KingbaseES V8R6集群维护案例之---停用集群node_export进程
2024-08-30 20:02:49
案例说明:
在KingbaseES V8R6集群启动时,会启动node_exporter进程,此进程主要用于向kmonitor监控服务输出节点状态信息。在系统安全漏洞扫描中,提示出现以下安全漏洞:
对于未使用kmonitor建立集群监控的环境,可以将此进程禁用,而不影响集群正常管理和运行。
一、kmonitor监控服务架构
连接集群时,主节点部署kingbase_exporter以及node_exporter,备节点仅部署node_exporter。
单机部署时同时部署kingbase_exporter和node_exporter。
二、集群启动后node_export进程信息
# 查看进程信息
[kingbase@node102 bin]$ ps -ef |grep export
kingbase 23221 1 0 13:15 ? 00:00:00 /home/kingbase/cluster/R6HA/kha/kingbase/bin/../share/node_exporter
kingbase 23222 1 0 13:15 ? 00:00:00 /home/kingbase/cluster/R6HA/kha/kingbase/bin/../share/postgres_exporter
# 查看进程服务端口
[kingbase@node102 bin]$ netstat -antlp |grep node_export
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::9100 :::* LISTEN 23221/node_exporter
三、关闭和禁用node_export进程
Tips:
在集群中node_export进程的启动,是由bin/monitor_exporter.sh脚本管理,此脚本可以启动或关闭node_export服务。
1)在集群启动后通过monitor.sh关闭node_export
# 通过monitor.sh关闭node_export服务
[kingbase@node102 bin]$ ./monitor_exporter.sh stop
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Service process "node_export" was killed at process 23221
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Service process "postgres_ex" was killed at process 23222
# 查看node_export进程
[kingbase@node102 bin]$ ps -ef |grep export
2)修改sys_monitor.sh禁止node_export进程启动
重启sys_monitor.sh测试:
# 重启sys_monitor.sh
[kingbase@node102 bin]$ ./sys_monitor.sh restart
2022-08-30 13:22:16 Ready to stop all DB ...
.......
2022-08-30 13:23:06 repmgrd on "[192.168.1.102]" start success.
ID | Name | Role | Status | Upstream | repmgrd | PID | Paused? | Upstream last seen
----+---------+---------+-----------+----------+---------+-------+---------+--------------------
1 | node101 | primary | * running | | running | 25688 | no | n/a
2 | node102 | standby | running | node101 | running | 28962 | no | 1 second(s) ago
[2022-08-30 13:23:13] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/kha/kingbase/log/kbha.log"
[2022-08-30 13:23:14] [NOTICE] redirecting logging output to "/home/kingbase/cluster/R6HA/kha/kingbase/log/kbha.log"
2022-08-30 13:23:15 Done.
# 查看node_export进程状态
[kingbase@node102 bin]$ ps -ef |grep export
# 查看集群节点状态
[kingbase@node102 bin]$ ./repmgr cluster show
ID | Name | Role | Status | Upstream | Location | Priority | Timeline | Connection string
----+---------+---------+-----------+----------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------
1 | node101 | primary | * running | | default | 100 | 13 | host=192.168.1.101 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
2 | node102 | standby | running | node101 | default | 100 | 13 | host=192.168.1.102 user=system dbname=esrep port=54321 connect_timeout=10 keepalives=1 keepalives_idle=10 keepalives_interval=1 keepalives_count=3
=如上所示,node_export进程在集群启动时,没有被启动,此进程被禁用,不影响集群的正常运行和管理。=
四、总结
对于KingbaseES V8R6的集群node_export主要用于kmonitor监控服务,对于未部署此监控服务的环境,可以在集群中禁止node_export服务的启动。
最新文章
- jsp 头像上传显示部分代码实现
- 【lattice软核】ROM的使用
- 空MVC项目找不到System.Web.Optimization的处理办法
- java 虚拟机工具
- iphone的手势与触摸编程学习笔记
- jquery easyui将form表单元素的值序列化成对象
- 读写应用程序数据-NSUserDefault、对象归档(NSKeyedArchiver)、文件操作
- Java之Static静态修饰符详解
- BASE64Encoder问题类
- LeetCode: Distinct Subsequences [115]
- 【转载】彻底弄懂css中单位px和em,rem的区别
- 你想要的都在这里,ASP.NET Core MVC四种枚举绑定方式
- python3的字符串和字节
- eslint那些事儿
- 【转】htop使用详解--史上最强(没有之一)
- 洛谷 P1162 填涂颜色【DFS】
- CentOS和Windows下配置MySQL远程访问的教程
- [AX]AX2012 R2 采购订单的“Request change”
- 邮件服务器fixpost服务(1)
- 2018.07.07 洛谷 P3939 数颜色(主席树)