MHA+非root使用者SSH等效性配置，mha非rootssh

MHA+非root使用者SSH等效性配置，mha非rootssh

環境：CentOS5.8

             MySQL5.5.17

實驗：搭建MHA高可用架構（非root使用者SSH等效性配置）SSH等效性使用者配置的是：concert  連接埠：1314

MHA設定檔

[concert@mhamanager mha]$ more /etc/masterha_default.cnf
[server default]
user          = root
password      = mysql_admin
ssh_user      = concert
ssh_port      = 1314
repl_user     = repl
repl_password = repl_pwd
ping_interval = 3
ping_type     = select

 

[concert@mhamanager mha]$ more /etc/appl.cnf
[server default]
manager_workdir    = /mha/appl
manager_log        = /mha/appl/manager.log
remote_workdir     = /mha/appl

[server1]
hostname           = 192.168.66.88
master_binlog_dir  = /data/lib/mysql
candidate_master   = 1

[server2]
hostname           = 192.168.66.89
master_binlog_dir  = /data/lib/mysql
candidate_master   = 1

[server3]
hostname           = 192.168.66.120
no_master          = 1
port               = 3307

 

問題：配置好非root使用者SSH等效性後，通過masterha_check_ssh檢查沒有問題

[concert@mhamanager ~]$ /usr/bin/masterha_check_ssh --conf=/etc/appl.cnf 
Tue Sep  2 15:06:01 2014 - [info] Reading default configuratoins from /etc/masterha_default.cnf..
Tue Sep  2 15:06:01 2014 - [info] Reading application default configurations from /etc/appl.cnf..
Tue Sep  2 15:06:01 2014 - [info] Reading server configurations from /etc/appl.cnf..
Tue Sep  2 15:06:01 2014 - [info] Starting SSH connection tests..
Tue Sep  2 15:06:01 2014 - [debug] 
Tue Sep  2 15:06:01 2014 - [debug]  Connecting via SSH from concert@192.168.66.88(192.168.66.88:1314) to concert@192.168.66.89(192.168.66.89:1314)..
Tue Sep  2 15:06:01 2014 - [debug]   ok.
Tue Sep  2 15:06:01 2014 - [debug]  Connecting via SSH from concert@192.168.66.88(192.168.66.88:1314) to concert@192.168.66.120(192.168.66.120:1314)..
Tue Sep  2 15:06:01 2014 - [debug]   ok.
Tue Sep  2 15:06:02 2014 - [debug] 
Tue Sep  2 15:06:01 2014 - [debug]  Connecting via SSH from concert@192.168.66.89(192.168.66.89:1314) to concert@192.168.66.88(192.168.66.88:1314)..
Tue Sep  2 15:06:01 2014 - [debug]   ok.
Tue Sep  2 15:06:01 2014 - [debug]  Connecting via SSH from concert@192.168.66.89(192.168.66.89:1314) to concert@192.168.66.120(192.168.66.120:1314)..
Tue Sep  2 15:06:02 2014 - [debug]   ok.
Tue Sep  2 15:06:02 2014 - [debug] 
Tue Sep  2 15:06:02 2014 - [debug]  Connecting via SSH from concert@192.168.66.120(192.168.66.120:1314) to concert@192.168.66.88(192.168.66.88:1314)..
Tue Sep  2 15:06:02 2014 - [debug]   ok.
Tue Sep  2 15:06:02 2014 - [debug]  Connecting via SSH from concert@192.168.66.120(192.168.66.120:1314) to concert@192.168.66.89(192.168.66.89:1314)..
Tue Sep  2 15:06:02 2014 - [debug]   ok.
Tue Sep  2 15:06:02 2014 - [info] All SSH connection tests passed successfully.

但通過masterha_check_repl檢查則不通過

[concert@mhamanager ~]$ /usr/bin/masterha_check_repl --conf=/etc/appl.cnf 
Tue Sep  2 17:10:08 2014 - [info] Reading default configuratoins from /etc/masterha_default.cnf..
Tue Sep  2 17:10:08 2014 - [info] Reading application default configurations from /etc/appl.cnf..
Tue Sep  2 17:10:08 2014 - [info] Reading server configurations from /etc/appl.cnf..
Tue Sep  2 17:10:08 2014 - [info] MHA::MasterMonitor version 0.55.
Tue Sep  2 17:10:08 2014 - [info] Dead Servers:
Tue Sep  2 17:10:08 2014 - [info] Alive Servers:
Tue Sep  2 17:10:08 2014 - [info]   192.168.66.88(192.168.66.88:3306)
Tue Sep  2 17:10:08 2014 - [info]   192.168.66.89(192.168.66.89:3306)
Tue Sep  2 17:10:08 2014 - [info]   192.168.66.120(192.168.66.120:3307)
Tue Sep  2 17:10:08 2014 - [info] Alive Slaves:
Tue Sep  2 17:10:08 2014 - [info]   192.168.66.89(192.168.66.89:3306)  Version=5.5.17-log (oldest major version between slaves) log-bin:enabled
Tue Sep  2 17:10:08 2014 - [info]     Replicating from 192.168.66.88(192.168.66.88:3306)
Tue Sep  2 17:10:08 2014 - [info]     Primary candidate for the new Master (candidate_master is set)
Tue Sep  2 17:10:08 2014 - [info]   192.168.66.120(192.168.66.120:3307)  Version=5.5.17-log (oldest major version between slaves) log-bin:enabled
Tue Sep  2 17:10:08 2014 - [info]     Replicating from 192.168.66.88(192.168.66.88:3306)
Tue Sep  2 17:10:08 2014 - [info]     Not candidate for the new Master (no_master is set)
Tue Sep  2 17:10:08 2014 - [info] Current Alive Master: 192.168.66.88(192.168.66.88:3306)
Tue Sep  2 17:10:08 2014 - [info] Checking slave configurations..
Tue Sep  2 17:10:08 2014 - [info] Checking replication filtering settings..
Tue Sep  2 17:10:08 2014 - [info]  binlog_do_db= , binlog_ignore_db= 
Tue Sep  2 17:10:08 2014 - [info]  Replication filtering check ok.
Tue Sep  2 17:10:08 2014 - [info] Starting SSH connection tests..
Tue Sep  2 17:10:10 2014 - [error][/usr/lib/perl5/vendor_perl/MHA/MasterMonitor.pm, ln386] Error happend on checking configurations. SSH Configuration Check Failed!
 at /usr/lib/perl5/vendor_perl/MHA/MasterMonitor.pm line 341
Tue Sep  2 17:10:10 2014 - [error][/usr/lib/perl5/vendor_perl/MHA/MasterMonitor.pm, ln482] Error happened on monitoring servers.
Tue Sep  2 17:10:10 2014 - [info] Got exit code 1 (Not master dead).

MySQL Replication Health is NOT OK!

解決方案：

1、增加remote_workdir（運行MySQL執行個體的伺服器）的工作目錄許可權，其中會組建記錄檔檔案，將該目錄擁有者設為concert   

[root@master88 ~]# chown -R concert:concert /mha/                

 2、添加concert為MySQL同組使用者，使其有讀取MySQL binary/relay log檔案和relay_log.info檔案的許可權，以及日誌目錄的寫入權限

[root@bakmaster ~]# usermod -g mysql concert

再次檢查

[concert@mhamanager mha]$ /usr/bin/masterha_check_repl --conf=/etc/appl.cnf
Wed Sep  3 22:27:41 2014 - [info] Reading default configuratoins from /etc/masterha_default.cnf..
Wed Sep  3 22:27:41 2014 - [info] Reading application default configurations from /etc/appl.cnf..
Wed Sep  3 22:27:41 2014 - [info] Reading server configurations from /etc/appl.cnf..
Wed Sep  3 22:27:41 2014 - [info] MHA::MasterMonitor version 0.55.
Wed Sep  3 22:27:41 2014 - [info] Dead Servers:
Wed Sep  3 22:27:41 2014 - [info] Alive Servers:
Wed Sep  3 22:27:41 2014 - [info]   192.168.66.88(192.168.66.88:3306)
Wed Sep  3 22:27:41 2014 - [info]   192.168.66.89(192.168.66.89:3306)
Wed Sep  3 22:27:41 2014 - [info]   192.168.66.120(192.168.66.120:3307)
Wed Sep  3 22:27:41 2014 - [info] Alive Slaves:
Wed Sep  3 22:27:41 2014 - [info]   192.168.66.89(192.168.66.89:3306)  Version=5.5.17-log (oldest major version between slaves) log-bin:enabled
Wed Sep  3 22:27:41 2014 - [info]     Replicating from 192.168.66.88(192.168.66.88:3306)
Wed Sep  3 22:27:41 2014 - [info]     Primary candidate for the new Master (candidate_master is set)
Wed Sep  3 22:27:41 2014 - [info]   192.168.66.120(192.168.66.120:3307)  Version=5.5.17-log (oldest major version between slaves) log-bin:enabled
Wed Sep  3 22:27:41 2014 - [info]     Replicating from 192.168.66.88(192.168.66.88:3306)
Wed Sep  3 22:27:41 2014 - [info]     Not candidate for the new Master (no_master is set)
Wed Sep  3 22:27:41 2014 - [info] Current Alive Master: 192.168.66.88(192.168.66.88:3306)
Wed Sep  3 22:27:41 2014 - [info] Checking slave configurations..
Wed Sep  3 22:27:41 2014 - [info] Checking replication filtering settings..
Wed Sep  3 22:27:41 2014 - [info]  binlog_do_db= , binlog_ignore_db=
Wed Sep  3 22:27:41 2014 - [info]  Replication filtering check ok.
Wed Sep  3 22:27:41 2014 - [info] Starting SSH connection tests..
Wed Sep  3 22:27:42 2014 - [info] All SSH connection tests passed successfully.
Wed Sep  3 22:27:42 2014 - [info] Checking MHA Node version..
Wed Sep  3 22:27:43 2014 - [info]  Version check ok.
Wed Sep  3 22:27:43 2014 - [info] Checking SSH publickey authentication settings on the current master..
Wed Sep  3 22:27:43 2014 - [info] HealthCheck: SSH to 192.168.66.88 is reachable.
Wed Sep  3 22:27:43 2014 - [info] Master MHA Node version is 0.54.
Wed Sep  3 22:27:43 2014 - [info] Checking recovery script configurations on the current master..
Wed Sep  3 22:27:43 2014 - [info]   Executing command: save_binary_logs --command=test --start_pos=4 --binlog_dir=/data/lib/mysql --output_file=/mha/appl/save_binary_logs_test --manager_version=0.55 --start_file=mysql-bin.000004
Wed Sep  3 22:27:43 2014 - [info]   Connecting to concert@192.168.66.88(192.168.66.88)..
  Creating /mha/appl if not exists..    ok.
  Checking output directory is accessible or not..
   ok.
  Binlog found at /data/lib/mysql, up to mysql-bin.000004
Wed Sep  3 22:27:43 2014 - [info] Master setting check done.
Wed Sep  3 22:27:43 2014 - [info] Checking SSH publickey authentication and checking recovery script configurations on all alive slave servers..
Wed Sep  3 22:27:43 2014 - [info]   Executing command : apply_diff_relay_logs --command=test --slave_user='root' --slave_host=192.168.66.89 --slave_ip=192.168.66.89 --slave_port=3306 --workdir=/mha/appl --target_version=5.5.17-log --manager_version=0.55 --relay_log_info=/data/lib/mysql/relay-log.info  --relay_dir=/data/lib/mysql/  --slave_pass=xxx
Wed Sep  3 22:27:43 2014 - [info]   Connecting to concert@192.168.66.89(192.168.66.89:1314)..
  Checking slave recovery environment settings..
    Opening /data/lib/mysql/relay-log.info ... ok.
    Relay log found at /data/lib/mysql, up to mysql-relay-bin.000006
    Temporary relay log file is /data/lib/mysql/mysql-relay-bin.000006
    Testing mysql connection and privileges.. done.
    Testing mysqlbinlog output.. done.
    Cleaning up test file(s).. done.
Wed Sep  3 22:27:43 2014 - [info]   Executing command : apply_diff_relay_logs --command=test --slave_user='root' --slave_host=192.168.66.120 --slave_ip=192.168.66.120 --slave_port=3307 --workdir=/mha/appl --target_version=5.5.17-log --manager_version=0.55 --relay_log_info=/data/lib/mysqlb/relay-log.info  --relay_dir=/data/lib/mysqlb/  --slave_pass=xxx
Wed Sep  3 22:27:43 2014 - [info]   Connecting to concert@192.168.66.120(192.168.66.120:1314)..
  Checking slave recovery environment settings..
    Opening /data/lib/mysqlb/relay-log.info ... ok.
    Relay log found at /data/lib/mysqlb, up to mysql-relay-bin.000005
    Temporary relay log file is /data/lib/mysqlb/mysql-relay-bin.000005
    Testing mysql connection and privileges.. done.
    Testing mysqlbinlog output.. done.
    Cleaning up test file(s).. done.
Wed Sep  3 22:27:44 2014 - [info] Slaves settings check done.
Wed Sep  3 22:27:44 2014 - [info]
192.168.66.88 (current master)
 +--192.168.66.89
 +--192.168.66.120

Wed Sep  3 22:27:44 2014 - [info] Checking replication health on 192.168.66.89..
Wed Sep  3 22:27:44 2014 - [info]  ok.
Wed Sep  3 22:27:44 2014 - [info] Checking replication health on 192.168.66.120..
Wed Sep  3 22:27:44 2014 - [info]  ok.
Wed Sep  3 22:27:44 2014 - [warning] master_ip_failover_script is not defined.
Wed Sep  3 22:27:44 2014 - [warning] shutdown_script is not defined.
Wed Sep  3 22:27:44 2014 - [info] Got exit code 0 (Not master dead).

MySQL Replication Health is OK.

 

OK!問題解決。

 

如果要使得SSH伺服器可以夠允許root使用者遠程登入，則需要設定相關設定檔中的哪個參數？

編輯vi /etc/ssh/sshd_configPermitRootLogin yes重啟服務service sshd restart
 
教下大家，在linux怎設定ROOT使用者不可以遠程SSH登入，但是可以通過SSH普通使用者SU登入ROOT

修改/etc/ssh/sshd_config(sshd_config不一定在這個路徑，但是你自己在/etc找一下)

PermitRootLogin yes 改為 PermitRootLogin no
相關安全選項：
PermitEmptyPasswords 是否允許空密碼登入，PermitEmptyPasswords yes如果你的root是空密碼就可以用空密碼登陸了。
PasswordAuthentication 配置是否使用口令驗證。
/etc/init.d/ssh stop && /etc/init.d/ssh start