- 安装准备
在启动安装过程前,必须确保用户有足够的权限来执行安装。在如下的安装和准备过程中,需要将gbase用户加入至sudoer。
以下操作,如无特殊说明,在所有节点均需执行。
-
- 创建用户和配置sudoer
所有节点均创建gbase组和用户:
[root@localhost ~]# groupadd gbase
[root@localhost ~]# useradd -m -d /home/gbase gbase -g gbase
[root@localhost ~]# passwd gbase
返回并设置密码,请牢记密码。
添加gbase至sudoer:
[root@localhost ~]# visudo
在打开的文档中如下位置增加gbase用户及权限:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
gbase ALL=(ALL) NOPASSWD:ALL
配置sudoer后,数据库安装配置操作无需root权限。
- 防火墙关闭操作:需要将GBase 8c分布式数据库节点间访问端口打通才可以保证读写请求、数据等信息的正常传输。在普通业务场景中,数据库节点间及其与业务服务之间的网络通信都是在安全域内完成数据交互,如果没有特殊的安全要求,建议将节点的防火墙进行关闭操作。否则需要按照“集群规划”中的“端口号”信息配置防火墙白名单。
[gbase@localhost ~]$ sudo systemctl stop firewalld.service
- 禁止防火墙开机自启动:
[gbase@localhost ~]$ sudo systemctl disable firewalld.service
系统返回:
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
即为操作成功。
- 关闭selinux:
[gbase@localhost ~]$ sudo vim /etc/selinux/config
设置SELINUX=disabled,保存退出:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- 同步系统时间:
GBase 8c分布式数据库系统,需要节点间时间同步,来保证数据库一致性。一般采用NTP服务的方式来保证节点间的时间同步。
首先检查服务器是否安装NTP服务以及是否正常运行:
[gbase@localhost ~]$ sudo systemctl status ntpd.service
如果显示running表示服务正在运行。否则考虑如下操作:
如果系统可以与外网通信,可以使用如下命令与NTP服务器同步:
[gbase@localhost ~]$ sudo systemctl status ntpd.service
如果服务器所在网络无法与外网通信,需要手动配置NTP服务
首先确认是否安装ntp:
[gbase@localhost ~]$ rpm -qa|grep ntp
若已安装ntp应返回如下内容:
python-ntplib-0.3.2-1.el7.noarch
ntpdate-4.2.6p5-29.el7.centos.x86_64
fontpackages-filesystem-1.44-8.el7.noarch
ntp-4.2.6p5-29.el7.centos.x86_64
若没有ntp显示,则应删除原有ntpdate后重新安装ntp:
[gbase@localhost ~]$ sudo yum -y remove ntpdate-4.2.6p5-29.el7.centos.x86_64
[gbase@localhost ~]$ sudo yum -y install ntp
安装完毕后,在所有节点上配置ntp服务,首先选定ntp服务主节点,本篇选用gtm节点作为ntp主节点。
修改ntp.conf配置文件:
[gbase@localhost ~]$ sudo vi /etc/ntp.conf
ntp节点配置分为主节点配置及其他节点配置,主节点修改配置文件,增加:
restrict 192.168.142.210 nomodify notrap nopeer noquery //当前节点IP
restrict 192.168.142.2 mask 255.255.255.0 nomodify notrap //集群所在网段网关、子网掩码
//server部分注释掉0~n并增加如下内容:
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
修改涉及部分配置文件及修改位置如下:
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 192.168.142.210 nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
restrict 192.168.142.2 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
ntp其他节点修改配置文件,增加:
restrict 192.168.142.211 nomodify notrap nopeer noquery //当前节点IP
restrict 192.168.142.2 mask 255.255.255.0 nomodify notrap //集群所在网段网关、子网掩码
//server部分注释掉0~n并指向主节点:
server 192.168.142.210
Fudge 192.168.142.210 stratum 10
修改涉及部分配置文件及修改位置如下:
# the administrative functions.
restrict 192.168.142.211 nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
restrict 192.168.142.2 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.142.210
Fudge 192.168.142.210 stratum 10
全部节点配置完成后,在所有节点启动ntp服务器:
[gbase@localhost ~]$ sudo service ntpd start
查看ntp服务器是否连通:
[gbase@localhost ~]$ ntpstat
主节点返回:
ynchronised to local net (127.127.1.0) at stratum 6
time correct to within 7948 ms
polling server every 64 s
其他节点返回:
synchronised to NTP server (192.168.142.210) at stratum 7
time correct to within 903 ms
polling server every 64 s
注意:ntp服务器配置完毕后,需要等待5~10分钟才能完成时间同步,如果在配置后提示unsynchronised time server re-starting polling server every 8 s或unsynchronised polling server every 8 s均属正常,等待一段时间再次执行ntpstat命令查看即可。
设置开机自启动:
[gbase@localhost ~]$ sudo chkconfig ntpd on
注意:某些虚拟机环境下无法配置NTP开机自启动,需要每次重启后进行手工启动。NTP服务会影响分布式数据库部署及一致性操作,须提前配置生效。
-
- 创建gbase用户免密登录
所有节点创建gbase用户免密登录:
[gbase@localhost ~]$ mkdir ~/.ssh
[gbase@localhost ~]$ chmod 700 ~/.ssh
在任意节点均可进行数据库集群部署操作,本篇采用在gtm节点进行GBase 8c数据库集群部署的方式。执行部署脚本的设备,gbase用户需配置免密登录其他设备。
免密登录配置操作如下(以下操作仅在gtm节点进行):
gbase用户生成认证文件:
[gbase@localhost ~]$ ssh-keygen -t rsa
[gbase@localhost ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[gbase@localhost ~]$ chmod 600 ~/.ssh/authorized_keys
将秘钥文件拷贝至其他节点(此操作需输入密码):
[gbase@localhost ~]$ scp ~/.ssh/authorized_keys gbase@192.168.142.210:~/.ssh/
[gbase@localhost ~]$ scp ~/.ssh/authorized_keys gbase@192.168.142.211:~/.ssh/
[gbase@localhost ~]$ scp ~/.ssh/authorized_keys gbase@192.168.142.212:~/.ssh/
[gbase@localhost ~]$ scp ~/.ssh/authorized_keys gbase@192.168.142.213:~/.ssh/