本文是在完成步骤一、准备 OBD 中控机后的第二步,准备3台oceanbase分布式数据库服务器。
前序步骤:BCLinux8U6系统部署oceanbase分布式数据库社区版之一、准备 OBD 中控机
一、服务器配置
1、服务器硬件配置
本例采用vmware虚拟机来构建测试平台,共3台虚拟机,16核CPU、32GB内存,1T数据盘
2、服务器操作系统
采用BCLinux8U6
[root@localhost ~]# cat /etc/os-release
NAME="BigCloud Enterprise Linux"
VERSION="8.6 (Core)"
ID="bclinux"
ID_LIKE="rhel fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:an8"
PRETTY_NAME="BigCloud Enterprise Linux 8.6 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:bclinux:bclinux:8"
HOME_URL="https://mirrors.bclinux.org/"
BUG_REPORT_URL="https://bugs.bclinux.org/"
BCLINUX_BUGZILLA_PRODUCT="BigCloud Enterprise Linux 8 (Core)"
BCLINUX_BUGZILLA_PRODUCT_VERSION=8.6
BCLINUX_SUPPORT_PRODUCT="BigCloud Enterprise Linux 8 (Core)"
BCLINUX_SUPPORT_PRODUCT_VERSION=8.63、系统内核,操作系统内核为5.10
[root@localhost ~]# uname -r
5.10.134-12.2.el8.bclinux.x86_64
[root@localhost ~]# free -g
total used free shared buff/cache available
Mem: 31 0 30 0 0 30
Swap: 1 0 1二、服务器系统环境初始化(每台服务器需完成相同设置)
1、准备数据盘分区
[root@localhost ~]# fdisk -l |grep /dev/sdb
Disk /dev/sdb:1000 GiB,1073741824000 字节,2097152000 个扇区
[root@localhost ~]# fdisk /dev/sdb
欢迎使用 fdisk (util-linux 2.32.1)。
更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。
设备不包含可识别的分区表。
创建了一个磁盘标识符为 0x9febb181 的新 DOS 磁盘标签。
命令(输入 m 获取帮助):n
分区类型
p 主分区 (0个主分区,0个扩展分区,4空闲)
e 扩展分区 (逻辑分区容器)
选择 (默认 p):p
分区号 (1-4, 默认 1):
第一个扇区 (2048-2097151999, 默认 2048):
上个扇区,+sectors 或 +size{K,M,G,T,P} (2048-2097151999, 默认 2097151999):
创建了一个新分区 1,类型为“Linux”,大小为 1000 GiB。
命令(输入 m 获取帮助):w
分区表已调整。
将调用 ioctl() 来重新读分区表。
正在同步磁盘。
[root@localhost ~]# fdisk -l |grep /dev/sdb
Disk /dev/sdb:1000 GiB,1073741824000 字节,2097152000 个扇区
/dev/sdb1 2048 2097151999 2097149952 1000G 83 Linux
[root@localhost ~]# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
[root@localhost ~]# vgcreate appvg /dev/sdb1
Volume group "appvg" successfully created
[root@localhost ~]# lvcreate -n applv -l 100%vg /dev/appvg
Logical volume "applv" created.
[root@localhost ~]# lvs |grep applv
applv appvg -wi-a----- <1000.00g
[root@localhost ~]# mkfs.xfs -m bigtime=1 /dev/appvg/applv
meta-data=/dev/appvg/applv isize=512 agcount=4, agsize=65535744 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=0
data = bsize=4096 blocks=262142976, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=127999, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# vi /etc/fstab
[root@localhost ~]# grep applv /etc/fstab
/dev/appvg/applv /app xfs defaults 0 0
[root@localhost ~]# mkdir /app
[root@localhost ~]# mount -a
[root@localhost ~]# df -hT |grep applv
/dev/mapper/appvg-applv xfs 1000G 7.1G 993G 1% /app2、检查时间同步
因是分布式环境,时间同步非常重要,否则可能会出现各种意想不到的问题
[root@localhost ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.2.33 2 6 377 51 -1808us[ -325us] +/- 27ms
^+ 192.168.2.34 2 6 377 53 +1443us[+2925us] +/- 42ms
^+ 192.168.2.35 2 6 377 50 +15ms[ +15ms] +/- 50ms3、系统限制参数设置
[root@localhost ~]# vi /etc/security/limits.conf
[root@localhost ~]# egrep -v "^#|^$" /etc/security/limits.conf
root soft nofile 655350
root hard nofile 655350
* soft nofile 655350
* hard nofile 655350
* soft stack unlimited
* hard stack unlimited
* soft nproc 655360
* hard nproc 655360
* soft core unlimited
* hard core unlimited4、系统控制参数配置
[root@localhost ~]# vi /etc/sysctl.conf
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# for oceanbase
## 修改内核异步 I/O 限制
fs.aio-max-nr=1048576
## 网络优化
net.core.somaxconn = 2048
net.core.netdev_max_backlog = 10000
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_local_port_range = 3500 65535
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_slow_start_after_idle=0
vm.swappiness = 0
vm.min_free_kbytes = 2097152
fs.file-max = 6573688
# 修改进程可以拥有的虚拟内存区域数量
vm.max_map_count = 655360
# 此处为 OceanBase 数据库的 data 目录
kernel.core_pattern = /app/core-%e-%p-%t
[root@localhost ~]# sysctl -p
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
fs.aio-max-nr = 1048576
net.core.somaxconn = 2048
net.core.netdev_max_backlog = 10000
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_local_port_range = 3500 65535
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_tw_reuse = 1
sysctl: cannot stat /proc/sys/net/ipv4/tcp_tw_recycle: 没有那个文件或目录
net.ipv4.tcp_slow_start_after_idle = 0
vm.swappiness = 0
vm.min_free_kbytes = 2097152
fs.file-max = 6573688
vm.max_map_count = 655360
kernel.core_pattern = /app/core-%e-%p-%t
[root@localhost ~]#5、停用selinux服务
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted6、创建admin管理用户并初始化密码
[root@localhost ~]# useradd -U admin -d /home/admin -s /bin/bash -m
[root@localhost ~]# ll /home
总用量 8
drwx------. 2 AAAA AAAA 4096 4月 10 09:40 AAAA
drwx------ 2 admin admin 4096 4月 15 16:08 admin
[root@localhost ~]# ll /home |grep admin
drwx------ 2 admin admin 4096 4月 15 16:08 admin
[root@localhost ~]# passwd admin
更改用户 admin 的密码 。
新的 密码:
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。7、admin用户sudo免密设置及加入wheel组
配置admin用户的sudo免密设置,为避免其它安全策略影响,建议加到/etc/sudoers文件的最后面;同时将admin用户加入wheel组。
[root@localhost ~]# vim /etc/sudoers
[root@localhost ~]# grep ^admin /etc/sudoers
admin ALL=(ALL) NOPASSWD:ALL
[root@localhost ~]# vi /etc/group
[root@localhost ~]# grep wheel /etc/group
wheel:x:10:admin8、准备数据库的数据目录和日志目录,有条件的话,可以按部署建议进行分盘部署
[root@localhost ~]# mkdir -p /app/oceanbase/data /app/oceanbase/redo
[root@localhost ~]# chown -R admin:admin /app
[root@localhost ~]# tree /app
/app
└── oceanbase
├── data
└── redo
3 directories, 0 files
[root@localhost ~]# 三、中控机ssh免密操作
以下皆在中控机上操作
1、生成admin用户的公钥文件
[root@localhost ~]# su - admin
上一次登录:一 4月 15 16:45:26 CST 2024pts/1 上
[admin@localhost ~]$ ls ~/.ssh/id_rsa.pub
ls: 无法访问'/home/admin/.ssh/id_rsa.pub': 没有那个文件或目录
[admin@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Created directory '/home/admin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa
Your public key has been saved in /home/admin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:dioymcUobYwt9nUpt5OWuqhCiS+KQ7sVpzUIKHhBEuQ admin@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|++o |
|+. . |
|+E. |
|...=.o . |
|. *o*+= S . |
|.= ===.= * |
|o..o* . B |
|=.o + + . |
|+=o.. o. |
+----[SHA256]-----+2、分发公钥文件到各数据库服务器
[admin@localhost ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub -p4422 admin@192.168.2.161
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/id_rsa.pub"
The authenticity of host '[192.168.2.161]:4422 ([192.168.2.161]:4422)' can't be established.
ED25519 key fingerprint is SHA256:wySYs++V/r0GwbmVUSZpvBNFej8nrE2ptlPWLPzyVEk.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.
admin@192.168.2.161's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p 4422 'admin@192.168.2.161'"
and check to make sure that only the key(s) you wanted were added.
[admin@localhost ~]$3、免密登录各数据库服务器测试
[admin@localhost ~]$ ssh -p 4422 'admin@192.168.2.161'
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
[admin@localhost ~]$ sudo su
____ _ ____ _ _
| __ )(_) __ _ / ___| | ___ _ _ __| |
| _ \| |/ _` | | | |/ _ \| | | |/ _` |
| |_) | | (_| | |___| | (_) | |_| | (_| |
|____/|_|\__, |\____|_|\___/ \__,_|\__,_|
|___/
_____ _ _ _ _
| ____|_ __ | |_ ___ _ __ _ __ _ __(_)___ ___ | | (_)_ __ _ ___ __
| _| | '_ \| __/ _ \ '__| '_ \| '__| / __|/ _ \ | | | | '_ \| | | \ \/ /
| |___| | | | || __/ | | |_) | | | \__ \ __/ | |___| | | | | |_| |> <
|_____|_| |_|\__\___|_| | .__/|_| |_|___/\___| |_____|_|_| |_|\__,_/_/\_\
|_|
___
( _ )
/ _ \
| (_) |
\___/
Welcome to BigCloud Enterprise Linux 8 (GNU/Linux 5.10.134-12.2.el8.bclinux.x86_64 x86_64)
System information as of 2024年 04月 15日 星期一 16:55:05 CST
* System CPU load: 0.00 0.00 0.00 * System uptime: 16:55:05 up 1:18
* Active sessions: 2 * Memory usage: 32185 / 32819 MB
* Processes count: 306
* Contact US :
MAIL : support@bclinux.org / TEL : 4001-10086-5
[root@localhost admin]# exit
exit
[admin@localhost ~]$ exit
注销
Connection to 192.168.2.161 closed.
[admin@localhost ~]$ 至此,完成各台数据库服务器的环境准备及中控机免密ssh配置。
