联网站,360网站排名优化,推广效果最好的平台,做装饬在哪家网站挂本文是在完成步骤一、准备 OBD 中控机后的第二步#xff0c;准备3台oceanbase分布式数据库服务器。
前序步骤#xff1a;BCLinux8U6系统部署oceanbase分布式数据库社区版之一、准备 OBD 中控机
一、服务器配置
1、服务器硬件配置
本例采用vmware虚拟机来构建测试平台准备3台oceanbase分布式数据库服务器。
前序步骤BCLinux8U6系统部署oceanbase分布式数据库社区版之一、准备 OBD 中控机
一、服务器配置
1、服务器硬件配置
本例采用vmware虚拟机来构建测试平台共3台虚拟机16核CPU、32GB内存,1T数据盘 2、服务器操作系统
采用BCLinux8U6
[rootlocalhost ~]# cat /etc/os-release
NAMEBigCloud Enterprise Linux
VERSION8.6 (Core)
IDbclinux
ID_LIKErhel fedora
VERSION_ID8.6
PLATFORM_IDplatform:an8
PRETTY_NAMEBigCloud Enterprise Linux 8.6 (Core)
ANSI_COLOR0;31
CPE_NAMEcpe:/o:bclinux:bclinux:8
HOME_URLhttps://mirrors.bclinux.org/
BUG_REPORT_URLhttps://bugs.bclinux.org/BCLINUX_BUGZILLA_PRODUCTBigCloud Enterprise Linux 8 (Core)
BCLINUX_BUGZILLA_PRODUCT_VERSION8.6
BCLINUX_SUPPORT_PRODUCTBigCloud Enterprise Linux 8 (Core)
BCLINUX_SUPPORT_PRODUCT_VERSION8.6
3、系统内核操作系统内核为5.10
[rootlocalhost ~]# uname -r
5.10.134-12.2.el8.bclinux.x86_64
[rootlocalhost ~]# free -gtotal used free shared buff/cache available
Mem: 31 0 30 0 0 30
Swap: 1 0 1
二、服务器系统环境初始化每台服务器需完成相同设置
1、准备数据盘分区
[rootlocalhost ~]# fdisk -l |grep /dev/sdb
Disk /dev/sdb1000 GiB1073741824000 字节2097152000 个扇区
[rootlocalhost ~]# fdisk /dev/sdb欢迎使用 fdisk (util-linux 2.32.1)。
更改将停留在内存中直到您决定将更改写入磁盘。
使用写入命令前请三思。设备不包含可识别的分区表。
创建了一个磁盘标识符为 0x9febb181 的新 DOS 磁盘标签。命令(输入 m 获取帮助)n
分区类型p 主分区 (0个主分区0个扩展分区4空闲)e 扩展分区 (逻辑分区容器)
选择 (默认 p)p
分区号 (1-4, 默认 1):
第一个扇区 (2048-2097151999, 默认 2048):
上个扇区sectors 或 size{K,M,G,T,P} (2048-2097151999, 默认 2097151999): 创建了一个新分区 1类型为“Linux”大小为 1000 GiB。命令(输入 m 获取帮助)w
分区表已调整。
将调用 ioctl() 来重新读分区表。
正在同步磁盘。[rootlocalhost ~]# fdisk -l |grep /dev/sdb
Disk /dev/sdb1000 GiB1073741824000 字节2097152000 个扇区
/dev/sdb1 2048 2097151999 2097149952 1000G 83 Linux
[rootlocalhost ~]# pvcreate /dev/sdb1Physical volume /dev/sdb1 successfully created.
[rootlocalhost ~]# vgcreate appvg /dev/sdb1Volume group appvg successfully created
[rootlocalhost ~]# lvcreate -n applv -l 100%vg /dev/appvgLogical volume applv created.
[rootlocalhost ~]# lvs |grep applvapplv appvg -wi-a----- 1000.00g
[rootlocalhost ~]# mkfs.xfs -m bigtime1 /dev/appvg/applv
meta-data/dev/appvg/applv isize512 agcount4, agsize65535744 blks sectsz512 attr2, projid32bit1 crc1 finobt1, sparse1, rmapbt0 reflink1 bigtime1 inobtcount0
data bsize4096 blocks262142976, imaxpct25 sunit0 swidth0 blks
naming version 2 bsize4096 ascii-ci0, ftype1
log internal log bsize4096 blocks127999, version2 sectsz512 sunit0 blks, lazy-count1
realtime none extsz4096 blocks0, rtextents0
[rootlocalhost ~]# vi /etc/fstab
[rootlocalhost ~]# grep applv /etc/fstab
/dev/appvg/applv /app xfs defaults 0 0
[rootlocalhost ~]# mkdir /app
[rootlocalhost ~]# mount -a
[rootlocalhost ~]# df -hT |grep applv
/dev/mapper/appvg-applv xfs 1000G 7.1G 993G 1% /app
2、检查时间同步
因是分布式环境时间同步非常重要否则可能会出现各种意想不到的问题
[rootlocalhost ~]# chronyc sources -v.-- Source mode ^ server, peer, # local clock./ .- Source state * current best, combined, - not combined,
| / x may be in error, ~ too variable, ? unusable.
|| .- xxxx [ yyyy ] /- zzzz
|| Reachability register (octal) -. | xxxx adjusted offset,
|| Log2(Polling interval) --. | | yyyy measured offset,
|| \ | | zzzz estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample ^* 192.168.2.33 2 6 377 51 -1808us[ -325us] /- 27ms
^ 192.168.2.34 2 6 377 53 1443us[2925us] /- 42ms
^ 192.168.2.35 2 6 377 50 15ms[ 15ms] /- 50ms
3、系统限制参数设置
[rootlocalhost ~]# vi /etc/security/limits.conf
[rootlocalhost ~]# egrep -v ^#|^$ /etc/security/limits.conf
root soft nofile 655350
root hard nofile 655350
* soft nofile 655350
* hard nofile 655350
* soft stack unlimited
* hard stack unlimited
* soft nproc 655360
* hard nproc 655360
* soft core unlimited
* hard core unlimited
4、系统控制参数配置
[rootlocalhost ~]# vi /etc/sysctl.conf
[rootlocalhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.accept_redirects 0
net.ipv4.conf.all.rp_filter 1
net.ipv4.conf.default.rp_filter 1# for oceanbase
## 修改内核异步 I/O 限制
fs.aio-max-nr1048576## 网络优化
net.core.somaxconn 2048
net.core.netdev_max_backlog 10000
net.core.rmem_default 16777216
net.core.wmem_default 16777216
net.core.rmem_max 16777216
net.core.wmem_max 16777216net.ipv4.ip_local_port_range 3500 65535
net.ipv4.ip_forward 0
net.ipv4.conf.default.rp_filter 1
net.ipv4.conf.default.accept_source_route 0
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_rmem 4096 87380 16777216
net.ipv4.tcp_wmem 4096 65536 16777216
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_fin_timeout 15
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_tw_reuse 1
net.ipv4.tcp_tw_recycle 1
net.ipv4.tcp_slow_start_after_idle0vm.swappiness 0
vm.min_free_kbytes 2097152
fs.file-max 6573688# 修改进程可以拥有的虚拟内存区域数量
vm.max_map_count 655360# 此处为 OceanBase 数据库的 data 目录
kernel.core_pattern /app/core-%e-%p-%t
[rootlocalhost ~]# sysctl -p
net.ipv4.conf.all.accept_redirects 0
net.ipv4.conf.all.rp_filter 1
net.ipv4.conf.default.rp_filter 1
fs.aio-max-nr 1048576
net.core.somaxconn 2048
net.core.netdev_max_backlog 10000
net.core.rmem_default 16777216
net.core.wmem_default 16777216
net.core.rmem_max 16777216
net.core.wmem_max 16777216
net.ipv4.ip_local_port_range 3500 65535
net.ipv4.ip_forward 0
net.ipv4.conf.default.rp_filter 1
net.ipv4.conf.default.accept_source_route 0
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_rmem 4096 87380 16777216
net.ipv4.tcp_wmem 4096 65536 16777216
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_fin_timeout 15
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_tw_reuse 1
sysctl: cannot stat /proc/sys/net/ipv4/tcp_tw_recycle: 没有那个文件或目录
net.ipv4.tcp_slow_start_after_idle 0
vm.swappiness 0
vm.min_free_kbytes 2097152
fs.file-max 6573688
vm.max_map_count 655360
kernel.core_pattern /app/core-%e-%p-%t
[rootlocalhost ~]#
5、停用selinux服务
[rootlocalhost ~]# getenforce
Disabled
[rootlocalhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.
# SELINUX can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUXdisabled
# SELINUXTYPE can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPEtargeted
6、创建admin管理用户并初始化密码
[rootlocalhost ~]# useradd -U admin -d /home/admin -s /bin/bash -m
[rootlocalhost ~]# ll /home
总用量 8
drwx------. 2 AAAA AAAA 4096 4月 10 09:40 AAAA
drwx------ 2 admin admin 4096 4月 15 16:08 admin
[rootlocalhost ~]# ll /home |grep admin
drwx------ 2 admin admin 4096 4月 15 16:08 admin
[rootlocalhost ~]# passwd admin
更改用户 admin 的密码 。
新的 密码
重新输入新的 密码
passwd所有的身份验证令牌已经成功更新。
7、admin用户sudo免密设置及加入wheel组
配置admin用户的sudo免密设置为避免其它安全策略影响建议加到/etc/sudoers文件的最后面同时将admin用户加入wheel组。
[rootlocalhost ~]# vim /etc/sudoers
[rootlocalhost ~]# grep ^admin /etc/sudoers
admin ALL(ALL) NOPASSWD:ALL
[rootlocalhost ~]# vi /etc/group
[rootlocalhost ~]# grep wheel /etc/group
wheel:x:10:admin
8、准备数据库的数据目录和日志目录有条件的话可以按部署建议进行分盘部署
[rootlocalhost ~]# mkdir -p /app/oceanbase/data /app/oceanbase/redo
[rootlocalhost ~]# chown -R admin:admin /app
[rootlocalhost ~]# tree /app
/app
└── oceanbase├── data└── redo3 directories, 0 files
[rootlocalhost ~]#
三、中控机ssh免密操作
以下皆在中控机上操作
1、生成admin用户的公钥文件
[rootlocalhost ~]# su - admin
上一次登录一 4月 15 16:45:26 CST 2024pts/1 上
[adminlocalhost ~]$ ls ~/.ssh/id_rsa.pub
ls: 无法访问/home/admin/.ssh/id_rsa.pub: 没有那个文件或目录
[adminlocalhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Created directory /home/admin/.ssh.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa
Your public key has been saved in /home/admin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:dioymcUobYwt9nUpt5OWuqhCiSKQ7sVpzUIKHhBEuQ adminlocalhost.localdomain
The keys randomart image is:
---[RSA 3072]----
|o |
|. . |
|E. |
|....o . |
|. *o* S . |
|. . * |
|o..o* . B |
|.o . |
|o.. o. |
----[SHA256]-----
2、分发公钥文件到各数据库服务器
[adminlocalhost ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub -p4422 admin192.168.2.161
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /home/admin/.ssh/id_rsa.pub
The authenticity of host [192.168.2.161]:4422 ([192.168.2.161]:4422) cant be established.
ED25519 key fingerprint is SHA256:wySYsV/r0GwbmVUSZpvBNFej8nrE2ptlPWLPzyVEk.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.
admin192.168.2.161s password: Number of key(s) added: 1Now try logging into the machine, with: ssh -p 4422 admin192.168.2.161
and check to make sure that only the key(s) you wanted were added.[adminlocalhost ~]$
3、免密登录各数据库服务器测试
[adminlocalhost ~]$ ssh -p 4422 admin192.168.2.161
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
[adminlocalhost ~]$ sudo su____ _ ____ _ _
| __ )(_) __ _ / ___| | ___ _ _ __| |
| _ \| |/ _ | | | |/ _ \| | | |/ _ |
| |_) | | (_| | |___| | (_) | |_| | (_| |
|____/|_|\__, |\____|_|\___/ \__,_|\__,_||___/_____ _ _ _ _
| ____|_ __ | |_ ___ _ __ _ __ _ __(_)___ ___ | | (_)_ __ _ ___ __
| _| | _ \| __/ _ \ __| _ \| __| / __|/ _ \ | | | | _ \| | | \ \/ /
| |___| | | | || __/ | | |_) | | | \__ \ __/ | |___| | | | | |_| |
|_____|_| |_|\__\___|_| | .__/|_| |_|___/\___| |_____|_|_| |_|\__,_/_/\_\|_|___( _ )/ _ \
| (_) |\___/Welcome to BigCloud Enterprise Linux 8 (GNU/Linux 5.10.134-12.2.el8.bclinux.x86_64 x86_64)System information as of 2024年 04月 15日 星期一 16:55:05 CST* System CPU load: 0.00 0.00 0.00 * System uptime: 16:55:05 up 1:18 * Active sessions: 2 * Memory usage: 32185 / 32819 MB* Processes count: 306* Contact US :MAIL : supportbclinux.org / TEL : 4001-10086-5[rootlocalhost admin]# exit
exit
[adminlocalhost ~]$ exit
注销
Connection to 192.168.2.161 closed.
[adminlocalhost ~]$
至此完成各台数据库服务器的环境准备及中控机免密ssh配置。
