环境
系统平台:N/A
版本:4.5.6,4.5.7,4.5.8
文档用途
本文档用于高可用集群环境中hghac组件和hgproxy组件替换和升级操作
详细信息
1.关闭服务
所有数据节点都执行
1、关闭hgproxy服务
[root@hgdb01 tools]# systemctl stop hgproxy.service
[root@hgdb02 tools]# systemctl stop hgproxy.service
2、关闭hghac服务
[root@hgdb01 tools]# systemctl stop hghac.service
[root@hgdb02 tools]# systemctl stop hghac.service
3、关闭etcd服务
[root@hgdb01 tools]# systemctl stop etcd.service
[root@hgdb02 tools]# systemctl stop etcd.service
[root@localhost ~]# systemctl stop etcd.service
2.升级过程
操作前请先备份原集群配置文件。
1、安装软件包
验证md5值
[root@hgdb01 tools]# md5sum hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
0d960d0ac4925b272c30849e415031fd hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
安装软件包
[root@hgdb01 tools]# rpm -ivh hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
准备中... ################################# [100%]
正在升级/安装...
1:hghac-4.2.3.3-17f931d ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/hghac.service to /usr/lib/systemd/system/hghac.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/vip-manager.service to /usr/lib/systemd/system/vip-manager.service.
2、配置并启动etcd
01节点:
[root@hgdb01 tools]# vim /usr/local/hghac/etcd/etcd.yml
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'etcd_01'
# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd01
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.101:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.101:2379,http://127.0.0.1:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.101:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.101:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
enable-pprof: false
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# DEPRECATED: Path to the client server TLS CA file.
ca-file:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# DEPRECATED: Path to the peer server TLS CA file.
ca-file:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
peer-client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# Enable debug-level logging for etcd.
debug: false
# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default
# Force to create a new one member cluster.
force-new-cluster: false
02节点配置
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'etcd_02'
# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd02
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.102:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.102:2379,http://127.0.0.1:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.102:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.102:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
enable-pprof: false
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# DEPRECATED: Path to the client server TLS CA file.
ca-file:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# DEPRECATED: Path to the peer server TLS CA file.
ca-file:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
peer-client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# Enable debug-level logging for etcd.
debug: false
# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default
# Force to create a new one member cluster.
force-new-cluster: false
03节点配置
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'etcd_03'
# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd03
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.103:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.103:2379,http://127.0.0.1:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.103:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.103:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
enable-pprof: false
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# DEPRECATED: Path to the client server TLS CA file.
ca-file:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# DEPRECATED: Path to the peer server TLS CA file.
ca-file:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
peer-client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# Enable debug-level logging for etcd.
debug: false
# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default
# Force to create a new one member cluster.
force-new-cluster: false
启动etcd(三台间隔时间不要太长)
[root@hgdb01 ~]# systemctl start etcd.service
[root@hgdb02 ~]# systemctl start etcd.service
[root@hgdb03 ~]# systemctl start etcd.service
查看etcd集群状态
[root@hgdb01 tools]# /usr/local/hghac/etcd/etcdctl --endpoints=http://x.x.0.101:2379,http://x.x.0.102:2379,http://x.x.0.103:2379 endpoint status --write-out=table
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| http://x.x.0.101:2379 | 7a586afca670fdcd | 3.4.15 | 20 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.102:2379 | 5506b0263532a5d | 3.4.15 | 25 kB | false | false | 2 | 8 | 8 | |
| http://x.x.0.103:2379 | 21d26eb730319e20 | 3.4.15 | 25 kB | true | false | 2 | 8 | 8 | |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
3、配置hghac组件
01节点
scope: highgo-see-cluster
namespace: /service/
name: see_01
restapi:
listen: x.x.0.101:8008
connect_address: x.x.0.101:8008
etcd3:
hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379
#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']
bootstrap:
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
master_start_timeout: 300
synchronous_mode: false
postgresql:
use_pg_rewind: true
parameters:
wal_level: replica
hot_standby: "on"
wal_keep_size: 100
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
archive_mode: "off"
archive_timeout: 1800s
logging_collector: "on"
method: initdb_keygen
initdb_keygen:
command: /usr/local/hghac/hac/initdb_keygen.sh
keep_existing_recovery_conf: True
no_params: True
postgresql:
database: highgo
listen: 0.0.0.0:5866
connect_address: x.x.0.101:5866
bin_dir: /opt/highgo/hgdb-see-4.5.8/bin
data_dir: /data/highgo/data
config_dir: /data/highgo/data
pgpass: /tmp/.pgpass
authentication:
replication:
username: sysdba
password: Hello@1234
rewind:
username: sysdba
password: Hello@1234
sysdba:
password: Hello@1234
syssso:
password: Hello@1234
syssao:
password: Hello@1234
parameters:
ssl: 'on'
ssl_cert_file: /data/highgo/data/server.crt
ssl_key_file: /data/highgo/data/server.key
pg_hba:
- local all all sm3
- host all all 0.0.0.0/0 sm3
- host all all ::1/128 sm3
- local replication all sm3
- host replication all 0.0.0.0/0 sm3
- host replication all ::1/128 sm3
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false
log:
level: INFO
traceback_level: INFO
dir: /usr/local/hghac/hac
启动hghac
# systemctl start hgahc.service
查看集群状态
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
02节点
scope: highgo-see-cluster
namespace: /service/
name: see_02
restapi:
listen: x.x.0.102:8008
connect_address: x.x.0.102:8008
etcd3:
hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379
#zookeeper:
# hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']
bootstrap:
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
master_start_timeout: 300
synchronous_mode: false
postgresql:
use_pg_rewind: true
parameters:
wal_level: replica
hot_standby: "on"
wal_keep_size: 100
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
archive_mode: "off"
archive_timeout: 1800s
logging_collector: "on"
method: initdb_keygen
initdb_keygen:
command: /usr/local/hghac/hac/initdb_keygen.sh
keep_existing_recovery_conf: True
no_params: True
postgresql:
database: highgo
listen: 0.0.0.0:5866
connect_address: x.x.0.102:5866
bin_dir: /opt/highgo/hgdb-see-4.5.8/bin
data_dir: /data/highgo/data
config_dir: /data/highgo/data
pgpass: /tmp/.pgpass
authentication:
replication:
username: sysdba
password: Hello@1234
rewind:
username: sysdba
password: Hello@1234
sysdba:
password: Hello@1234
syssso:
password: Hello@1234
syssao:
password: Hello@1234
parameters:
ssl: 'on'
ssl_cert_file: /data/highgo/data/server.crt
ssl_key_file: /data/highgo/data/server.key
pg_hba:
- local all all sm3
- host all all 0.0.0.0/0 sm3
- host all all ::1/128 sm3
- local replication all sm3
- host replication all 0.0.0.0/0 sm3
- host replication all ::1/128 sm3
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false
log:
level: INFO
traceback_level: INFO
dir: /usr/local/hghac/hac
启动hghac
# systemctl start hgahc.service
查看集群状态
# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list
4、配置hgproxy
所有节点配置相同
[root@hgdb01 hgproxy]# cat /usr/local/hgproxy/etc/proxy.conf
# version: 4.0.27
[Log]
log_collector = on
# 是否开始日志功能
log_level = log
# 可选日志级别如下:
# debug5
# debug4
# debug3
# debug2 - 显示设置路由节点的关键点
# debug1 - 显示语句与协议包的路由节点
# log - 显示会话的开始与结束
# commerror
# info
# notice
# warning
# error
# fatal
# panic
log_destination = file
# stdout: 标准输出
# stderr: 标准错误输出
# file: 输出到文件
log_filename = /data/hglog/hgproxy.log
# 日志输出文件
# 设置按日期输出到不同文件, 只需要在文件名中添加时间转换字符 %d(%Y%m%d), 例如:/tmp/log/hgproxy.%d(%Y%m%d).log, 输出文件名样式为:hgproxy.20200808.log
log_format = "%d.%us %-7V [pid:%-7p cid:%-7U %18F:%-5L] %m%n"
# 格式说明:
# %d :时间格式(2012-01-01 17:03:12)
# %d.%ms :时间格式(2012-01-01 17:03:12.123)
# %d.%us :时间格式(2012-01-01 17:03:12.123456)
# %m :用户日志(必须)
# %n :换行符(必须)
# %p :进程id
# %t :线程id
# %U :协程id
# %V :日志级别,大写
# %v :日志级别,小写
# %F :源代码文件名
# %L :源代码行数
log_rotation_size = 500MB
# 日志文件自动转存大小(转存文件后缀数字越大,日志时间越新).
# 设置为0, 则关闭此功能.
log_max_rotation_file_num = 0
# 转存文件最大保留个数(设置的值大于1时, 此功能生效).
# 当转存文件达到设置的个数时,依次自动删除最旧的文件.
# 当日志文件比较重要时,请谨慎决定是否打开此功能.
[Proxy]
listen_addresses = *
port = 5888
socket_dir = /tmp
process_nums = 0
# 负责处理会话的进程个数(建议设置为服务器核心数; 设置为0时, 自动获取CPU核心数进行设置)
session_balance = on
# 以轮询的的方式使进程间处理的会话尽量均衡
process_bind_cpu = off
# 负责处理会话的进程, 是否绑定CPU运行
extension_module = librwsplit.so
# hgproxy扩展模块, 目前只有读写分离模块,默认即可
auto_replace_application_name = "hgproxy: app[__IP__:__PORT__:__ORIGINAL__]"
# 自动修改 application_name 参数.
# __IP__ : 应用的IP.
# __PORT__ : 应用的端口.
# __ORIGINAL__ : 原始数据.
# 注意:由于数据库限制,开启此功能后,hgproxy会添加额外的信息,因此应用可自定义设置的 application_name 字符串会减少。
# 参数值设置为空,则关闭此功能
use_mctx = off
# 使用内存上下文机制管理内存
transaction_mode = Auto
# Auto 事务内会进行读写分离,路由节点自动判断
# Primary 事务内不进行读写分离,固定发往主节点
read_write_separation = on
# 读写分离开关
# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启
[BackendNode]
node_num = 2
# 后端节点数量
load_balancing_mode = 1
# 负载均衡模式(目前只有一种模式,默认即可)
# 1:权重模式
startup_check = off
# 启动时, 检查配置的数据库是否能够连接
hostname0 = x.x.0.101
port0 = 5866
backend_weigh0 = 1
# hostnameN 第N个节点IP
# portN 第N个节点端口
# backend_weightN 第N个节点权重比
hostname1 = x.x.0.102
port1 = 5866
backend_weigh1 = 1
#hostname2 = 127.0.0.1
#port2 = 5868
#backend_weigh2 = 1
read_timeout_close = 0
# 当读取数据库超时自动断开连接.
# 此值不能设置为负数,设置的值大于0时, 此功能生效.
# 单位:秒,取值最大为604800(一周)
standby_additional_check = "select count(pid) > 0 from pg_stat_wal_receiver;"
# 备节点额外的检测
# 请确保该SQL的返回结果为单行单列,且值为 t 或 f;
[Replication]
streaming_replication_delay_time = 100000
# 假设流复制延迟时间, 单位: 微秒
# 设置为 0 则关闭此功能
# 取值范围: 0 - 3600000000(1小时)
[DatabaseCheck]
lifecheck_user = sysdba
# 用于检测时的用户名
lifecheck_dbname = highgo
# 用于检测时的数据库
lifecheck_time = 10
# 连接间隔时间,取值范围 1 - 3600, 单位:秒
lifecheck_num = 3
# 连续连接失败指定次数,达到该次数,节点将置为异常, 取值范围 1 - 10
[routing]
null_query_routing = both
# 空语句发送的节点: primary/standby/both
# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启
regex_routing_file =
# 正则路由配置文件,配置模板文件见 etc/regex_routing_settings.json
# 注意事项:请配置 json 文件绝对路径
# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启
routing_unnamed_parse_to_both = no
# 未命名的 parse 协议是否发送到双节点
# 该配置项支持使用 proxy_ctl reloadcfg 生效,无需重启
[BlackList]
# 此配置参数未来会移除,建议使用 regex_routing_file 配置
ignore_regex_case = off
# on: 匹配时忽略大小写
# off: 匹配时不忽略大小写
# 此配置参数未来会移除,建议使用 regex_routing_file 配置
black_regex_token_list =
# 匹配到了发往主节点
# 此配置参数未来会移除,建议使用 regex_routing_file 配置
white_regex_token_list =
# 匹配成功发往备节点
object_relationship_list = /usr/local/hgproxy/etc/object_relationship_list.json
[watchdog]
server_watchdog = on
# 检测 hgproxy 端口是否可以连接
server_watchdog_interval = 30
# 检测时间间隔(秒)
# 取值范围: 1 - 3600
server_watchdog_auto_restart = on
# 检测 hgproxy 端口不可用后, 是否自动重启 hgproxy.
server_watchdog_failed_count = 3
# 连续失败次数, 达到该计数后,
# 如果 server_watchdog_auto_restart 为 on, 则会自动重启 hgproxy
# 取值范围: 1 - 3600
status_watchdog = on
# 内部统计打印日志输出
status_watchdog_interval = 60
# 内部统计打印日志输出时间间隔(秒)
# 取值范围: 1 - 3600
status_watchdog_pretty_log = off
# 是否对日志输出进行美化处理
[SSL]
ssl_switch = off
ssl_cert = /usr/local/hgproxy/etc/server.crt
ssl_key = /usr/local/hgproxy/etc/server.key
ssl_ca_cert = /usr/local/hgproxy/etc/root.crt
ssl_ca_cert_dir = /usr/local/hgproxy/etc
ssl_ciphers = HIGH:MEDIUM:+3DES:!aNULL
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = prime256v1
ssl_dh_params_file =
[admin]
virtual_database = hgproxy
# 虚拟数据库, 无需数据中存在
virtual_user = hgproxy
# 虚拟用户, 无需数据中存在
virtual_user_auth_method = password
# 可选取值: "md5", "password"
virtual_user_password = hgproxy@123
# 如果 virtual_user_auth_method 配置为 md5,
# md5密码生成方法: echo -n "123456hgproxy" | md5sum
# 123456 是登录密码, hgproxy 是 virtual_user 配置的用户名
拷贝ssl证书文件
[root@xxdb01 etc]# cp /data/highgo/data/server.* /opt/HighGo/tools/hgproxy/etc/
[root@xxdb01 etc]# cp /data/highgo/data/root.crt /opt/HighGo/tools/hgproxy/etc/
初始化hgproxy
[root@hgdb01 etc]# /usr/local/hgproxy/bin/proxy_ctl init -h x.x.0.101 -U sysdba -d highgo -p 5866
ip == [x.x.0.101]
port == [5866]
database == [highgo]
username == [sysdba]
please enter password:
init successfully
启动服务
[root@xxdb01 etc]# systemctl start hgproxy
验证登录
[root@xxdb01 etc]# psql highgo sysdba -p 5888
3.注意事项
1、如果用的是tar包安装,etcd.service和hghac.service需要手动拷贝到/usr/lib/systemd/system/文件夹下
# cp /usr/local/hghac/etcd/etcd.service /usr/lib/systemd/system/
# cp /usr/local/hghac/hac/hghac.service /usr/lib/systemd/system/
# systemctl daemon-reload
2、关闭服务时先停止hghac.service,再关闭etcd.service,防止数据库都变成备库模式。
3、注意备份原集群配置文件,参数尽量保持与原配置相同。
扫一扫
1190
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
