casb双节点部署,服务通过keepalived+haproxy来实现负载均衡,服务所需要的mysql和es采用物理部署方式部署,其中mysql采用主从方式部署,es采用集群方式部署。
2. 部署图
2. casb双节点实施步骤 1. 部署安装所需要的部署包kernel-lt-4.4.206-1.el7.elrepo.x86_64.rpm kernel-lt-devel-4.4.206-1.el7.elrepo.x86_64.rpm cardfile.zip lmk_init.tar.gz haproxy-2.3.8.tar.gz keepalived-2.1.5.tar.gz mysql-5.7.33-1.el7.x86_64-rpm.zip elasticsearch-7.7.0-linux-x86_64.tar.gz jdk-8u172-linux-x64.tar.gz2. 关闭selinux和防火墙配置
$ vi /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled #修改此处 # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
# 关闭防火墙 $ systemctl stop firewalld $ systemctl disable firewalld3. 升级内核并重启机器
#将kernel-lt-4.4.206-1.el7.elrepo.x86_64.rpm kernel-lt-devel-4.4.206-1.el7.elrepo.x86_64.rpm放在两台服务器上,并在根目录下执行一下操作:
##安装内核
rpm -ivh kernel-lt-4.4.206-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-lt-devel-4.4.206-1.el7.elrepo.x86_64.rpm
##查看系统上的所有可用内核
$ awk -F' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
0 : CentOS Linux (4.4.206-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-1160.21.1.el7.x86_64) 7 (Core)
2 : CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core)
3 : CentOS Linux (0-rescue-6971d89af6ff4e76b9899cf94c0c5b81) 7 (Core)
##设置新的内核为grub2的默认版本
$ vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=0 ##修改此处即可
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
##生成 grub 配置文件并重启
$ grub2-mkconfig -o /boot/grub2/grub.cfg
##重启
reboot
##验证
$ uname -r
4.4.206-1.el7.elrepo.x86_64
4. 安装加密卡和初始化根密钥
##所需安装包拷入到服务器中 cardfile.zip lmk_init.tar.gz ##加载密码卡驱动并配置开机自动加载 $ unzip cardfile.zip $ cd cardfile/driver $ mv ecard_solar2.ko /lib $ mv ecard_solar.sh /sbin $ chmod +x /etc/rc.d/rc.local $ vi /etc/rc.d/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local /sbin/ecard_solar.sh ##添加此行 $ /sbin/ecard_solar.sh Install OK! [0] ##显示改行即为成功 ##初始化密码卡 $ mkdir -p /mnt/drivers $ mv lmk_init.tar.gz /mnt/drivers $ cd /mnt/drivers $ tar -zxvf lmk_init.tar.gz $ cd lmk_init $ source setenv.sh $ ./jmjtools.exe init ##同步两边的密码卡密钥 #在一台服务器上进入/mnt/drivers/lmk_init执行 $ source setenv.sh $ ./jmjtools.exe get 9b899934b5a66e15e0958dadee84a454 exportkey OK! #在另一台服务上/mnt/drivers/lmk_init执行 $ source setenv.sh $ ./jmjtools.exe set 9b899934b5a66e15e0958dadee84a4545. 编译安装
##安装依赖
$ yum install -y openssl openssl-devel systemd-devel.x86_64
##上传安装包并解压安装
$ tar -zxvf haproxy-2.3.8.tar.gz
$ cd haproxy-2.3.8
$ make TARGET=linux-glibc USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1 USE_ZLIB=1 && make install
##编写开机自启
$ vi /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
##编写配置文件并启动
$ mkdir -p /etc/haproxy
$ cd /etc/haproxy
$ vi haproxy.cfg
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user root
group root
daemon
ulimit-n 1000000
max-spread-checks 1000ms
maxconn 30000000
maxconnrate 30000000
maxsessrate 30000000
maxsslconn 30000000
maxsslrate 30000000
tune.ssl.default-dh-param 2048
spread-checks 20
stats timeout 5000ms
stats maxconn 50
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000000
option clitcpka
option srvtcpka
listen admin_stats
bind 0.0.0.0:1080 #监听端口
mode http
option httplog
#log 127.0.0.1 local0 err
maxconn 10
stats refresh 30s
stats uri /stats
stats realm XingCloud Haproxy
stats auth admin:admin
stats hide-version
frontend https_frontend
bind *:8443
mode tcp
default_backend web_server
backend web_server
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
server s1 10.1.1.45:443
server s2 10.1.1.46:443
listen es
bind 0.0.0.0:9201
mode tcp
balance leastconn
server es-1 10.1.1.45:9200 check inter 30000 rise 2 fall 3 weight 23
server es-2 10.1.1.46:9200 check inter 30000 rise 2 fall 3 weight 23
$ mkdir -p /var/lib/haproxy
$ touch /var/lib/haproxy/stats
$ systemctl enable haproxy.service
$ systemctl start haproxy.service
6.编译安装keepalived
## 安装依赖
$ yum install -y libnl libnl-devel curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel
##将安装包放到服务器并解压安装
$ tar -zxvf keepalived-2.1.5.tar.gz
$ cd keepalived-2.1.5
$ ./configure --prefix=/usr/local/keepalived
$ make && make install
##配置
$ mkdir /etc/keepalived
##主节点配置
$ vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eno1
virtual_router_id 59
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass lianshi
}
virtual_ipaddress {
10.1.1.59
}
}
##slave节点配置(另一台机器)
$ vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eno1 #ip对应端口
virtual_router_id 59
priority 90 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass lianshi
}
virtual_ipaddress {
10.1.1.59
}
}
#启动keepalived并设置开机自启
$ systemctl start keepalived.service
$ systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 三 2021-04-07 10:19:00 CST; 15s ago
Process: 425 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 427 (keepalived)
CGroup: /system.slice/keepalived.service
├─427 /usr/local/keepalived/sbin/keepalived -D
└─428 /usr/local/keepalived/sbin/keepalived -D
$ systemctl enable keepalived
7.基础服务安装
7.1 mysql安装与主从配置
##mysql安装包
mysql-5.7.33-1.el7.x86_64-rpm.zip
##删除系统自带的mysql
$ rpm -qa | grep mysql
$ rpm -qa | grep mariadb
mariadb-libs-5.5.64-1.el7.x86_64
$ yum remove mariadb-libs
##mysql安装
$ unzip mysql-5.7.33-1.el7.x86_64-rpm.zip
$ cd mysql
$ rpm -ivh mysql-community-common-5.7.33-1.el7.x86_64.rpm
$ rpm -ivh mysql-community-libs-5.7.33-1.el7.x86_64.rpm
$ rpm -ivh mysql-community-libs-compat-5.7.33-1.el7.x86_64.rpm
$ rpm -ivh mysql-community-client-5.7.33-1.el7.x86_64.rpm
$ rpm -ivh mysql-community-server-5.7.33-1.el7.x86_64.rpm
##配置mysql
######master节点
$ vi /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[client] //修改部分
default-character-set = utf8 //修改部分
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/data/mysql #按照系统盘最大
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
collation-server=utf8_general_ci //修改部分
character_set_server=utf8 //修改部分
max_allowed_packet=1000M //修改部分
log-bin=mysql-bin //修改部分
server-id=1 //修改部分
binlog-do-db = scheduler //修改部分
replicate-do-db=scheduler //修改部分
binlog-do-db = sem //修改部分
replicate-do-db=sem //修改部分
binlog-do-db = kms //修改部分
replicate-do-db=kms //修改部分
binlog-do-db = uim //修改部分
replicate-do-db=uim //修改部分
######slave节点
$ vi /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[client] //修改部分
default-character-set = utf8 //修改部分
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/data/mysql #按照系统盘最大
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
collation-server=utf8_general_ci #修改部分
character_set_server=utf8 #修改部分
max_allowed_packet=1000M #修改部分
log-bin=mysql-bin #修改部分
server-id=2 #修改部分
binlog-do-db = scheduler #修改部分
replicate-do-db=scheduler #修改部分
binlog-do-db = sem #修改部分
replicate-do-db=sem #修改部分
binlog-do-db = kms #修改部分
replicate-do-db=kms #修改部分
binlog-do-db = uim #修改部分
replicate-do-db=uim #修改部分
##启动mysql
systemctl start mysqld.service
systemctl status mysqld.service
systemctl enable mysqld.service
#查看mysql进程
ps -ef|grep mysql
#查看3306端口
netstat -anop|grep 3306
##登陆mysql修改root密码
$ grep 'temporary password' /var/log/mysqld.log # 在/var/log/mysqld.log文件中搜索字段‘temporary password’
2021-04-08T03:11:35.111776Z 1 [Note] A temporary password is generated for root@localhost: 2bg%sblK;oHt
$ mysql -uroot -p"2bg%sblK;oHt"
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 2
Server version: 5.7.33
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_length=1;
Query OK, 0 rows affected (0.00 sec)
mysql> set password for root@localhost=password('lianShi:2021');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> grant all privileges on *.* to root@'%' identified by 'lianShi:2021';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
## 创建casb服务的数据库
mysql> create database sem;
Query OK, 1 row affected (0.00 sec)
mysql> create database uim;
Query OK, 1 row affected (0.00 sec)
mysql> create database kms;
Query OK, 1 row affected (0.00 sec)
mysql> create database scheduler;
Query OK, 1 row affected (0.00 sec)
##配置主从 master配置(10.1.1.38)
mysql> CREATE USER 'repl'@'10.1.1.39' IDENTIFIED BY 'slavepass';#创建用户
mysql> GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.1.1.39';#分配权限
mysql>flush privileges; #刷新权限
mysql > SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 73 | test | manual,mysql |
+------------------+----------+--------------+------------------+
##slave 配置(10.1.1.39)
mysql> CHANGE MASTER TO
-> MASTER_HOST='10.1.1.38',
-> MASTER_USER='rep1',
-> MASTER_PASSWORD='slavepass',
-> MASTER_LOG_FILE='mysql-bin.000003',
-> MASTER_LOG_POS=73;
##启动slave同步进程
mysql>start slave;
##查看slave状态;
mysql> show slave statusG;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 10.1.1.38
Master_User: rep1
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000013
Read_Master_Log_Pos: 11662
Relay_Log_File: mysqld-relay-bin.000022
Relay_Log_Pos: 11765
Relay_Master_Log_File: mysql-bin.000013
Slave_IO_Running: Yes //两个yes才算成功
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
...
7.2 es集群部署安装
##部署安装包
elasticsearch-7.7.0-linux-x86_64.tar.gz
jdk-8u172-linux-x64.tar.gz
##安装jdk
tar xf jdk-8u172-linux-x64.tar.gz
mv jdk1.8.0_172/ jdk
#配置环境变量,/etc/proifle里面加入如下
export JAVA_HOME=/data/jdk
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH
##安装es
useradd elasticsearch
tar xf elasticsearch-7.7.0-linux-x86_64.tar.gz -C /data/
mv /data/elasticsearch-7.7.0 /data/elasticsearch
chown -R elasticsearch:elasticsearch elasticsearch
#生成证书
cd /data/elasticsearch
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
配置elasticsearch.yml文件内容(主节点)
cp /data/elasticsearch/config/elasticsearch.yml /data/elasticsearch/config/elasticsearch.yml.bak
添加以下内容
vi elasticsearch.yml
cluster.name: escluster
node.name: es1
node.master: true
node.data: true
cluster.initial_master_nodes: ["es1"]
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
http.port: 9200
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["10.1.1.38:9200","10.1.1.39:9300"]
http.cors.enabled: true
#开启跨域访问后的地址限制,*表示无限制
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/elasticsearch/config/elastic-certificates.p12
子节点配置
cluster.name: escluster
node.name: es2
node.master: false
node.data: true
cluster.initial_master_nodes: ["es1"]
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
http.port: 9200
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["10.1.1.38:9200","10.1.1.39:9300"]
http.cors.enabled: true
#开启跨域访问后的地址限制,*表示无限制
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/elasticsearch/config/elastic-certificates.p12
##jvm调优
vi /data/elasticsearch/config/jvm.options
-Xms1g 修改为 ===> -Xms2g
-Xmx1g 修改为 ===> -Xmx2g
##内存优化
vi /etc/sysctl.conf
fs.file-max=655360
vm.max_map_count=655360
sysctl -p
vi /etc/security/limits.conf
添加以下内容
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimited
* hard memlock unlimited
##编写es启动脚本
vi /etc/init.d/elasticsearch
#!/bin/bash
#chkconfig: 2345 80 05
#description: elasticsearch
export JAVA_HOME=/data/jdk
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH
ROOT=/data
USER=elasticsearch
NAME=elasticsearch
DIR=${ROOT}/${NAME}
BIN="${DIR}/bin/${NAME}"
PID=${DIR}/.${NAME}.pid
LOG=${DIR}/startlogs/${NAME}.log
start(){
ps -ef |grep ${DIR}|grep -v grep
PROC_STAT=$?
if [ ${PROC_STAT} != 0 ]
then
su - ${USER} -c "${BIN} > ${LOG} 2>&1 &"
sleep 1
PROC_PID=`ps -ef|grep ${DIR}|grep -v grep|awk '{print $2}'`
su - ${USER} -c "echo ${PROC_PID} > ${PID}"
else
echo "${NAME} start fail,please check it!"
fi
}
stop(){
if [ -f $PID ]
then
kill $(cat $PID)
rm -rf ${PID}
else
PROC_PID=`ps -ef |grep ${DIR}|grep -v grep|awk '{print $2}'`
if [ -n ${PROC_PID} ]
then
kill ${PROC_PID}
echo "${NAME} had close."
else
echo "${NAME} maybe not run ,please check it!"
fi
fi
}
status(){
ps -ef |grep ${DIR}|grep -v grep
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop
sleep 5
start
;;
*)
echo "Usage: /etc/init.d/${NAME} {start|stop|restart}"
exit 1
esac
exit 0
chmod +x /etc/init.d/elasticsearch
chkconfig --add elasticsearch
systemctl start elasticsearch
##添加密码在主节点执行
cd /data/elasticsearch/bin
./elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [/data/jdk/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
liaChanged password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
8.安装casb服务
##安装casb服务 ##根据casb安装文档进行安装 #在各个服务器上安装scheduler服务,并根据casb安装手册进行初始化 ##在初始化的过程中数据库选择主节点数据库9.备份数据库
1.如果MySQL是物理安装(根据实际建库为准) mysqldump -uroot -p uim(数据库) > uim_bak.sql mysqldump -uroot -p sem > sem_bak.sql mysqldump -uroot -p kms > kms_bak.sql 2.mysql为容器安装 docker exec -it id(mysql容器的id) mysqldump -uroot -plianShi:2020 uim > /root/uim_bak.sql docker exec -it id(mysql容器的id) mysqldump -uroot -plianShi:2020 sem > /root/sem_bak.sql docker exec -it id(mysql容器的id) mysqldump -uroot -plianShi:2020 kms > /root/kms_bak.sql
