KingbaseES R3 集群修改system用户密码方案
方案说明:
对于kingbaseES R3集群修改system密码相比单机环境有一定的复杂性,需要修改的位置如下:
1)数据库中system用户密码,可以用alter user命令修改
2)在recovery.conf和recovery.done文件中,备库连接主库时,需要使用system用户认证(base64加密)
3)集群认证文件cluster_passwd中需要使用system用户认证,密码采用sys_md5工具加密。
案例数据库版本:
TEST=# select version();
version
-----------------------------------------------------------------------------------------------------------------
Kingbase V008R003C002B0180 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46),64-bit
(1 row)
案例操作步骤:
1、修改数据库system用户密码,可以分两种情况:
1)在集群正常运行时,直接在主库修改,自动同步到备库,然后再在主备库用system新密码登录测试。
2)正常关闭集群后,只启动主备库数据库服务,确认流复制状态正常后,在主库修改system密码,然后在主备库登录测试。
2、正常关闭集群,修改主备库中recovery.conf和recovery.done中的system密码,(注意data和etc目录下都要修改)。
3、修改主备库中kingbasecluster连接中的SYSTEM密码,此密码采用md5加密。
4、重新启动集群测试。
5、查看集群中节点的状态,流复制状态,system用户访问数据库的状态。
6、确认修改成功。
集群架构:
一、修改数据库用户system密码(在主库完成)
1) 通过kingbase_monitor.sh关闭集群
` `通过手工方式启动主备库的数据库服务(sys_ctl),保证主备库的流复制状态正常(sys_stat_replication),登录主库修改system用户访问数据库的口令,备库自动通过主备复制同步修改。``
2)登录数据库修改system用户密码
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# alter user system with password 'beijing';
ALTER ROLE
TEST=# \q
3)用新密码登录测试
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql: FATAL: password authentication failed for user "system"
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W beijing -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# \c prod;
You are now connected to database "prod" as user "system".
二、在主备库修改recovery.conf 和recovery.done文件密码
注意:
1)除了修改主备库data目录下的recovery.done和recovery.conf文件。
2)还要修改主备库etc下的recovery.done文件,这个文件在备库用network_rewind.sh做recovery时会覆盖备库data下的recovery.conf文件。
1、修改备库recovery.conf:
1) 查看system原密码
[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=MTIzNDU2 application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ echo MTIzNDU2|base64 -d123456
2)加密system用户新密码
[kingbase@node2 data]$ echo beijing |base64YmVpamluZwo=
3)修改recovery.conf和recovery.done文件
[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ cat recovery.donestandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'
2、修改etc/recovery.done文件
三、修改cluster_passwd文件(注意SYSTEM用户名要用大写)
1、修改主库cluster_passwd
1)备份原cluster_passwd文件
[kingbase@node1 etc]$ cp cluster_passwd cluster_passwd.old
2)通过sys_md5工具生成新的密码
[kingbase@node1 etc]$ cd ../bin[kingbase@node1 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing
3)对比新旧密码
[kingbase@node1 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b[kingbase@node1 bin]$ cat ../etc/cluster_passwd.oldSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc
2、修改备库cluster_passwd
[kingbase@node2 data]$ cd ../..[kingbase@node2 kha]$ cd kingbasecluster/bin[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc[kingbase@node2 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b
四、重启集群
1) 重启集群服务
[kingbase@node2 bin]$ ./kingbase_monitor.sh restart-----------------------------------------------------------------------2021-03-22 11:07:20 KingbaseES automation beging...2021-03-22 11:07:20 stop kingbasecluster [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:20 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:21 Done...2021-03-22 11:07:21 stop kingbasecluster [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:21 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:22 Done...2021-03-22 11:07:22 stop kingbase [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:24 Done...2021-03-22 11:07:25 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:25 ON enp0s3execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]Oprate del ip cmd end.2021-03-22 11:07:25 Done...2021-03-22 11:07:25 stop kingbase [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:33 Done...2021-03-22 11:07:34 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:34 ON enp0s3No VIP on my dev, nothing to do.2021-03-22 11:07:34 Done.........................all stop..Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [1]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ADD VIP NOW AT 2021-03-22 11:07:43 ON enp0s3execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]execute: /sbin/arping -U 192.168.7.245 -I enp0s3 -w 1ARPING 192.168.7.245 from 192.168.7.245 enp0s3Sent 1 probes (1 broadcast(s))Received 0 response(s)Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]now,there is a synchronous standby.wait kingbase recovery 5 sec...Authorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [3]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in input......................all started.....now we check againAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.=======================================================================| ip | program| [status][ 192.168.7.248]| [kingbasecluster]| [active][ 192.168.7.249]| [kingbasecluster]| [active][ 192.168.7.248]| [kingbase]| [active][ 192.168.7.249]| [kingbase]| [active]=======================================================================
2)查看集群服务进程
[kingbase@node2 bin]$ ps -ef |grep kingbase
kingbase 2169 1 0 Mar19 ? 00:00:00 /usr/lib/systemd/systemd --user
kingbase 2170 2169 0 Mar19 ? 00:00:00 (sd-pam)
root 3856 2562 0 Mar19 pts/0 00:00:00 su - kingbase
kingbase 3857 3856 0 Mar19 pts/0 00:00:00 -bash
kingbase 380605 1 0 Mar21 ? 00:00:04 /home/kingbase/cluster/kha6/kha6/kingbase/bin/kbha -A daemon -f /home/kingbase/cluster/kha6/kha6/kingbase/bin/../etc/repmgr.conf
kingbase 717813 1 0 11:07 ? 00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data
kingbase 717814 717813 0 11:07 ? 00:00:00 kingbase: logger process
kingbase 717815 717813 0 11:07 ? 00:00:00 kingbase: startup process recovering 000000010000000000000006
kingbase 717819 717813 0 11:07 ? 00:00:00 kingbase: checkpointer process
kingbase 717820 717813 0 11:07 ? 00:00:00 kingbase: writer process
kingbase 717821 717813 0 11:07 ? 00:00:00 kingbase: stats collector process
kingbase 717822 717813 0 11:07 ? 00:00:00 kingbase: wal receiver process streaming 0/60000D0
root 718723 1 0 11:08 ? 00:00:00 ./kingbasecluster -n
root 718766 718723 0 11:08 ? 00:00:00 kingbasecluster: watchdog
root 718767 718723 0 11:08 ? 00:00:00 kingbasecluster: lifecheck
root 718768 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat receiver
root 718769 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat sender
root 718770 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718771 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718772 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718773 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718774 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718775 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718776 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718777 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718778 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718779 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718780 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718781 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718782 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718783 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718784 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718785 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
root 718786 718723 0 11:08 ? 00:00:00 kingbasecluster: PCP: wait for connection request
root 718787 718723 0 11:08 ? 00:00:00 kingbasecluster: worker process
五、在主库上验证集群状态
[kingbase@node1 bin]$ ./ksql -U SYSTEM -W beijing -p 9999 TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# show pool_nodes;
node_id | hostname | port | status | lb_weight | role | select_cnt | load_balance_node | replication_de
lay
---------+---------------+-------+--------+-----------+---------+------------+----------
0 | 192.168.7.248 | 54321 | up | 0.500000 | primary | 0 | true | 0
1 | 192.168.7.249 | 54321 | up | 0.500000 | standby | 0 | false | 0
(2 rows)
TEST=# select * from sys_stat_replication;
pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend
_start | backend_xmin | state | sent_location | write_location | flush_location | replay_location | s
ync_priority | sync_state
--------+----------+---------+------------------+---------------+-----------------+-----
744439 | 10 | SYSTEM | node02 | 192.168.7.249 | | 18376 | 2021-03-22 11:0
7:44.130199+08 | | streaming | 0/60000D0 | 0/60000D0 | 0/60000D0 | 0/60000D0 |
2 | sync
(1 row)
六、总结
本案例是在通用机版本下完成,不同的版本修改,system用户是数据库管理中的管理员,对于密码的修改,尽量能在测试环境下先测试成功后,再在生产环境实施。
KingbaseES R3 集群修改system用户密码方案的更多相关文章
- kingbaseES R3 集群修改data路径测试案例
案例说明: 默认KingbaseES R3集群部署后,数据存储目录(data)在/home/kingbase下,部署时不能更改:本案例是在部署完成后,迁移data目录到其他指定的存储位置. 数据库版本 ...
- KingbaseES R3 集群一键修改集群用户密码案例
案例说明: 在KingbaseES R3集群的最新版本中增加了kingbase_monitor.sh一键修改集群用户密码的功能,本案例是对此功能的测试. kingbaseES R3集群一键修改密码说明 ...
- KingbaseES R3 集群主库归档失败案例
案例说明: 本案例用于KingbaseES R3集群归档进程归档日志失败的处理,对于一线的生产环境具有 一定的参考意义. 数据库版本: TEST=# select version(); VERSION ...
- KingbaseES R3 集群删除test库导致主备无法切换问题
案例说明: 在KingbaseES R3集群中,kingbasecluster进程会通过test库访问,连接后台数据库服务测试:如果删除test数据库,导致后台数据库服务访问失败,在集群主备切换时,无 ...
- KingbaseES R3 集群cluster日志切割和清理案例
案例说明: 对于KingbaseES R3集群的cluster日志默认系统是不做切割和清理的,随着运行时长的增加,日志将增长为一个非常大的文件,占用比较大的磁盘空间,并且在分析问题读取大文件时效率很低 ...
- KingbaseES R3集群在线删除数据节点案例
案例说明: kingbaseES R3集群一主多从的架构,一般有两个节点是集群的管理节点,所有的节点都可以为数据节点:对于非管理节点的数据节点可以在线删除:但是对于管理节点,无法在线删除,如果删除管理 ...
- KingbaseES R6 集群修改物理IP和VIP案例
在用户的实际环境里,可能有时需要修改主机的IP,这就涉及到集群的配置修改.以下以例子的方式,介绍下KingbaseES R6集群如何修改IP. 一.案例测试环境 操作系统: [KINGBASE@nod ...
- KingbaseES R6 集群修改data目录
案例说明: 本案例是在部署完成KingbaseES R6集群后,由于业务的需求,集群需要修改data(数据存储)目录的测试.本案例分两种修改方式,第一种是离线修改data目录,即关闭整个集群后,修改数 ...
- kingbaseES R3 集群配置 SSL
案例说明: 本测试是在非生产环境下,在官方没有明确声明支持KingbaseCluster使用ssl的前提下,建议只能在测试环境使用,避免生产环境下直接使用. 数据库版本: TEST=# selec ...
随机推荐
- BluePrism手把手教程2.0 创建流程
2.0.1 创建流程 2.0.2 设置流程名称 2.0.3 添加流程说明 2.0.4 添加流程成功 2.0.4 打开新建的流程 RPA行业微信交流群,欢迎大家扫码加入一起交流,此群用于RPA行业技术. ...
- python之多进程and多线程
图文来自互联网 一.什么是进程和线程 (https://jq.qq.com/?_wv=1027&k=rX9CWKg4) 进程是分配资源的最小单位,线程是系统调度的最小单位. 当应用程序运行时最 ...
- HashSet存储自定义类型元素和LinkedHashSet集合
HashSet集合存储自定义类型元素 HashSet存储自定义类型元素 set集合报错元素唯一: ~存储的元素(String,Integer,-Student,Person-)必须重写hashCode ...
- 毫秒值的概念和作用 --Date类的构造方法和成员方法
一, Date类类 Date 表示特定的瞬间,精确到毫秒. 毫秒:千分之一秒作用:可以对时间和日期进行计算可一把日期转换为毫秒进行计算,计算完毕,再转换为日期. 把日期转换为毫秒:当前的日期:202 ...
- 意想不到的Python ttkbootstrap 制作账户注册信息界面
嗨害大家好,我是小熊猫 今天给大家来整一个旧活~ 前言 ttkbootstrap 是一个基于 tkinter 的界面美化库,使用这个工具可以开发出类似前端 bootstrap 风格的tkinter 桌 ...
- Linux中安装JDK详细步骤
一.下载Linux版本的JDK 进入官网下载对应的JDK,下载之前需要先登录 官网地址 -> https://www.oracle.com/ 登录成功后,找到对应的下载位置 根据自己电脑下载对应 ...
- maven项目(引入依赖失败, pom.xml 报错\爆红)
引入项目过程中,idea引入磁盘的某个的maven项目 这里以springboot项目以例子,发现pom.xml 的依赖大面积爆红,springboot的版本依赖也报错了,然后发现下面有进度条在下载, ...
- css基础06
精灵图就是只要导入一张照片(这张照片里面有很多很多的小图标和照片),然后通过background-position来移动位置,使网页显示出对应图片或者图标.一般都是负值. 下载然后导入项目里. 不同浏 ...
- 【springcloud】环境搭建与Rest使快速上手
SpringCloud环境搭建 --- Rest使用 个人主页:https://www.cnblogs.com/xbudian/ 今天来到SpringCloud的学习,我们从spring boot微服 ...
- CF 559C - Gerald and Giant Chess (组合计数)
\(C_{x+y}^y\)的公式,DP容斥删多余贡献. #include <cstdio> #include <iostream> #include <cstring&g ...