目录
密码复杂度
修改密码策略之前,记得先修改用户密码符合新的规则,不然重启后 旧的用户密码将无法登录使用
修改coordinator 节点的配置文件 gbase_8a_gcluster.cnf(每个节点都需要改,不改的节点密码策略不生效,可以继续使用简单密码)
修改node 节点的配置文件gbase_8a_gbase.cnf(每个节点都需要改,不改的节点密码策略不生效,可以继续使用简单密码)
对相同变量配置相同的值
[gbase@VM-8-10-centos gbase]$ cd $GCLUSTER_BASE/config
[gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf
[gbase@VM-8-10-centos gnode]$ cd $GBASE_BASE/config
[gbase@VM-8-10-centos config]$ vi gbase_8a_gbase.cnf
[gbase@VM-8-10-centos config]$ gcluster_services gcluster restart
gbase> set password for user_1 = password('111');
ERROR 1809 (HY000): Invalid password format,length should > 8 and contain 'number' 'small letter' 'captital letter' 'special character'.[gbased]
password_format_option = '15' #包含数字大小写其他字符
password_min_length = '8' #最小长度为8
password_life_time = '90' #90天过期
修改root的默认密码
[root@gba01 opt]# su - gbase
$ gccli –uroot
GBase client 9.5.3.17.117651. Copyright (c) 2004-2020, GBase. All Rights Reserved.
gbase> SET PASSWORD FOR root = PASSWORD('H133%_h');登录失败尝试次数
达到失败次数后 该用户会被锁定禁止登录,解锁后可正常使用
[gbase@VM-8-10-centos gcluster]$ cd $GCLUSTER_BASE/config
[gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf
[gbase@VM-8-10-centos config]$ gcluster_services gcluster restart
[gbase@VM-8-10-centos config]$ gccli -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@VM-8-10-centos config]$ gccli -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@VM-8-10-centos config]$ gccli -uroot -p
Enter password:
ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked.[gbased]
login_attempt_max = '3'
用户解锁
[gbase@VM-8-10-centos gbase]$ gccli -ugbase -p
gbase> alter user root identified by 'gBase20333333#';
Query OK, 0 rows affected (Elapsed: 00:00:00.01)
gbase> alter user root account unlock;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)重鉴别
10分钟空闲需要重新登录
修改每个 coordinator 节点的配置文件 gbase_8a_gcluster.cnf
修改每个 node 节点的配置文件gbase_8a_gbase.cnf
[gbase@VM-8-10-centos gbase]$ cd $GCLUSTER_BASE/config
[gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf
[gbase@VM-8-10-centos gnode]$ cd $GBASE_BASE/config
[gbase@VM-8-10-centos config]$ vi gbase_8a_gbase.cnf
[gbase@VM-8-10-centos config]$ gcluster_services gcluster restart[gbased]
interactive_timeout = 600 #单位为秒 这个参数默认是开启的 默认1000000
wait_timeout = 600 #单位为秒 这个参数默认是开启的 默认1000000
开启审计日志
gbase> set global audit_log = 1 ;
gbase> set global log_output = 'table';创建审计策略
gbase> CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y');
Query OK, 0 rows affected (Elapsed: 00:00:00.01)
gbase> \q
Bye
[gbase@VM-8-10-centos gbase]$ gccli -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@VM-8-10-centos gbase]$ gccli -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@VM-8-10-centos gbase]$ gccli -uroot -p
Enter password:
ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked.
[gbase@VM-8-10-centos gbase]$ gccli -ugbase -p
Enter password:
gbase> SELECT start_time,user_host,query_time,rows, LEFT(sql_text, 30), conn_type FROM gbase.audit_log;
gbase> SELECT * FROM gbase.audit_log;
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+
| thread_id | taskid | start_time | end_time | user_host | uid | user | host_ip | query_time | rows | vc_id | db | table_list | sql_text | sql_type | sql_command | operators | status | conn_type |
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+
| 95 | 0 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000122 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE GCLUSTER_LOCAL AUDIT POLICY "audit_policy_1" (Enable='Y',User='') | DDL | OTHERS | | SUCCESS | CAPI |
| 94 | 131152 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.002588 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y',User = '' ) | DDL | OTHERS | | SUCCESS | ODBC |
| 94 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000006 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | ODBC |
| 95 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000003 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000433 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000126 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 98 | 131155 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000160 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000066 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000154 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI |
| 97 | 131154 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007139 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI |
| 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 96 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | [root] @ localhost [] | 0 | root | | 00:00:00.013624 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC |
| 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000440 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 101 | 131157 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000148 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000080 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000174 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI |
| 100 | 131156 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007594 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI |
| 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 99 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | [root] @ localhost [] | 0 | root | | 00:00:00.009110 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC |
| 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000436 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000443 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI |
| 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 104 | 131159 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000137 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000064 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI |
| 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000151 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI |
| 103 | 131158 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007557 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI |
| 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 102 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | [root] @ localhost [] | 0 | root | | 00:00:00.009166 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC |
| 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI |
| 105 | 0 | 2022-10-31 22:47:56 | 2022-10-31 22:47:56 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000612 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | ODBC |
| 105 | 131160 | 2022-10-31 22:48:04 | 2022-10-31 22:48:04 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.006332 | 0 | vc00003 | | WRITE: ; READ: `vc00003`.`gbse`.`audit_log`; OTHER: ; | select * from gbse.audit_log | DQL | SELECT | | FAILED | ODBC |
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+
36 rows in set (Elapsed: 00:00:00.00)
清空审计日志
gbase> TRUNCATE SELF gbase.audit_log;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)
gbase> select * from gbase.audit_log;
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+
| thread_id | taskid | start_time | end_time | user_host | uid | user | host_ip | query_time | rows | vc_id | db | table_list | sql_text | sql_type | sql_command | operators | status | conn_type |
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+
| 105 | 0 | 2022-10-31 22:52:17 | 2022-10-31 22:52:17 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000603 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: `vc00000`.`gbase`.`audit_log`; | TRUNCATE SELF gbase.audit_log | DDL | TRUNCATE | | SUCCESS | ODBC |
+-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+
1 row in set (Elapsed: 00:00:00.00)审计日志高可用
开启审计后,审计日志默认存在audit_log表中, audit_log是当前一段时间的日志,需要定时将一些历史日志转储到audit_log_express 表中,每60分钟转存储一次。
gbase> use test;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)
gbase> show events \G;
Empty set (Elapsed: 00:00:00.00)[gbase@h4 opt]$ vi /opt/audit.sql
[gbase@h4 opt]$ gccli -uroot -p -D test < /opt/audit.sqldelimiter //
CREATE EVENT import_audit_log
ON SCHEDULE EVERY 60 MINUTE
ON COMPLETION NOT PRESERVE
ENABLE
LOCAL
DO
begin
declare errno int;
declare msg text;
declare exit handler for sqlexception
begin
get diagnostics condition 1 errno = gbase_errno, msg = message_text;
create table if not exists import_audit_log_errors(
err_time datetime,
hostname varchar(64),
err_no int,
msg_txt varchar(1024)
) CHARSET=utf8mb4;
insert into import_audit_log_errors values (now(), @@hostname, errno, substr(msg, 0, 1024));
end;
create table if not exists audit_log_express (
hostname varchar(64),
thread_id int,
taskid bigint,
start_time datetime,
uid bigint, user varchar(16),
host_ip varchar(32),
query_time time, rows bigint,
table_list varchar(4096),
sql_text varchar(8191),
ql_type varchar(16),
sql_command varchar(32),
operators varchar(256),
status varchar(16),
conn_type varchar(16)
) CHARSET=utf8mb4;
set self sql_mode = '';
create self table gbase.audit_log_bak2 like gbase.audit_log;
set self sql_mode = default;
rename self table gbase.audit_log to gbase.audit_log_bak1,
gbase.audit_log_bak2 to gbase.audit_log;
set _gbase_query_path = on;
insert into audit_log_express select
@@hostname as hostname,
thread_id,
taskid,
start_time,
uid,
user,
host_ip,
query_time,
rows,
substr(table_list, 0, 4096),
substr(sql_text, 0, 8191),
sql_type,
sql_command,
operators,
status,
conn_type
from gbase.audit_log_bak1;
drop self table gbase.audit_log_bak1;
end//
delimiter ;[gbase@h4 opt]$ gccli -uroot -p
gbase> use test;
gbase> show events;
+--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+
| Vc | Db | Name | Definer | Time zone | Type | Execute at | Interval value | Interval field | Starts | Ends | Status | Execute mode | character_set_client | collation_connection | Database Collation |
+--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+
| vcname000002 | test | import_audit_log | root@% | +08:00 | RECURRING | NULL | 60 | MINUTE | 2022-12-17 00:31:18 | NULL | ENABLED | 0 | utf8 | utf8_general_ci | utf8_general_ci |
+--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+
1 row in set (Elapsed: 00:00:00.00)客户端SSL加密连接
生成服务端、客户端证书文件
[root@hw-00 gcinstall]# su - root
[root@hw-00 gcinstall]# mkdir -p /usr/local/ssl
[root@hw-00 gcinstall]# cd /usr/local/ssl/
[root@hw-00 ssl]# openssl req -sha1 -new -x509 -nodes -days 3650 -keyout ca-key.pem >ca-cert.pem
[root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem
[root@hw-00 ssl]# openssl rsa -in server-key.pem -out server-key.pem
[root@hw-00 ssl]# openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
Signature ok
subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1
Getting CA Private Key
[root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem
[root@hw-00 ssl]# openssl rsa -in client-key.pem -out client-key.pem
[root@hw-00 ssl]# openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Signature ok
subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1
Getting CA Private Key
[root@hw-00 ssl]# ll
-rw-r--r-- 1 root root 1285 Nov 14 18:14 ca-cert.pem
-rw-r--r-- 1 root root 1708 Nov 14 18:14 ca-key.pem
-rw-r--r-- 1 root root 1159 Nov 14 18:22 client-cert.pem
-rw-r--r-- 1 root root 1679 Nov 14 18:21 client-key.pem
-rw-r--r-- 1 root root 1041 Nov 14 18:21 client-req.pem
-rw-r--r-- 1 root root 1159 Nov 14 18:19 server-cert.pem
-rw-r--r-- 1 root root 1679 Nov 14 18:18 server-key.pem
-rw-r--r-- 1 root root 1041 Nov 14 18:16 server-req.pem服务端配置
[root@hw-00 ~]# vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf[gbased]
ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/server-cert.pem
ssl-key=/usr/local/ssl/server-key.pem
重启集群验证是否配置成功
[root@hw-00 ~]# su - gbase
Last login: Mon Nov 14 18:10:52 CST 2022 from 192.168.0.92 on pts/2
[gbase@hw-00 ~]$ gcluster_services all restart
[gbase@hw-00 ~]$ gccli -uroot -p
gbase> show variables like 'have_%ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
+---------------+-------+
2 rows in set (Elapsed: 00:00:00.00)
客户端配置
如果有单独的客户端,需要将server 端生成的 ca-cert.pem,client-req.pem,client-key.pem,client-cert.pem 拷贝到 client 端 /usr/local/ssl 路径下,我们的客户端和服务端使用的是同一台机器,就不用拷贝了,直接修改配置文件即可
[gbase@hw-00 ~]$ vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf[client]
ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/client-cert.pem
ssl-key=/usr/local/ssl/client-key.pem
使用远程连接验证ssl是否开启
[gbase@hw-00 ~]$ gccli -h 123.249.11.137 -ugbase -pgba20*****
gbase> status
--------------
Connection id: 11
Current database:
Current user: gbase@123.249.11.137
SSL: Cipher in use is DHE-RSA-AES256-SHA
TCP port: 5258
Uptime: Elapsed: 00:16:29.00
Threads: 3 Questions: 11 Slow queries: 0 Opens: 28 Flush tables: 1 Open tables: 21 Queries per second avg: 0.11
--------------
110万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
