KingbaseES V8R3 集群运维系列之 -- 一键修改集群用户密码


案例说明:
在KingbaseES V8R3集群的最新版本中增加了kingbase_monitor.sh一键修改集群用户密码的功能,由于KingbaseES V8R3集群用户密码除了修改数据库登录密码,还要修改对应的配置文件,手工修改容易遗漏。通过对一键修改密码功能的操作,可以在生产过程中简化对集群的维护。

kingbaseES V8R3集群一键修改密码说明:

1、 命令行命令
kingbase_monitor.sh change_password user old_password new_password

kingbase_monitor.sh change_password user old_password new_password —修改集群使用的用户的密码。

2、描述
kingbase_monitor.sh change_password user old_password new_password判断用户是否为集群使用的用户,如果是则修改用户密码,如果不是则提示用户集群未使用该用户,请使用sql方式修改用户密码。

3、选项
以下是脚本执行参数:

change_password
脚本调用修改用户密码函数
user
要进行修改密码的用户,只能是集群初始化时指定的用户
old_password
用户的旧密码
new_password
用户的新密码

例:

4、注意事项

1.必须在集群所有节点状态正常的情况下才能执行修改密码操作
2.kingbase_monitor.sh change_password 用户名 '旧密码' '新密码' 使用一键修改密码功能时 旧密码,新密码参数必须使用''括起来
3.用户必须是集群流复制使用的用户才能进行修改密码,否则会提示集群未使用该用户,请使用sql alter user命令进行修改密码

适用版本:
KingbaseES V8R3

集群架构:

一、查看集群状态

TEST=# show pool_nodes;
 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay 
---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------
 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | false             | 0
 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | true              | 0
(2 rows)

TEST=# select * from sys_stat_replication;
 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE 
------+----------+---------+------------------+---------------+-----------------+-------------+--
 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13003B50    | 0/13003B50     | 0/13003B50     | 0/13003B50      |             1 | sync
(1 row)

二、修改system用户密码

# 查看kingbase_monitor.sh功能
[kingbase@node1 bin]$ ./kingbase_monitor.sh 
-----------------------------------------------------------------------
2021-03-01 16:20:55 KingbaseES automation beging...
usage: ./kingbase_monitor.sh start | stop | restart | set [--restart] | change_password user old_password new_password 

# 一键修改用户密码
[kingbase@node1 bin]$ ./kingbase_monitor.sh change_password SYSTEM '123456' '12345678'
-----------------------------------------------------------------------
2021-03-01 16:25:34 KingbaseES automation beging...
Begin alter user password
2021-03-01 16:25:55: pid 20642: LOG:  stop request sent to kingbasecluster. waiting for termination...
..done.
2021-03-01 16:25:41: pid 14549: LOG:  stop request sent to kingbasecluster. waiting for termination...
..done.
Alter user password OK

=注意:由以上信息获知,在修改集群用户密码时,将会stop主备库的kingbasecluster服务,在生产环境修改时,需要注意,尽量不要在业务运行期间修改。=

三、验证密码修改效果

1、验证system用户密码修改结果

测试修改SUPERMANAGER_V8ADMIN用户密码:(修改失败)

2、查看kingbasecluster 服务(所有节点)

[kingbase@node1 bin]$ netstat -an |grep 9999
unix  2      [ ACC ]     STREAM     LISTENING     2999949  @/tmp/dbus-fXYPBXlK
unix  2      [ ACC ]     STREAM     LISTENING     2999948  @/tmp/dbus-h5GlLPYf
unix  2      [ ]         STREAM     CONNECTED     2999944  
[kingbase@node1 bin]$ netstat -an |grep 9000
[kingbase@node1 bin]$ netstat -an |grep 9694

3、查看kingbasecluster日志

主库:

备库:

=通过以上信息获知,system用户密码修改成功,但是主备库上的kingbasecluster服务都被stop。=

四、手工启动kingbasecluster服务(root用户)

1、root用户手工启动kingbasecluster服务

[root@node1 ~]# /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n >>/home/kingbase/cluster/kha/log/cluster.log 2>&1 &
[1] 18241

2、查看数据库和集群进程

[root@node1 ~]# ps -ef |grep kingbase
kingbase  9254     1  0 16:13 ?        00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data
kingbase  9256  9254  0 16:13 ?        00:00:00 kingbase: logger process   
kingbase  9816  9254  0 16:15 ?        00:00:00 kingbase: checkpointer process   
kingbase  9817  9254  0 16:15 ?        00:00:00 kingbase: writer process   
kingbase  9818  9254  0 16:15 ?        00:00:00 kingbase: wal writer process   
kingbase  9819  9254  0 16:15 ?        00:00:00 kingbase: autovacuum launcher process   
kingbase  9820  9254  0 16:15 ?        00:00:00 kingbase: archiver process   failed on 000000020000000000000010
kingbase  9821  9254  0 16:15 ?        00:00:00 kingbase: stats collector process   
kingbase  9822  9254  0 16:15 ?        00:00:00 kingbase: bgworker: syslogical supervisor   
kingbase  9903  9254  0 16:15 ?        00:00:00 kingbase: wal sender process SYSTEM 192.168.7.243(47620) streaming 0/13004420
root     18241 17531  0 16:40 pts/0    00:00:00 /home/kingbase/cluster/kha/kingbasecluster/bin/kingbasecluster -n
root     18260 18241  0 16:40 pts/0    00:00:00 kingbasecluster: watchdog
root     18310 18241  0 16:40 pts/0    00:00:00 kingbasecluster: lifecheck
root     18312 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat receiver
root     18314 18310  0 16:40 pts/0    00:00:00 kingbasecluster: heartbeat sender
root     18315 18241  0 16:40 pts/0    00:00:00 kingbasecluster: wait for connection request
........
root     18334 18241  0 16:40 pts/0    00:00:00 kingbasecluster: PCP: wait for connection request
root     18335 18241  0 16:40 pts/0    00:00:00 kingbasecluster: worker process

3、验证kingbasecluster服务

TEST=# show pool_nodes;
 node_id |   hostname    | port  | status | lb_weight |  role   | select_cnt | load_balance_node | replication_delay 
---------+---------------+-------+--------+-----------+---------+------------+-------------------+-------------------
 0       | 192.168.7.243 | 54321 | up     | 0.500000  | standby | 0          | true              | 0
 1       | 192.168.7.248 | 54321 | up     | 0.500000  | primary | 0          | false             | 0
(2 rows)

TEST=# select * from sys_stat_replication;
 PID  | USESYSID | USENAME | APPLICATION_NAME |  CLIENT_ADDR  | CLIENT_HOSTNAME | CLIENT_PORT |         BACKEND_START         | BACKEND_XMIN |   STATE   | SENT_LOCATION | WRITE_LOCATION | FLUSH_LOCATION | REPLAY_LOCATION | SYNC_PRIORITY | SYNC_STATE 
------+----------+---------+------------------+---------------+-----------------+-------------+-
 9903 |       10 | SYSTEM  | node243          | 192.168.7.243 |                 |       47620 | 2021-03-01 16:15:28.263706+08 |              | streaming | 0/13004420    | 0/13004420     | 0/13004420     | 0/13004420      |             1 | sync
(1 row)

五、测试kingbase_monitor.sh一键重启(可选)

[kingbase@node1 bin]$ ./kingbase_monitor.sh restart
-----------------------------------------------------------------------
2021-03-01 16:48:42 KingbaseES automation beging...
2021-03-01 16:48:42 stop kingbasecluster [192.168.7.243] ...
remove status file  /home/kingbase/cluster/kha/run/kingbasecluster/kingbasecluster_status
......................
all started..
...
now we check again
=======================================================================
|             ip |                       program|              [status] 
[  192.168.7.243]|             [kingbasecluster]|              [active]
[  192.168.7.248]|             [kingbasecluster]|              [active]
[  192.168.7.243]|                    [kingbase]|              [active]
[  192.168.7.248]|                    [kingbase]|              [active]
=======================================================================

六、总结
对于KingbaseES V8R3集群,kingbase_monitor.sh一键修改密码的功能,提升了集群运维管理的效率;但是需要注意的是,在修改集群用户密码时,将会将集群所有node的kingbasecluster服务stop,这个在生产环境使用时,需要注意。

posted @ 2022-02-18 08:53  KINGBASE研究院  阅读(447)  评论(0编辑  收藏  举报