KingbaseES V8R6C5關閉root使用者ssh登入部署叢集案例
阿新 • • 發佈:2022-05-23
案例說明:
對於KingbaseES V8R6C5版本在部叢集時,需要建立kingbase、root使用者在節點間的ssh互信,如果在生產環境禁用root使用者ssh登入,則通過ssh部署會失敗;在圖形化部署時可以借用securecmdd工具進行節點之間通訊;對於手工指令碼部署,如果root使用者被禁用ssh登入,則無法完成叢集的部署。如下所示,在圖形化部署時,使用已經部署的securecmdd工具:
禁用root使用者ssh登入,新增節點部署失敗:
資料庫版本:
一、在節點部署securecmdd工具
詳細操作見:https://note.youdao.com/s/TcY9epcu
《KingbaseES V8R6C5叢集部署啟動securecmdd服務配置案例》
二、圖形化部署叢集
注意: 已經建立了節點間kingbase使用者的ssh互信。
1、新增primary節點
2、使用8890在節點間通訊
3、primary節點部署成功
二、standby節點部署
1、在主節點建立成功後,新增備庫節點
2、standby節點部署成功
=== 以上所示,叢集部署成功!===
三、檢視叢集狀態資訊
[kingbase@node2 bin]$ ./repmgr cluster show ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string ----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------- 1 | node200 | primary | * running | | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3 2 | node201 | standby | running | node200 | default | 100 | 1 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
四、重啟叢集測試
[kingbase@node2 bin]$ ./sys_monitor.sh restart 2022-05-23 15:49:31 Ready to stop all DB ... ...... 2022-05-23 15:50:01 begin to stop DB on "[192.168.8.201]". waiting for server to shut down........ done server stopped 2022-05-23 15:50:07 DB on "[192.168.8.201]" stop success. 2022-05-23 15:50:07 Done. 2022-05-23 15:50:07 Ready to start all DB ... 2022-05-23 15:50:07 begin to start DB on "[192.168.8.201]". waiting for server to start.... done server started ........ 2022-05-23 15:50:42 repmgrd on "[192.168.8.201]" start success. ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen ----+---------+---------+-----------+----------+---------+-------+---------+-------------------- 1 | node200 | primary | * running | | running | 9787 | no | n/a 2 | node201 | standby | running | node200 | running | 16507 | no | 0 second(s) ago [2022-05-23 15:50:53] [NOTICE] redirecting logging output to "/home/kingbase/cluster/pro_r6/r6_ha/kingbase/log/kbha.log" [2022-05-23 15:51:09] [NOTICE] redirecting logging output to "/home/kingbase/cluster/pro_r6/r6_ha/kingbase/log/kbha.log" 2022-05-23 15:51:13 Done.
五、switchover切換測試
# 切換前狀態
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | primary | * running | | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | standby | running | node200 | default | 100 | 1 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
# 執行switchover切換
[kingbase@node2 bin]$ ./repmgr standby switchover -h 192.168.8.200 -U esrep -d esrep
WARNING: following problems with command line parameters detected:
database connection parameters not required when executing STANDBY SWITCHOVER
NOTICE: executing switchover on node "node201" (ID: 2)
INFO: The output from primary check cmd "repmgr node check --terse -LERROR --archive-ready --optformat" is: "--status=OK --files=0
"
.....
INFO: unpause node "node201" (ID 2) successfully
NOTICE: STANDBY SWITCHOVER has completed successfully
You have new mail in /var/spool/mail/kingbase
# switchover後集群狀態
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | standby | running | node201 | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | primary | * running | | default | 100 | 2 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
六、failover切換測試
1、關閉主庫資料庫服務
[kingbase@node2 bin]$ ./sys_ctl stop -D ../data
waiting for server to shut down........ done
server stopped
2、檢視切換後集群狀態
[kingbase@node1 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | primary | * running | | default | 100 | 3 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | standby | running | node200 | default | 100 | 2 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
You have new mail in /var/spool/mail/kingbase
七、總結
1、 對於生產環境不允許root使用者ssh登入(普通使用者可以並建立ssh互信)時,可以採用圖形化方式部署叢集,但是必須提前在所有節點部署和啟動securecmdd服務。
2、然後選擇”在已啟動securecmdd的環境下部署“。
3、部署完成後,經測試,在root使用者不能ssh登入系統,不影響叢集的切換和啟動及關閉。
**案例2、root使用者不能ssh登入,手工指令碼部署故障案例**
1、在install.conf中配置“bmj=0”,還會需要root使用ssh
2、如果將install.conf中配置“bmj=1“,則部署指令碼無法使用,需要對指令碼進行編輯