KingbaseES V8R6集群运维案例之---sys_monitor.sh change_password一键修改集群用户密码
案例说明:
kingbaseES V8R6集群用户密码修改,需要修改两处:
1)修改数据库用户密码(alter user);
2)修改.encpwd文件中用户密码;
可以通过sys_monitor.sh change_password一键同时修改数据库内部用户密码和.encpwd文件中密码。
适用版本:
KingbaseES V8R6
集群架构:
sys_monitor.sh change_password user new_password —修改集群使用的用户的密码
描述:
sys_monitor.sh change_password user new_password判断用户是否为集群使用的用户,如果是则修改用户密码,如果不是则提示用户集群未使用该用户,请使用sql方式修改用户密码。
选项:
以下是脚本执行参数:
change_password: 脚本调用修改用户密码函数
user: 要进行修改密码的用户,只能是集群初始化时指定的用户和esrep
new_password: 用户的新密码
例:
注意事项:
1.必须在集群所有节点状态正常的情况下才能执行修改密码操作
2.sys_monitor.sh change_password 用户名 '密码' 使用一键修改密码功能时 密码参数必须使用''括起来
3.用户必须是已经使用.encpwd免密配置文件配置了免密的用户才能进行修改密码,否则会提示集群未使用该用户,请使用sql alter user命令进行修改密码
一、查看esrep用户原密码
1).encpwd文件
[kingbase@node1 ~]$ cat .encpwd
*:*:*:system:MTIzNDU2
*:*:*:esrep:S2luZ2Jhc2VoYTExMA==
[kingbase@node1 ~]$ echo 'S2luZ2Jhc2VoYTExMA=='|base64 -d
Kingbaseha110
2)数据库用户密码
用户密码登录测试(‘Kingbaseha110’):
[kingbase@node3 bin]$ ./ksql -U esrep -W esrep
Password:
ksql (V8.0)
Type "help" for help.
二、一键修改esrep用户密码
[kingbase@node3 bin]$ ./sys_monitor.sh --help
Usage: ./sys_monitor.sh {start|stop|restart|stoplocal|set [--restart]|change_password user password}
[kingbase@node3 bin]$ ./sys_monitor.sh change_password esrep 'beijing'
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
1 | node248 | standby | running | node243 | default | 90 | 26 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
3 | node243 | primary | * running | | default | 100 | 26 | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
4 | node249 | standby | running | node243 | default | 100 | 26 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
ALTER ROLE
三、新密码登录测试
新的用户密码登录(‘beijing’):
[kingbase@node3 bin]$ ./ksql -U esrep -W esrep
Password:
ksql (V8.0)
Type "help" for help.
查看.encpwd文件:
[kingbase@node3 ~]$ cat .encpwd
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==
[kingbase@node3 ~]$ echo 'YmVpamluZw=='|base64 -d
beijing
所有节点密码都已经被修改:
[kingbase@node1 ~]$ cat .encpwd
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==
[kingbase@node2 ~]$ cat .encpwd
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==
四、system用户密码一键修改
=注意:由于在etc/all_nodes_tools.conf配置文件中也记录了system用户的密码,所以在一键修改后,检查下此文件中system用户密码是否被修改=
1、查看配置文件
[kingbase@node3 etc]$ cat all_nodes_tools.conf
db_u=system
db_password=MTIzNDU2Cg==
db_port=54321
[kingbase@node3 etc]$ echo 'MTIzNDU2Cg==' |base64 -d
123456
2、一键修改system用户密码
[kingbase@node3 bin]$ ./sys_monitor.sh change_password system '12345678'
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
1 | node248 | primary | * running | | default | 100 | 27 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
3 | node243 | standby | running | node248 | default | 110 | 27 | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
ALTER ROLE
3、检查all_nodes_tools.conf中密码
[kingbase@node3 bin]$ cat ../etc/all_nodes_tools.conf
db_u=system
db_password=MTIzNDU2NzgK
db_port=54321
[kingbase@node3 bin]$ echo 'MTIzNDU2NzgK'|base64 -d
12345678
4、测试system新密码登录
[kingbase@node3 bin]$ ./ksql -U system test
ksql (V8.0)
Type "help" for help.
test=#
[kingbase@node3 bin]$ ./ksql -U system -W test
Password:
ksql (V8.0)
Type "help" for help.
test=#
===从以上获知,在一键修改system密码时,同时修改了all_nodes_tools.conf文件中的密码。
五、重启集群测试
Tips: 对于生产环境,可以不用重启集群。(本案例只是用于测试)
[kingbase@node3 bin]$ ./sys_monitor.sh restart
2021-03-01 13:07:08 Ready to stop all DB ...
There is no service "node_export" running currently.
There is no service "postgres_ex" running currently.
.......
2021-03-01 13:07:56 repmgrd on "[192.168.7.249]" start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node248 | standby | running | node243 | running | 2625 | no | 0 second(s) ago
3 | node243 | primary | * running | | running | 22122 | no | n/a
4 | node249 | standby | running | node243 | running | 16939 | no | n/a
2021-03-01 13:08:08 Done.
查看集群节点状态信息:
[kingbase@node3 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
1 | node248 | standby | running | node243 | default | 90 | 26 | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
3 | node243 | primary | * running | | default | 100 | 26 | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
4 | node249 | standby | running | node243 | default | 100 | 26 | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
--如上所示,集群启动后状态正常。
