KingbaseES R3 集群修改system用户密码方案
方案说明:
对于kingbaseES R3集群修改system密码相比单机环境有一定的复杂性,需要修改的位置如下:
1)数据库中system用户密码,可以用alter user命令修改
2)在recovery.conf和recovery.done文件中,备库连接主库时,需要使用system用户认证(base64加密)
3)集群认证文件cluster_passwd中需要使用system用户认证,密码采用sys_md5工具加密。
案例数据库版本:
TEST=# select version();
version
-----------------------------------------------------------------------------------------------------------------
Kingbase V008R003C002B0180 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46),64-bit
(1 row)
案例操作步骤:
1、修改数据库system用户密码,可以分两种情况:
1)在集群正常运行时,直接在主库修改,自动同步到备库,然后再在主备库用system新密码登录测试。
2)正常关闭集群后,只启动主备库数据库服务,确认流复制状态正常后,在主库修改system密码,然后在主备库登录测试。
2、正常关闭集群,修改主备库中recovery.conf和recovery.done中的system密码,(注意data和etc目录下都要修改)。
3、修改主备库中kingbasecluster连接中的SYSTEM密码,此密码采用md5加密。
4、重新启动集群测试。
5、查看集群中节点的状态,流复制状态,system用户访问数据库的状态。
6、确认修改成功。
集群架构:
一、修改数据库用户system密码(在主库完成)
1) 通过kingbase_monitor.sh关闭集群
` `通过手工方式启动主备库的数据库服务(sys_ctl),保证主备库的流复制状态正常(sys_stat_replication),登录主库修改system用户访问数据库的口令,备库自动通过主备复制同步修改。``
2)登录数据库修改system用户密码
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# alter user system with password 'beijing';
ALTER ROLE
TEST=# \q
3)用新密码登录测试
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql: FATAL: password authentication failed for user "system"
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W beijing -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# \c prod;
You are now connected to database "prod" as user "system".
二、在主备库修改recovery.conf 和recovery.done文件密码
注意:
1)除了修改主备库data目录下的recovery.done和recovery.conf文件。
2)还要修改主备库etc下的recovery.done文件,这个文件在备库用network_rewind.sh做recovery时会覆盖备库data下的recovery.conf文件。
1、修改备库recovery.conf:
1) 查看system原密码
[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=MTIzNDU2 application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ echo MTIzNDU2|base64 -d123456
2)加密system用户新密码
[kingbase@node2 data]$ echo beijing |base64YmVpamluZwo=
3)修改recovery.conf和recovery.done文件
[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ cat recovery.donestandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'
2、修改etc/recovery.done文件
三、修改cluster_passwd文件(注意SYSTEM用户名要用大写)
1、修改主库cluster_passwd
1)备份原cluster_passwd文件
[kingbase@node1 etc]$ cp cluster_passwd cluster_passwd.old
2)通过sys_md5工具生成新的密码
[kingbase@node1 etc]$ cd ../bin[kingbase@node1 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing
3)对比新旧密码
[kingbase@node1 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b[kingbase@node1 bin]$ cat ../etc/cluster_passwd.oldSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc
2、修改备库cluster_passwd
[kingbase@node2 data]$ cd ../..[kingbase@node2 kha]$ cd kingbasecluster/bin[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc[kingbase@node2 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b
四、重启集群
1) 重启集群服务
[kingbase@node2 bin]$ ./kingbase_monitor.sh restart-----------------------------------------------------------------------2021-03-22 11:07:20 KingbaseES automation beging...2021-03-22 11:07:20 stop kingbasecluster [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:20 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:21 Done...2021-03-22 11:07:21 stop kingbasecluster [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:21 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:22 Done...2021-03-22 11:07:22 stop kingbase [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:24 Done...2021-03-22 11:07:25 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:25 ON enp0s3execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]Oprate del ip cmd end.2021-03-22 11:07:25 Done...2021-03-22 11:07:25 stop kingbase [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:33 Done...2021-03-22 11:07:34 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:34 ON enp0s3No VIP on my dev, nothing to do.2021-03-22 11:07:34 Done.........................all stop..Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [1]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ADD VIP NOW AT 2021-03-22 11:07:43 ON enp0s3execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]execute: /sbin/arping -U 192.168.7.245 -I enp0s3 -w 1ARPING 192.168.7.245 from 192.168.7.245 enp0s3Sent 1 probes (1 broadcast(s))Received 0 response(s)Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]now,there is a synchronous standby.wait kingbase recovery 5 sec...Authorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [3]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in input......................all started.....now we check againAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.=======================================================================| ip | program| [status][ 192.168.7.248]| [kingbasecluster]| [active][ 192.168.7.249]| [kingbasecluster]| [active][ 192.168.7.248]| [kingbase]| [active][ 192.168.7.249]| [kingbase]| [active]=======================================================================
2)查看集群服务进程
[kingbase@node2 bin]$ ps -ef |grep kingbase
kingbase 2169 1 0 Mar19 ? 00:00:00 /usr/lib/systemd/systemd --user
kingbase 2170 2169 0 Mar19 ? 00:00:00 (sd-pam)
root 3856 2562 0 Mar19 pts/0 00:00:00 su - kingbase
kingbase 3857 3856 0 Mar19 pts/0 00:00:00 -bash
kingbase 380605 1 0 Mar21 ? 00:00:04 /home/kingbase/cluster/kha6/kha6/kingbase/bin/kbha -A daemon -f /home/kingbase/cluster/kha6/kha6/kingbase/bin/../etc/repmgr.conf
kingbase 717813 1 0 11:07 ? 00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data
kingbase 717814 717813 0 11:07 ? 00:00:00 kingbase: logger process
kingbase 717815 717813 0 11:07 ? 00:00:00 kingbase: startup process recovering 000000010000000000000006
kingbase 717819 717813 0 11:07 ? 00:00:00 kingbase: checkpointer process
kingbase 717820 717813 0 11:07 ? 00:00:00 kingbase: writer process
kingbase 717821 717813 0 11:07 ? 00:00:00 kingbase: stats collector process
kingbase 717822 717813 0 11:07 ? 00:00:00 kingbase: wal receiver process streaming 0/60000D0
root 718723 1 0 11:08 ? 00:00:00 ./kingbasecluster -n
root 718766 718723 0 11:08 ? 00:00:00 kingbasecluster: watchdog
root 718767 718723 0 11:08 ? 00:00:00 kingbasecluster: lifecheck
root 718768 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat receiver
root 718769 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat sender
root 718770 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718771 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718772 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718773 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718774 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718775 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718776 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718777 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718778 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718779 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718780 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718781 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718782 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718783 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718784 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718785 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718786 718723 0 11:08 ? 00:00:00 kingbasecluster: PCP: wait for connection request
root 718787 718723 0 11:08 ? 00:00:00 kingbasecluster: worker process
五、在主库上验证集群状态
[kingbase@node1 bin]$ ./ksql -U SYSTEM -W beijing -p 9999 TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# show pool_nodes;
node_id | hostname | port | status | lb_weight | role | select_cnt | load_balance_node | replication_de
lay
---------+---------------+-------+--------+-----------+---------+------------+----------
0 | 192.168.7.248 | 54321 | up | 0.500000 | primary | 0 | true | 0
1 | 192.168.7.249 | 54321 | up | 0.500000 | standby | 0 | false | 0
(2 rows)
TEST=# select * from sys_stat_replication;
pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend
_start | backend_xmin | state | sent_location | write_location | flush_location | replay_location | s
ync_priority | sync_state
--------+----------+---------+------------------+---------------+-----------------+-----
744439 | 10 | SYSTEM | node02 | 192.168.7.249 | | 18376 | 2021-03-22 11:0
7:44.130199+08 | | streaming | 0/60000D0 | 0/60000D0 | 0/60000D0 | 0/60000D0 |
2 | sync
(1 row)
六、总结
本案例是在通用机版本下完成,不同的版本修改,system用户是数据库管理中的管理员,对于密码的修改,尽量能在测试环境下先测试成功后,再在生产环境实施。
KingbaseES R3 集群修改system用户密码方案的更多相关文章
- kingbaseES R3 集群修改data路径测试案例
案例说明: 默认KingbaseES R3集群部署后,数据存储目录(data)在/home/kingbase下,部署时不能更改:本案例是在部署完成后,迁移data目录到其他指定的存储位置. 数据库版本 ...
- KingbaseES R3 集群一键修改集群用户密码案例
案例说明: 在KingbaseES R3集群的最新版本中增加了kingbase_monitor.sh一键修改集群用户密码的功能,本案例是对此功能的测试. kingbaseES R3集群一键修改密码说明 ...
- KingbaseES R3 集群主库归档失败案例
案例说明: 本案例用于KingbaseES R3集群归档进程归档日志失败的处理,对于一线的生产环境具有 一定的参考意义. 数据库版本: TEST=# select version(); VERSION ...
- KingbaseES R3 集群删除test库导致主备无法切换问题
案例说明: 在KingbaseES R3集群中,kingbasecluster进程会通过test库访问,连接后台数据库服务测试:如果删除test数据库,导致后台数据库服务访问失败,在集群主备切换时,无 ...
- KingbaseES R3 集群cluster日志切割和清理案例
案例说明: 对于KingbaseES R3集群的cluster日志默认系统是不做切割和清理的,随着运行时长的增加,日志将增长为一个非常大的文件,占用比较大的磁盘空间,并且在分析问题读取大文件时效率很低 ...
- KingbaseES R3集群在线删除数据节点案例
案例说明: kingbaseES R3集群一主多从的架构,一般有两个节点是集群的管理节点,所有的节点都可以为数据节点:对于非管理节点的数据节点可以在线删除:但是对于管理节点,无法在线删除,如果删除管理 ...
- KingbaseES R6 集群修改物理IP和VIP案例
在用户的实际环境里,可能有时需要修改主机的IP,这就涉及到集群的配置修改.以下以例子的方式,介绍下KingbaseES R6集群如何修改IP. 一.案例测试环境 操作系统: [KINGBASE@nod ...
- KingbaseES R6 集群修改data目录
案例说明: 本案例是在部署完成KingbaseES R6集群后,由于业务的需求,集群需要修改data(数据存储)目录的测试.本案例分两种修改方式,第一种是离线修改data目录,即关闭整个集群后,修改数 ...
- kingbaseES R3 集群配置 SSL
案例说明: 本测试是在非生产环境下,在官方没有明确声明支持KingbaseCluster使用ssl的前提下,建议只能在测试环境使用,避免生产环境下直接使用. 数据库版本: TEST=# selec ...
随机推荐
- 到点了开始网抑云(悲)但是用python(整活)
写在前面的一点网抑云: 爱情不是随便许诺好了不想再说了没错 是我那么多的冷漠 让你感觉到无比的寂寞不过 一个女人的不仅仅渴望得到的一个承诺我害怕欺骗也害怕寂寞更害怕我的心会渐渐地凋落爱情不是随便许诺好 ...
- 干货 |《2022B2B新增长系列之企服行业橙皮书》重磅发布
企服行业面临的宏观环境和微观环境已然发生了明显的变化.一方面,消费级互联网成为过去式,爆发式增长的时代结束.资本.媒体的目光已经悄然聚焦到以企服行业所代表的产品互联网身上,B2B企业正稳步走向C位. ...
- 最强人工智能 OpenAI 极简教程
大家好哇,新同学都叫我张北海,老同学都叫我老胡,其实是一个人,只是我特别喜欢章北海这个<三体>中的人物,张是错别字. 上个月安利了一波:机器学习自动补全代(hán)码(shù)神器,然后就 ...
- 低代码如何构建支持OAuth2.0的后端Web API
OAuth2.0 OAuth 是一个安全协议,用于保护全球范围内大量且不断增长的Web API.它用于连接不同的网站,还支持原生应用和移动应用于云服务之间的连接,同时它也是各个领域标准协议中的安全层. ...
- C++算数运算符和位运算符
C++根据功能和用途将运算符分为算数运算符.位运算符.关系运算符和逻辑运算符等不同类型.四种不同运算符的优先级从大到小依次位算-位-关-逻. 一.算数运算符 1.加减乘除(+ - * /) 加减乘除位 ...
- 初次使用 eolink 感受
最近总有前端小伙伴来找我抱怨,"后端接口出来太晚,影响我的任务进度"."后端接口改了也不通知我一下,到冒烟测试的时候报一堆的错".我拉后端小伙伴了解情况,结果问 ...
- Stream流中的常用方法foeEach和Stream流中的常用方法filter
延迟方法:返回值类型仍然是Stream接口自身类型的方法,因此支持链式调用.(除了中介方法外,其余方法均为延迟方法) 终结方法:返回值类型不再是Stream接口自身类型的方法,因此不再支持类似Stri ...
- 使用python3.7+Vue.js2.0+Django2.0.4异步前端通过api上传文件到七牛云云端存储
原文转载自「刘悦的技术博客」https://v3u.cn/a_id_130 之前一篇文章是通过普通js+tornado来上传七牛云:使用Tornado配合七牛云存储api来异步切分上传文件,本次使用v ...
- 基于Docker在Win10平台搭建Ruby on Rails 6.0框架开发环境
原文转载自「刘悦的技术博客」https://v3u.cn/a_id_170 2020年,"非著名Web框架"–Ruby on Rails已经15岁了.在今年,Rails 6.0趋于 ...
- 论文翻译:2022_Time-Frequency Attention for Monaural Speech Enhancement
论文地址:单耳语音增强的时频注意 引用格式:Zhang Q, Song Q, Ni Z, et al. Time-Frequency Attention for Monaural Speech Enh ...