最近在使用GP數據庫時,由於安全規則問題,GP數據庫所在機器開啟了防火牆,導致GP數據庫無法啟動。
通過查看GP數據庫的日志發現,GP啟動需要SSH 22端口。
這是由於GP屬於分布式數據庫,大部分是集群安裝使用,all_hosts_file文件是集群中所有主機的主機名。gpssh-exkeys 命令主要是用各主機間權限互通,用於免密登錄。默認是使用linux的ssh服務,其中走的就是默認22端口。
由於GP所在機器的安全規則限制,服務器ssh默認端口改了,無奈只能修改GP的gpssh-exkeys命令的腳本了。
gpssh-exkeys腳本文件,需要修改以下幾個部分(加入 服務器當前的SSH 端口 6233):
def testAccess(hostname): ''' Ensure the proper password-less access to the remote host. Using ssh here also allows discovery of remote host keys *not* reported by ssh-keyscan. ''' errfile = os.path.join(tempDir, 'sshcheck.err') cmd = 'ssh -p 6233-o "BatchMode=yes" -o "StrictHostKeyChecking=no" %s true 2>%s' % (hostname, errfile) if GV.opt['-v']: print '[INFO %s]: %s' % (hostname, cmd) rc = os.system(cmd) if rc != 0: print >> sys.stderr, '[ERROR %s] authentication check failed:' % hostname with open(errfile) as efile: for line in efile: print >> sys.stderr, ' ', line.rstrip() return False return True
###################### # step 0 # # Ensure the local host can password-less ssh into each remote host for remoteHost in GV.allHosts: cmd = ['ssh','-p','6233', 'gpadmin@'+remoteHost.host(), '-o', 'BatchMode=yes', '-o', 'StrictHostKeyChecking=yes', 'true'] p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout, stderr = p.communicate() if p.returncode: print >> sys.stderr, '[ERROR]: Failed to ssh to %s. %s' % (remoteHost.host(), stderr) print >> sys.stderr, '[ERROR]: Expected passwordless ssh to host %s' % remoteHost.host() sys.exit(1)
cmd = ('scp -P 6233-q -o "BatchMode yes" -o "NumberOfPasswordPrompts 0" ' +
'%s %s %s %s %s:.ssh/ 2>&1'
% (remoteAuthKeysFile, remoteKnownHostsFile, remoteIdentity, remoteIdentityPub, canonicalize(h.host()))) h.popen(cmd)
for h in GV.newHosts: cmd = ('scp -P 6233-q -o "BatchMode yes" -o "NumberOfPasswordPrompts 0" ' +
'%s %s %s %s %s:.ssh/ 2>&1'
% (GV.authorized_keys_fname, GV.known_hosts_fname, GV.id_rsa_fname, GV.id_rsa_pub_fname, canonicalize(h.host()))) h.popen(cmd)
我在這四個地方加了 -p 6233的參數進去。保存退出。
此外還需要修改 /usr/local/greenplum-db-6.6.0/lib/python/gppylib/commands/base.py 腳本文件。在ssh 后面加 -p 6233參數即可。
def execute(self, cmd): # prepend env. variables from ExcecutionContext.propagate_env_map
# e.g. Given {'FOO': 1, 'BAR': 2}, we'll produce "FOO=1 BAR=2 ..."
self.__class__.trail.add(self.targetHost) # also propagate env from command instance specific map
keys = sorted(cmd.propagate_env_map.keys(), reverse=True) for k in keys: cmd.cmdStr = "%s=%s && %s" % (k, cmd.propagate_env_map[k], cmd.cmdStr) # Escape " for remote execution otherwise it interferes with ssh
cmd.cmdStr = cmd.cmdStr.replace('"', '\\"') cmd.cmdStr = "ssh -p 6233 -o StrictHostKeyChecking=no -o ServerAliveInterval=60 " \ "{targethost} \"{gphome} {cmdstr}\"".format(targethost=self.targetHost, gphome=". %s/greenplum_path.sh;" % self.gphome, cmdstr=cmd.cmdStr)
在執行GP的啟動命令,GP數據庫就可以正常啟動了。
總結:這應該也是greenplum官方的一個bug,在執行gpssh-exkeys,gpinitsystem命令時沒有提供一個-p 端口的配置參數。或許就輕松多了,哎折騰好久。