obproxy 连接集群问题

OceanBase 技术问题
,
#1

环境:

OceanBase Deploy: 2.10.1
REVISION: 9870cf1b400be9002d851b9a165b043f1da4e0e7
BUILD_BRANCH: HEAD
BUILD_TIME: Oct 12 2024 16:15:27OURCE
Copyright (C) 2021 OceanBase
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


obproxy-ce:
  version: 4.3.2.0

oceanbase-ce:
  version: 4.3.4.0

描述:

  1. 使用 obd cluster display myoceanbase命令查看集群信息,如下

    [root@localhost myoceanbase]# obd cluster display myoceanbase
Get local repositories and plugins ok
Open ssh connection ok
Cluster status check ok
Connect to observer 192.168.124.46:2881 ok
Wait for observer init ok
+--------------------------------------------------+
|                   oceanbase-ce                   |
+----------------+---------+------+-------+--------+
| ip             | version | port | zone  | status |
+----------------+---------+------+-------+--------+
| 192.168.124.46 | 4.3.4.0 | 2881 | zone1 | ACTIVE |
| 192.168.124.49 | 4.3.4.0 | 2881 | zone2 | ACTIVE |
| 192.168.124.52 | 4.3.4.0 | 2881 | zone3 | ACTIVE |
+----------------+---------+------+-------+--------+
obclient -h192.168.124.46 -P2881 -uroot -p'Yanfa2023' -Doceanbase -A

cluster unique id: 610ea127-219d-5d68-8772-db9d0ee588ce-193bf1f88ca-00040304

Connect to obproxy ok
+--------------------------------------------------+
|                    obproxy-ce                    |
+----------------+------+-----------------+--------+
| ip             | port | prometheus_port | status |
+----------------+------+-----------------+--------+
| 192.168.124.38 | 2883 | 2884            | active |
+----------------+------+-----------------+--------+
obclient -h192.168.124.38 -P2883 -uroot@proxysys -p'sys@Yanfa2023' -Doceanbase -A

Trace ID: aaad7676-bdd9-11ef-87fb-bc24112b4e4e
If you want to view detailed obd logs, please run: obd display-trace aaad7676-bdd9-11ef-87fb-bc24112b4e4e

  2. 直连登录,并查看用户信息

    proxyro 初始集群创建后不存在,为手动创建,执行语句:grant select on oceanbase.* to proxyro identified by 'proxyro@Yanfa2023';

    obclient -h192.168.124.46 -P2881 -uroot -p'Yanfa2023' -Doceanbase -A

obclient [oceanbase]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| LBACSYS            |
| mysql              |
| oceanbase          |
| ocs                |
| ORAAUDITOR         |
| SYS                |
| sys_external_tbs   |
| test               |
+--------------------+
9 rows in set (0.006 sec)
obclient [oceanbase]> select user,password from mysql.user;
+---------+-------------------------------------------+
| user    | password                                  |
+---------+-------------------------------------------+
| root    | *d9cb9ededc4ea88036a346d852c579c08a95e976 |
| proxyro | *3fb70093a1818bf24dce96bd9f25c1cfdedb0b92 |
+---------+-------------------------------------------+
2 rows in set (0.002 sec)

  3. 修改yaml 保持 obproxy-ce.observer_sys_passwordoceanbase-ce.proxyro_password 密码一致

    obd cluster edit-config  myoceanbase

  username: root
  password: Yanfa2023
  port: 22
oceanbase-ce:
  version: 4.3.4.0
  release: 100000162024110717.el7
  package_hash: 5d59e837a0ecff1a6baa20f72747c343ac7c8dce
  192.168.124.46:
    zone: zone1
  192.168.124.49:
    zone: zone2
  192.168.124.52:
    zone: zone3
  servers:
  - 192.168.124.46
  - 192.168.124.49
  - 192.168.124.52
  global:
    appname: myoceanbase
    root_password: Yanfa2023
    proxyro_password: proxyro@Yanfa2023
    mysql_port: 2881
    rpc_port: 2882
    data_dir: /data/myoceanbase/data
    redo_dir: /data/myoceanbase/logs
    home_path: /root/myoceanbase/oceanbase
    scenario: htap
    datafile_maxsize: 50GB
    cluster_id: 1734077603
    enable_syslog_wf: false
    max_syslog_file_count: 4
    memory_limit: 10G
    datafile_size: 25G
    system_memory: 3G
    log_disk_size: 25G
    cpu_count: 16
    production_mode: false
    datafile_next: 5G
obproxy-ce:
  version: 4.3.2.0
  package_hash: fd779e401be448715254165b1a4f7205c4c1bda5
  release: 26.el7
  servers:
  - 192.168.124.38
  global:
    prometheus_listen_port: 2884
    listen_port: 2883
    rpc_listen_port: 2885
    home_path: /root/myoceanbase/obproxy
    observer_sys_password: proxyro@Yanfa2023
    obproxy_sys_password: sys@Yanfa2023
    skip_proxy_sys_private_check: true
    enable_strict_kernel_release: false
    enable_cluster_checkout: false
  192.168.124.38:
    proxy_id: 6327

image-20241219153334209
image-20241219153334209641×812 152 KB

  1. reload集群:obd cluster reload myoceanbase

  2. 尝试登录obProxy,登录失败

     obclient -h192.168.124.38 -P2883 -uroot -p'proxyro@Yanfa2023' -Doceanbase -A
> ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 11
#3

obclient -h192.168.124.38 -P2883 -uroot@proxysys -p’sys@Yanfa2023’ -Doceanbase -A

obclient -h192.168.124.38 -P2883 -uroot@sys#集群名 -p’Yanfa2023’ -Doceanbase -A

#4

image
image798×432 80.2 KB

image
image1155×376 13.3 KB

不一致啊 proxysys 没进去数据库

#5

image
image1053×66 5.16 KB

1 个赞
#6

进去了 上面哪个就是的 进去哪个数据 只能访问一些配置文件
image

#7

参考的文档
https://www.oceanbase.com/docs/community-odp-cn-1000000000079255#9-title-无法连接%20OceanBase%20数据库

image
image1239×738 52.9 KB

#8

image
image1920×556 74 KB

按照截图 查一下信息

#11

image
image1472×149 7.74 KB

#12

用上述命令进入2883租户无法创建啊。查资源信息也无法查看。
我看文档写的是要登录的root@sys账户。不是root@proxysys。
我的root@sys账户登录不进去。

image
image1283×636 46.9 KB

#13

root@proxysys 是 ODP 的管理员账号, 登录之后只能做obproxy自身配置修改、查看等操作,无法访问后端observer,亦无法创建租户。

使用obproxy访问oceanbase集群的话,-u参数指定格式是账号名称@租户名称#ob集群名称,比如root@sys#obtest

#14

那我换一种问法:

  • 我创建了租户 mq_t1,语句如下。
    CREATE tenant mq_t1 COMMENT = 'mysql_tenant1', CHARSET = 'utf8mb4', zone_list =( 'zone1,zone2,zone3' ), primary_zone = 'zone1,zone2;zone3', resource_pool_list =( 'pool_u1' ) SET ob_tcp_invited_nodes = '%', ob_compatibility_mode = 'mysql', lower_case_table_names = 1;
  • 直连登录,成功登录
    image
    image1038×151 8.55 KB
  • OBProxy代理登录,登录失败
    image
    image885×58 4.52 KB
  • 尝试修复问题,根据 官方文档
    image
    image1459×688 57.8 KB
    1. 在mq_t1租户下创建用户 proxyro
      grant select on oceanbase.* to proxyro identified by 'proxyro@Yanfa2023';
    1. 使二者密码保持一致:
      image
      image927×889 45 KB
  • 配置并生效以上两步操作后,尝试使用OB Proxy登录,失败
    image
    image1093×37 4.89 KB
  • 使用新建用户直连登录租户:
    image
    image986×290 10.9 KB
  • 使用新建用户Proxy代理登录租户,失败
    image
    image992×57 4.84 KB
#15

a.obclient -h1xx.xx.xx.xx -P2883 -uroot@proxysys -p’xxxx’ -Doceanbase -A
b.alter proxyconfig set observer_sys_password =‘xxx’; --这个密码修改成proxyro@Yanfa2023
c.select * from proxy_config where name like ‘%observer_sys_password%’;

#16

1、OBProxy 有两个特殊的账号:root@proxysysproxyro@sys,这里

  • root@proxysys 是 OBProxy 的管理员账号,
  • proxyro@sys 是 OBProxy 访问 OceanBase 数据库的账号。

这两个账户都支持修改密码,其中

  • root@proxysys 的密码obproxy对应配置项 obproxy_sys_password,
  • proxyro@sys 的密码对应obproxy配置项 observer_sys_password

2、根据上面的描述,proxyro账号需要在sys租户创建

3、使用obproxy访问oceanbase集群的话,-u参数指定格式是账号名称@租户名称#ob集群名称,比如root@mq_t1#myoceanbase

image
image1093×37 4.89 KB

上图连接不上的话,可以确认下obproxy配置文件里的observer_sys_password参数是否与sha1(‘proxyro@Yanfa2023’)之后的取值一样, 不一样的话登录obproxy root@proxysys账号,执行alter proxyconfig set observer_sys_password =‘xxx’修改proxyro@sys的密码

(root@(none))>select sha1(‘proxyro@Yanfa2023’);
±-----------------------------------------+
| sha1(‘proxyro@Yanfa2023’) |
±-----------------------------------------+
| 8650dc345635312fdc925a49e60313f0bf32094c |
±-----------------------------------------+
1 row in set (0.01 sec)

#17

试过了,还是不可以

#18

你改了以后 这样查询 截图我看看
obclient -h192.168.124.38 -P2883 -uroot@sys#集群名 -p’Yanfa2023’ -Doceanbase -A
这个信息 你查一下 我看看
select * from proxy_config where name like ‘%observer_sys_password%’;
proxyro的用户 是在sys租户下创建的
你是在mq_t1租户下创建用户 proxyro 这个有问题吧

image
image1186×490 67.1 KB

#21

问题解决,使用如下步骤。

1. 使用 root@sys 账户登录,obclient -h192.168.124.46 -P2881 -uroot -p'Yanfa2023' -Doceanbase -A
2. 查看账户信息,是否存在proxyro,不存在则创建。
obclient [oceanbase]> select user,password from mysql.user;
+---------+-------------------------------------------+
| user    | password                                  |
+---------+-------------------------------------------+
| root    | *d9cb9ededc4ea88036a346d852c579c08a95e976 |
| proxyro | *3fb70093a1818bf24dce96bd9f25c1cfdedb0b92 |
+---------+-------------------------------------------+
2 rows in set (0.004 sec)


---------------------------
3. 修改 proxyro 账户的密码
ALTER USER proxyro IDENTIFIED BY 'aabb';

4. 使用 root@proxysys账户登录
obclient -h192.168.124.38 -P2883 -uroot@proxysys -p'R9-#xXvt@eD}' -Doceanbase -A
# 查看账户密码
select * from proxy_config where name like '%observer_sys_password%';
alter proxyconfig set observer_sys_password = 'aabb';

5. 验证
obclient -h192.168.124.38 -P2883 -uroot -p'Yanfa2023' -Doceanbase -A
obclient [oceanbase]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| LBACSYS            |
| mysql              |
| oceanbase          |
| ocs                |
| ORAAUDITOR         |
| SYS                |
| sys_external_tbs   |
| test               |
+--------------------+
9 rows in set (0.038 sec)
1 个赞
#22

操作的问题 自己可以记录一下 :+1: