V2AS问路
KingbaseES R3 集群修改system用户密码方案
阅读原文时间:2023年07月09日阅读:4

方案说明:

   对于kingbaseES R3集群修改system密码相比单机环境有一定的复杂性,需要修改的位置如下:
   1)数据库中system用户密码,可以用alter user命令修改
   2)在recovery.conf和recovery.done文件中,备库连接主库时,需要使用system用户认证(base64加密)
   3)集群认证文件cluster_passwd中需要使用system用户认证,密码采用sys_md5工具加密。

案例数据库版本:

TEST=# select version();
                                                         version
-----------------------------------------------------------------------------------------------------------------
 Kingbase V008R003C002B0180 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46),64-bit
(1 row)

案例操作步骤:

1、修改数据库system用户密码,可以分两种情况:
     1)在集群正常运行时,直接在主库修改,自动同步到备库,然后再在主备库用system新密码登录测试。
     2)正常关闭集群后,只启动主备库数据库服务,确认流复制状态正常后,在主库修改system密码,然后在主备库登录测试。
2、正常关闭集群,修改主备库中recovery.conf和recovery.done中的system密码,(注意data和etc目录下都要修改)。
3、修改主备库中kingbasecluster连接中的SYSTEM密码,此密码采用md5加密。
4、重新启动集群测试。
5、查看集群中节点的状态,流复制状态,system用户访问数据库的状态。
6、确认修改成功。

集群架构:

一、修改数据库用户system密码(在主库完成)

1) 通过kingbase_monitor.sh关闭集群

` `通过手工方式启动主备库的数据库服务(sys_ctl),保证主备库的流复制状态正常(sys_stat_replication),登录主库修改system用户访问数据库的口令,备库自动通过主备复制同步修改。``

2)登录数据库修改system用户密码

[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql (V008R003C002B0180)
Type "help" for help.

TEST=# alter user system with password 'beijing';
ALTER ROLE
TEST=# \q

3)用新密码登录测试

[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql: FATAL:  password authentication failed for user "system"

[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W beijing -d TEST
ksql (V008R003C002B0180)
Type "help" for help.

TEST=# \c prod;
You are now connected to database "prod" as user "system".

二、在主备库修改recovery.conf 和recovery.done文件密码

注意:
     1)除了修改主备库data目录下的recovery.done和recovery.conf文件。
     2)还要修改主备库etc下的recovery.done文件,这个文件在备库用network_rewind.sh做recovery时会覆盖备库data下的recovery.conf文件。

1、修改备库recovery.conf:

1) 查看system原密码

[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=MTIzNDU2 application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ echo MTIzNDU2|base64 -d123456

2)加密system用户新密码

[kingbase@node2 data]$ echo beijing |base64YmVpamluZwo=

3)修改recovery.conf和recovery.done文件

[kingbase@node2 data]$ cat recovery.confstandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'[kingbase@node2 data]$ cat recovery.donestandby_mode='on'primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'recovery_target_timeline='latest'primary_slot_name ='slot_node02'

2、修改etc/recovery.done文件

三、修改cluster_passwd文件(注意SYSTEM用户名要用大写)

1、修改主库cluster_passwd

1)备份原cluster_passwd文件

[kingbase@node1 etc]$ cp cluster_passwd cluster_passwd.old

2)通过sys_md5工具生成新的密码

[kingbase@node1 etc]$ cd ../bin[kingbase@node1 bin]$ ./sys_md5  -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing

3)对比新旧密码

[kingbase@node1 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b[kingbase@node1 bin]$ cat ../etc/cluster_passwd.oldSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc

2、修改备库cluster_passwd

[kingbase@node2 data]$ cd ../..[kingbase@node2 kha]$ cd kingbasecluster/bin[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc[kingbase@node2 bin]$ ./sys_md5  -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing[kingbase@node2 bin]$ cat ../etc/cluster_passwdSUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102SYSTEM:md53b8241a37e0492c38a986844abb8d06b

四、重启集群

1) 重启集群服务

[kingbase@node2 bin]$ ./kingbase_monitor.sh restart-----------------------------------------------------------------------2021-03-22 11:07:20 KingbaseES automation beging...2021-03-22 11:07:20 stop kingbasecluster [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:20 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:21 Done...2021-03-22 11:07:21 stop kingbasecluster [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:21 ON enp0s3No VIP on my dev, nothing to do.Authorized users only. All activities may be monitored and reported.2021-03-22 11:07:22 Done...2021-03-22 11:07:22 stop kingbase [192.168.7.248] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:24 Done...2021-03-22 11:07:25 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:25 ON enp0s3execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]Oprate del ip cmd end.2021-03-22 11:07:25 Done...2021-03-22 11:07:25 stop kingbase [192.168.7.249] ...Authorized users only. All activities may be monitored and reported.set /home/kingbase/cluster/kha/db/data down now...2021-03-22 11:07:33 Done...2021-03-22 11:07:34 Del kingbase VIP [192.168.7.245/24] ...Authorized users only. All activities may be monitored and reported.DEL VIP NOW AT 2021-03-22 11:07:34 ON enp0s3No VIP on my dev, nothing to do.2021-03-22 11:07:34 Done.........................all stop..Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping trust ip 192.168.7.1 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [1]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ADD VIP NOW AT 2021-03-22 11:07:43 ON enp0s3execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]execute: /sbin/arping -U 192.168.7.245 -I enp0s3 -w 1ARPING 192.168.7.245 from 192.168.7.245 enp0s3Sent 1 probes (1 broadcast(s))Received 0 response(s)Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.start crontab kingbase position : [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]Authorized users only. All activities may be monitored and reported.ping vip 192.168.7.245 success ping times :[3], success times:[3]now,there is a synchronous standby.wait kingbase recovery 5 sec...Authorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [2]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.start crontab kingbasecluster line number: [3]Redirecting to /bin/systemctl restart crond.serviceAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in input......................all started.....now we check againAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported./home/kingbase/cluster/kha/db/bin/all_monitor.sh: line 306: warning: command substitution: ignored null byte in inputAuthorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.=======================================================================|             ip |                       program|              [status][  192.168.7.248]|             [kingbasecluster]|              [active][  192.168.7.249]|             [kingbasecluster]|              [active][  192.168.7.248]|                    [kingbase]|              [active][  192.168.7.249]|                    [kingbase]|              [active]=======================================================================

2)查看集群服务进程

[kingbase@node2 bin]$ ps -ef |grep kingbase
kingbase    2169       1  0 Mar19 ?        00:00:00 /usr/lib/systemd/systemd --user
kingbase    2170    2169  0 Mar19 ?        00:00:00 (sd-pam)
root        3856    2562  0 Mar19 pts/0    00:00:00 su - kingbase
kingbase    3857    3856  0 Mar19 pts/0    00:00:00 -bash
kingbase  380605       1  0 Mar21 ?        00:00:04 /home/kingbase/cluster/kha6/kha6/kingbase/bin/kbha -A daemon -f /home/kingbase/cluster/kha6/kha6/kingbase/bin/../etc/repmgr.conf
kingbase  717813       1  0 11:07 ?        00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data
kingbase  717814  717813  0 11:07 ?        00:00:00 kingbase: logger process
kingbase  717815  717813  0 11:07 ?        00:00:00 kingbase: startup process   recovering 000000010000000000000006
kingbase  717819  717813  0 11:07 ?        00:00:00 kingbase: checkpointer process
kingbase  717820  717813  0 11:07 ?        00:00:00 kingbase: writer process
kingbase  717821  717813  0 11:07 ?        00:00:00 kingbase: stats collector process
kingbase  717822  717813  0 11:07 ?        00:00:00 kingbase: wal receiver process   streaming 0/60000D0
root      718723       1  0 11:08 ?        00:00:00 ./kingbasecluster -n
root      718766  718723  0 11:08 ?        00:00:00 kingbasecluster: watchdog
root      718767  718723  0 11:08 ?        00:00:00 kingbasecluster: lifecheck
root      718768  718767  0 11:08 ?        00:00:00 kingbasecluster: heartbeat receiver
root      718769  718767  0 11:08 ?        00:00:00 kingbasecluster: heartbeat sender
root      718770  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718771  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718772  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718773  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718774  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718775  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718776  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718777  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718778  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718779  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718780  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718781  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718782  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718783  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718784  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718785  718723  0 11:08 ?        00:00:00 kingbasecluster: wait for connection request
root      718786  718723  0 11:08 ?        00:00:00 kingbasecluster: PCP: wait for connection request
root      718787  718723  0 11:08 ?        00:00:00 kingbasecluster: worker process

五、在主库上验证集群状态

[kingbase@node1 bin]$ ./ksql -U SYSTEM -W beijing -p 9999 TEST
ksql (V008R003C002B0180)
Type "help" for help.

TEST=# show pool_nodes;
 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_de
lay
---------+---------------+-------+--------+-----------+---------+------------+----------
 0       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | true              | 0
 1       | 192.168.7.249 | 54321 | up     | 0.500000  | standby | 0          | false             | 0
(2 rows)

TEST=# select * from sys_stat_replication;
  pid   | usesysid | usename | application_name |  client_addr  | client_hostname | client_port |         backend
_start         | backend_xmin |   state   | sent_location | write_location | flush_location | replay_location | s
ync_priority | sync_state
--------+----------+---------+------------------+---------------+-----------------+-----
 744439 |       10 | SYSTEM  | node02           | 192.168.7.249 |                 |       18376 | 2021-03-22 11:0
7:44.130199+08 |              | streaming | 0/60000D0     | 0/60000D0      | 0/60000D0      | 0/60000D0       |
           2 | sync
(1 row)

六、总结

本案例是在通用机版本下完成,不同的版本修改,system用户是数据库管理中的管理员,对于密码的修改,尽量能在测试环境下先测试成功后,再在生产环境实施。

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章

KingbaseES wal(xlog) 日志清理故障恢复案例
KingbaseES R6 集群“双主”故障解决案例