日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

GBase 8a 安全配置

發布時間:2024/1/1 编程问答 33 豆豆
生活随笔 收集整理的這篇文章主要介紹了 GBase 8a 安全配置 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

目錄

密碼復雜度

修改root的默認密碼

登錄失敗嘗試次數

重鑒別

開啟審計日志

客戶端SSL加密連接

密碼復雜度

修改密碼策略之前,記得先修改用戶密碼符合新的規則,不然重啟后 舊的用戶密碼將無法登錄使用

修改coordinator 節點的配置文件 gbase_8a_gcluster.cnf(每個節點都需要改,不改的節點密碼策略不生效,可以繼續使用簡單密碼)
修改node 節點的配置文件gbase_8a_gbase.cnf(每個節點都需要改,不改的節點密碼策略不生效,可以繼續使用簡單密碼)

對相同變量配置相同的值

[gbase@VM-8-10-centos gbase]$ cd $GCLUSTER_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf [gbase@VM-8-10-centos gnode]$ cd $GBASE_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gbase.cnf[gbase@VM-8-10-centos config]$ gcluster_services gcluster restartgbase> set password for user_1 = password('111'); ERROR 1809 (HY000): Invalid password format,length should > 8 and contain 'number' 'small letter' 'captital letter' 'special character'.

[gbased]

password_format_option = '15'? ? ? ?#包含數字大小寫其他字符
password_min_length = '8'? ? ? ? ? ? ?#最小長度為8
password_life_time = '90'? ? ? ? ? ? ? ?#90天過期

修改root的默認密碼

[root@gba01 opt]# su - gbase$ gccli –uroot GBase client 9.5.3.17.117651. Copyright (c) 2004-2020, GBase. All Rights Reserved. gbase> SET PASSWORD FOR root = PASSWORD('H133%_h');

登錄失敗嘗試次數

達到失敗次數后 該用戶會被鎖定禁止登錄,解鎖后可正常使用

[gbase@VM-8-10-centos gcluster]$ cd $GCLUSTER_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf [gbase@VM-8-10-centos config]$ gcluster_services gcluster restart[gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked.

[gbased]
login_attempt_max = '3'?

用戶解鎖

[gbase@VM-8-10-centos gbase]$ gccli -ugbase -pgbase> alter user root identified by 'gBase20333333#'; Query OK, 0 rows affected (Elapsed: 00:00:00.01)gbase> alter user root account unlock; Query OK, 0 rows affected (Elapsed: 00:00:00.00)

重鑒別

10分鐘空閑需要重新登錄

修改每個?coordinator 節點的配置文件 gbase_8a_gcluster.cnf
修改每個?node 節點的配置文件gbase_8a_gbase.cnf

[gbase@VM-8-10-centos gbase]$ cd $GCLUSTER_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf [gbase@VM-8-10-centos gnode]$ cd $GBASE_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gbase.cnf[gbase@VM-8-10-centos config]$ gcluster_services gcluster restart

[gbased]

interactive_timeout ?= 600? ? ?#單位為秒? 這個參數默認是開啟的 默認1000000

wait_timeout = 600? ? ? ? ? ? ?? ?#單位為秒? 這個參數默認是開啟的 默認1000000

開啟審計日志

gbase> set global audit_log = 1 ; gbase> set global log_output = 'table';

創建審計策略

gbase> CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y'); Query OK, 0 rows affected (Elapsed: 00:00:00.01)gbase> \q Bye [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked. [gbase@VM-8-10-centos gbase]$ gccli -ugbase -p Enter password: gbase> SELECT start_time,user_host,query_time,rows, LEFT(sql_text, 30), conn_type FROM gbase.audit_log; gbase> SELECT * FROM gbase.audit_log; +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ | thread_id | taskid | start_time | end_time | user_host | uid | user | host_ip | query_time | rows | vc_id | db | table_list | sql_text | sql_type | sql_command | operators | status | conn_type | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ | 95 | 0 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000122 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE GCLUSTER_LOCAL AUDIT POLICY "audit_policy_1" (Enable='Y',User='') | DDL | OTHERS | | SUCCESS | CAPI | | 94 | 131152 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.002588 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y',User = '' ) | DDL | OTHERS | | SUCCESS | ODBC | | 94 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000006 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | ODBC | | 95 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000003 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000433 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000126 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 131155 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000160 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000066 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000154 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 97 | 131154 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007139 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 96 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | [root] @ localhost [] | 0 | root | | 00:00:00.013624 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000440 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 131157 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000148 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000080 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000174 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 100 | 131156 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007594 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 99 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | [root] @ localhost [] | 0 | root | | 00:00:00.009110 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000436 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000443 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 131159 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000137 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000064 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000151 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 103 | 131158 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007557 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 102 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | [root] @ localhost [] | 0 | root | | 00:00:00.009166 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 105 | 0 | 2022-10-31 22:47:56 | 2022-10-31 22:47:56 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000612 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | ODBC | | 105 | 131160 | 2022-10-31 22:48:04 | 2022-10-31 22:48:04 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.006332 | 0 | vc00003 | | WRITE: ; READ: `vc00003`.`gbse`.`audit_log`; OTHER: ; | select * from gbse.audit_log | DQL | SELECT | | FAILED | ODBC | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ 36 rows in set (Elapsed: 00:00:00.00)

清空審計日志

gbase> TRUNCATE SELF gbase.audit_log; Query OK, 0 rows affected (Elapsed: 00:00:00.00)gbase> select * from gbase.audit_log; +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+ | thread_id | taskid | start_time | end_time | user_host | uid | user | host_ip | query_time | rows | vc_id | db | table_list | sql_text | sql_type | sql_command | operators | status | conn_type | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+ | 105 | 0 | 2022-10-31 22:52:17 | 2022-10-31 22:52:17 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000603 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: `vc00000`.`gbase`.`audit_log`; | TRUNCATE SELF gbase.audit_log | DDL | TRUNCATE | | SUCCESS | ODBC | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+---------+-----------------+------+---------+----+---------------------------------------------------------+-------------------------------+----------+-------------+-----------+---------+-----------+ 1 row in set (Elapsed: 00:00:00.00)

審計日志高可用

開啟審計后,審計日志默認存在audit_log表中, audit_log是當前一段時間的日志,需要定時將一些歷史日志轉儲到audit_log_express 表中,每60分鐘轉存儲一次。

這個event在創建的時候 要在每個gcluster節點都執行一遍,event名字不要相同

gbase> use test; Query OK, 0 rows affected (Elapsed: 00:00:00.00)gbase> show events \G; Empty set (Elapsed: 00:00:00.00) [gbase@h4 opt]$ vi /opt/audit.sql [gbase@h4 opt]$ gccli -uroot -p -D test < /opt/audit.sql delimiter // CREATE EVENT import_audit_log ON SCHEDULE EVERY 60 MINUTE ON COMPLETION NOT PRESERVE ENABLE LOCAL DO begindeclare errno int;declare msg text;declare exit handler for sqlexceptionbeginget diagnostics condition 1 errno = gbase_errno, msg = message_text;create table if not exists import_audit_log_errors(err_time datetime,hostname varchar(64),err_no int,msg_txt varchar(1024)) CHARSET=utf8mb4;insert into import_audit_log_errors values (now(), @@hostname, errno, substr(msg, 0, 1024));end;create table if not exists audit_log_express (hostname varchar(64),thread_id int,taskid bigint,start_time datetime,uid bigint, user varchar(16),host_ip varchar(32),query_time time, rows bigint,table_list varchar(4096),sql_text varchar(8191),ql_type varchar(16),sql_command varchar(32),operators varchar(256),status varchar(16),conn_type varchar(16)) CHARSET=utf8mb4;set self sql_mode = '';create self table gbase.audit_log_bak2 like gbase.audit_log;set self sql_mode = default;rename self table gbase.audit_log to gbase.audit_log_bak1, -- 這里不知道為什么 rename之后 數據沒有進去,所以在后面又insert了一次gbase.audit_log_bak2 to gbase.audit_log;repair table gbase.audit_log;insert into gbase.audit_log_bak1 select * from gbase.audit_log;set _gbase_query_path = on;insert into audit_log_express select@@hostname as hostname,thread_id,taskid,start_time,uid,user,host_ip,query_time,rows,substr(table_list, 0, 4096),substr(sql_text, 0, 8191),sql_type,sql_command,operators,status,conn_typefrom gbase.audit_log_bak1;drop self table gbase.audit_log_bak1; end// delimiter ; [gbase@h4 opt]$ gccli -uroot -p gbase> use test; gbase> show events; +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ | Vc | Db | Name | Definer | Time zone | Type | Execute at | Interval value | Interval field | Starts | Ends | Status | Execute mode | character_set_client | collation_connection | Database Collation | +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ | vcname000002 | test | import_audit_log | root@% | +08:00 | RECURRING | NULL | 60 | MINUTE | 2022-12-17 00:31:18 | NULL | ENABLED | 0 | utf8 | utf8_general_ci | utf8_general_ci | +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ 1 row in set (Elapsed: 00:00:00.00)

客戶端SSL加密連接

生成服務端、客戶端證書文件

[root@hw-00 gcinstall]# su - root [root@hw-00 gcinstall]# mkdir -p /usr/local/ssl [root@hw-00 gcinstall]# cd /usr/local/ssl/ [root@hw-00 ssl]# openssl req -sha1 -new -x509 -nodes -days 3650 -keyout ca-key.pem >ca-cert.pem [root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem [root@hw-00 ssl]# openssl rsa -in server-key.pem -out server-key.pem [root@hw-00 ssl]# openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem Signature ok subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1 Getting CA Private Key [root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem [root@hw-00 ssl]# openssl rsa -in client-key.pem -out client-key.pem [root@hw-00 ssl]# openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem Signature ok subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1 Getting CA Private Key [root@hw-00 ssl]# ll -rw-r--r-- 1 root root 1285 Nov 14 18:14 ca-cert.pem -rw-r--r-- 1 root root 1708 Nov 14 18:14 ca-key.pem -rw-r--r-- 1 root root 1159 Nov 14 18:22 client-cert.pem -rw-r--r-- 1 root root 1679 Nov 14 18:21 client-key.pem -rw-r--r-- 1 root root 1041 Nov 14 18:21 client-req.pem -rw-r--r-- 1 root root 1159 Nov 14 18:19 server-cert.pem -rw-r--r-- 1 root root 1679 Nov 14 18:18 server-key.pem -rw-r--r-- 1 root root 1041 Nov 14 18:16 server-req.pem

服務端配置

[root@hw-00 ~]# vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf

[gbased]

ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/server-cert.pem
ssl-key=/usr/local/ssl/server-key.pem

重啟集群驗證是否配置成功

[root@hw-00 ~]# su - gbase Last login: Mon Nov 14 18:10:52 CST 2022 from 192.168.0.92 on pts/2 [gbase@hw-00 ~]$ gcluster_services all restart [gbase@hw-00 ~]$ gccli -uroot -pgbase> show variables like 'have_%ssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | | have_ssl | YES | +---------------+-------+ 2 rows in set (Elapsed: 00:00:00.00)

客戶端配置

如果有單獨的客戶端,需要將server 端生成的 ca-cert.pem,client-req.pem,client-key.pem,client-cert.pem 拷貝到 client 端?/usr/local/ssl 路徑下,我們的客戶端和服務端使用的是同一臺機器,就不用拷貝了,直接修改配置文件即可

[gbase@hw-00 ~]$ vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf

[client]

ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/client-cert.pem
ssl-key=/usr/local/ssl/client-key.pem

使用遠程連接驗證ssl是否開啟

[gbase@hw-00 ~]$ gccli -h 123.249.11.137 -ugbase -pgba20***** gbase> status -------------- Connection id: 11 Current database: Current user: gbase@123.249.11.137 SSL: Cipher in use is DHE-RSA-AES256-SHA TCP port: 5258 Uptime: Elapsed: 00:16:29.00Threads: 3 Questions: 11 Slow queries: 0 Opens: 28 Flush tables: 1 Open tables: 21 Queries per second avg: 0.11 --------------

總結

以上是生活随笔為你收集整理的GBase 8a 安全配置的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。