingbase_monitor.sh change_password user old_password new_password判断用户是否为集群使用的用户,如果是则修改用户密码,如果不是则提示用户集群未使用该用户,请使用sql方式修改用户密码。

3、选项

以下是脚本执行参数:

change_password

脚本调用修改用户密码函数

user

要进行修改密码的用户,只能是集群初始化时指定的用户

old_password

用户的旧密码

new_password

用户的新密码

例:

4、注意事项

1.必须在集群所有节点状态正常的情况下才能执行修改密码操作

2.kingbase_monitor.sh change_password 用户名 '旧密码' '新密码' 使用一键修改密码功能时 旧密码,新密码参数必须使用''括起来

3.用户必须是集群流复制使用的用户才能进行修改密码,否则会提示集群未使用该用户,请使用sql alter user命令进行修改密码

kingbaseES R3集群一键修改密码测试案例:

数据库版本:

集群架构:

一、查看集群状态

[kingbase@node1 bin]$  ./ksql -U SYSTEM -W 123456 TEST -p 9999

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# show pool_nodes;

 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay

---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------

 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | false             | 0

 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | true              | 0

(2 rows)

TEST=# select * from sys_stat_replication;

 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE

------+----------+---------+------------------+---------------+-----------------+-------------+--

 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13003B50    | 0/13003B50     | 0/13003B50     | 0/13003B50      |             1 | sync

(1 row)

二、修改system用户密码

# 查看kingbase_monitor.sh功能

[kingbase@node1 bin]$ ./kingbase_monitor.sh

-----------------------------------------------------------------------

2021-03-01 16:20:55 KingbaseES automation beging...

usage: ./kingbase_monitor.sh start | stop | restart | set [--restart] | change_password user old_password new_password 

# 一键修改用户密码

[kingbase@node1 bin]$ ./kingbase_monitor.sh change_password SYSTEM '123456' '12345678'

-----------------------------------------------------------------------

2021-03-01 16:25:34 KingbaseES automation beging...

Begin alter user password

2021-03-01 16:25:55: pid 20642: LOG:  stop request sent to kingbasecluster. waiting for termination.....done.

2021-03-01 16:25:41: pid 14549: LOG:  stop request sent to kingbasecluster. waiting for termination.....done.

Alter user password OK

=注意:由以上信息获知,在修改集群用户密码时,将会stop主备库的kingbasecluster服务,在生产环境修改时,需要注意,尽量不要在业务运行期间修改。=

三、验证密码修改效果

1、验证system用户密码修改结果



测试修改SUPERMANAGER_V8ADMIN用户密码:(修改失败)

2、查看kingbasecluster 服务(所有节点)

[kingbase@node1 bin]$ netstat -an |grep 9999

unix  2      [ ACC ]     STREAM     LISTENING     2999949  @/tmp/dbus-fXYPBXlK

unix  2      [ ACC ]     STREAM     LISTENING     2999948  @/tmp/dbus-h5GlLPYf

unix  2      [ ]         STREAM     CONNECTED     2999944

[kingbase@node1 bin]$ netstat -an |grep 9000

[kingbase@node1 bin]$ netstat -an |grep 9694

3、查看kingbasecluster日志

主库:

备库:

=通过以上信息获知,system用户密码修改成功,但是主备库上的kingbasecluster服务都被stop。=

四、手工启动kingbasecluster服务(root用户)

1、root用户手工启动kingbasecluster服务

[root@node1 ~]# /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n >>/home/kingbase/cluster/kha/log/cluster.log 2>&1 &

[1] 18241

2、查看kingbasecluster进程

[root@node1 ~]# ps -ef |grep kingbase

kingbase  9254     1  0 16:13 ?        00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data

kingbase  9256  9254  0 16:13 ?        00:00:00 kingbase: logger process

kingbase  9816  9254  0 16:15 ?        00:00:00 kingbase: checkpointer process

kingbase  9817  9254  0 16:15 ?        00:00:00 kingbase: writer process

kingbase  9818  9254  0 16:15 ?        00:00:00 kingbase: wal writer process

kingbase  9819  9254  0 16:15 ?        00:00:00 kingbase: autovacuum launcher process

kingbase  9820  9254  0 16:15 ?        00:00:00 kingbase: archiver process   failed on 000000020000000000000010

kingbase  9821  9254  0 16:15 ?        00:00:00 kingbase: stats collector process

kingbase  9822  9254  0 16:15 ?        00:00:00 kingbase: bgworker: syslogical supervisor

kingbase  9903  9254  0 16:15 ?        00:00:00 kingbase: wal sender process SYSTEM 192.168.7.243(47620) streaming 0/13004420

root     13110 11490  0 14:07 pts/1    00:00:00 su - kingbase

kingbase 13112 13110  0 14:07 pts/1    00:00:00 -bash

root     18241 17531  0 16:40 pts/0    00:00:00 /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n

root     18260 18241  0 16:40 pts/0    00:00:00 kingbasecluster: watchdog

root     18310 18241  0 16:40 pts/0    00:00:00 kingbasecluster: lifecheck

root     18312 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat receiver

root     18314 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat sender

root     18315 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18316 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18317 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18318 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18319 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18320 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18321 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18322 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18323 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18324 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18325 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18326 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18327 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18328 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18329 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18330 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request

root     18334 18241  0 16:40 pts/0    00:00:00 kingbasecluster: PCP: wait for connection request

root     18335 18241  0 16:40 pts/0    00:00:00 kingbasecluster: worker process

3、验证kingbasecluster服务

[kingbase@node1 bin]$ ./ksql -U SYSTEM -W 12345678 TEST -p 9999

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# show pool_nodes;

 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay

---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------

 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | true              | 0

 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | false             | 0

(2 rows)

[kingbase@node1 bin]$ ./ksql -U SYSTEM -W 12345678 TEST

ksql (V008R003C002B0270)

Type "help" for help.

TEST=# select * from sys_stat_replication;

 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE

------+----------+---------+------------------+---------------+-----------------+-------------+-

 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13004420    | 0/13004420     | 0/13004420     | 0/13004420      |             1 | sync

(1 row)

五、测试kingbase_monitor.sh一键重启(可选)

[kingbase@node1 bin]$ ./kingbase_monitor.sh restart

-----------------------------------------------------------------------

2021-03-01 16:48:42 KingbaseES automation beging...

2021-03-01 16:48:42 stop kingbasecluster [192.168.7.243] ...

remove status file  /home/kingbase/cluster/kha/run/kingbasecluster/kingbasecluster_status

DEL VIP NOW AT 2021-03-01 16:49:05 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:48 Done...

2021-03-01 16:48:48 stop kingbasecluster [192.168.7.248] ...

remove status file  /home/kingbase/cluster/kha/run/kingbasecluster/kingbasecluster_status

DEL VIP NOW AT 2021-03-01 16:48:53 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:53 Done...

2021-03-01 16:48:53 stop kingbase [192.168.7.243] ...

set /home/kingbase/cluster/kha/db/data down now...

2021-03-01 16:48:56 Done...

2021-03-01 16:48:57 Del kingbase VIP [192.168.7.245/24] ...

DEL VIP NOW AT 2021-03-01 16:49:16 ON enp0s3

No VIP on my dev, nothing to do.

2021-03-01 16:48:58 Done...

2021-03-01 16:48:58 stop kingbase [192.168.7.248] ...

set /home/kingbase/cluster/kha/db/data down now...

2021-03-01 16:49:04 Done...

2021-03-01 16:49:05 Del kingbase VIP [192.168.7.245/24] ...

DEL VIP NOW AT 2021-03-01 16:49:05 ON enp0s3

execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]

Oprate del ip cmd end.

2021-03-01 16:49:05 Done...

......................

all stop..

ping trust ip 192.168.7.1 success ping times :[3], success times:[2]

ping trust ip 192.168.7.1 success ping times :[3], success times:[2]

start crontab kingbase position : [3]

Redirecting to /bin/systemctl restart  crond.service

start crontab kingbase position : [2]

Redirecting to /bin/systemctl restart  crond.service

ADD VIP NOW AT 2021-03-01 16:49:18 ON enp0s3

execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]

execute: /home/kingbase/cluster/kha/db/bin/arping -U 192.168.7.245 -I enp0s3 -w 1

ARPING 192.168.7.245 from 192.168.7.245 enp0s3

Sent 1 probes (1 broadcast(s))

Received 0 response(s)

ping vip 192.168.7.245 success ping times :[3], success times:[2]

ping vip 192.168.7.245 success ping times :[3], success times:[2]

now,there is a synchronous standby.

wait kingbase recovery 5 sec...

start crontab kingbasecluster line number: [6]

Redirecting to /bin/systemctl restart  crond.service

start crontab kingbasecluster line number: [3]

Redirecting to /bin/systemctl restart  crond.service

......................

all started..

...

now we check again

=======================================================================

|             ip |                       program|              [status]

[  192.168.7.243]|             [kingbasecluster]|              [active]

[  192.168.7.248]|             [kingbasecluster]|              [active]

[  192.168.7.243]|                    [kingbase]|              [active]

[  192.168.7.248]|                    [kingbase]|              [active]

=======================================================================

六、总结

 对于KingbaseES R3集群,kingbase_monitor.sh一键修改密码的功能,增加了管理员管理集群用户的方便性;但是需要注意的是,在修改集群用户密码时,将会将集群所有node的kingbasecluster服务stop,这个在生产环境使用时,需要注意。

KingbaseES R3 集群一键修改集群用户密码案例的更多相关文章

  1. KingbaseES R6 集群一键修改集群和数据库参数测试案例

    ​ 案例说明: 集群环境修改集群或数据库参数,需要在每个node上都要修改,在每个节点而执行修改操作,容易出现漏改或节点上参数不一致等错误:在KingbaseES V8R6的集群中增加了,一键修改参数 ...

  2. KingbaseES R6 集群sys_monitor.sh change_password一键修改集群用户密码

    案例说明: kingbaseES R6集群用户密码修改,需要修改两处: 1)修改数据库用户密码(alter user): 2)修改.encpwd文件中用户密码: 可以通过sys_monitor.sh ...

  3. java修改AD域用户密码使用SSL连接方式

    正常情况下,JAVA修改AD域用户属性,只能修改一些普通属性, 如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改, SSL连接的方式需要操作以下步骤: 1 ...

  4. 德邦总管 修改oracle数据库用户密码的方法

    WIN+R打开运行窗口,输入cmd进入命令行: 输入sqlplus ,输入用户名,输入口令(如果是超级管理员SYS的话需在口令之后加上as sysdba)进入sql命令行:    连接成功后,输入“s ...

  5. 修改oracle数据库用户密码的方法

    WIN+R打开运行窗口,输入cmd进入命令行: 输入sqlplus ,输入用户名,输入口令(如果是超级管理员SYS的话需在口令之后加上as sysdba)进入sql命令行:    连接成功后,输入“s ...

  6. 烦烦烦SharePoint2013 以其他用户登录和修改AD域用户密码

    sharepoint默认是没有修改AD密码 和切换 用户的功能,这里我用future的方式来实现. 部署wsp前: 部署后 点击以其他用户身份登录 点击修改用户密码: 这里的扩展才菜单我们用Custo ...

  7. SharePoint中修改密码的WEB Part之终极版:即可以修改AD,又可以修改本机用户密码的Web Part!!

    转:http://www.cnblogs.com/dosboy/archive/2007/08/01/838859.html 在网上查了那么多SharePoint密码修改的第三方开发,都有问题.总结下 ...

  8. 忘记oracle的sys密码该如何重置;附如何修改oracle数据库用户密码

    参考博客:http://blog.itpub.net/26015009/viewspace-717505/ 这里只说一种方法:使用ORAPWD.EXE 工具修改密码 打开命令提示符窗口,输入如下命令: ...

  9. SharePoint2013 以其他用户登录和修改AD域用户密码 功能

    sharepoint默认是没有修改AD密码 和切换 用户的功能,这里我用future的方式来实现. 部署wsp前: 部署后: 点击以其他用户身份登录 点击修改用户密码: 这里的扩展才菜单我们用Cust ...

随机推荐

  1. jenkins结合ansible发布

    1. yum安装的jenkins修改配置文件调用ansible vim /etc/sysconfig/jenkins 2. 安装Jenkins Ansible插件 Manage Jenkins---& ...

  2. centos 7安装zabbix

    1 升级系统组件到最新版本 yum -y update 2 关闭 SELinux sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" / ...

  3. 揭开Vue异步组件的神秘面纱

    简介 在大型应用里,有些组件可能一开始并不显示,只有在特定条件下才会渲染,那么这种情况下该组件的资源其实不需要一开始就加载,完全可以在需要的时候再去请求,这也可以减少页面首次加载的资源体积,要在Vue ...

  4. Mybatis整合第三方缓存

    1) 为了提高扩展性.MyBatis定义了缓存接口Cache.我们可以通过实现Cache接口来自定义二级缓存 2) EhCache 是一个纯Java的进程内缓存框架,具有快速.精干等特点. 3) 整合 ...

  5. HashMap设计原理与实现(下篇)200行带你写自己的HashMap!!!

    HashMap设计原理与实现(下篇)200行带你写自己的HashMap!!! 我们在上篇文章哈希表的设计原理当中已经大体说明了哈希表的实现原理,在这篇文章当中我们将自己动手实现我们自己的HashMap ...

  6. 漏洞扫描工具nessus、rapid7 insightvm、openvas安装&简单使用

    Rapid7-insightvm 申请试用 申请地址 邮件地址不能用常用邮件,要使用自己域名的邮件,可以使用这个临时邮箱 手机号随便输入,10位以上 提交后会跳转下载页面 安装 安装:./Rapid7 ...

  7. 构建 API 的7个建议【翻译】

    迄今为止,越来越多的企业依靠API来为客户提供服务,以确保竞争的优势和业务可见性.出现这个情况的原因是微服务和无服务器架构正变得越来越普遍,API作为其中的关键节点,继承和承载了更多业务. 在这个前提 ...

  8. IDEA快捷键之html篇-2

    .qa-item .qa-item-ft .icon { display: inline-block; width: 16px; height: 16px; vertical-align: sub; ...

  9. harbor之HTTPS安装

    1.下载解压 # tar -xvf harbor-offline-installer-v1.7.6.tgz # cd /harbror 2.下载python2.7 # apt install pyth ...

  10. c++小游戏--五子棋

    大家好,我是芝麻狐! 这是我自制的小游戏,目前仅支持devc++. 如果你没有c++软件, 请打开网站GDB online Debugger | Compiler - Code, Compile, R ...