ocp新部署的obproxy没有设置observer_sys_password密码？

bull020 · 2024 年6 月 16 日 14:26

环境：
os：ubuntu 2204
obd：2.7
observer：4.3.0.1
obproxy：4.2.3

用obd黑屏部署了两个组件 oceanbase-ce和obproxy-ce，同属于一个yaml配置文件。密码配置如下：

observer_sys_password：aaAA11__
obproxy_sys_password: aaAA11__
proxyro_password: aaAA11__

然后想在ocp上部署了一个空的obproxy来接管obd部署的obproxy-ce，结果报错如下：

空ObProxy 集群不支持关联4.0.0.0 版本以上的OB集群

然后用ocp部署了一个新obproxy,关联obd部署的oceanbase-ce集群，完成后，就用

obd cluster component del obdemo obproxy-ce

删除obd部署的obproxy-ce组件。

但是发现：

admin@ubuntu:~$  mysql -utnt_odc@tnt_odc -h 10.xx.xx.126 -P2883 -p
Enter password: 
ERROR 1045 (42000): Access denied for user 'tnt_odc@tnt_odc'@'10.xx.xx.126' (using password: YES)

查看obproxy的密码配置：

admin@ubuntu:~/obproxy/etc$ strings obproxy_config.bin | grep pass
observer_sys_password1=
observer_sys_password=
obproxy_sys_password=ce77bdb3aad23ee556c638ea6ed86bad4949f676
inspector_password=

发现observer_sys_password为空。

登录obproxy实例管理账号root@proxysys租户发现：

admin@ubuntu:~/obproxy/etc$  mysql -uroot@proxysys -h 10.xx.xx.126 -P2883 -p  
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 142201
Server version: 5.6.25

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show proxyconfig like '%sys_pass%';
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
| name                   | value                                    | info                           | need_reboot | visible_level |
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
| observer_sys_password1 |                                          | password for observer sys user | false       | SYS           |
| observer_sys_password  |                                          | password for observer sys user | false       | SYS           |
| obproxy_sys_password   | ce77bdb3aad23ee556c638ea6ed86bad4949f676 | password for obproxy sys user  | false       | SYS           |
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
3 rows in set (0.00 sec)

proxyro_password是有配置的，并且可以登录，如下：

admin@ubuntu:~/obproxy/etc$  mysql -uproxyro@sys -h 10.xx.xx.64 -P2881 -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3221535551
Server version: 5.7.25 OceanBase_CE 4.3.0.1 (r100000242024032211-0193a343bc60b4699ec47792c3fc4ce166a182f9) (Built Mar 22 2024 13:07:59)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

为什么上面的observer_sys_password为空？

bull020 · 2024 年6 月 16 日 14:44

这是在ocp上创建obproxy过程：

bull020 · 2024 年6 月 16 日 15:01

修改observer_sys_password:

mysql> alter proxyconfig set observer_sys_password='aaAA11__';
Query OK, 0 rows affected (0.00 sec)

mysql> show proxyconfig like '%sys_pass%';
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
| name                   | value                                    | info                           | need_reboot | visible_level |
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
| observer_sys_password1 |                                          | password for observer sys user | false       | SYS           |
| observer_sys_password  | ce77bdb3aad23ee556c638ea6ed86bad4949f676 | password for observer sys user | false       | SYS           |
| obproxy_sys_password   | ce77bdb3aad23ee556c638ea6ed86bad4949f676 | password for obproxy sys user  | false       | SYS           |
+------------------------+------------------------------------------+--------------------------------+-------------+---------------+
3 rows in set (

admin@ubuntu:~/obproxy/etc$ strings obproxy_config.bin | grep pass
observer_sys_password1=
observer_sys_password=ce77bdb3aad23ee556c638ea6ed86bad4949f676
obproxy_sys_password=ce77bdb3aad23ee556c638ea6ed86bad4949f676
inspector_password=

业务租户链接observer成功：

admin@ubuntu:~/obproxy/etc$  mysql -utnt_odc@tnt_odc -h 10.xx.xx.64 -P2881 -p  
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3221608150
Server version: 5.7.25 OceanBase_CE 4.3.0.1 (r100000242024032211-0193a343bc60b4699ec47792c3fc4ce166a182f9) (Built Mar 22 2024 13:07:59)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit

业务租户连接obproxy失败：


admin@ubuntu:~/obproxy/etc$  mysql -utnt_odc@tnt_odc -h 10.xx.xx.126 -P2883 -p              
Enter password: 
ERROR 1045 (42000): Access denied for user 'tnt_odc@tnt_odc'@'10.xx.xx.126' (using password: YES)

obproxy_diagnosis.log日志报错：

[2024-06-16 20:17:37.483736] [33039][Y0-00007FE87C601A80] [LOGIN](trace_type="LOGIN_TRACE", connection_diagnosis={cs_id:209939, ss_id:0, proxy_session_id:0, server_session_id:0, client_addr:"**10.xx.xx.156**:44304", server_addr:"*Not IP address [0]*:0", cluster_name:"obdemo", tenant_name:"tnt_odc", user_name:"tnt_odc", error_code:-10021, error_msg:"cluster name and tenant name is required while full_username_check on", request_cmd:"OB_MYSQL_COM_LOGIN", sql_cmd:"OB_MYSQL_COM_LOGIN", req_total_time(us):141}{internal_sql:"", login_result:"failed"}

obproxy_error.log日志报错：

2024-06-16 20:22:50.069331,obdemo_proxy,obdemo:tnt_odc:,OB_MYSQL,OB_MYSQL_COM_LOGIN,failed,-4016,132us,0us,0us,0us,Y0-00007FE87C801A80,10.xx.xx…156:41684,0,Internal error,

这些报错是因为156主机上部署了oms，连接账号密码是：tnd_odc@tnt_odc/tnc_odc，连接是126的obproxy 2883导致的报错。

然后修改了obproxy.observer_sys_password为observer.proxyro_password后，业务租户也无法连接obproxy，这是什么原因呢？

咖啡哥 · 2024 年6 月 17 日 09:26

bull020:

业务租户连接obproxy失败：

admin@ubuntu:~/obproxy/etc$  mysql -utnt_odc@tnt_odc -h 10.xx.xx.126 -P2883 -p              
Enter password: 
ERROR 1045 (42000): Access denied for user 'tnt_odc@tnt_odc'@'10.xx.xx.126' (using password: YES)

通过OBProxy连接的时候要带上集群名称。
用户名@租户名#集群名

bull020 · 2024 年6 月 17 日 09:46

加了也是一样

admin@ubuntu:~$ obclient -utnt_odc@tnt_odc#obdemo -h 10.xx.xx.126 -P2883 -p              
Enter password: 
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 11

Royce1220 · 2024 年6 月 17 日 10:14

这个是obproxy连接不到observer的报错，现在 observer_sys_password和proxyro_password密码是一致的吗

bull020 · 2024 年6 月 17 日 10:23

前面提问题帖子里面有。

bull020 · 2024 年6 月 17 日 11:54

呼叫大佬们

王利博 · 2024 年6 月 17 日 16:57

show parameters like ‘%cluster%’; 在sys租户上看看集群名称。

淇铭 · 2024 年6 月 17 日 17:19

通过obd cluster edit-config obdemo 修改了yaml配置文件中的
observer_sys_password:aaAA11__
obproxy_sys_password:aaAA11__
如果要修改 obd 部署的集群的信息，不能直接使用 ALTER 命令在连接里自己改，而是要用 obd edit-config 来改。你遇到的情况是自己绕过了 obd 修改了 observer_sys_password、obproxy_sys_password，但是 obd 不知道这个变动导致的。

bull020 · 2024 年6 月 17 日 17:47

bull020 · 2024 年6 月 17 日 17:48

其实可以看下帖子一楼，

其实自始至终密码都没有变过。

只是ocp部署的obproxy实例里面没有配置observer_sys_password密码(之前为空)，然后我就用alter 添加了而已。

秃蛙 · 2024 年6 月 17 日 20:21

1）ocp暂不支持接管obd部署的obproxy。因为两种工具部署和启动obproxy的方式不同。
2）ocp部署的obproxy 查看 observer_sys_password密码是空的原因，因为选择的是rslist启动方式，默认为空，但你集群之前应该是关联过obproxy，保留有原密码，select * from mysql.user;可以看出来。而且这种方式obproxy只能1对1连接，obd部署的obproxy就是这种方式。如果希望1个obproxy能和多个ob集群连接，ocp部署obproxy时选择configurl方式启动。

bull020 · 2024 年6 月 17 日 20:24

mysql> select user,password from mysql.user ;
+-------------+-------------------------------------------+
| user        | password                                  |
+-------------+-------------------------------------------+
| root        | *a6de85a7b6e4f8e6b800f55c6e312e161156acec |
| proxyro     | *a558cc603cc38ca75cb299a7b97d02f5f1f351f7 |
| ocp_monitor | *0c6dcd4718022fe11f6e52007be37adb5d12cfc5 |
+-------------+-------------------------------------------+
3 rows in set (0.01 sec)

秃蛙 · 2024 年6 月 17 日 20:28

调整方式假如密码设置为aaAA11__

mysql -hxx.xx.xx.xx -uroot@sys#xxx -P2883 -p

alter proxyconfig set observer_sys_password=‘aaAA11__’;

set password for proxyro = password(‘aaAA11__’);

即可-uproxyro@sys 登录。

bull020 · 2024 年6 月 17 日 20:35

第一点：obproxy是ocp部署的，obd部署的obproxy 通过 obd cluster component del obproxy-ce卸载了；
第二点：rslist启动方式时，obproxy.observer_sys_password的密码就默认为空，那针对rslist这种启动方式，如果修复是obproxy可用呢？暂且来说obproxy：observer=1：1

mysql> select user,password from mysql.user ;
+-------------+-------------------------------------------+
| user        | password                                  |
+-------------+-------------------------------------------+
| root        | *a6de85a7b6e4f8e6b800f55c6e312e161156acec |
| proxyro     | *a558cc603cc38ca75cb299a7b97d02f5f1f351f7 |
| ocp_monitor | *0c6dcd4718022fe11f6e52007be37adb5d12cfc5 |
+-------------+-------------------------------------------+
3 rows in set (0.01 sec)

bull020 · 2024 年6 月 17 日 20:43

admin@ubuntu:~/obproxy/etc$ strings obproxy_config.bin |grep obproxy_config_server_url
obproxy_config_server_url=http://xxxx:28080/services?User_ID=alibaba&UID=test&Action=GetObProxyConfig&ObproxyClusterName=obdemo_proxy
admin@ubuntu:~/obproxy/etc$ 
admin@ubuntu:~/obproxy/etc$ 
admin@ubuntu:~/obproxy/etc$ strings obproxy_config.bin |grep sys_passw                
observer_sys_password1=
observer_sys_password=
obproxy_sys_password=ce77bdb3aad23ee556c638ea6ed86bad4949f676

configurl启动方式新建obproxy，密码还是空。还是一样的问题。

bull020 · 2024 年6 月 17 日 20:45

这里是连obproxy，root@sys#xxx用户就根本无法连上去的。

observer：10.xx.xx.65
obproxy: 10.xx.xx.128

proxyro用户连接observer:

admin@ubuntu:~$ mysql -uproxyro@sys -h 10.xx..xx.64 -P2881 -p 
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3221572299
Server version: 5.7.25 OceanBase_CE 4.3.0.1 (r100000242024032211-0193a343bc60b4699ec47792c3fc4ce166a182f9) (Built Mar 22 2024 13:07:59)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@sys连接实例observer：

admin@ubuntu:~$ mysql -uroot@sys -h 10.xx.xx.64 -P2881 -p       
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3221583566
Server version: 5.7.25 OceanBase_CE 4.3.0.1 (r100000242024032211-0193a343bc60b4699ec47792c3fc4ce166a182f9) (Built Mar 22 2024 13:07:59)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set password for proxyro = password('aaAA11__');
Query OK, 0 rows affected (0.06 sec)

mysql> select user,password from mysql.user;
+-------------+-------------------------------------------+
| user        | password                                  |
+-------------+-------------------------------------------+
| root        | *a6de85a7b6e4f8e6b800f55c6e312e161156acec |
| proxyro     | *a558cc603cc38ca75cb299a7b97d02f5f1f351f7 |
| ocp_monitor | *0c6dcd4718022fe11f6e52007be37adb5d12cfc5 |
+-------------+-------------------------------------------+
3 rows in set (0.01 sec)

root@proxysys用户连接obproxy：

admin@ubuntu:~$ mysql -uroot@proxysys -h 10.xx.xx.126 -P2883 -p 
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 134595
Server version: 5.6.25

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit

修改observer_sys_passoword密码：


mysql> alter proxyconfig set observer_sys_password='aaAA11__';
Query OK, 0 rows affected (0.00 sec)

业务租户连接obproxy：

admin@ubuntu:~$ mysql -utnt_odc@tnt_odc#obdemo -h 10.xx.xx.126 -P2883 -p 
Enter password: 
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2

系统租户连接obproxy：

admin@ubuntu:~$ mysql -uroot@sys#obdemo -h 10.xx.xx.126 -P2883 -p        
Enter password: 
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2

bull020 · 2024 年6 月 17 日 21:04

看我上面的描述，这个本身是可以登录的。

秃蛙 · 2024 年6 月 18 日 09:49

这个问题本地也复现出来了，我们先确认下，后续帖子中答复您。