猿创征文|Highgo Database安全版安装指导手册
生活随笔
收集整理的這篇文章主要介紹了
猿创征文|Highgo Database安全版安装指导手册
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
?
目錄
?
Highgo Database安全版安裝指導手冊
一、安裝檢查
1.1、要驗證系統是否滿足要求
1.2、檢查內核參數
二、安裝前準備
2.1、關閉防火墻
2.2、關閉SELINUX
2.3、檢查主機名
2.4、檢查時間和時區
2.5、安裝系統軟件包
2.6、配置hosts
2.7、創建highgo用戶并修改密碼
2.8、創建數據庫安裝目錄
2.9、配置操作系統limits
2.10、設置highgo用戶環境變量?
2.11、上傳并解壓HGDB安裝包
三、安裝Highgo Database軟件
3.1、圖形化安裝
3.2、字符界面安裝
四、收尾工作
4.1、修改數據庫默認參數
4.2、修改pg_hba.conf文件
4.3、安裝license
4.4、修改用戶密碼及密碼到期時間
五、卸載HGDB
5.1、圖形化卸載
5.2、非圖形化卸載
Highgo Database安全版安裝指導手冊
通用機使用的是國產芯片,操作系統為中標麒麟7.0,未做三權分立,作為普通Linux服務器使用。
本文演示過程使用的操作系統是RedHat7,與中標麒麟安裝過程完全一致。
一、安裝檢查
1.1、要驗證系統是否滿足要求
要驗證系統是否滿足要求?Highgo Database4.x數據庫的最低要求,以?root?用戶身份登錄并運行以下命令。要查看可用?RAM?和交換空間大小,運行以下命令:
df -h free -h grep MemTotal /proc/meminfo grep SwapTotal /proc/meminfo # grep MemTotal /proc/meminfo MemTotal:512236 kB # grep SwapTotal /proc/meminfo SwapTotal:1574360 kB內存及對應swap建議值參照表:
| MemTotal | SwapTotal |
| 8G | 2~4G |
| 8~16G | |
| 16~64G | 8~32G |
| >=64G | 32G |
1.2、檢查內核參數
cat /proc/sys/kernel/shmmax cat /proc/sys/kernel/shmall cat /proc/sys/kernel/shmmni??? 這個參數(系統共享內存段的最大數量)數據庫自動修改內存大小及對應內核參數建議值:
| MemTotal | shmall | shmmax | ||
| 8G | 7~8G | 4G | ||
| 8~64G | M*50% | M*90~95% | ||
| >=64G | 32G | M*90%~95% | ||
二、安裝前準備
2.1、關閉防火墻
在NeoKylin 6.X執行如下命令
service iptables stop chkconfig iptables off service iptables status service NetworkManager stop chkconfig NetworkManager off service NetworkManager status在NeoKylin 7.X(當前項目中的通用機大部分為7.x)執行如下命令
systemctl stop firewalld.service systemctl disable firewalld.service systemctl status firewalld.service systemctl stop? NetworkManager.service systemctl disable NetworkManager.service systemctl status? NetworkManager.service2.2、關閉SELINUX
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config setenforce 0 cat /etc/selinux/config | grep SELINUX=disabled getenforce2.3、檢查主機名
[root@hgdb ~]# hostnamectl statusStatic hostname: hgdbIcon name: computer-vmChassis: vmMachine ID: 5c7b0775b96044209a3858d9773a5b83Boot ID: a379f124abc746c190aca4932ee34fe1Virtualization: vmwareOperating System: Red Hat Enterprise Linux Server 7.3 (Maipo)CPE OS Name: cpe:/o:redhat:enterprise_linux:7.3:GA:serverKernel: Linux 3.10.0-514.el7.x86_64Architecture: x86-642.4、檢查時間和時區
[root@hgdb ~]$ timedatectlLocal time: Fri 2018-10-19 18:52:17 CSTUniversal time: Fri 2018-10-19 10:52:17 UTCRTC time: Fri 2018-10-19 10:52:18Time zone: Asia/Shanghai (CST, +0800)NTP enabled: no NTP synchronized: noRTC in local TZ: noDST active: n/aNeoKylin 7.X下如何修改時區
[root@hgdb ~]# timedatectl list-timezones [root@hgdb ~]# timedatectl set-timezone Asia/Shanghai 修改時間 [root@hgdb ~]# date -s "20170622 10:26:00"2.5、安裝系統軟件包
配置yum源
[root@hgdb ~]# cat /etc/yum.repos.d/highgo.repo[rhel] name=rhel baseurl=file:///media/cdrom enabled=1 gpgcheck=0[root@hgdb ~]# mkdir /media/cdrom [root@hgdb ~]# mount /dev/cdrom?/media/cdrom mount: /dev/sr0 is write-protected, mounting read-only安裝依賴包
[root@hgdb ~]# yum clean all [root@hgdb ~]# yum list [root@hgdb ~]# yum install vim wget readline readline-devel zlib zlib-devel openssl openssl-devel pam-devel libxml2-devel libxslt-devel python-devel tcl-devel gcc gcc-c++?rsync -y2.6、配置hosts
[root@hgdb ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.80.10 hgdb2.7、創建highgo用戶并修改密碼
[root@hgdb ~]# groupadd -g 5866 highgo [root@hgdb ~]# useradd -u 5866 -g highgo highgo [root@hgdb ~]# passwd highgo?2.8、創建數據庫安裝目錄
數據庫安裝目錄建議使用單獨的磁盤或者lv卷組。
[root@hgdb ~]# mkdir -p /data/highgo/4.3.4 -p [root@hgdb ~]# chown -R highgo:highgo /data #歸檔目錄 [root@hgdb ~]# mkdir /hgdbbak/archive -p ? ? #備份目錄 [root@hgdb ~]# chown -R highgo:highgo /hgdbbak/2.9、配置操作系統limits
[root@hgdb ~]# vi /etc/security/limits.conf #for highgo db 4.3.4 highgo soft ?core unlimited highgo hard ?nproc unlimited highgo soft ?nproc unlimited highgo hard ?memlock unlimited highgo hard ?nofile 1024000 highgo soft ?memlock unlimited highgo soft ?nofile 1024000 highgo hard ?stack ?65536 highgo soft ?stack ?655362.10、設置highgo用戶環境變量?
[root@hgdb ~]# vi /home/highgo/.bashrc export PGHOME=/data/highgo/4.3.4 export PGUSER=highgo export PGPORT=5866 export PGDATA=$PGHOME/data export PATH=$PGHOME/bin:$PATH:$HOME/bin export LD_LIBRARY_PATH=$PGHOME/lib:$LD_LIBRARY_PATH2.11、上傳并解壓HGDB安裝包
[root@hgdb upload]# tar -zxvf hgdb4.3.4-sec-rhel7.x-x86-64-20190130_195124.tar.gz [root@hgdb upload]# chown -R highgo:highgo hgdb_install4.3.4_redhat7.x_Enterprise_64/ [root@hgdb upload]# ll drwxr-xr-x. 4 highgo highgo ? ? ? ?50 Jul ?7 17:49 hgdb_install4.3.4_redhat7.x_Enterprise_64三、安裝Highgo Database軟件
3.1、圖形化安裝
1、 首先應確保可以開啟圖形化界面,如果未安裝圖形界面使用如下命令進行安裝
NeoKylin 6.X yum groupinstall "X Window System" "Desktop" NeoKylin 7.X [root@hgdb ~]# yum -y groupinstall "Server with GUI"2、 進入highgo用戶執行安裝程序
圖形界面登錄服務器
請按照如下步驟:
?
?
?
?
使用root用戶執行以上腳本,然后點擊“OK”。
?
?上圖中的兩個問題是由于關閉防火墻導致找不到參數,可以直接忽略。
?
?
root用戶執行上面腳本后,點擊“OK”
[root@localhost ~]# sh /highgo/database/4.3.4/hginstall.sh Starting HighGo Database Server: waiting for server to start.... done server started HighGo Database Server started successfully
?
?
3.2、字符界面安裝
[highgo@hgdb hgdb_enterprise_4.3.4_redhat7.x_x86-64_install_20180919]$ ./runinstall Welcome to the installation of HighGo Database 4.3.4 Enterprise Edition ! press 1 to continue, 2 to quit, 3 to redisplay 1 HIGHGO DATABASE END-USER SOFTWARE LICENSE AGREEMENT THANKS FOR YOUR SELECTION OF HIGHGO DATABASE. Copyright (c) 2017, HighGo Co., Ltd. All Rights Reserved. IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND HighGo Co., Ltd. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IT PROVIDES A LICENSE TO USE THE SOFTWARE AND CONTAINS WARRANTY INFORMATION AND LIABILITY DISCLAIMERS. BY INSTALLING AND USING THE SOFTWARE, YOU ARE CONFIRMING YOUR ACCEPTANCE OF THE SOFTWARE AND AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, PLEASE DO NOT INSTALL OR USE THE SOFTWARE. YOU MUST ASSUME THE ENTIRE RISK OF USING THIS PROGRAM. ANY LIABILITY OF HighGo WILL BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR REFUND OF PURCHASE PRICE BEFORE FIRST INSTALLATION. Definitions1. "the Software" means "HighGo DataBase".2. ?"HighGo" is responsible for HighGo Co., Ltd. License Grants1. You may use the Software for free for non-commercial use under the License Restrictions.2. You may use the Software for commercial use after purchasing the commercial license. Moreover, according to the license you purchased you may get specified term, manner and content of technical support from HighGo. License Restrictions1. You may not use the Software for commercial use or profit use, unless you have been licensed to. To purchase the license , please visit http://www.highgo.com for more information.2. You may not rent, lease, sublicense, sell, assign, pledge the Software and its services.3. You may not modify the Software to create derivative works for redistribution based upon the Software.4. In the event that you fail to comply with this agreement, your license will be terminated.LIMITED WARRANTY AND DISCLAIMER1. THE SOFTWARE AND THE ACCOMPANYING FILES ARE SOLD "AS IS" AND WITHOUT WARRANTIES AS TO PERFORMANCE OF MERCHANTABILITY OR ANY OTHER WARRANTIED WHETHER EXPRESSED OR IMPLIED.2. You must assume the entire risk of using the Software. ANY LIABILITY OF HIGHGO WILL BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT, REFUND OF PURCHASE PRICE BEFORE YOUR FIRST INSTALLATION. press 1 to accept, 2 to reject, 3 to redisplay 1 Select target path [/data/hgdb/4.3.4] /data/highgo/4.3.4 press 1 to continue, 2 to quit, 3 to redisplay 1TreePacksPanel[JDK_JRE] [required] [hgdb.dbserverPack] [Already Selected] [hgdb.userInterfacePack] [Already Selected]psql [Already Selected]hgdbAdmin [Already Selected] [hgdb.developmentPack] [Already Selected] [hgdb.installPack] [Already Selected]init and configure database [Already Selected]uninstalldata [required] [tempExecutableFiles] [required] ...pack selection done. press 1 to continue, 2 to quit, 3 to redisplay 1 To check the dependent packs. press 1 to check, 2 to skip, 3 to exit 1Checks ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Status ? ?Fixable ?net.netfilter.nf_conntrack_max ? ? ?Failed ? ?Yes ? ? ?net.nf_conntrack_max ? ? ? ? ? ? ? ?Failed ? ?Yes ? ? ? Use the root user to execute the following script to modify the system parameters. /tmp/hgdb_2050248256/kernelParameterSets.sh 檢測是否需要執行修復腳本,如果只剩此處兩個則可直接忽略,其它情況則執行修復腳本 press 1 to ignore, 2 to reject, 3 to recheck 1 Data directory ? [/data/highgo/4.3.4/data] ? ? ? ? ? ?#按回車Port number ? [5866] ? ? ? ? ? ? ? #按回車Superuser name ? [highgo] ? ? ? ? ? #按回車Password ? [] 第一次輸入密碼,必須超出六位且包含數字字母,不可含有特殊字符-@*&…%¥#() Password(again) ? [][x] Whether to start automatically. input 1 to select, 0 to deselect:datatype 0 ?[x] OLTP 1 ?[ ] OLAP 2 ?[ ] HTAP 3 ?[ ] Web 4 ?[ ] Desktop input selection:Total Memory (GB) [2]connectionNumber [300]Locale 0 ?[ ] aa_DJ 1 ?[ ] aa_DJ.iso88591 2 ?[ ] aa_DJ.utf8 3 ?[ ] aa_ER 4 ?[ ] aa_ER@saaho …… 環境語言根據客戶要求選擇,通常選擇C或者zh_CN.utf8 773 ?[ ] zh_CN.gbk 774 ?[x] zh_CN.utf8 775 ?[ ] zh_HK 776 ?[ ] zh_HK.big5hkscs 777 ?[ ] zh_HK.utf8 778 ?[ ] zh_SG 779 ?[ ] zh_SG.gb2312 780 ?[ ] zh_SG.gbk 781 ?[ ] zh_SG.utf8 782 ?[ ] zh_TW 783 ?[ ] zh_TW.big5 784 ?[ ] zh_TW.euctw 785 ?[ ] zh_TW.utf8 786 ?[ ] zu_ZA 787 ?[ ] zu_ZA.iso88591 788 ?[ ] zu_ZA.utf8 input selection:Encoding? 0 ?[ ] EUC_JP 1 ?[ ] EUC_KR 2 ?[ ] ISO_8859_5 3 ?[ ] ISO_8859_6 4 ?[ ] ISO_8859_7 5 ?[ ] ISO_8859_8 6 ?[ ] JOHAB 7 ?[ ] KOI8-R 8 ?[ ] LATIN1 9 ?[ ] LATIN2 10 ?[ ] LATIN3 11 ?[ ] LATIN4 12 ?[ ] LATIN5 13 ?[ ] LATIN9 14 ?[ ] MULE_INTERNAL 15 ?[ ] SQL_ASCII 16 ?[ ] WIN866 17 ?[ ] WIN874 18 ?[ ] WIN1250 19 ?[ ] WIN1251 20 ?[ ] WIN1252 21 ?[ ] WIN1256 22 ?[ ] WIN1258 23 ?[x] UTF8 input selection:Installation path: /highgo/database/4.3.4. press 1 to continue, 2 to quit, 3 to redisplay 1 Installation path: /highgo/database/4.3.4.Data directory: /highgo/database/4.3.4/data.Database port: 5866.Database Locale: zh_CN.utf8.Server Encoding: UTF8.DBA User: sysdba.Database Type: oltpTotal Memory: 2Connections: 300 press 1 to continue, 2 to quit, 3 to redisplay 1 [ Starting to unpack ] [ Processing package: Jre (1/8) ] [ Processing package: Database Server (2/8) ] [ Processing package: User interfaces (3/8) ] [ Processing package: psql (4/8) ] [ Processing package: hgdbAdmin (5/8) ] [ Processing package: Development (6/8) ] [ Processing package: Install database (7/8) ] [ Processing package: Initial the database (8/8) ] To finish the database install, please follow the below steps:1. execute following script with root user to complete the database self-starting configuration/data/highgo/4.3.4/hginstall.sh2. Press enter to continue, after hginstall.sh execute successfully .[Press enter to continue!] 另開新窗口root用戶執行 [root@hgdb highgo]# ?/data/highgo/4.3.4/hginstall.sh Starting HighGo Database Server: waiting for server to start.... done server started HighGo Database Server started successfully重新回到剛才的窗口: [Press enter to continue!][ Unpacking finished ] Begin create shorcut:[x]Create additional shortcuts on the desktop input 1 to select, 0 to deselect: 1[x]Create shortcuts in the StartMenu input 1 to select, 0 to deselect: 1 Select which user the program will create shortcut for: 0 [ ] current user 1 [x] all users input selection:Name of programgroup [HighgoDB V4.3.4]press 1 to continue, 2 to quit, 3 to redisplay 1 Install was successful application installed on /highgo/database/4.3.4 [ Console installation done ]四、收尾工作
4.1、修改數據庫默認參數
#使用sysdba登錄設置參數--設置*表示所有ip都可以訪問數據庫 alter system set listen_addresses = '*'; --修改數據庫的最大連接數 alter system set max_connections = 2000; --修改shared_buffers,建議設置為物理內存的25%,最大不超過40%,通用機一般為32G,設置為10G alter system set shared_buffers = '10240MB'; alter system set checkpoing_timeout=30min; alter system set checkpoint_completion_target = 0.8; --設置hgdb生成的日志格式 alter system set log_destination = 'csvlog'; --開啟日志 alter system set logging_collector = on; --修改日志存放路徑 alter system set log_directory = 'hgdb_log'; --修改日志文件名稱格式 alter system set log_filename = 'highgodb_%d.log'; --設置每天生成一個新的日志文件 alter system set log_rotation_age = '1d'; --不限制單個日志文件大小 alter system set log_rotation_size = 0; --覆蓋同名文件 alter system set log_truncate_on_rotation = on; --設置記錄ddl語句 alter system set log_statement = 'ddl'; --開啟歸檔 alter system set wal_level = replica; alter system set archive_mode = on; --紅色字體部分為歸檔存放路徑 alter system set archive_command = 'test ! -f /hgdbbak/archive/%f && cp %p /hgdbbak/archive/%f' --設置用戶連接與斷開數據庫的信息 alter system set log_connections=on; alter system set log_disconnections=on; alter system set maintenance_work_mem=’1GB’; #如果應用不支持ssl,使用如下命令關閉 alter system set ssl=off;注:log_filename定義了日志名稱為highgodb_%d,%d表示當月幾號生成的,例如10月20號,生成的日志為highgodb_20.log。log_rotation_age設定每天生成一個日志文件。log_rotation_size不限定日志大小。log_truncate_on_rotation設定如果存在相同文件名的日志會進行覆蓋。以上四個參數共同設定了日志只能保存一個月。
安全版數據庫默認開啟ssl加密,現場實施過程需要確認應用是否支持ssl,若不支持,則使用上面命令關閉。
4.2、修改pg_hba.conf文件
添加訪問許可
# IPv4 local connections: host ? ?all ? ? ? ? ? ? all ? ? ? ? ? ? 0.0.0.0/0 ? ? ? ? ? ?md5 hostssl ? ?all ? ? ? ? ? ? all ? ? ? ? ? ? 0.0.0.0/0 ? ? ? ? ? ?md5注:0.0.0.0/0表示允許所有網段訪問數據庫,md5表示使用md5加密的密碼。
安全版數據庫默認開啟ssl,若已在數據庫中關閉ssl功能,需要將上面“hostssl”對應的那列注釋。
參數修改完成后重新啟動數據庫
4.3、安裝license
注意:
1、 激活license之前一定要確認合同中是測試license還是永久license
2、 使用license之前請確保是否與當前數據庫版本匹配
未安裝license,數據庫啟動時會顯示剩余時間:
上傳license并復制到data目錄修改名稱為hgdb.lic
[root@hgdb uplaod]# cp hgdb_476_3m.lic /data/highgo/4.3.4/data/hgdb.lic [root@hgdb uplaod]# chown highgo:highgo -R /data/highgo/4.3.4/data/hgdb.lic [root@hgdb uplaod]# ls -l /data/highgo/4.3.4/data/hgdb.lic -rw-r--r-- 1 highgo highgo 239 Oct 22 22:21 /data/highgo/4.3.4/data/hgdb.lic激活license
[highgo@hgdb data]$ pg_ctl reload server signaled日志: ?00000: 接收到 SIGHUP, 重載配置文件
日志: ?00000: 注意 :檢測到授權文件已更改,該license為試用版授權,有效期截止到2019-01-20 21:58:57
?
檢查license
4.4、修改用戶密碼及密碼到期時間
Highgo Database安全版遵循三權分立的設計,sysdba(數據庫管理員)、syssso(安全管理員)、syssao(審計管理員)
數據庫安裝完成后,必須修改syssso用戶的密碼,否則syssso超期或密碼輸入錯誤次數過多會被鎖定,且無法恢復。
用戶密碼及密碼期限修改語句如下,每個用戶只能修改自己的密碼(例如:syssso只能修改自己的密碼,不能修改sysdba及其他用戶密碼)。密碼期限需使用syssso用戶進行修改
#各個用戶分別登錄數據庫,使用如下命令修改密碼
五、卸載HGDB
5.1、圖形化卸載
確保數據庫服務已經完全關閉,使用highgo用戶進入$PGHOME/bin,執行以下命令
./uninstall選擇是否刪除數據文件
?
?
?
使用root執行上面的腳本
[root@hgdb ~]# /data/highgo/4.3.4/hguninstall.sh Execute Success !
?卸載完成?。
5.2、非圖形化卸載
確保數據庫服務已經完全關閉,使用highgo用戶進入$PGHOME/bin,執行以下命令
[highgo@sds1 4.3.4]$ ./uninstall Command line uninstaller.Force the deletion of /data/highgo/4.3.4/data [y/n]y To finish the database uninstall, please follow the below steps:1. execute following script with root user/data/highgo/4.3.4/hguninstall.sh2. Press enter to continue, after hguninstall.sh execute successfully .[Press enter to continue!]使用root用戶執行腳本hguninstall.sh后按回車繼續
[root@hgdb data]# /data/highgo/4.3.4/hguninstall.sh Execute Success !注:如果執行./uninstall時選擇n,將只刪除HGDB軟件,保留data目錄
總結
以上是生活随笔為你收集整理的猿创征文|Highgo Database安全版安装指导手册的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Win10应用程序无法正常启动 提示0x
- 下一篇: 华为云ARM64服务器试用