Archery SQL审核平台1.10部署

DBA实战

已于 2024-05-08 19:14:04 修改

阅读量595

点赞数 7

分类专栏：数据库审核平台文章标签： sql 数据库 mysql 阿里云开源软件

于 2024-03-28 08:30:00 首次发布

本文链接：https://blog.csdn.net/qq_34692500/article/details/137078700

版权

数据库审核平台专栏收录该内容

2 篇文章 0 订阅

订阅专栏

在这里插入图片描述

Archery是用于辅助MySQL数据库管理和开发的Web工具，适合用于需要管理和开发MySQL数据库的场景，使数据库工作更加高效和便捷。
特点：SQL审核、SQL上线、SQL分析、SQL查询、SQL优化、数据归档、实例管理、工具插件、权限管理

安装前准备

安装python3.9.10

yum install libffi-devel wget gcc make zlib-devel openssl openssl-devel ncurses-devel openldap-devel gettext bzip2-devel xz-devel
wget "https://www.python.org/ftp/python/3.9.10/Python-3.9.10.tar.xz" 
tar -xvJf Python-3.9.10.tar.xz 
# 编译
cd Python-3.9.10 
./configure prefix=/usr/local/python3 
make && make install 
ln -fs /usr/local/python3/bin/python3 /usr/bin/python3 
ln -fs /usr/local/python3/bin/pip3 /usr/bin/pip3 
# virtualenv
pip3 install virtualenv -i https://mirrors.ustc.edu.cn/pypi/web/simple/ 
ln -fs /usr/local/python3/bin/virtualenv /usr/bin/virtualenv 

##安装一些依赖库
 pip3 install Django
 pip3 install django-environ
 pip3 install requests

升级openssl1.1.1

wget --no-check-certificate   https://www.openssl.org/source/openssl-1.1.1t.tar.gz
tar -zxvf openssl-1.1.1t.tar.gz
cd openssl-1.1.1t/
./config --prefix=/usr/local/my_openssl
make
make install
mv /usr/bin/openssl /usr/bin/oldopenssl
ln -s /usr/local/my_openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/my_openssl/lib/libssl.so.1.1 /usr/lib64/
ln -s /usr/local/my_openssl/lib/libcrypto.so.1.1  /usr/lib64/

下载安装包

下载Archery相关文件：
wget https://github.com/hhyo/Archery/archive/refs/tags/v1.10.0.zip
unzip Archery-1.10.0.zip
mv /opt/Archery-1.10.0  /opt/archery

修改如下配置文件

[root@test19-server08 docker-compose]# cd /opt/Archery-1.10.0/src/docker-compose
[root@test19-server08 docker-compose]# vim docker-compose.yml    修改了密码和archery的版本
version: '3'

services:
  redis:
    image: redis:5
    container_name: redis
    restart: always
    command: redis-server --requirepass abcabc
    ports:
      - "6379:6379"

  mysql:
    image: mysql:5.7
    container_name: mysql
    restart: always
    ports:
      - "3306:3306"
    volumes:
      - "./mysql/my.cnf:/etc/mysql/my.cnf"
      - "./mysql/datadir:/var/lib/mysql"
    environment:
      MYSQL_DATABASE: archery
      MYSQL_ROOT_PASSWORD: abcabc

  goinception:
    image: hanchuanchuan/goinception
    container_name: goinception
    restart: always
    ports:
      - "4000:4000"
    volumes:
      - "./inception/config.toml:/etc/config.toml"

  archery:
    image: hhyo/archery:v1.10.0
    container_name: archery
    restart: always
    ports:
      - "9123:9123"
    volumes:
      - "./archery/settings.py:/opt/archery/local_settings.py"
      - "./archery/soar.yaml:/etc/soar.yaml"
      - "./archery/docs.md:/opt/archery/docs/docs.md"
      - "./archery/downloads:/opt/archery/downloads"
      - "./archery/sql/migrations:/opt/archery/sql/migrations"
      - "./archery/logs:/opt/archery/logs"
      - "./archery/keys:/opt/archery/keys"
    entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s /opt/archery/src/docker/startup.sh"
    env_file:
      - .env

[root@localhost archery]# cp /opt/archery/.env.list .env
[root@test19-server08 docker-compose]# vim .env 
NGINX_PORT=9123

# https://django-environ.readthedocs.io/en/latest/quickstart.html#usage
# https://docs.djangoproject.com/zh-hans/4.1/ref/settings/
DEBUG=false
DATABASE_URL=mysql://root:abcabc@mysql:3306/archery
CACHE_URL=redis://redis:6379/0?PASSWORD=abcabc

# https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS=http://127.0.0.1:9123

# https://django-auth-ldap.readthedocs.io/en/latest/
ENABLE_LDAP=false
AUTH_LDAP_ALWAYS_UPDATE_USER=true
AUTH_LDAP_USER_ATTR_MAP=username=cn,display=displayname,email=email

# https://django-q.readthedocs.io/en/latest/configure.html#
Q_CLUISTER_WORKERS=4
Q_CLUISTER_TIMEOUT=60
Q_CLUISTER_SYNC=false

修改好的文件拷贝到另一个目录
[root@localhost archery]# cp /opt/archery/.env /opt/archery/src/docker-compose/

[root@test19-server08 inception]# vim config.toml
backup_host = "127.0.0.1"
backup_port = 3306
backup_user = "archery_bak"
backup_password = "abcabc"

[osc]
osc_print_none = false
osc_print_sql = false
osc_on = true
osc_min_table_size = 300
osc_alter_foreign_keys_method = "none"
osc_recursion_method = "processlist"
osc_max_lag = 600
osc_max_flow_ctl = -1
osc_sleep = 0.1
osc_lock_wait_timeout = 60
osc_check_alter = true
osc_check_replication_filters = true
osc_check_unique_key_change = true
osc_drop_old_table = true
osc_drop_new_table = true
osc_max_thread_running = 80
osc_max_thread_connected = 20000
osc_critical_thread_running = 80
osc_critical_thread_connected = 20000
osc_chunk_time = 1.0
osc_chunk_size_limit = 4
osc_chunk_size = 1000
osc_check_interval = 5
osc_bin_dir = "/usr/local/bin"

[root@localhost ~]# vim /opt/archery/src/docker-compose/mysql/my.cnf 
[mysqld]
skip-host-cache
skip-name-resolve
datadir=/var/lib/mysql
socket=/var/run/mysqld/mysqld.sock
secure-file-priv=/var/lib/mysql-files
user=mysql


default-time_zone = '+8:00'
log_bin = /var/lib/mysql/mysql-bin
server_id = 2
binlog_format = row
symbolic-links=0
innodb_buffer_pool_size = 512M
max_connections = 2000
innodb_file_per_table = 1
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci

pid-file=/var/run/mysqld/mysqld.pid
[client]
socket=/var/run/mysqld/mysqld.sock
default-character-set=utf8mb4
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/

初始化配置

[root@centos7Demo docker-compose]# cd /opt/archery/src/docker-compose
#启动
docker-compose -f docker-compose.yml up -d
#表结构初始化
[root@centos7Demo docker-compose]#docker exec -ti archery /bin/bash
[root@19d718745ad9 archery]#cd /opt/archery
[root@19d718745ad9 archery]#source /opt/venv4archery/bin/activate
[root@19d718745ad9 archery]#python3 manage.py makemigrations sql  
[root@19d718745ad9 archery]#python3 manage.py migrate 

#数据初始化
python3 manage.py dbshell<sql/fixtures/auth_group.sql
python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql

#创建管理用户
python3 manage.py createsuperuser

在Archery数据库里创建goinception备份账户，同config.toml配置信息一致
grant SELECT,insert,create on *.* to archery_bak@"%" IDENTIFIED by "abcabc";
用户：archery_bak
密码：abcabc

archery访问
http://127.0.0.1:9123/
goinception的登录方式：
[root@localhost ~]# mysql -h 192.168.10.238 -uroot -P4000 -pabcabc
> inception show variables;

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE                       COMMAND                   CREATED       STATUS       PORTS                                                  NAMES
13a38e2c45fa   redis:5                     "docker-entrypoint.s…"   4 hours ago   Up 4 hours   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp              redis
409d193e601d   hhyo/archery:v1.10.0        "dockerize -wait tcp…"   4 hours ago   Up 3 hours   0.0.0.0:9123->9123/tcp, :::9123->9123/tcp              archery
105ff841b097   mysql:5.7                   "docker-entrypoint.s…"   4 hours ago   Up 4 hours   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp   mysql
fddcd111f063   hanchuanchuan/goinception   "/usr/local/bin/dumb…"   4 hours ago   Up 4 hours   0.0.0.0:4000->4000/tcp, :::4000->4000/tcp              goinception