环境设置
1.关闭防火墙需要将GBase 8c分布式数据库节点间访问端口打通,才能保证读写请求、数据等信息的正常传输。在普通业务场景中,数据库节点间及其与业务服务之间的网络通信都是在安全域内完成数据交互,如果没有特殊的安全要求,建议将节点的防火墙进行关闭操作。否则需要按照“集群规划”中的“端口号”信息配置防火墙白名单。
$ sudo systemctl stop firewalld.service
同时禁止防火墙开机自启动:
$ sudo systemctl disable firewalld.service
查看防火墙状态:
$ sudo firewall-cmd --state
not running
2 关闭SELinuxSELinux提供了强制访问控制功能,为了某些应用程序的正常运行,需要关闭SELinux。打开配置文件:
$ sudo vim /etc/selinux/config
设置SELINUX=disabled,保存退出:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
3 同步系统时间GBase 8c分布式数据库系统,需要各节点间时间同步,来保证数据库一致性。一般采用NTP服务方式来保证各节点间的时间同步。
首先检查服务器是否安装NTP服务以及是否正常运行:
$ sudo systemctl status ntpd.service
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-12-02 19:26:50 CST; 1 weeks 1 days ago
Main PID: 14440 (ntpd)
CGroup: /system.slice/ntpd.service
└─14440 /usr/sbin/ntpd -u ntp:ntp -g
如果显示running表示服务正在运行。否则考虑如下操作:
如果系统可以与外网通信,可以使用如下命令与NTP服务器同步:
$ sudo systemctl status ntpd.service
如果服务器所在网络无法与外网通信,需要手动配置NTP服务
首先确认是否安装ntp:
$ rpm -qa|grep ntp
若已安装ntp应返回如下内容:
ntp-4.2.6p5-29.el7.centos.x86_64
ntpdate-4.2.6p5-29.el7.centos.x86_64
若没有ntp显示,则应删除原有ntpdate后重新安装ntp:
$ sudo yum -y remove ntpdate-4.2.6p5-29.el7.centos.x86_64
$ sudo yum -y install ntp
安装完毕后,在所有节点上配置ntp服务,首先选定ntp服务主节点,本篇选用gtm节点作为ntp主节点。
修改ntp.conf配置文件:
$ sudo vi /etc/ntp.conf
ntp节点配置分为主节点配置及其他节点配置,主节点修改配置文件,增加:
restrict 10.0.7.16 nomodify notrap nopeer noquery //当前节点IP
restrict 10.0.7.255 mask 255.255.248.0 nomodify notrap //集群所在网段网关、子网掩码
//server部分注释掉0~n并增加如下内容:
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
修改涉及部分配置文件及修改位置如下:
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 10.0.7.16 nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
restrict 10.0.7.255 mask 255.255.248.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
ntp其他节点修改配置文件,增加:
restrict 10.0.7.17 nomodify notrap nopeer noquery //当前节点IP
restrict 10.0.7.255 mask 255.255.248.0 nomodify notrap //集群所在网段网关、子网掩码
//server部分注释掉0~n并指向主节点:
server 10.0.7.16
Fudge 10.0.7.16 stratum 10
修改涉及部分配置文件及修改位置如下:
# the administrative functions.
restrict 10.0.7.17 nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
restrict 10.0.7.255 mask 255.255.248.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 10.0.7.16
Fudge 10.0.7.16 stratum 10
全部节点配置完成后,在所有节点启动ntp服务器:
$ sudo service ntpd start
查看ntp服务器是否连通:
$ ntpstat
主节点返回:
synchronised to local net (127.127.1.0) at stratum 6
time correct to within 11 ms
polling server every 64 s
其他节点返回:
synchronised to NTP server (10.0.7.16) at stratum 7
time correct to within 57 ms
polling server every 1024 s
注:ntp服务器配置完毕后,需要等待5~10分钟才能完成时间同步,如果在配置后提示unsynchronised time server re-starting polling server every 8 s或unsynchronised polling server every 8 s均属正常,等待一段时间再次执行ntpstat命令查看即可。
设置开机自启动:
$ sudo chkconfig ntpd on
