配置ssl后使用obproxy登录集群失败

OceanBase 技术问题
#1

配置ssl后使用obproxy登录集群失败
集群

企业微信截图_17815983228388
企业微信截图_178159832283882560×735 44.5 KB

obproxy
企业微信截图_17815983518909
企业微信截图_178159835189091021×130 3.35 KB

好像改配置的地方已经配置了,证书已经加载了。现在是不能通过obproxy登录集群
[admin@odp wallet]$ obclient -h192.168.80.22 -P2883 -uroot@sys#hhobcluster -p’密码’ -Doceanbase -A
ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading authorization packet’, system error: 11

2 个赞
#3

enable_server_ssl和 enable_client_ssl开启了么
https://www.oceanbase.com/docs/common-odp-doc-cn-1000000006242556
https://www.oceanbase.com/docs/common-odp-doc-cn-1000000006242578

1 个赞
#4

开了

1 个赞
#5

obproxy_diagnosis.log日志提供一份看下

1 个赞
#6

obproxy_diagnosis.log (19.9 KB)

#7

应该是ODP 与 OB 之间 SSL 握手失败
只有同时满足 enable_server_ssl=true 且证书配置有效,才会用 SSL 连 OB;否则走明文,OB 会直接拒绝
– 查看 SSL 是否开启
SHOW PARAMETERS LIKE ‘ssl_client_authentication’;
SHOW PARAMETERS LIKE ‘sql_protocol_min_tls_version’;
– 确认证书已加载
SELECT svr_ip, svr_port, ssl_cert_expired_time,
FROM_UNIXTIME(ssl_cert_expired_time/1000000) AS cert_expire
FROM oceanbase.GV$OB_SERVERS;

– 查看 SSL 开关
SHOW PROXYCONFIG LIKE ‘%ssl%’;