标签:ipv4 oca encrypted wal records 校验 需要 白名单 sharding
传统基于单机的数据库技术已经无法支撑海量数据的访问处理,在此情况下,支持系统高扩展,强一致的分库分表Sharding架构的数据库集群GaussDB 100应运而生。它采用Shared-nothing架构的分布式系统,它是由众多拥有独立且互不共享CPU、内存、存储等系统资源的逻辑节点组成。[root@hwd10 ~]# /etc/sysctl.conf
kernel.sem = 50100 128256000 50100 2560
net.core.netdev_max_backlog = 1000
net.ipv4.tcp_max_syn_backlog = 2048
kernel.core_pattern = /tmp/core.%p.%e
kernel.core_uses_pid = 1
kernel.shmmni = 4096
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576
fs.file-max = 6815744
[root@hwd10 ~]# sysctl -p
[root@hwd10 ~]# vi /etc/profile
ulimit -c unlimited
[root@hwd10 ~]# source /etc/profile
[root@hwd10 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@hwd10 ~]# sed -i -e ‘s,enforcing,disabled,‘ /etc/selinux/config
完成后,重启服务器。
[root@hwd10 ~]# yum install -y zlib readline gcc python python-devel perl-ExtUtils-Embed readline-devel zlib-devel lsof
[root@hwd10 ~]# groupadd dbgrp
[root@hwd10 ~]# useradd -g dbgrp -d /home/omm -m -s /bin/bash omm
[root@hwd10 ~]# echo redhat|passwd --stdin omm
Changing password for user omm.
passwd: all authentication tokens updated successfully.
[root@hwd10 ~]# mkdir -p /opt/software/gaussdb
[root@hwd10 ~]# cd /opt/software/gaussdb/
[root@hwd10 gaussdb]# tar -xzf /tmp/GaussDB_100_1.0.0-DATABASE-REDHAT-64bit.tar.gz
[root@hwd10 gaussdb]# cd GaussDB_100_1.0.0-DATABASE-REDHAT-64bit
[root@hwd10 GaussDB_100_1.0.0-DATABASE-REDHAT-64bit]# python install.py -U omm:dbgrp -R /opt/gaussdb/app -D /opt/gaussdb/data -C LSNR_ADDR=127.0.0.1,192.168.120.31 -C LSNR_PORT=1888
Checking runner.
Checking parameters.
End check parameters.
Checking user.
End check user.
Checking old install.
End check old install.
Checking kernel parameters.
Checking directory.
Checking integrality of run file...
Decompressing run file.
Setting user env.
Checking data dir and config file
Initialize db instance.
Creating database.
Creating database succeed.
Changing file permission due to security audit.
Install successfully, for more detail information see /home/omm/zengineinstall.log.
-U 指定安装用户和用户组。
-R 指定安装目录。
-D 指定数据文件目录,即GAUSSDATA目录。
-C 指定配置参数,可以指定多个。如果不指定,则按照/gsdata/data/cfg/zengine.ini中的默认配置项。
安装完成后,数据库默认是启动状态。
[root@hwd10 ~]# su - omm
[omm@hwd10 ~]$ cd /opt/gaussdb/app/bin
[omm@hwd10 bin]$ python zctl.py -t start
Zengine instance has already started.
[omm@hwd10 bin]$ python zctl.py -t stop
Successfully stopped instance.
GaussDB 100支持用户通过配置用户白名单、IP白名单、IP黑名单的方式,有效管控远程连接。
同时启用了用户白名单、IP白名单、IP黑名单时:
[omm@hwd10 bin]$ vi /opt/gaussdb/data/cfg/zhba.conf
# ZENGINE Client Authentication Configuration File
# ===================================================
#
# This file controls: which hosts are allowed to connect,
# which ZENGINE user names they can use. Records take one of these forms:
#
# host USER ADDRESS
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "host" is either a plain or SSL-encrypted TCP/IP socket
#
# USER can be "sys", a user name
#
# ADDRESS specifies the set of hosts the record matches. support ‘*‘ fuzzy matching
# Put your actual configuration here
# ----------------------------------
#TYPE #USER ADDRESS
# IPv4 local connections:
# IPv6 local connections:
host * 127.0.0.1,::1
host * 192.168.120.0/24
有两种方法使其生效:1、重启数据库;2、在线加载用户IP白名单,立即生效。这里演示下第二种方法,如下图:
更改sys密码如下:
SQL> alter user sys identified by "abcABC@12";
Succeed.
注意:DataStudio开发工具需要JDK支持(请自行安装JDK)
当在centos使用redhat平台gaussdb100安装包进行安装时,会报如下错误:
Error: Run package GaussDB_100_1.0.0-RUN-REDHAT-64bit.tar.gz is inconsistent with os system centos.
解决办法是注释掉install.py文件中的平台检查指令,即572~573两行,如下图:
标签:ipv4 oca encrypted wal records 校验 需要 白名单 sharding
原文地址:https://blog.51cto.com/candon123/2477221