KingbaseES V8R6集群运维案例之---修改ssh端口后脚本创建互信

案例分析：
在KingbaseES V8R6集群部署时，需要建立节点之间ssh互信（或者使用securecmdd工具），在有的生产环境，为了安全起见会修改ssh的默认端口；KingbaseES V8R6集群部署提供了脚本用于创建ssh互信，如果修改了系统的ssh端口号后，也需要修改对应的脚本。

适用版本：
KingbaseES V8R6

一、集群节点信息

[root@node101 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.101   node101
192.168.1.102   node102
192.168.1.103   node103

二、配置系统修改ssh端口

[root@node101 ~]# cat /etc/ssh/sshd_config|grep -i port
# If you want to change the port on a SELinux system, you have to tell
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Port 222

[root@node101 ~]# cat /etc/services|grep ssh
ssh             222/tcp                          # The Secure Shell (SSH) Protocol
ssh             222/udp                          # The Secure Shell (SSH) Protocol

---如上所示，将ssh默认端口22改为222。

三、系统测试ssh连接

[root@node101 ~]# ssh -p 222 node102
root@node102's password:
Last login: Tue May 23 14:41:48 2023 from 192.168.1.101

[kingbase@node102 ~]$ ssh node101 -p 222
kingbase@node101's password:
Last login: Tue May 23 14:42:51 2023 from 192.168.1.102

---如上所示，可以通过ssh 222端口建立连接。

三、修改部署脚本ssh端口

1、查看脚本文件

# 如下所示，trust_cluster.sh用于创建ssh互信。
[kingbase@node101 r6_install]$ ls -lh
total 264M
-rw-rw-r-- 1 kingbase kingbase 261M Apr  7  2022 db.zip
-rw-rw-r-- 1 kingbase kingbase 9.0K Aug  8  2022 install.conf
-rwxr-x--- 1 kingbase kingbase 3.4K Apr  7 14:07 license.dat
-rw-rw-r-- 1 kingbase kingbase 2.1M Apr  7  2022 securecmdd.zip
-rwxrwxr-x 1 kingbase kingbase 3.3K Apr  7  2022 trust_cluster.sh
-rwxr-xr-x 1 kingbase kingbase  87K Aug  8  2022 V8R6_cluster_install.sh

2、查看脚本中ssh配置
如下所示：trust_cluster.sh脚本中指定ssh端口的位置，需要读取install.conf文件中ssh_port参数。

3、修改配置文件install.conf和脚本

[kingbase@node101 r6_install]$ cat install.conf |grep ssh_port
ssh_port="222"                    # the port of ssh, default is 22

[kingbase@node101 r6_install]$ cat trust_cluster.sh |grep 222
[ "${ssh_port}"x = ""x ] && ssh_port=222
ssh -q -o Batchmode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o ServerAliveInterval=2 -o ServerAliveCountMax=5 -p 222 root@localhost "/bin/true 2>/dev/null || /usr/bin/true 2>/dev/null"

四、执行脚本创建ssh互信

[root@node101 ~]# cd /home/kingbase/r6_install/
[root@node101 r6_install]# sh trust_cluster.sh
Generating public/private rsa key pair.
Your identification hasbeen saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yYAYwVk2GWG4ywfSWftgnmz8BUAbYWR5eW4Ftor9Dw0 root@node101
The key's randomart image is:
+---[RSA 2048]----+
| .oB#* .o.       |
|  +B==o....      |
| ..+o+.o..       |
|. = +o.+o.       |
| o B.+ooE        |
|  o B ...o       |
|   o . .o .      |
|      .  o       |
|          .      |
+----[SHA256]-----+
root@192.168.1.102's password:
root@192.168.1.102's password:
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IskHNGjXdEmbN+ONH7XWDOBimvD3cdsLYFRidNDMYBk root@node102
The key's randomart image is:
+---[RSA 2048]----+
|   .oo..o..EXo   |
|  o......ooo+=   |
| . .. . o *.. o  |
|   . o o *.* . = |
|    + o S +o+ + o|
|     o . ..o.= o |
|            o.. .|
|              . .|
|               . |
+----[SHA256]-----+
root@192.168.1.102's password:
authorized_keys                                                                100%  394   739.7KB/s   00:00
id_rsa                                                                         100% 1679     4.0MB/s   00:00
id_rsa.pub                                                                     100%  394     1.5MB/s   00:00
known_hosts                                                                    100%  372     1.1MB/s   00:00
The authenticity of host '[192.168.1.101]:222 ([192.168.1.101]:222)' can't be established.
ECDSA key fingerprint is SHA256:ACjDx1phzBUWGNOtXaeDl+NS6L5FGdUKXh4kjzWwVyk.
ECDSA key fingerprint is MD5:bb:98:fe:fb:94:fc:cf:3c:99:72:7f:09:91:25:64:23.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.101]:222' (ECDSA) to the list of known hosts.

五、测试ssh互信

如下所示，root用户及kingbase用户的ssh互信创建成功。
[root@node101 r6_install]# ssh node102
Last login: Tue May 23 14:44:29 2023 from 192.168.1.101

[root@node101 r6_install]# su - kingbase
Last login: Tue May 23 14:44:53 CST 2023 on pts/0

[kingbase@node101 ~]$ ssh node102
Last login: Tue May 23 14:43:48 2023 from 192.168.1.101

[kingbase@node102 ~]$ ssh node101
Last login: Tue May 23 14:49:36 2023 from 192.168.1.102


[kingbase@node101 r6_install]$ ssh -p 222 root@node102
Last login: Tue May 23 14:48:35 2023 from 192.168.1.101

六、总结

对于集群环境修改了ssh端口后，注意系统和脚本都要做相应的修改，才能完成ssh互信的创建。

本栏目推荐文章
• 笑死~我的博客美化脚本分享
• python | 小游戏 开局托儿所 自动化脚本 pyautogui
• 分布式限流——基于Redis的Lua脚本限流实现
• 4- if 流程语句和案例
• 十行python代码实现文件去重，去除重复文件的脚本
• Windows Server 2016 & 2019 工作站速配脚本
• 绕过安全限制，通过cmd执行PowerShell脚本（2）
• Spark版本不兼容导致Standalone集群无法连接问题
• 案例分享：游戏行业各岗位的KPI绩效指标制定
• Linux 部署redis集群（三主三从）

集群 端口 脚本 KingbaseES 案例集群 脚本kingbasees案例 集群 端口kingbasees案例 集群 端口 脚本kingbasees 集群kingbasees案例v8r6 集群kingbasees案例cluster 案例kingbase_monitor集群kingbasees 集群kingbasees案例 数据库 集群kingbasees failover案例 节点 集群 脚本kingbasees 集群sys_monitor kingbasees案例