关于 obdeploy 部署脚本中的 Oceanbase 相关密码的理解

有几天没撸 OceanBase 了，今天跟大家一起聊一聊 OceanBase 自动化部署工具 obdeploy (obd) 在自动初始化脚本中涉及的一些密码的用途。

首先放一个完整版的 yml 文件 `distributed-with-obproxy-example.yaml`

## Only need to configure when remote login is required
# user:
#   username: your username
#   password: your password if need
#   key_file: your ssh-key file path if need
#   port: your ssh port, default 22
#   timeout: ssh connection timeout (second), default 30
oceanbase-ce:
  servers:
    - name: server1
      # Please don't use hostname, only IP can be supported
      ip: 192.168.1.2
    - name: server2
      ip: 192.168.1.3
    - name: server3
      ip: 192.168.1.4
  global:
    # Please set devname as the network adaptor's name whose ip is  in the setting of severs.
    # if set severs as "127.0.0.1", please set devname as "lo"
    # if current ip is 192.168.1.10, and the ip's network adaptor's name is "eth0", please use "eth0"
    devname: eth0
    # if current hardware's memory capacity is smaller than 50G, please use the setting of "mini-single-example.yaml" and do a small adjustment.
    memory_limit: 64G # The maximum running memory for an observer
    # The reserved system memory. system_memory is reserved for general tenants. The default value is 30G.
    system_memory: 30G
    datafile_disk_percentage: 20 # The percentage of the data_dir space to the total disk space. This value takes effect only when datafile_size is 0. The default value is 90.
    syslog_level: INFO # System log level. The default value is INFO.
    enable_syslog_wf: false # Print system logs whose levels are higher than WARNING to a separate log file. The default value is true.
    enable_syslog_recycle: true # Enable auto system log recycling or not. The default value is false.
    max_syslog_file_count: 4 # The maximum number of reserved log files before enabling auto recycling. The default value is 0.
    # observer cluster name, consistent with obproxy's cluster_name
    appname: obcluster
    # root_password: # root user password, can be empty
    # proxyro_password: # proxyro user pasword, consistent with obproxy's observer_sys_password, can be empty
  # In this example , support multiple ob process in single node, so different process use different ports.
  # If deploy ob cluster in multiple nodes, the port and path setting can be same. 
  server1:
    mysql_port: 2881 # External port for OceanBase Database. The default value is 2881. DO NOT change this value after the cluster is started.
    rpc_port: 2882 # Internal port for OceanBase Database. The default value is 2882. DO NOT change this value after the cluster is started.
    #  The working directory for OceanBase Database. OceanBase Database is started under this directory. This is a required field.
    home_path: /root/observer
    # The directory for data storage. The default value is $home_path/store.
    # data_dir: /data
    # The directory for clog, ilog, and slog. The default value is the same as the data_dir value.
    # redo_dir: /redo
    zone: zone1
  server2:
    mysql_port: 2881 # External port for OceanBase Database. The default value is 2881. DO NOT change this value after the cluster is started.
    rpc_port: 2882 # Internal port for OceanBase Database. The default value is 2882. DO NOT change this value after the cluster is started.
    #  The working directory for OceanBase Database. OceanBase Database is started under this directory. This is a required field.
    home_path: /root/observer
    # The directory for data storage. The default value is $home_path/store.
    # data_dir: /data
    # The directory for clog, ilog, and slog. The default value is the same as the data_dir value.
    # redo_dir: /redo
    zone: zone2
  server3:
    mysql_port: 2881 # External port for OceanBase Database. The default value is 2881. DO NOT change this value after the cluster is started.
    rpc_port: 2882 # Internal port for OceanBase Database. The default value is 2882. DO NOT change this value after the cluster is started.
    #  The working directory for OceanBase Database. OceanBase Database is started under this directory. This is a required field.
    home_path: /root/observer
    # The directory for data storage. The default value is $home_path/store.
    # data_dir: /data
    # The directory for clog, ilog, and slog. The default value is the same as the data_dir value.
    # redo_dir: /redo
    zone: zone3
obproxy-ce:
  # Set dependent components for the component.
  # When the associated configurations are not done, OBD will automatically get the these configurations from the dependent components.
  depends:
    - oceanbase-ce
  servers:
    - 192.168.1.5
  global:
    listen_port: 2883 # External port. The default value is 2883.
    prometheus_listen_port: 2884 # The Prometheus port. The default value is 2884.
    home_path: /root/obproxy
    # oceanbase root server list
    # format: ip:mysql_port;ip:mysql_port. When a depends exists, OBD gets this value from the oceanbase-ce of the depends.
    # rs_list: 192.168.1.2:2881;192.168.1.3:2881;192.168.1.4:2881
    enable_cluster_checkout: false
    # observer cluster name, consistent with oceanbase-ce's appname. When a depends exists, OBD gets this value from the oceanbase-ce of the depends.
    # cluster_name: obcluster
    skip_proxy_sys_private_check: true
    enable_strict_kernel_release: false
    # obproxy_sys_password: # obproxy sys user password, can be empty. When a depends exists, OBD gets this value from the oceanbase-ce of the depends.
    # observer_sys_password: # proxyro user pasword, consistent with oceanbase-ce's proxyro_password, can be empty. When a depends exists, OBD gets this value from the oceanbase-ce of the depends.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

这里面涉及到 5 个密码，下面我们分别来解读一下

0）我自己初始化集群中的密码

列一下供大家在下面参考

[chris@obd ~]$ cat obd.yml | grep password
    root_password: observer
    proxyro_password: obproxy
    obproxy_sys_password: obproxy-sys
    observer_sys_password: obproxy
1
2
3
4
5

1）操作系统用户名密码

在这里插入图片描述
这个用户名密码是您安装 OceanBase 数据库的用户名及密码，属于 Linux 系统的密码。由于 OceanBase 是分布式系统，在安装数据库时，有两种方式，一种是将所有主机做好 SSH 互信；另外一种就是放开这个用户名和密码。

2）observer root 用户密码

在这里插入图片描述
如上图，第1个密码，就是 observer 的 root 密码，该密码是整个 OceanBase 的所有 observer 的 root 用户的密码，可以通过 obproxy 或 observer进行连接，下面分别做一下演示：

# 10.211.55.73 这台机器上安装有 obproxy，端口为 2883，下面是链接的例子
[chris@obd ~]$ obclient -h10.211.55.73 -P2883 -uroot@sys -pobserver -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.6.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]>
1
2
3
4
5
6
7
8
9
10
11

# 10.211.55.74/75/76 这三台机器上安装有 3 个 observer，observer 的端口是 2881，下面是链接的 3 个例子
[chris@obd ~]$ obclient -h10.211.55.74 -P2881 -uroot@sys -pobserver -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 3221540637
Server version: 5.7.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]> exit
Bye
[chris@obd ~]$ obclient -h10.211.55.75 -P2881 -uroot@sys -pobserver -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 3221749765
Server version: 5.7.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]> exit
Bye
[chris@obd ~]$ obclient -h10.211.55.76 -P2881 -uroot@sys -pobserver -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 3222012982
Server version: 5.7.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]> exit
Bye
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

3）proxyro 密码

在这里插入图片描述
OBProxy 需要跟后端 OBServer 节点保持通信。所以需要提前在 OceanBase 集群的 sys 租户下为 OBProxy 创建连接用户（proxyro）和密码。上图中 2 就是 proxyro 的密码。

下面进行一个演示：

可以采用 proxyro 用户直接登陆到 observer，密码是我上面定义的 `proxyro_password: obproxy`
[chris@obd ~]$ obclient -h10.211.55.76 -P2881 -uproxyro@sys -pobproxy -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 3222012983
Server version: 5.7.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]> exit
Bye
[chris@obd ~]$ obclient -h10.211.55.73 -P2883 -uproxyro@sys -pobproxy -A oceanbase
ERROR 1045 (42000): Access denied for user 'proxyro@sys'@'10.211.55.73' (using password: YES)
[chris@obd ~]$
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

4）obproxy sys用户密码

在这里插入图片描述
obproxy_sys_password 这个密码是 obproxy 的 sys 用户密码，这个密码是 obproxy 的管理用户密码，用来登陆到 obproxy 做一些刷新操作。不能登陆 observer。

下面放一个例子：

[chris@obd ~]$ obclient -h10.211.55.73 -P2883 -uroot@proxysys -pobproxy-sys -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 21
Server version: 5.6.25

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]>
1
2
3
4
5
6
7
8
9
10

5）observer_sys_password 密码

这个密码跟 proxyro_password 一致，是 OBProxy 连接 OceanBase 集群使用的 proxyro 用户的密码。

[chris@obd ~]$ obclient -h10.211.55.74 -P2881 -uproxyro@sys -pobproxy -A oceanbase
Welcome to the OceanBase.  Commands end with ; or \g.
Your MySQL connection id is 3221555419
Server version: 5.7.25 OceanBase 3.1.4 (r10000092022071511-b4bfa011ceaef428782dcb65ae89190c40b78c2f) (Built Jul 15 2022 11:45:14)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [oceanbase]> exit
Bye
1
2
3
4
5
6
7
8
9
10
11

对比图

密码名称	密码用途	参考值
password	安装 OB 的操作系统用户密码	admin
root_password	OB root管理员用户密码	observer
proxyro_password	obproxy保持与observer通信的用户proxyro的密码	obproxy
obproxy_sys_password	obproxy的 root 用户密码，登陆租户为proxysys	obproxy-sys
observer_sys_password	obproxy保持与observer通信的用户proxyro的密码	obproxy

End~

相关阅读:
怎样能写好年终总结报告？
【Spatial-Temporal Action Localization（六）】论文阅读2021年
 TartanVO: A Generalizable Learning-based VO 服务器复现（rtx3090 py3）
NUWA论文阅读
 部署vue项目到阿里云服务器
 2021 Java面试题大全（整理版）1000+面试题附答案详解，最全面详细，看完稳了！
1. 概述
 Pytest自动化测试框架---（单元测试框架）
企业想过等保，其中2FA双因素认证手段必不可少
 微信小程序隐藏滚动条的方法
原文地址：https://blog.csdn.net/chrisy521/article/details/126772270