KingbaseES V8R6数据库运维案例之---用户权限导致的备份恢复故障
案例说明:
由于限制了用户对数据库的访问,导致在执行‘sys_backup.sh init’初始化物理备份时,执行失败。
适用版本:
KingbaseES V8R6
一、问题现象
如下所示,执行‘sys_backup.sh init’初始化物理备份:
1、执行初始化失败
[kingbase@node201 bin]$ sh sys_backup.sh init
ERROR: Configured repo-path [/home/kingbase/kbbr_repo] already exists
[kingbase@node201 bin]$ rm -rf /home/kingbase/kbbr_repo
[kingbase@node201 bin]$ sh sys_backup.sh init
# pre-condition: check the non-archived WAL files
# generate local sys_rman.conf...DONE
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...DONE
# create stanza and check...(maybe 60+ seconds)
ERROR: create stanza failed, check log file
/home/kingbase/cluster/R6C8/HAC8/kingbase/log/sys_rman_stanza-create.log
2、查看日志信息
[kingbase@node201 bin]$ cat /home/kingbase/cluster/R6C8/HAC8/kingbase/log/sys_rman_stanza-create.log
2023-10-27 10:45:22.724 P00 INFO: stanza-create command begin 2.27: --band-width=0 --cmd-ssh=/home/kingbase/cluster/R6C8/HAC8/kingbase/bin/sys_securecmd --config=/home/kingbase/kbbr_repo/sys_rman.conf --exec-id=4985-bd560b43 --kb2-host=192.168.1.202 --kb2-host-user=kingbase --kb1-path=/home/kingbase/cluster/R6C8/HAC8/kingbase/data --kb2-path=/home/kingbase/cluster/R6C8/HAC8/kingbase/data --kb1-port=54321 --kb2-port=54321 --kb1-user=esrep --kb2-user=esrep --log-level-console=info --log-level-file=info --log-path=/home/kingbase/cluster/R6C8/HAC8/kingbase/log --log-subprocess --process-max=4 --repo1-path=/home/kingbase/kbbr_repo --stanza=kingbase
WARN: set process-max 4 is too large, auto set to CPU core count 1
WARN: unable to check kb-1: [db_connect_err] unable to connect to 'application_name=internal_rman dbname='test' port=54321 user='esrep'': FATAL: permission denied for database "test"
DETAIL: User does not have CONNECT privilege.
WARN: unable to check kb-2: [db_connect_err] raised from remote-0 ssh protocol on '192.168.1.202': unable to connect to 'application_name=internal_rman dbname='test' port=54321 user='esrep'': FATAL: permission denied for database "test"
DETAIL: User does not have CONNECT privilege.
ERROR: [056]: unable to find primary cluster - cannot proceed
2023-10-27 10:45:23.336 P00 INFO: stanza-create command end: aborted with exception [056]
如下图所示,esrep用户无权限访问test数据库:
二、问题分析
通过ksql,用esrep用户连接数据库,如下所示,esrep无法连接数据库:
[kingbase@node201 bin]$ ./ksql -U esrep test
ksql: error: could not connect to server: FATAL: permission denied for database "test"
DETAIL: User does not have CONNECT privilege.
三、问题解决
1、用户授权
test=# grant connect on database test to public;
GRANT
test=# grant connect on database prod to public;
GRANT
2、执行物理备份初始化
如下所示,执行初始化成功:
[kingbase@node201 bin]$ sh sys_backup.sh init
# pre-condition: check the non-archived WAL files
# generate local sys_rman.conf...DONE
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...
# update all node: sys_rman.conf and archive_command with sys_rman.archive-push...DONE
# create stanza and check...(maybe 60+ seconds)
# create stanza and check...DONE
# initial first full backup...(maybe several minutes)
# initial first full backup...DONE
# Initial sys_rman OK.
'sys_backup.sh start' should be executed when need back-rest feature.
'sys_backup.sh start' will add CRONTAB items.
Or you can manual backup once with user-guide.
三、总结
此问题原因是在前面给指定用户执行权限回收和配置时导致,在配置用户权限时,注意在多个应用测试,避免出现应用访问数据库错误。