KingbaseES V8R6C5关闭root用户ssh登录部署集群案例
作者:互联网
案例说明:
对于KingbaseES V8R6C5版本在部集群时,需要建立kingbase、root用户在节点间的ssh互信,如果在生产环境禁用root用户ssh登录,则通过ssh部署会失败;在图形化部署时可以借用securecmdd工具进行节点之间通讯;对于手工脚本部署,如果root用户被禁用ssh登录,则无法完成集群的部署。如下所示,在图形化部署时,使用已经部署的securecmdd工具:
禁用root用户ssh登录,添加节点部署失败:
数据库版本:
一、在节点部署securecmdd工具
详细操作见:https://note.youdao.com/s/TcY9epcu
《KingbaseES V8R6C5集群部署启动securecmdd服务配置案例》
二、图形化部署集群
注意: 已经建立了节点间kingbase用户的ssh互信。
1、添加primary节点
2、使用8890在节点间通讯
3、primary节点部署成功
二、standby节点部署
1、在主节点创建成功后,添加备库节点
2、standby节点部署成功
=== 以上所示,集群部署成功!===
三、查看集群状态信息
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | primary | * running | | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | standby | running | node200 | default | 100 | 1 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
四、重启集群测试
[kingbase@node2 bin]$ ./sys_monitor.sh restart
2022-05-23 15:49:31 Ready to stop all DB ...
......
2022-05-23 15:50:01 begin to stop DB on "[192.168.8.201]".
waiting for server to shut down........ done
server stopped
2022-05-23 15:50:07 DB on "[192.168.8.201]" stop success.
2022-05-23 15:50:07 Done.
2022-05-23 15:50:07 Ready to start all DB ...
2022-05-23 15:50:07 begin to start DB on "[192.168.8.201]".
waiting for server to start.... done
server started
........
2022-05-23 15:50:42 repmgrd on "[192.168.8.201]" start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node200 | primary | * running | | running | 9787 | no | n/a
2 | node201 | standby | running | node200 | running | 16507 | no | 0 second(s) ago
[2022-05-23 15:50:53] [NOTICE] redirecting logging output to "/home/kingbase/cluster/pro_r6/r6_ha/kingbase/log/kbha.log"
[2022-05-23 15:51:09] [NOTICE] redirecting logging output to "/home/kingbase/cluster/pro_r6/r6_ha/kingbase/log/kbha.log"
2022-05-23 15:51:13 Done.
五、switchover切换测试
# 切换前状态
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | primary | * running | | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | standby | running | node200 | default | 100 | 1 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
# 执行switchover切换
[kingbase@node2 bin]$ ./repmgr standby switchover -h 192.168.8.200 -U esrep -d esrep
WARNING: following problems with command line parameters detected:
database connection parameters not required when executing STANDBY SWITCHOVER
NOTICE: executing switchover on node "node201" (ID: 2)
INFO: The output from primary check cmd "repmgr node check --terse -LERROR --archive-ready --optformat" is: "--status=OK --files=0
"
.....
INFO: unpause node "node201" (ID 2) successfully
NOTICE: STANDBY SWITCHOVER has completed successfully
You have new mail in /var/spool/mail/kingbase
# switchover后集群状态
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | standby | running | node201 | default | 100 | 1 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | primary | * running | | default | 100 | 2 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
六、failover切换测试
1、关闭主库数据库服务
[kingbase@node2 bin]$ ./sys_ctl stop -D ../data
waiting for server to shut down........ done
server stopped
2、查看切换后集群状态
[kingbase@node1 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node200 | primary | * running | | default | 100 | 3 | host=192.168.8.200 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node201 | standby | running | node200 | default | 100 | 2 | host=192.168.8.201 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
You have new mail in /var/spool/mail/kingbase
七、总结
1、 对于生产环境不允许root用户ssh登录(普通用户可以并建立ssh互信)时,可以采用图形化方式部署集群,但是必须提前在所有节点部署和启动securecmdd服务。
2、然后选择”在已启动securecmdd的环境下部署“。
3、部署完成后,经测试,在root用户不能ssh登录系统,不影响集群的切换和启动及关闭。
**案例2、root用户不能ssh登录,手工脚本部署故障案例**
1、在install.conf中配置“bmj=0”,还会需要root使用ssh
2、如果将install.conf中配置“bmj=1“,则部署脚本无法使用,需要对脚本进行编辑
标签:10,KingbaseES,192.168,kingbase,running,ssh,keepalives,root 来源: https://www.cnblogs.com/tiany1224/p/16302281.html