KingbaseES V8R6集群部署案例之---禁用root用户ssh登录手工脚本部署集群
案例说明:
对于KingbaseES V8R6C5版本在部集群时,需要建立kingbase、root用户在节点间的ssh互信,如果在生产环境禁用root用户ssh登录,则通过ssh部署会失败;在手工脚本部署时可以借用securecmdd工具进行节点之间通讯执行部署。
适用版本:
KingbaseES V8R6
一、在节点部署securecmdd工具
详细操作见:https://www.cnblogs.com/tiany1224/p/16302205.html
《KingbaseES V8R6C5集群部署启动securecmdd服务配置案例》
二、部署前的准备
=注意:对于kingbase用户ssh的互信可以不建立。=
1、数据库软件安装后,从相应目录下获取部署文件
2、将所需部署文件存储到一个目录下包括license
[kingbase@node1 r6_install]$ ls -lh
total 145M
-rw-rw-r--. 1 kingbase kingbase 145M Mar 1 2021 db.zip
-rwxr-xr-x. 1 kingbase kingbase 6.1K Mar 1 2021 install.conf
-rw-r--r--. 1 kingbase kingbase 3.4K Mar 1 2021 license.dat
-rwxr-xr-x. 1 kingbase kingbase 2.5K Mar 1 2021 trust_cluster.sh
-rwxr-xr-x. 1 kingbase kingbase 69K Mar 1 2021 V8R6_cluster_install.sh
3、创建集群部署目录(all nodes)
[kingbase@node1 r6_install]$ mkdir -p /home/kingbase/cluster/R6P/R6H/kingbase
4、将db.zip包上传到每个节点的集群安装目录下并解压(all nodes)
[kingbase@node2 kingbase]$ pwd
/home/kingbase/cluster/R6P/R6H/kingbase
[kingbase@node2 kingbase]$ unzip db.zip
[kingbase@node2 kingbase]$ ls -lh
total 338M
drwxr-xr-x 2 kingbase kingbase 4.0K Apr 7 16:16 bin
-rw-rw-r-- 1 kingbase kingbase 338M May 23 16:57 db.zip
drwxrwxr-x 5 kingbase kingbase 8.0K Apr 7 16:17 lib
drwxrwxr-x 8 kingbase kingbase 4.0K Apr 7 16:17 share
4、将license文件上传到每个节点的集群安装bin目录下(all nodes)
[kingbase@node1 r6_install]$ cp license.dat /home/kingbase/cluster/R6P/R6H/kingbase/bin/license.dat
[kingbase@node1 r6_install]$ scp license.dat node2:/home/kingbase/cluster/R6P/R6H/kingbase/bin/license.dat
二、编辑install.conf配置文件
[kingbase@node1 r6_install]$ cat install.conf |grep -v ^$|grep -v ^#
[install]
on_bmj=0
all_ip=(192.168.8.200 192.168.8.201)
witness_ip=""
production_ip=()
local_disaster_recovery_ip=()
remote_disaster_recovery_ip=()
install_dir="/home/kingbase/cluster/R6P/R6H"
zip_package="/home/kingbase/r6_install/db.zip"
license_file=(license.dat)
db_user="system" # the user name of database
db_port="54321" # the port of database, defaults is 54321
db_mode="oracle" # database mode: pg, oracle
db_auth="scram-sha-256" # database authority: scram-sha-256, md5, default is scram-sha-256
db_case_sensitive="yes" # database case sensitive settings: yes, no. default is yes - case sensitive; no - case insensitive (NOTE. cannot set to 'no' when db_mode="pg").
trusted_servers="192.168.8.1"
data_directory="/home/kingbase/cluster/R6P/R6H/kingbase/data"
virtual_ip="192.168.8.240/24"
net_device=(enp0s3 enp0s3)
net_device_ip=(192.168.8.200 192.168.8.201)
ipaddr_path="/sbin"
arping_path="/opt/Kingbase/ES/V8R6_054/Server/bin/"
ping_path="/bin"
super_user="root"
execute_user="kingbase"
deploy_by_sshd=0 # choose whether to use sshd when deploy, 0 means not to use (deploy by sys_securecmdd), 1 means to use (deploy by sshd), default value is 1; when on_bmj=1, it will auto set to no(deploy_by_sshd=0)
use_scmd=1 # Is the cluster running on sys_securecmdd or sshd? 1 means yes (on sys_securecmdd), 0 means no (on sshd), default value is 1; when on_bmj=1, it will auto set to yes(use_scmd=1)
reconnect_attempts="10" # the number of retries in the event of an error
reconnect_interval="6" # retry interval
recovery="standby" # the way of cluster recovery: standby/automatic/manual
ssh_port="22" # the port of ssh, default is 22
scmd_port="8890" # the port of sys_securecmdd, default is 8890
auto_cluster_recovery_level='1'
use_check_disk='off'
synchronous='quorum'
[expand]
expand_type="" # The node type of standby/witness node, which would be add to cluster. 0:standby 1:witness
primary_ip="" # The ip addr of cluster primary node, which need to expand a standby/witness node.
expand_ip="" # The ip addr of standby/witness node, which would be add to cluster.
node_id="" # The node_id of standby/witness node, which would be add to cluster. It does not the same with any one in cluster node
# for example: node_id="3"
install_dir=""
zip_package=""
net_device=() # if virtual_ip set,it must be set
net_device_ip=() # if virtual_ip set,it must be set
license_file=(license.dat)
deploy_by_sshd="1"
ssh_port="22"
scmd_port="8890"
[shrink]
shrink_type="" # The node type of standby/witness node, which would be delete from cluster. 0:standby 1:witness
primary_ip="" # The ip addr of cluster primary node, which need to shrink a standby/witness node.
shrink_ip="" # The ip addr of standby/witness node, which would be delete from cluster.
node_id="" # The node_id of standby/witness node, which would be delete from cluster. It does not the same with any one in cluster node
# for example: node_id="3"
install_dir=""
ssh_port="22" # the port of ssh, default is 22
scmd_port="8890" # the port of sys_securecmd, default is 8890
=注意:配置参数deploy_by_sshd=0 ,use_scmd=1在数据包分发时选择securecmdd而不是ssh。==
三、执行部署脚本
[kingbase@node1 r6_install]$ sh V8R6_cluster_install.sh
[CONFIG_CHECK] will deploy the cluster of DG
[CONFIG_CHECK] check if the virtual ip "192.168.8.240" already exist ...
[CONFIG_CHECK] there is no "192.168.8.240" on any host, OK
[CONFIG_CHECK] the number of net_device matches the length of all_ip or the number of net_device is 1 ... OK
[RUNNING] check if the host can be reached ...
[RUNNING] success connect to the target "192.168.8.200" ..... OK
.......
2022-05-23 17:12:02 repmgrd on "[192.168.8.201]" start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+-------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node1 | primary | * running | | running | 27062 | no | n/a
2 | node2 | standby | running | node1 | running | 16079 | no | 1 second(s) ago
[2022-05-23 17:12:15] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6P/R6H/kingbase/log/kbha.log"
[2022-05-23 17:12:29] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6P/R6H/kingbase/log/kbha.log"
2022-05-23 17:12:30 Done.
[INSTALL] start up the whole cluster ... OK
四、查看集群状态
=如下所示,集群部署成功。=
[kingbase@node1 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+-------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
1 | node1 | primary | * running | | default | 100 | 1 | host=192.168.8.200 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node2 | standby | running | node1 | default | 100 | 1 | host=192.168.8.201 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
五、总结
1、 对于生产环境不允许root用户ssh登录(普通用户可以并建立ssh互信)时,可以采用手工脚本方式部署集群,但是必须提前在所有节点部署和启动securecmdd服务。
2、然后在install.conf中配置选择securecmdd部署。
3、部署完成后,经测试,在root用户不能ssh登录系统,不影响集群的切换和启动及关闭。