KingbaseES V8R6 集群运维系列 -- 读写分离集群修改ssh端口
案例说明:
KingbaseES V8R6集群在部署运行后,由于生产安全的需求,需要将ssh默认通讯端口修改,由于默认集群节点之间通过ssh建立互信连接,如果系统修改了ssh默认端口,将影响集群节点的ssh连接。本案例描述了,如何修改集群配置来应对系统对ssh端口的修改。
适用版本:
KingbaseES V8R6
集群架构:
案例操作说明:
1)本案例在通用机环境下执行。
2)修改ssh端口对于集群的运行,只需要修改repmgr.conf文件中变量即可。
一、查看当前集群状态
[kingbase@node2 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------
1 | node248 | standby | running | node249 | default | 100 | 6 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node249 | primary | * running | | default | 100 | 6 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count
二、修改操作系统和集群配置文件ssh端口号(所有节点)
1)查看系统原ssh端口号(默认22)
[kingbase@node2 bin]$ netstat -antlp |grep 22
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 192.168.7.249:22 192.168.7.116:55883 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
2)查看集群repmgr.conf应用ssh端口
[kingbase@node2 bin]$ cat ../etc/repmgr.conf|grep ssh
ssh_options='-q -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ServerAliveInterval=2 -o ServerAliveCountMax=5 -p 22'
=== 默认用-p 22 指定集群ssh通讯端口===
3)修改操作系统配置
[root@node1 ~]# cat /etc/ssh/sshd_config|grep -i Port
# If you want to change the port on a SELinux system, you have to tell
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Port 2222
[kingbase@node101 data]$ cat /etc/services |grep -i ssh
ssh 2222/tcp # The Secure Shell (SSH) Protocol
ssh 2222/udp # The Secure Shell (SSH) Protocol
4)修改集群ssh通讯端口(改为2222)
[kingbase@node1 bin]$ cat ../etc/repmgr.conf |grep ssh
ssh_options='-q -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ServerAliveInterval=2 -o ServerAliveCountMax=5 -p 2222'
5)重启sshd服务
[root@node1 ~]# systemctl restart sshd
[root@node1 ~]# netstat -an |grep 22
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
6)通过非默认端口ssh连接测试
[root@node1 ~]# ssh -p 2222 node2
Last failed login: Mon Mar 1 17:06:07 CST 2021 from 192.168.7.116 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Mon Mar 1 16:43:29 2021 from 192.168.7.249
=== 从以上可知,修改端口后ssh信任关系正常===
7)sys_monitor.sh重启集群测试
[kingbase@node1 bin]$ ./sys_monitor.sh restart
2021-03-01 17:29:55 Ready to stop all DB ...
......
2021-03-01 17:30:32 repmgrd on "[192.168.7.249]" start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node248 | standby | running | node249 | running | 16767 | no | 0 second(s) ago
2 | node249 | primary | * running | | running | 17865 | no | n/a
2021-03-01 17:30:38 Done.
8)查看集群节点状态
[kingbase@node1 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------
1 | node248 | standby | running | node249 | default | 100 | 6 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node249 | primary | * running | | default | 100 | 6 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count
=== 从以上可知,修改ssh端口后,集群通讯正常===
三、总结
对于KingbaseES V8R6集群部署后,修改ssh端口操作比较简单。但在使用sys_backup.sh执行数据库物理备份时仍然用到了ssh连接,修改ssh端口后,会影响调用sys_backup.sh执行备份操作,关于sys_backup.sh在修改ssh端口后如何操作,请看另外的博文《kingbaseES V8R6集群运维案例---修改ssh端口执行sys_backup.sh备份》。
KINGBASE研究院
