文章目录
- 环境
- 文档用途
- 详细信息
环境
系统平台:N/A
版本:4.5.6,4.5.7,4.5.8
文档用途
本文档用于高可用集群环境中hghac组件和hgproxy组件替换和升级操作
详细信息
1.关闭服务
所有数据节点都执行
1、关闭hgproxy服务
[root@hgdb01 tools]# systemctl stop hgproxy.service
[root@hgdb02 tools]# systemctl stop hgproxy.service
2、关闭hghac服务
[root@hgdb01 tools]# systemctl stop hghac.service
[root@hgdb02 tools]# systemctl stop hghac.service
3、关闭etcd服务
[root@hgdb01 tools]# systemctl stop etcd.service
[root@hgdb02 tools]# systemctl stop etcd.service
[root@localhost ~]# systemctl stop etcd.service
2.升级过程
操作前请先备份原集群配置文件。
1、安装软件包
验证md5值
[root@hgdb01 tools]# md5sum hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
0d960d0ac4925b272c30849e415031fd hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
安装软件包
[root@hgdb01 tools]# rpm -ivh hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
准备中... ################################# [100%]
正在升级/安装...
1:hghac-4.2.3.3-17f931d ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/hghac.service to /usr/lib/systemd/system/hghac.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/vip-manager.service to /usr/lib/systemd/system/vip-manager.service.
2、配置并启动etcd
01节点:
[root@hgdb01 tools]# vim /usr/local/hghac/etcd/etcd.yml
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_01'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd01# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.101:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.101:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.101:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.101:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
02节点配置
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_02'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd02# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.102:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.102:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.102:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.102:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
03节点配置
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_03'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd03# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.103:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.103:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.103:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.103:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
启动etcd(三台间隔时间不要太长)
[root@hgdb01 ~]# systemctl start etcd.service
[root@hgdb02 ~]# systemctl start etcd.service
[root@hgdb03 ~]# systemctl start etcd.service
查看etcd集群状态
[root@hgdb01 tools]# /usr/local/hghac/etcd/etcdctl --endpoints=http://x.x.0.101:2379,http://x.x.0.102:2379,http://x.x.0.103:2379 endpoint status --write-out=table
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| http://x.x.0.101:2379 | 7a586afca670fdcd | 3.4.15 | 20 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.102:2379 | 5506b0263532a5d | 3.4.15 | 25 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.103:2379 | 21d26eb730319e20 | 3.4.15 | 25 kB | true | false | 2 | 8 | 8 | |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
3、配置hghac组件
01节点
scope: highgo-see-cluster
namespace: /service/
name: see_01 restapi:listen: x.x.0.101:8008connect_address: x.x.0.101:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.101:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local all all sm3- host all all 0.0.0.0/0 sm3- host all all ::1/128 sm3- local replication all sm3- host replication all 0.0.0.0/0 sm3- host replication all ::1/128 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac
启动hghac
# systemctl start hgahc.service
查看集群状态
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
02节点
scope: highgo-see-cluster
namespace: /service/
name: see_02 restapi:listen: x.x.0.102:8008connect_address: x.x.0.102:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.102:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local all all sm3- host all all 0.0.0.0/0 sm3- host all all ::1/128 sm3- local replication all sm3- host replication all 0.0.0.0/0 sm3- host replication all ::1/128 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac
启动hghac
# systemctl start hgahc.service
查看集群状态
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
4、配置hgproxy
所有节点配置相同
[root@hgdb01 hgproxy]# cat /usr/local/hgproxy/etc/proxy.conf
# version: 4.0.27[Log]
log_collector = on# 是否开始日志功能log_level = log# 可选日志级别如下:# debug5# debug4# debug3# debug2 - 显示设置路由节点的关键点# debug1 - 显示语句与协议包的路由节点# log - 显示会话的开始与结束# commerror# info# notice# warning# error# fatal# paniclog_destination = file# stdout: 标准输出# stderr: 标准错误输出# file: 输出到文件log_filename = /data/hglog/hgproxy.log# 日志输出文件# 设置按日期输出到不同文件, 只需要在文件名中添加时间转换字符 %d(%Y%m%d), 例如:/tmp/log/hgproxy.%d(%Y%m%d).log, 输出文件名样式为:hgproxy.20200808.loglog_format = "%d.%us %-7V [pid:%-7p cid:%-7U %18F:%-5L] %m%n"# 格式说明:# %d :时间格式(2012-01-01 17:03:12)# %d.%ms :时间格式(2012-01-01 17:03:12.123)# %d.%us :时间格式(2012-01-01 17:03:12.123456)# %m :用户日志(必须)# %n :换行符(必须)# %p :进程id# %t :线程id# %U :协程id# %V :日志级别,大写# %v :日志级别,小写# %F :源代码文件名# %L :源代码行数log_rotation_size = 500MB# 日志文件自动转存大小(转存文件后缀数字越大,日志时间越新).# 设置为0, 则关闭此功能.log_max_rotation_file_num = 0# 转存文件最大保留个数(设置的值大于1时, 此功能生效).# 当转存文件达到设置的个数时,依次自动删除最旧的文件.# 当日志文件比较重要时,请谨慎决定是否打开此功能.[Proxy]
listen_addresses = *
port = 5888
socket_dir = /tmpprocess_nums = 0# 负责处理会话的进程个数(建议设置为服务器核心数; 设置为0时, 自动获取CPU核心数进行设置)session_balance = on# 以轮询的的方式使进程间处理的会话尽量均衡process_bind_cpu = off# 负责处理会话的进程, 是否绑定CPU运行extension_module = librwsplit.so# hgproxy扩展模块, 目前只有读写分离模块,默认即可auto_replace_application_name = "hgproxy: app[__IP__:__PORT__:__ORIGINAL__]"# 自动修改 application_name 参数.# __IP__ : 应用的IP.# __PORT__ : 应用的端口.# __ORIGINAL__ : 原始数据.# 注意:由于数据库限制,开启此功能后,hgproxy会添加额外的信息,因此应用可自定义设置的 application_name 字符串会减少。# 参数值设置为空,则关闭此功能use_mctx = off# 使用内存上下文机制管理内存transaction_mode = Auto# Auto 事务内会进行读写分离,路由节点自动判断# Primary 事务内不进行读写分离,固定发往主节点read_write_separation = on# 读写分离开关# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启[BackendNode]
node_num = 2# 后端节点数量load_balancing_mode = 1# 负载均衡模式(目前只有一种模式,默认即可)# 1:权重模式startup_check = off# 启动时, 检查配置的数据库是否能够连接hostname0 = x.x.0.101
port0 = 5866
backend_weigh0 = 1# hostnameN 第N个节点IP# portN 第N个节点端口# backend_weightN 第N个节点权重比hostname1 = x.x.0.102
port1 = 5866
backend_weigh1 = 1#hostname2 = 127.0.0.1
#port2 = 5868
#backend_weigh2 = 1read_timeout_close = 0# 当读取数据库超时自动断开连接.# 此值不能设置为负数,设置的值大于0时, 此功能生效.# 单位:秒,取值最大为604800(一周)standby_additional_check = "select count(pid) > 0 from pg_stat_wal_receiver;"# 备节点额外的检测# 请确保该SQL的返回结果为单行单列,且值为 t 或 f;[Replication]streaming_replication_delay_time = 100000# 假设流复制延迟时间, 单位: 微秒# 设置为 0 则关闭此功能# 取值范围: 0 - 3600000000(1小时)[DatabaseCheck]lifecheck_user = sysdba# 用于检测时的用户名lifecheck_dbname = highgo# 用于检测时的数据库lifecheck_time = 10# 连接间隔时间,取值范围 1 - 3600, 单位:秒lifecheck_num = 3# 连续连接失败指定次数,达到该次数,节点将置为异常, 取值范围 1 - 10[routing]
null_query_routing = both# 空语句发送的节点: primary/standby/both# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启regex_routing_file =# 正则路由配置文件,配置模板文件见 etc/regex_routing_settings.json# 注意事项:请配置 json 文件绝对路径# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启routing_unnamed_parse_to_both = no# 未命名的 parse 协议是否发送到双节点# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启[BlackList]# 此配置参数未来会移除,建议使用 regex_routing_file 配置
ignore_regex_case = off# on: 匹配时忽略大小写# off: 匹配时不忽略大小写# 此配置参数未来会移除,建议使用 regex_routing_file 配置
black_regex_token_list =# 匹配到了发往主节点# 此配置参数未来会移除,建议使用 regex_routing_file 配置
white_regex_token_list =# 匹配成功发往备节点object_relationship_list = /usr/local/hgproxy/etc/object_relationship_list.json[watchdog]server_watchdog = on# 检测 hgproxy 端口是否可以连接server_watchdog_interval = 30# 检测时间间隔(秒)# 取值范围: 1 - 3600server_watchdog_auto_restart = on# 检测 hgproxy 端口不可用后, 是否自动重启 hgproxy.server_watchdog_failed_count = 3# 连续失败次数, 达到该计数后,# 如果 server_watchdog_auto_restart 为 on, 则会自动重启 hgproxy# 取值范围: 1 - 3600status_watchdog = on# 内部统计打印日志输出status_watchdog_interval = 60# 内部统计打印日志输出时间间隔(秒)# 取值范围: 1 - 3600status_watchdog_pretty_log = off# 是否对日志输出进行美化处理[SSL]
ssl_switch = offssl_cert = /usr/local/hgproxy/etc/server.crt
ssl_key = /usr/local/hgproxy/etc/server.key
ssl_ca_cert = /usr/local/hgproxy/etc/root.crt
ssl_ca_cert_dir = /usr/local/hgproxy/etcssl_ciphers = HIGH:MEDIUM:+3DES:!aNULL
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = prime256v1
ssl_dh_params_file =[admin]virtual_database = hgproxy# 虚拟数据库, 无需数据中存在virtual_user = hgproxy# 虚拟用户, 无需数据中存在virtual_user_auth_method = password# 可选取值: "md5", "password"virtual_user_password = hgproxy@123# 如果 virtual_user_auth_method 配置为 md5,# md5密码生成方法: echo -n "123456hgproxy" | md5sum# 123456 是登录密码, hgproxy 是 virtual_user 配置的用户名
拷贝ssl证书文件
[root@xxdb01 etc]# cp /data/highgo/data/server.* /opt/HighGo/tools/hgproxy/etc/
[root@xxdb01 etc]# cp /data/highgo/data/root.crt /opt/HighGo/tools/hgproxy/etc/
初始化hgproxy
[root@hgdb01 etc]# /usr/local/hgproxy/bin/proxy_ctl init -h x.x.0.101 -U sysdba -d highgo -p 5866
ip == [x.x.0.101]
port == [5866]
database == [highgo]
username == [sysdba]please enter password:
init successfully
启动服务
[root@xxdb01 etc]# systemctl start hgproxy
验证登录
[root@xxdb01 etc]# psql highgo sysdba -p 5888
3.注意事项
1、如果用的是tar包安装,etcd.service和hghac.service需要手动拷贝到/usr/lib/systemd/system/文件夹下
# cp /usr/local/hghac/etcd/etcd.service /usr/lib/systemd/system/
# cp /usr/local/hghac/hac/hghac.service /usr/lib/systemd/system/
# systemctl daemon-reload
2、关闭服务时先停止hghac.service,再关闭etcd.service,防止数据库都变成备库模式。
3、注意备份原集群配置文件,参数尽量保持与原配置相同。
)
)
