KingbaseES V8R6集群维护案例之---停用集群node_export进程

案例说明：

在KingbaseES V8R6集群启动时，会启动node_exporter进程，此进程主要用于向kmonitor监控服务输出节点状态信息。在系统安全漏洞扫描中，提示出现以下安全漏洞：

对于未使用kmonitor建立集群监控的环境，可以将此进程禁用，而不影响集群正常管理和运行。

一、kmonitor监控服务架构

连接集群时，主节点部署kingbase_exporter以及node_exporter，备节点仅部署node_exporter。

单机部署时同时部署kingbase_exporter和node_exporter。

二、集群启动后node_export进程信息

# 查看进程信息
[kingbase@node102 bin]$ ps -ef |grep export
kingbase 23221     1  0 13:15 ?        00:00:00 /home/kingbase/cluster/R6HA/kha/kingbase/bin/../share/node_exporter
kingbase 23222     1  0 13:15 ?        00:00:00 /home/kingbase/cluster/R6HA/kha/kingbase/bin/../share/postgres_exporter

# 查看进程服务端口
[kingbase@node102 bin]$ netstat -antlp |grep node_export
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::9100                 :::*                    LISTEN      23221/node_exporter

三、关闭和禁用node_export进程

Tips：

在集群中node_export进程的启动，是由bin/monitor_exporter.sh脚本管理，此脚本可以启动或关闭node_export服务。

1）在集群启动后通过monitor.sh关闭node_export

# 通过monitor.sh关闭node_export服务

[kingbase@node102 bin]$ ./monitor_exporter.sh stop
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Service process "node_export" was killed at process 23221
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Service process "postgres_ex" was killed at process 23222

# 查看node_export进程
[kingbase@node102 bin]$ ps -ef |grep export

2）修改sys_monitor.sh禁止node_export进程启动

重启sys_monitor.sh测试：

# 重启sys_monitor.sh
[kingbase@node102 bin]$ ./sys_monitor.sh restart
2022-08-30 13:22:16 Ready to stop all DB ...
.......

2022-08-30 13:23:06 repmgrd on "[192.168.1.102]" start success.
 ID | Name    | Role    | Status    | Upstream | repmgrd | PID   | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
 1  | node101 | primary | * running |          | running | 25688 | no      | n/a
 2  | node102 | standby |   running | node101  | running | 28962 | no      | 1 second(s) ago
[2022-08-30 13:23:13] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/kha/kingbase/log/kbha.log"

[2022-08-30 13:23:14] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/kha/kingbase/log/kbha.log"

2022-08-30 13:23:15 Done.

# 查看node_export进程状态
[kingbase@node102 bin]$ ps -ef |grep export

# 查看集群节点状态

[kingbase@node102 bin]$ ./repmgr cluster show
 ID | Name    | Role    | Status    | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
 1  | node101 | primary | * running |          | default  | 100      | 13       | host=192.168.1.101 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
 2  | node102 | standby |   running | node101  | default  | 100      | 13       | host=192.168.1.102 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3

=如上所示，node_export进程在集群启动时，没有被启动，此进程被禁用，不影响集群的正常运行和管理。=

四、总结

对于KingbaseES V8R6的集群node_export主要用于kmonitor监控服务，对于未部署此监控服务的环境，可以在集群中禁止node_export服务的启动。