KingbaseES R6 集群修改ssh端口执行sys_backup.sh备份案例
数据库环境:**
test=# select version();
version
------------------------------------------------------------------------------------------------------------------
KingbaseES V008R006C003B0010 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46), 64-bit
(1 row)
操作系统:
[kingbase@node1 bin]$ cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)
集群架构:
案例说明:
1)本案例在通用机环境下执行。sys_backup.sh是调用sys_rman做物理备份,对于集群环境需要用到ssh端口做远程连接,当修改ssh端口,会影响sys_backup.sh正常执行。
2)修改ssh端口对于集群的运行,只需要修改repmgr.conf文件中变量即可。
3)对于修改ssh端口后,用sys_backup.sh作物理备份,需要在sys_backup.sh脚本中修改所有ssh语句的连接端口,修改的位置较多。
4)建议如果对ssh修改端口后,需要用sys_backup.sh作备份的应用较多的情况下,在sys_backup.sh脚本中用变量来指定ssh端口号。
一、查看当前集群状态
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------
1 | node248 | standby | running | node249 | default | 100 | 6 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node249 | primary | * running | | default | 100 | 6 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count
二、修改操作系统和集群配置文件ssh端口号(所有节点)
1)查看系统原ssh端口号(默认22)
[kingbase@node2 bin]$ netstat -antlp |grep 22
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 192.168.7.249:22 192.168.7.116:55883 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
2)查看集群repmgr.conf应用ssh端口号
[kingbase@node2 bin]$ cat ../etc/repmgr.conf|grep ssh
ssh_options='-q -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ServerAliveInterval=2 -o ServerAliveCountMax=5 -p 22'
=== 默认用-p 22 指定集群ssh通讯端口===
3)修改操作系统端口
[root@node1 ~]# cat /etc/ssh/sshd_config|grep -i Port
# If you want to change the port on a SELinux system, you have to tell
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Port 2222
4)修改集群ssh通讯端口(改为2222)
[kingbase@node1 bin]$ cat ../etc/repmgr.conf |grep sshssh_options='-q -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ServerAliveInterval=2 -o ServerAliveCountMax=5 -p 2222'
5)重启sshd服务
[root@node1 ~]# systemctl restart sshd[root@node1 ~]# netstat -an |grep 22tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
6)通过非默认端口ssh连接测试
[root@node1 ~]# ssh -p 2222 node2Last failed login: Mon Mar 1 17:06:07 CST 2021 from 192.168.7.116 on ssh:nottyThere were 2 failed login attempts since the last successful login.Last login: Mon Mar 1 16:43:29 2021 from 192.168.7.249
=== 从以上可知,修改端口后ssh信任关系正常===
7)sys_monitor.sh重启集群测试
[kingbase@node1 bin]$ ./sys_monitor.sh restart
2021-03-01 17:29:55 Ready to stop all DB ...
Service process "node_export" was killed at process 11833
Service process "postgres_ex" was killed at process 11834
Service process "node_export" was killed at process 9343
Service process "postgres_ex" was killed at process 9344
2021-03-01 17:30:00 begin to stop repmgrd on "[192.168.7.248]".
2021-03-01 17:30:01 repmgrd on "[192.168.7.248]" stop success.
2021-03-01 17:30:01 begin to stop repmgrd on "[192.168.7.249]".
2021-03-01 17:30:02 repmgrd on "[192.168.7.249]" stop success.
2021-03-01 17:30:02 begin to stop DB on "[192.168.7.249]".waiting for server to shut down..... done
server stopped
2021-03-01 17:30:04 DB on "[192.168.7.249]" stop success.
2021-03-01 17:30:04 begin to stop DB on "[192.168.7.248]".waiting for server to shut down......... done
server stopped
2021-03-01 17:30:11 DB on "[192.168.7.248]" stop success.
2021-03-01 17:30:11 Done.2021-03-01 17:30:11 Ready to start all DB ...
2021-03-01 17:30:11 begin to start DB on "[192.168.7.248]".waiting for server to start.... done
server started
2021-03-01 17:30:12 execute to start DB on "[192.168.7.248]" success, connect to check it.
2021-03-01 17:30:13 DB on "[192.168.7.248]" start success.
2021-03-01 17:30:13 Try to ping trusted_servers on host 192.168.7.248 ...
2021-03-01 17:30:16 Try to ping trusted_servers on host 192.168.7.249 ...
2021-03-01 17:30:18 begin to start DB on "[192.168.7.249]".waiting for server to start.... done
server started
2021-03-01 17:30:20 execute to start DB on "[192.168.7.249]" success, connect to check it.
2021-03-01 17:30:21 DB on "[192.168.7.249]" start success.
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string ----+---------+---------+-----------+-----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
1 | node248 | standby | running | ! node249 | default | 100 | 6 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node249 | primary | * running | | default | 100 | 6 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
WARNING: following issues were detected - node "node248" (ID: 1) is not attached to its upstream node "node249" (ID: 2)
2021-03-01 17:30:21 The primary DB is started.
2021-03-01 17:30:25 Success to load virtual ip [192.168.7.240/24] on primary host [192.168.7.249].
2021-03-01 17:30:25 Try to ping vip on host 192.168.7.248 ...
2021-03-01 17:30:28 Try to ping vip on host 192.168.7.249 ...
2021-03-01 17:30:30 begin to start repmgrd on "[192.168.7.248]".
[2021-03-01 17:30:31] [NOTICE] using provided configuration file "/home/kingbase/cluster/R6HA/KHA/kingbase/bin/../etc/repmgr.conf"
[2021-03-01 17:30:31] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/KHA/kingbase/hamgr.log"2021-03-01 17:30:31 repmgrd on "[192.168.7.248]" start success.
2021-03-01 17:30:31 begin to start repmgrd on "[192.168.7.249]".
[2021-03-01 17:29:25] [NOTICE] using provided configuration file "/home/kingbase/cluster/R6HA/KHA/kingbase/bin/../etc/repmgr.conf"[2021-03-01 17:29:25]
[NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/KHA/kingbase/hamgr.log"2021-03-01 17:30:32 repmgrd on "[192.168.7.249]"
start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node248 | standby | running | node249 | running | 16767 | no | 0 second(s) ago
2 | node249 | primary | * running | | running | 17865 | no | n/a 2021-03-01 17:30:38 Done.
8)查看集群节点状态
[kingbase@node1 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string ----+---------+---------+-----------+----------+----------+----------+----------+----------------
1 | node248 | standby | running | node249 | default | 100 | 6 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node249 | primary | * running | | default | 100 | 6 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count
=== 从以上可知,修改ssh端口后,集群通讯正常===
二、修改ssh端口后执行sys_backup.sh备份(所有节点)
1)在修改ssh端口前备份基础上停止备份测试
[kingbase@node1 bin]$ ./sys_backup.sh stop
Disable all sys_rman in crontab-daemon
ssh: connect to host 192.168.7.248 port 22: Connection refused
ssh: connect to host 192.168.7.248 port 22: Connection refused
ssh: connect to host 192.168.7.248 port 22: Connection refused
=== 如上所示,在通过sys_backup.sh基于集群环境做备份时,会通过ssh做远程节点的连接,修改端口后,无法通过ssh连接===
2)修改sys_backup.sh脚本中ssh端口
=== 修改”ssh_cmd“变量===
# local function_ssh_cmd_="ssh -p 2222 -n -o ConnectTimeout=30 -o StrictHostKeyChecking=no -o PreferredAuthentications=publickey -- "
function _log () {
echo "$*" >> /tmp/sys_backup.sh.log
} # end of _log
=修改”_gene_ssh_pwd_less“中ssh通讯端口=
function _gene_ssh_pwd_less() {
_ip="${1}"
_user="${2}"
# 1. check whether pwd-less work
ssh -p 2222 -t -o ConnectTimeout=30 -o PreferredAuthentications=publickey ${_user}@${_ip} date 1>/dev/null 2>/dev/null
_local2remote_rt=$?
ssh -p 2222 -t -o ConnectTimeout=30 -o PreferredAuthentications=publickey ${_user}@${_ip} "ssh -p 2222 ${_user}@${_repo_ip} date>/dev/null 2>/dev/null" 2>/dev/null
=== 配置ssh免密中ssh端口===
# set local.pub to remote, get remote.pub to local _remote_pub_buf=` ssh -p 2222 -q -o StrictHostKeyChecking=no -o ConnectTimeout=30 -o PreferredAuthentications=password -- ${_user}@${_ip} \ "if [ ! -f \\${HOME}/.ssh/id_rsa.pub ] ; then echo -e '\ny' | ssh-keygen -t rsa -N '' >/dev/null 2>/dev/null ; fi;echo ${_t_buf_pub} >> \\${HOME}/.ssh/authorized_keys;chmod 600 \\${HOME}/.ssh/authorized_keys;cat \\${HOME}/.ssh/id_rsa.pub;" `
三、执行sys_backup.sh备份
1)执行init备份初始化
[kingbase@node2 bin]$ ./sys_backup.sh init
# generate local sys_rman.conf...DONE
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...DONE
# create stanza and check...(maybe 60+ seconds)ERROR: check stanza failed, check log file /tmp/sys_rman_check.log
=== 脚本执行报错,在check stanza失败===
查看日志:
[kingbase@node2 bin]$ cat /tmp/sys_rman_check.log
2021-03-01 12:38:56.011 P00 INFO: check command begin 2.27: --config=/home/kingbase/kbbr_repo/sys_rman.conf --log-level-console=info --log-level-file=info --log-path=/tmp --log-subprocess --kb2-host=192.168.7.248 --kb2-host-user=kingbase --kb1-path=/home/kingbase/cluster/R6HA/KHA/kingbase/data --kb2-path=/home/kingbase/cluster/R6HA/KHA/kingbase/data --kb1-port=54321 --kb2-port=54321 --kb1-user=esrep --kb2-user=esrep --repo1-path=/home/kingbase/kbbr_repo --stanza=kingbaseWARN: unable to check kb-2: [UnknownError] remote-0 process on '192.168.7.248' terminated unexpectedly [255]: ssh: connect to host 192.168.7.248 port 22: Connection refusedERROR: [125]: remote-0 process on '192.168.7.248' terminated unexpectedly [255]: ssh: connect to host 192.168.7.248 port 22: Connection refused2021-03-01 12:38:56.529 P00 INFO: check command end: aborted with exception [125]
=== 从日志可可知,在执行check stanza时,需要通过ssh连接备库;但是使用ssh连接时,仍然使用修改前的22端口,无法使用修改后的2222端口,导致连接备库失败,check stanza失败===
3)在sys_backup.sh脚本注释stanza检测(跳过check stanza)
371 #${_rman_bin} --config=${_rman_conf_file} --stanza=${_stanza_name} --log-level-console=info check >>/tmp/sys_rm an_check.log 2>&1372 #if [ "X0" != "X$?" ] ; then
373 # echo "ERROR: check stanza failed, check log file /tmp/sys_rman_check.log"374 # exit 3
375 #fi
376 echo "# create stanza and check...DONE"
4)再次执行sys_backup.sh备份
# init 初始化
[kingbase@node2 bin]$ ./sys_backup.sh init
# generate local sys_rman.conf...DONE
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...DONE
# create stanza and check...(maybe 60+ seconds)# create stanza and check...DONE# initial first full backup...(maybe several minutes)
# initial first full backup...DONE# Initial sys_rman OK.'sys_backup.sh start' should be executed when need back-rest feature.
# start 开始备份
[kingbase@node2 bin]$ ./sys_backup.sh start
Enable some sys_rman in crontab-daemonSet full-backup in 7 daysSet incr-backup in 1 days
0 2 */7 * * kingbase /home/kingbase/cluster/R6HA/KHA/kingbase/bin/sys_rman --config=/home/kingbase/kbbr_repo/sys_rman.conf --stanza=kingbase --archive-copy --type=full backup >>/tmp/sys_rman_backup_full.log 2>&1
0 4 */1 * * kingbase /home/kingbase/cluster/R6HA/KHA/kingbase/bin/sys_rman --config=/home/kingbase/kbbr_repo/sys_rman.conf --stanza=kingbase --archive-copy --type=incr backup >>/tmp/sys_rman_backup_incr.log 2>&1
# pause 备份暂停
[kingbase@node2 bin]$ ./sys_backup.sh pause
Puase the sys_rman...DONE
# unpause 停止暂停
[kingbase@node2 bin]$ ./sys_backup.sh unpause
Un-Puase the sys_rman...DONE
# stop 停止备份
[kingbase@node2 bin]$ ./sys_backup.sh stop
Disable all sys_rman in crontab-daemon
[kingbase@node2 bin]$ cat /etc/cron.d/KINGBASECRON
*/1 * * * * kingbase . /etc/profile;/home/kingbase/cluster/R6HA/KHA/kingbase/bin/kbha -A daemon -f /home/kingbase/cluster/R6HA/KHA/kingbase/bin/../etc/repmgr.conf >> /home/kingbase/cluster/R6HA/KHA/kingbase/bin/../kbha.log 2>&1
#*/1 * * * * kingbase /home/kingbase/cluster/kha/db/bin/network_rewind.sh#*/1 * * * * root /home/kingbase/cluster/kha/kingbasecluster/bin/restartcluster.sh
=== 从以上信息获知,修改系统ssh端口后,通过sys_backup.sh备份成功===
KingbaseES R6 集群修改ssh端口执行sys_backup.sh备份案例的更多相关文章
- KingbaseES R6 集群修改data目录
案例说明: 本案例是在部署完成KingbaseES R6集群后,由于业务的需求,集群需要修改data(数据存储)目录的测试.本案例分两种修改方式,第一种是离线修改data目录,即关闭整个集群后,修改数 ...
- KingbaseES R6 集群修改物理IP和VIP案例
在用户的实际环境里,可能有时需要修改主机的IP,这就涉及到集群的配置修改.以下以例子的方式,介绍下KingbaseES R6集群如何修改IP. 一.案例测试环境 操作系统: [KINGBASE@nod ...
- kingbaseES R6 读写分离集群修改ssh端口案例
数据库环境: test=# select version(); version ------------------------------------------------------------ ...
- KingbaseES R6 集群sys_monitor.sh change_password一键修改集群用户密码
案例说明: kingbaseES R6集群用户密码修改,需要修改两处: 1)修改数据库用户密码(alter user): 2)修改.encpwd文件中用户密码: 可以通过sys_monitor.sh ...
- KingbaseES R6 集群创建流复制只读副本库案例
一.环境概述 [kingbase@node2 bin]$ ./ksql -U system test ksql (V8.0) Type "help" for help. test= ...
- KingbaseES R6 集群通过备库clone在线添加新节点
案例说明: KingbaseES R6集群可以通过图形化方式在线添加新节点,但是在添加新节点clone环节时,是从主库copy数据到新的节点,这样在生产环境,如果数据量大,将会对主库的网络I/O造成压 ...
- KingbaseES R6 集群repmgr.conf参数'recovery'测试案例(一)
KingbaseES R6集群repmgr.conf参数'recovery'测试案例(一) 案例说明: 在KingbaseES R6集群中,主库节点出现宕机(如重启或关机),会产生主备切换,但是当主库 ...
- KingbaseES R6 集群 recovery 参数对切换的影响
案例说明:在KingbaseES R6集群中,主库节点出现宕机(如重启或关机),会产生主备切换,但是当主库节点系统恢复正常后,如何对原主库节点进行处理,保证集群数据的一致性和安全,可以通过对repmg ...
- KingbaseES R6 集群启动‘incorrect command permissions for the virtual ip’故障案例
案例说明: KingbaseES R6集群启动时,出现"incorrect command permissions for the virtual ip"故障,本案例介绍了如何分析 ...
随机推荐
- (原创)【MAUI】一步一步实现“悬浮操作按钮”(FAB,Floating Action Button)
一.前言 MAUI,跨平台的 GUI 框架,基本介绍本文不再赘述. 话不多说,既然可以跨平台,那么我们就来实现一个在移动端很常用的控件:悬浮操作按钮(FAB,Floating Action Butto ...
- NC16430 [NOIP2016]蚯蚓
NC16430 [NOIP2016]蚯蚓 题目 题目描述 本题中,我们将用符号 \(\lfloor c \rfloor\) 表示对 c 向下取整,例如:\(\lfloor 3.0 \rfloor = ...
- 一文聊透 Netty 核心引擎 Reactor 的运转架构
本系列Netty源码解析文章基于 4.1.56.Final版本 本文笔者来为大家介绍下Netty的核心引擎Reactor的运转架构,希望通过本文的介绍能够让大家对Reactor是如何驱动着整个Nett ...
- CF487E Tourists 题解
题目链接 思路分析 看到这道题首先想到的此题的树上版本.(不就是树链剖分的板子题么?) 但是此题是图上的两点间的走法,自然要想到是圆方树. 我们先无脑构建出圆方树. 我们先猜测:设后加入的节点权值为 ...
- final关键字概念与四种用法和final关键字用于修饰类和成员方法
fifinal关键字 概述 学习了继承后,我们知道,子类可以在父类的基础上改写父类内容,比如,方法重写.那么我们能不能随意的继承 API中提供的类,改写其内容呢?显然这是不合适的.为了避免这种随意改写 ...
- 使用APICloud开发app录音功能
mp3Recorder模块封装在iOS.Android下录音直接生成mp3,统一两个平台的录音生成文件,方便双平台之间的交互,减少录音完成后再转码的过程:同时提供分贝波形图显示UI:使用该模块前需 ...
- OptaPlanner 发展方向与问题
最近一段时间,因为忙于[易排(EasyPlan)规划平台]的设计与开发工作,平台的一些功能设计,需要对OptaPlanner的各种特性作更深入的研究与应用.慢慢发现,OptaPlanner进入8. ...
- 【Unity学习笔记】掌握MoneBehavior中的重要属性、方法
一.重要属性 1-1.获取自己依附的GameObject using System.Collections; using System.Collections.Generic; using Unity ...
- Tampermonkey究竟有什么用?
以具体应用实例加以说明. 目标:在youtube页面上观看视频,发现喜欢的视频,单击按钮就可以下载视频. 但是,youtube页面并未提供这样的按钮及其功能. 实现思路:在浏览器下载youtube页面 ...
- 题解【洛谷 P1246 编码】
题目 编码工作常被运用于密文或压缩传输.这里我们用一种最简单的编码方式进行编码:把一些有规律的单词编成数宇. 字母表中共有 \(26\) 个字母 \(\{\tt a,b,\cdots,z\}\),这些 ...