文章目錄
- 環境
- 文檔用途
- 詳細信息
環境
系統平臺:N/A
版本:4.5.6,4.5.7,4.5.8
文檔用途
本文檔用于高可用集群環境中hghac組件和hgproxy組件替換和升級操作
詳細信息
1.關閉服務
所有數據節點都執行
1、關閉hgproxy服務
[root@hgdb01 tools]# systemctl stop hgproxy.service
[root@hgdb02 tools]# systemctl stop hgproxy.service
2、關閉hghac服務
[root@hgdb01 tools]# systemctl stop hghac.service
[root@hgdb02 tools]# systemctl stop hghac.service
3、關閉etcd服務
[root@hgdb01 tools]# systemctl stop etcd.service
[root@hgdb02 tools]# systemctl stop etcd.service
[root@localhost ~]# systemctl stop etcd.service
2.升級過程
操作前請先備份原集群配置文件。
1、安裝軟件包
驗證md5值
[root@hgdb01 tools]# md5sum hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
0d960d0ac4925b272c30849e415031fd hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
安裝軟件包
[root@hgdb01 tools]# rpm -ivh hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
準備中... ################################# [100%]
正在升級/安裝...
1:hghac-4.2.3.3-17f931d ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/hghac.service to /usr/lib/systemd/system/hghac.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/vip-manager.service to /usr/lib/systemd/system/vip-manager.service.
2、配置并啟動etcd
01節點:
[root@hgdb01 tools]# vim /usr/local/hghac/etcd/etcd.yml
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_01'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd01# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.101:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.101:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.101:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.101:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
02節點配置
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_02'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd02# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.102:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.102:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.102:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.102:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
03節點配置
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_03'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd03# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.103:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.103:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.103:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.103:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false
啟動etcd(三臺間隔時間不要太長)
[root@hgdb01 ~]# systemctl start etcd.service
[root@hgdb02 ~]# systemctl start etcd.service
[root@hgdb03 ~]# systemctl start etcd.service
查看etcd集群狀態
[root@hgdb01 tools]# /usr/local/hghac/etcd/etcdctl --endpoints=http://x.x.0.101:2379,http://x.x.0.102:2379,http://x.x.0.103:2379 endpoint status --write-out=table
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| http://x.x.0.101:2379 | 7a586afca670fdcd | 3.4.15 | 20 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.102:2379 | 5506b0263532a5d | 3.4.15 | 25 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.103:2379 | 21d26eb730319e20 | 3.4.15 | 25 kB | true | false | 2 | 8 | 8 | |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
3、配置hghac組件
01節點
scope: highgo-see-cluster
namespace: /service/
name: see_01 restapi:listen: x.x.0.101:8008connect_address: x.x.0.101:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.101:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local all all sm3- host all all 0.0.0.0/0 sm3- host all all ::1/128 sm3- local replication all sm3- host replication all 0.0.0.0/0 sm3- host replication all ::1/128 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac
啟動hghac
# systemctl start hgahc.service
查看集群狀態
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
02節點
scope: highgo-see-cluster
namespace: /service/
name: see_02 restapi:listen: x.x.0.102:8008connect_address: x.x.0.102:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.102:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local all all sm3- host all all 0.0.0.0/0 sm3- host all all ::1/128 sm3- local replication all sm3- host replication all 0.0.0.0/0 sm3- host replication all ::1/128 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac
啟動hghac
# systemctl start hgahc.service
查看集群狀態
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
4、配置hgproxy
所有節點配置相同
[root@hgdb01 hgproxy]# cat /usr/local/hgproxy/etc/proxy.conf
# version: 4.0.27[Log]
log_collector = on# 是否開始日志功能log_level = log# 可選日志級別如下:# debug5# debug4# debug3# debug2 - 顯示設置路由節點的關鍵點# debug1 - 顯示語句與協議包的路由節點# log - 顯示會話的開始與結束# commerror# info# notice# warning# error# fatal# paniclog_destination = file# stdout: 標準輸出# stderr: 標準錯誤輸出# file: 輸出到文件log_filename = /data/hglog/hgproxy.log# 日志輸出文件# 設置按日期輸出到不同文件, 只需要在文件名中添加時間轉換字符 %d(%Y%m%d), 例如:/tmp/log/hgproxy.%d(%Y%m%d).log, 輸出文件名樣式為:hgproxy.20200808.loglog_format = "%d.%us %-7V [pid:%-7p cid:%-7U %18F:%-5L] %m%n"# 格式說明:# %d :時間格式(2012-01-01 17:03:12)# %d.%ms :時間格式(2012-01-01 17:03:12.123)# %d.%us :時間格式(2012-01-01 17:03:12.123456)# %m :用戶日志(必須)# %n :換行符(必須)# %p :進程id# %t :線程id# %U :協程id# %V :日志級別,大寫# %v :日志級別,小寫# %F :源代碼文件名# %L :源代碼行數log_rotation_size = 500MB# 日志文件自動轉存大小(轉存文件后綴數字越大,日志時間越新).# 設置為0, 則關閉此功能.log_max_rotation_file_num = 0# 轉存文件最大保留個數(設置的值大于1時, 此功能生效).# 當轉存文件達到設置的個數時,依次自動刪除最舊的文件.# 當日志文件比較重要時,請謹慎決定是否打開此功能.[Proxy]
listen_addresses = *
port = 5888
socket_dir = /tmpprocess_nums = 0# 負責處理會話的進程個數(建議設置為服務器核心數; 設置為0時, 自動獲取CPU核心數進行設置)session_balance = on# 以輪詢的的方式使進程間處理的會話盡量均衡process_bind_cpu = off# 負責處理會話的進程, 是否綁定CPU運行extension_module = librwsplit.so# hgproxy擴展模塊, 目前只有讀寫分離模塊,默認即可auto_replace_application_name = "hgproxy: app[__IP__:__PORT__:__ORIGINAL__]"# 自動修改 application_name 參數.# __IP__ : 應用的IP.# __PORT__ : 應用的端口.# __ORIGINAL__ : 原始數據.# 注意:由于數據庫限制,開啟此功能后,hgproxy會添加額外的信息,因此應用可自定義設置的 application_name 字符串會減少。# 參數值設置為空,則關閉此功能use_mctx = off# 使用內存上下文機制管理內存transaction_mode = Auto# Auto 事務內會進行讀寫分離,路由節點自動判斷# Primary 事務內不進行讀寫分離,固定發往主節點read_write_separation = on# 讀寫分離開關# 該配置項支持使用 proxy_ctl reloadcfg 生效,無需重啟[BackendNode]
node_num = 2# 后端節點數量load_balancing_mode = 1# 負載均衡模式(目前只有一種模式,默認即可)# 1:權重模式startup_check = off# 啟動時, 檢查配置的數據庫是否能夠連接hostname0 = x.x.0.101
port0 = 5866
backend_weigh0 = 1# hostnameN 第N個節點IP# portN 第N個節點端口# backend_weightN 第N個節點權重比hostname1 = x.x.0.102
port1 = 5866
backend_weigh1 = 1#hostname2 = 127.0.0.1
#port2 = 5868
#backend_weigh2 = 1read_timeout_close = 0# 當讀取數據庫超時自動斷開連接.# 此值不能設置為負數,設置的值大于0時, 此功能生效.# 單位:秒,取值最大為604800(一周)standby_additional_check = "select count(pid) > 0 from pg_stat_wal_receiver;"# 備節點額外的檢測# 請確保該SQL的返回結果為單行單列,且值為 t 或 f;[Replication]streaming_replication_delay_time = 100000# 假設流復制延遲時間, 單位: 微秒# 設置為 0 則關閉此功能# 取值范圍: 0 - 3600000000(1小時)[DatabaseCheck]lifecheck_user = sysdba# 用于檢測時的用戶名lifecheck_dbname = highgo# 用于檢測時的數據庫lifecheck_time = 10# 連接間隔時間,取值范圍 1 - 3600, 單位:秒lifecheck_num = 3# 連續連接失敗指定次數,達到該次數,節點將置為異常, 取值范圍 1 - 10[routing]
null_query_routing = both# 空語句發送的節點: primary/standby/both# 該配置項支持使用 proxy_ctl reloadcfg 生效,無需重啟regex_routing_file =# 正則路由配置文件,配置模板文件見 etc/regex_routing_settings.json# 注意事項:請配置 json 文件絕對路徑# 該配置項支持使用 proxy_ctl reloadcfg 生效,無需重啟routing_unnamed_parse_to_both = no# 未命名的 parse 協議是否發送到雙節點# 該配置項支持使用 proxy_ctl reloadcfg 生效,無需重啟[BlackList]# 此配置參數未來會移除,建議使用 regex_routing_file 配置
ignore_regex_case = off# on: 匹配時忽略大小寫# off: 匹配時不忽略大小寫# 此配置參數未來會移除,建議使用 regex_routing_file 配置
black_regex_token_list =# 匹配到了發往主節點# 此配置參數未來會移除,建議使用 regex_routing_file 配置
white_regex_token_list =# 匹配成功發往備節點object_relationship_list = /usr/local/hgproxy/etc/object_relationship_list.json[watchdog]server_watchdog = on# 檢測 hgproxy 端口是否可以連接server_watchdog_interval = 30# 檢測時間間隔(秒)# 取值范圍: 1 - 3600server_watchdog_auto_restart = on# 檢測 hgproxy 端口不可用后, 是否自動重啟 hgproxy.server_watchdog_failed_count = 3# 連續失敗次數, 達到該計數后,# 如果 server_watchdog_auto_restart 為 on, 則會自動重啟 hgproxy# 取值范圍: 1 - 3600status_watchdog = on# 內部統計打印日志輸出status_watchdog_interval = 60# 內部統計打印日志輸出時間間隔(秒)# 取值范圍: 1 - 3600status_watchdog_pretty_log = off# 是否對日志輸出進行美化處理[SSL]
ssl_switch = offssl_cert = /usr/local/hgproxy/etc/server.crt
ssl_key = /usr/local/hgproxy/etc/server.key
ssl_ca_cert = /usr/local/hgproxy/etc/root.crt
ssl_ca_cert_dir = /usr/local/hgproxy/etcssl_ciphers = HIGH:MEDIUM:+3DES:!aNULL
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = prime256v1
ssl_dh_params_file =[admin]virtual_database = hgproxy# 虛擬數據庫, 無需數據中存在virtual_user = hgproxy# 虛擬用戶, 無需數據中存在virtual_user_auth_method = password# 可選取值: "md5", "password"virtual_user_password = hgproxy@123# 如果 virtual_user_auth_method 配置為 md5,# md5密碼生成方法: echo -n "123456hgproxy" | md5sum# 123456 是登錄密碼, hgproxy 是 virtual_user 配置的用戶名
拷貝ssl證書文件
[root@xxdb01 etc]# cp /data/highgo/data/server.* /opt/HighGo/tools/hgproxy/etc/
[root@xxdb01 etc]# cp /data/highgo/data/root.crt /opt/HighGo/tools/hgproxy/etc/
初始化hgproxy
[root@hgdb01 etc]# /usr/local/hgproxy/bin/proxy_ctl init -h x.x.0.101 -U sysdba -d highgo -p 5866
ip == [x.x.0.101]
port == [5866]
database == [highgo]
username == [sysdba]please enter password:
init successfully
啟動服務
[root@xxdb01 etc]# systemctl start hgproxy
驗證登錄
[root@xxdb01 etc]# psql highgo sysdba -p 5888
3.注意事項
1、如果用的是tar包安裝,etcd.service和hghac.service需要手動拷貝到/usr/lib/systemd/system/文件夾下
# cp /usr/local/hghac/etcd/etcd.service /usr/lib/systemd/system/
# cp /usr/local/hghac/hac/hghac.service /usr/lib/systemd/system/
# systemctl daemon-reload
2、關閉服務時先停止hghac.service,再關閉etcd.service,防止數據庫都變成備庫模式。
3、注意備份原集群配置文件,參數盡量保持與原配置相同。
)
)
