随笔- 320 文章- 0 评论- 5 阅读- 34799

KingbaseES V8R6集群运维案例之---sys_monitor.sh change_password一键修改集群用户密码

案例说明：
kingbaseES V8R6集群用户密码修改，需要修改两处：

 1）修改数据库用户密码（alter user）；
 2）修改.encpwd文件中用户密码；

可以通过sys_monitor.sh change_password一键同时修改数据库内部用户密码和.encpwd文件中密码。

适用版本：

KingbaseES V8R6

集群架构：

sys_monitor.sh change_password user new_password —修改集群使用的用户的密码

描述：
sys_monitor.sh change_password user new_password判断用户是否为集群使用的用户，如果是则修改用户密码，如果不是则提示用户集群未使用该用户，请使用sql方式修改用户密码。

选项：
以下是脚本执行参数：
change_password：脚本调用修改用户密码函数
user：要进行修改密码的用户，只能是集群初始化时指定的用户和esrep
new_password：用户的新密码
例：

注意事项：

1.必须在集群所有节点状态正常的情况下才能执行修改密码操作
2.sys_monitor.sh change_password 用户名 '密码' 使用一键修改密码功能时 密码参数必须使用''括起来
3.用户必须是已经使用.encpwd免密配置文件配置了免密的用户才能进行修改密码，否则会提示集群未使用该用户，请使用sql alter user命令进行修改密码

一、查看esrep用户原密码

1）.encpwd文件

 [kingbase@node1 ~]$ cat .encpwd 
*:*:*:system:MTIzNDU2
*:*:*:esrep:S2luZ2Jhc2VoYTExMA==

[kingbase@node1 ~]$ echo 'S2luZ2Jhc2VoYTExMA=='|base64 -d
Kingbaseha110

2）数据库用户密码

用户密码登录测试（‘Kingbaseha110’）：

[kingbase@node3 bin]$ ./ksql -U esrep -W esrep
Password: 
ksql (V8.0)
Type "help" for help.

二、一键修改esrep用户密码

[kingbase@node3 bin]$ ./sys_monitor.sh  --help
Usage: ./sys_monitor.sh {start|stop|restart|stoplocal|set [--restart]|change_password user password}

[kingbase@node3 bin]$ ./sys_monitor.sh change_password esrep 'beijing'
 ID | Name    | Role    | Status    | Upstream | Location | Priority | Timeline | Connection string                                                                                                                                
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
 1  | node248 | standby |   running | node243  | default  | 90       | 26       | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
 3  | node243 | primary | * running |          | default  | 100      | 26       | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
 4  | node249 | standby |   running | node243  | default  | 100      | 26       | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
ALTER ROLE

三、新密码登录测试

新的用户密码登录（‘beijing’）：

[kingbase@node3 bin]$ ./ksql -U esrep -W esrep
Password: 
ksql (V8.0)
Type "help" for help.

查看.encpwd文件：

[kingbase@node3 ~]$ cat .encpwd
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==

[kingbase@node3 ~]$ echo 'YmVpamluZw=='|base64 -d
beijing

所有节点密码都已经被修改：

[kingbase@node1 ~]$ cat .encpwd 
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==

[kingbase@node2 ~]$ cat .encpwd 
*:*:*:system:MTIzNDU2
*:*:*:esrep:YmVpamluZw==

四、system用户密码一键修改

=注意：由于在etc/all_nodes_tools.conf配置文件中也记录了system用户的密码，所以在一键修改后，检查下此文件中system用户密码是否被修改=

1、查看配置文件

[kingbase@node3 etc]$ cat all_nodes_tools.conf
db_u=system
db_password=MTIzNDU2Cg==
db_port=54321

[kingbase@node3 etc]$ echo 'MTIzNDU2Cg==' |base64 -d
123456

2、一键修改system用户密码

[kingbase@node3 bin]$ ./sys_monitor.sh change_password system '12345678'
 ID | Name    | Role    | Status    | Upstream | Location | Priority | Timeline | Connection string                                                                                                                                
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
 1  | node248 | primary | * running |          | default  | 100      | 27       | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
 3  | node243 | standby |   running | node248  | default  | 110      | 27       | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
ALTER ROLE

3、检查all_nodes_tools.conf中密码

[kingbase@node3 bin]$ cat ../etc/all_nodes_tools.conf
db_u=system
db_password=MTIzNDU2NzgK
db_port=54321

[kingbase@node3 bin]$ echo 'MTIzNDU2NzgK'|base64 -d
12345678

4、测试system新密码登录

[kingbase@node3 bin]$ ./ksql -U system test
ksql (V8.0)
Type "help" for help.

test=#

[kingbase@node3 bin]$ ./ksql -U system -W test
Password: 
ksql (V8.0)
Type "help" for help.

test=#

===从以上获知，在一键修改system密码时，同时修改了all_nodes_tools.conf文件中的密码。

五、重启集群测试
Tips： 对于生产环境，可以不用重启集群。（本案例只是用于测试）

[kingbase@node3 bin]$ ./sys_monitor.sh restart
2021-03-01 13:07:08 Ready to stop all DB ...
There is no service "node_export" running currently.
There is no service "postgres_ex" running currently.
.......

2021-03-01 13:07:56 repmgrd on "[192.168.7.249]" start success.
 ID | Name    | Role    | Status    | Upstream | repmgrd | PID   | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
 1  | node248 | standby |   running | node243  | running | 2625  | no      | 0 second(s) ago    
 3  | node243 | primary | * running |          | running | 22122 | no      | n/a                
 4  | node249 | standby |   running | node243  | running | 16939 | no      | n/a                
2021-03-01 13:08:08 Done.

查看集群节点状态信息：

[kingbase@node3 bin]$ ./repmgr cluster show
 ID | Name    | Role    | Status    | Upstream | Location | Priority | Timeline | Connection string                                                                                                                                
----+---------+---------+-----------+----------+----------+----------+----------+---------------------------------------------------------------------------------------------------------------------------------------------------
 1  | node248 | standby |   running | node243  | default  | 90       | 26       | host=192.168.7.248 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
 3  | node243 | primary | * running |          | default  | 100      | 26       | host=192.168.7.243 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=2
 4  | node249 | standby |   running | node243  | default  | 100      | 26       | host=192.168.7.249 user=esrep dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3

--如上所示，集群启动后状态正常。