kingbaseES V8R3集群运维案例之---手工修改system用户密码
案例说明:
对于kingbaseES V8R3集群修改system密码相比单机环境有一定的复杂性,需要修改的位置如下:
1)数据库中system用户密码,可以用alter user命令修改
2)在recovery.conf和recovery.done文件中,备库连接主库时,需要使用system用户认证
3)集群认证文件cluster_passwd中需要使用system用户认证
适用版本:
KingbaseES V8R3
案例操作步骤:
1、修改数据库system用户密码,可以分两种情况:
1)在集群正常运行时,直接在主库修改,自动同步到备库,然后再在主备库用system新密码登录测试。
2)正常关闭集群后,只启动主备库数据库服务,确认流复制状态正常后,在主库修改system密码,然后在主备库登录测试。
2、正常关闭集群,修改主备库中recovery.conf和recovery.done中的system密码,(注意data和etc目录下都要修改)。
3、修改主备库中kingbasecluster连接中的SYSTEM密码,此密码采用md5加密。
4、重新启动集群测试。
5、查看集群中节点的状态,流复制状态,system用户访问数据库的状态。
6、确认修改成功。
集群架构:
一、修改数据库用户system密码(在主库完成)
1) 通过kingbase_monitor.sh关闭集群
通过手工方式启动主备库的数据库服务(sys_ctl),保证主备库的流复制状态正常(sys_stat_replication),登录主库修改system用户访问数据库的口令,备库自动通过主备复制同步修改。
2)登录数据库修改system用户密码
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# alter user system with password 'beijing';
ALTER ROLE
TEST=# \q
3)用新密码登录测试
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W 123456 -d TEST
ksql: FATAL: password authentication failed for user "system"
[kingbase@node1 bin]$ /home/kingbase/cluster/kha/db/bin/ksql -U system -W beijing -d TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# \c prod;
You are now connected to database "prod" as user "system".
二、在主备库修改recovery.conf 和recovery.done文件密码
注意:
1)除了修改主备库data目录下的recovery.done和recovery.conf文件。
2)还要修改主备库etc下的recovery.done文件,这个文件在备库用network_rewind.sh做recovery时会覆盖备库data下的recovery.conf文件。
1、修改备库recovery.conf:
1) 查看system原密码
Tips:
在recovery.conf文件中,对system密码做了加密处理。
[kingbase@node2 data]$ cat recovery.conf
standby_mode='on'
primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=MTIzNDU2 application_name=node02'
recovery_target_timeline='latest'
primary_slot_name ='slot_node02'
2)加密system用户新密码
将加密后的新密码的字符串,替换原文件中的密码字符串,加密前的密码和数据库system登录密码要匹配。(加密和解密方式参考官方资料)
3)修改recovery.conf和recovery.done文件
[kingbase@node2 data]$ cat recovery.conf
standby_mode='on'
primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'
recovery_target_timeline='latest'
primary_slot_name ='slot_node02'
[kingbase@node2 data]$ cat ../etc/recovery.done
standby_mode='on'
primary_conninfo='port=54321 host=192.168.7.248 user=SYSTEM password=YmVpamluZwo= application_name=node02'
recovery_target_timeline='latest'
primary_slot_name ='slot_node02'
2、修改etc/recovery.done文件
三、修改cluster_passwd文件(注意SYSTEM用户名要用大写)
1、修改主库cluster_passwd
1)备份原cluster_passwd文件
[kingbase@node1 etc]$ cp cluster_passwd cluster_passwd.old
2)通过sys_md5工具生成新的密码
[kingbase@node1 etc]$ cd ../bin
[kingbase@node1 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing
3)对比新旧密码
[kingbase@node1 bin]$ cat ../etc/cluster_passwd
SUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102
SYSTEM:md53b8241a37e0492c38a986844abb8d06b
[kingbase@node1 bin]$ cat ../etc/cluster_passwd.old
SUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102
SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc
2、修改备库cluster_passwd
[kingbase@node2 data]$ cd ../..
[kingbase@node2 kha]$ cd kingbasecluster/bin
[kingbase@node2 bin]$ cat ../etc/cluster_passwd
SUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102
SYSTEM:md53afebd0fba6df9fc2cf82c0b09926bcc
#执行sys_md5工具生成新的密码
[kingbase@node2 bin]$ ./sys_md5 -m -f ../etc/kingbasecluster.conf -u SYSTEM beijing
[kingbase@node2 bin]$ cat ../etc/cluster_passwd
SUPERMANAGER_V8ADMIN:md5f7902af5f3f7cdcad02b5ca09320d102
SYSTEM:md53b8241a37e0492c38a986844abb8d06b
四、重启集群验证
1) 重启集群服务
[kingbase@node2 bin]$ ./kingbase_monitor.sh restart
-----------------------------------------------------------------------
2021-03-22 11:07:20 KingbaseES automation beging...
2021-03-22 11:07:20 stop kingbasecluster [192.168.7.248] ...
.......
Authorized users only. All activities may be monitored and reported.
=======================================================================
| ip | program| [status]
[ 192.168.7.248]| [kingbasecluster]| [active]
[ 192.168.7.249]| [kingbasecluster]| [active]
[ 192.168.7.248]| [kingbase]| [active]
[ 192.168.7.249]| [kingbase]| [active]
=======================================================================
2)查看集群服务进程
[kingbase@node2 bin]$ ps -ef |grep kingbase
kingbase 380605 1 0 Mar21 ? 00:00:04 /home/kingbase/cluster/kha6/kha6/kingbase/bin/kbha -A daemon -f /home/kingbase/cluster/kha6/kha6/kingbase/bin/../etc/repmgr.conf
kingbase 717813 1 0 11:07 ? 00:00:00 /home/kingbase/cluster/kha/db/bin/kingbase -D /home/kingbase/cluster/kha/db/data
kingbase 717814 717813 0 11:07 ? 00:00:00 kingbase: logger process
kingbase 717815 717813 0 11:07 ? 00:00:00 kingbase: startup process recovering 000000010000000000000006
kingbase 717819 717813 0 11:07 ? 00:00:00 kingbase: checkpointer process
kingbase 717820 717813 0 11:07 ? 00:00:00 kingbase: writer process
kingbase 717821 717813 0 11:07 ? 00:00:00 kingbase: stats collector process
kingbase 717822 717813 0 11:07 ? 00:00:00 kingbase: wal receiver process streaming 0/60000D0
root 718723 1 0 11:08 ? 00:00:00 ./kingbasecluster -n
root 718766 718723 0 11:08 ? 00:00:00 kingbasecluster: watchdog
root 718767 718723 0 11:08 ? 00:00:00 kingbasecluster: lifecheck
root 718768 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat receiver
root 718769 718767 0 11:08 ? 00:00:00 kingbasecluster: heartbeat sender
root 718770 718723 0 11:08 ? 00:00:00 kingbasecluster: wait for connection request
.........
root 718786 718723 0 11:08 ? 00:00:00 kingbasecluster: PCP: wait for connection request
root 718787 718723 0 11:08 ? 00:00:00 kingbasecluster: worker process
五、在主库上验证集群状态
[kingbase@node1 bin]$ ./ksql -U SYSTEM -W beijing -p 9999 TEST
ksql (V008R003C002B0180)
Type "help" for help.
TEST=# show pool_nodes;
node_id | hostname | port | status | lb_weight | role | select_cnt | load_balance_node | replication_de
lay
---------+---------------+-------+--------+-----------+---------+------------+----------
0 | 192.168.7.248 | 54321 | up | 0.500000 | primary | 0 | true | 0
1 | 192.168.7.249 | 54321 | up | 0.500000 | standby | 0 | false | 0
(2 rows)
TEST=# select * from sys_stat_replication;
pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend
_start | backend_xmin | state | sent_location | write_location | flush_location | replay_location | s
ync_priority | sync_state
--------+----------+---------+------------------+---------------+-----------------+-----
744439 | 10 | SYSTEM | node02 | 192.168.7.249 | | 18376 | 2021-03-22 11:0
7:44.130199+08 | | streaming | 0/60000D0 | 0/60000D0 | 0/60000D0 | 0/60000D0 |
2 | sync
(1 row)
六、总结
本案例是在通用机版本下完成,不同的版本修改,system用户是数据库管理中的管理员,对于密码的修改,尽量能在测试环境下先测试成功后,再在生产环境实施。
标签:
kingbaseES
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」