1.2.2 创建安全的集群
版本:v1.1.4步骤1:创建CA认证证书
在cockroach Home目录下
[root@localhost cockroach-v1.1.4]# mkdir certs
[root@localhost cockroach-v1.1.4]# mkdir my-safe-directory
[root@localhost cockroach-v1.1.4]# ls
certs my-saft-directory
#创建CA key,创建CA证书:ca.crt/ca.key
[root@localhost cockroach-v1.1.4]# cockroach cert create-ca \
> --certs-dir=certs \
> --ca-key=my-safe-directory/ca.key
[root@localhost certs]# ls
ca.crt
#为root user创建客户端键值对,创建客户端的证书和key,为root用户创建client.root.crt/client.root.key
[root@localhost cockroach-v1.1.4]# cockroach cert create-client root --certs-dir=certs –ca-key=my-safe-directory/ca.key
#为节点创建键值对,创建节点的node.crt/node.key,用于节点之间的交流,如果每个节点运行在不同的地址,每个地址分散这个CA证书,如果是local的,只需要一个就可以了
[root@localhost cockroach-v1.1.4]# echo $(hostname)
localhost.localdomain
[root@localhost cockroach-v1.1.4]# cockroach cert create-node \
> localhost \
> $(hostname) \
> --certs-dir=certs \
> --ca-key=my-safe-directory/ca.key
步骤2:创建节点1
创建节点1:
[root@localhost cockroach-v1.1.4]# cockroach start \
> --certs-dir=certs \
> --host=localhost \
> --http-host=localhost
CockroachDB node starting at 2018-01-19 02:38:48.462229307 +0000 UTC (took 0.5s)
build: CCL v1.1.4 @ 2018/01/08 17:32:42 (go1.8.3)
admin: https://localhost:8080
sql: postgresql://root@localhost:26257?application_name=cockroach&sslcert=certs%2Fclient.root.crt&sslkey=certs%2Fclient.root.key&sslmode=verify-full&sslrootcert=certs%2Fca.crt
logs: /home/forget/cochroachDB/cockroach-v1.1.4/cockroach-data/logs
store[0]: path=/home/forget/cochroachDB/cockroach-v1.1.4/cockroach-data
status: initialized new cluster
clusterID: c2e1f825-f663-433f-80fa-6db8ed05023d
nodeID: 1
步骤3,向集群中添加节点
创建节点2:
[root@localhost cockroach-v1.1.4]# cockroach start \
> --certs-dir=certs \
> --store=node2 \
> --host=localhost \
> --port=26258 \
> --http-port=8081 \
> --http-host=localhost \
> --join=localhost:26257
CockroachDB node starting at 2018-01-19 02:41:57.340482797 +0000 UTC (took 0.2s)
build: CCL v1.1.4 @ 2018/01/08 17:32:42 (go1.8.3)
admin: https://localhost:8081
sql: postgresql://root@localhost:26258?application_name=cockroach&sslcert=certs%2Fclient.root.crt&sslkey=certs%2Fclient.root.key&sslmode=verify-full&sslrootcert=certs%2Fca.crt
logs: /home/forget/cochroachDB/cockroach-v1.1.4/node2/logs
store[0]: path=/home/forget/cochroachDB/cockroach-v1.1.4/node2
status: initialized new node, joined pre-existing cluster
clusterID: c2e1f825-f663-433f-80fa-6db8ed05023d
nodeID: 2
创建节点3
[root@localhost cockroach-v1.1.4]# cockroach start \
> --certs-dir=certs \
> --store=node3 \
> --host=localhost \
> --port=26259 \
> --http-port=8082 \
> --http-host=localhost \
> --join=localhost:26257
CockroachDB node starting at 2018-01-19 02:43:48.473517114 +0000 UTC (took 0.2s)
build: CCL v1.1.4 @ 2018/01/08 17:32:42 (go1.8.3)
admin: https://localhost:8082
sql: postgresql://root@localhost:26259?application_name=cockroach&sslcert=certs%2Fclient.root.crt&sslkey=certs%2Fclient.root.key&sslmode=verify-full&sslrootcert=certs%2Fca.crt
logs: /home/forget/cochroachDB/cockroach-v1.1.4/node3/logs
store[0]: path=/home/forget/cochroachDB/cockroach-v1.1.4/node3
status: initialized new node, joined pre-existing cluster
clusterID: c2e1f825-f663-433f-80fa-6db8ed05023d
nodeID: 3
步骤4 测试集群
#查看文件夹文件
[root@localhost cockroach-data]# ls
000003.log cockroach.listen-addr logs
auxiliary CURRENT MANIFEST-000001
cockroach.advertise-addr IDENTITY OPTIONS-000005
COCKROACHDB_VERSION local
cockroach.http-addr LOCK
[root@localhost cockroach-data]# cd ..
[root@localhost cockroach-v1.1.4]# ls
certs cockroach-data my-safe-directory node2 node3
#连接集群
[root@localhost cockroach-v1.1.4]# cockroach sql \
> --certs-dir=certs
# Welcome to the cockroach SQL interface.
# All statements must be terminated by a semicolon.
# To exit: CTRL + D.
#
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
#
# Enter \? for a brief introduction.
#
root@:26257/>
root@:26257/> create database bank;
CREATE DATABASE
Time: 37.534764ms
root@:26257/> create table bank.accounts(id int primary key,balance decimal);
CREATE TABLE
Time: 41.658413ms
root@:26257/> INSERT INTO bank.accounts VALUES (1, 1000.50);
INSERT 1
Time: 22.827077ms
root@:26257/> SELECT * FROM bank.accounts;
+----+---------+
| id | balance |
+----+---------+
| 1 | 1000.50 |
+----+---------+
(1 row)
Time: 3.224982ms
连接节点2
[root@localhost cockroach-v1.1.4]# cockroach sql \
> --certs-dir=certs \
> --port=26258
# Welcome to the cockroach SQL interface.
# All statements must be terminated by a semicolon.
# To exit: CTRL + D.
#
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
#
# Enter \? for a brief introduction.
#
root@:26258/> SELECT * FROM bank.accounts;
+----+---------+
| id | balance |
+----+---------+
| 1 | 1000.50 |
+----+---------+
(1 row)
Time: 38.953945ms
步骤5:监控,同1.2.1
步骤6:停止集群
ctrl+c
卸载集群::删除目录
rm -rf cockroach-data node2 node3
步骤7 重启集群
至少重启3个节点中的两个
在cockroach-data/的父目录,执行:
cockroach start \
--certs-dir=certs \
--host=localhost \
--http-host=localhost
在node2/的父目录,执行:
cockroach start \
--certs-dir=certs \
--store=node2 \
--host=localhost \
--port=26258 \
--http-port=8081 \
--http-host=localhost \
--join=localhost:26257
在node3/的父目录,执行:
cockroach start \
--certs-dir=certs \
--store=node3 \
--host=localhost \
--port=26259 \
--http-port=8082 \
--http-host=localhost \
--join=localhost:26257