- 在 Oracle Compute Cloud@Customer 上安装 Oracle Key Vault
- 了解如何配置服务器和群集
了解如何配置服务器和群集
安装并配置 Oracle Key Vault 后,需要配置服务器和集群,如本文所述。
配置服务器
在将用于执行配置的服务器上,按如下方式下载 RESTful OKV 服务软件包:
注意:
您必须为每台服务器配置一次此操作,因为下载内容包括 OKV 服务器的证书。- 在服务器根目录(例如
[root@c3bastion tmp]#)上,创建并导航到目录/tmp/okv:mkdir /tmp/okvcd /tmp/okvcurl -Ok --tlsv1.2 https://10.122.56.16:5695/okvrestclipackage.zip系统响应:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2740 100 2740 0 0 78 0 0:00:35 0:00:34 0:00:01 741 - 解压缩
okvrestclipackage.zip:unzip okvrestclipackage.zip系统响应:Archive: okvrestclipackage.zip creating: lib/ creating: bin/ inflating: bin/okv inflating: bin/okv.bat creating: conf/ inflating: conf/okvrestcli.ini inflating: conf/okvrestcli_logging.properties inflating: lib/okvrestcli.jar然后导航到bin:cd bin - 编辑
bin/okv以删除井号 (#) 以启用第二个export语句:#!/bin/bash export OKV_RESTCLI_DIR=$(dirname "${0}")/.. #export OKV_RESTCLI_CONFIG=$OKV_RESTCLI_DIR/conf/okvrestcli.ini if [ -z "$JAVA_HOME" ] then echo "JAVA_HOME environment variable is not set." exit 1 fi if [ -z "$OKV_RESTCLI_CONFIG" ] then echo "OKV_RESTCLI_CONFIG environment variable is not set." exit 1 fi export OKV_RESTCLI_JAR=$OKV_RESTCLI_DIR/lib/okvrestcli.jar $JAVA_HOME/bin/java jar $OKV_RESTCLI_JAR "$@"现在前三行应如下所示:!/bin/bash export OKV_RESTCLI_DIR=$(dirname "${0}")/.. export OKV_RESTCLI_CONFIG=$OKV_RESTCLI_DIR/conf/okvrestcli.ini - 编辑
conf/okvrestcli.ini并删除第四个到第六行的开头的井号,添加第一个服务器的专用 IP 地址,添加用户名,并删除以password开头的行:#Provide absolute path for log_property, okv_client_config properties [Default] #log_property=./conf/okvrestcli_logging.properties #server= #okv_client_config=./conf/okvclient.ora #user=name of an OKV-administrator with the SYSADMIN privilege client_wallet = .该文件现在应如下所示:#Provide absolute path for log_property, okv_client_config properties [Default] log_property=./conf/okvrestcli_logging.properties server=IP_address of OKV01 okv_client_config=./conf/okvclient.ora user=name of an OKV-administrator with the SYSADMIN privilege client_wallet = . - 下一步,设置 JAVA_HOME 变量。必须执行此操作,才能使
OKVREST 命令工作。- 确定 Java 版本:
java -version系统响应:openjdk version "1.8.0_372" OpenJDK Runtime Environment (build 1.8.0_372-b07) OpenJDK 64-Bit Server VM (build 25.372-b07, mixed mode) - 不支持 OpenJDK;Linux 程序
namei遵循符号链接并有助于确认 OpenJDK 的安装位置。输入:which java系统响应:/usr/bin/java然后输入:namei /usr/bin/java | grep " l "系统响应:l java --> /etc/alternatives/java l java --> /usr/lib/jvm/java 1.8.0 openjdk 1.8.0.372.b07 1.el7_9.x86_64/jre/bin/java - 现在,使用脚本友好的命令从服务器根(例如
[root@c3bastion okv])下载 Oracle Java,输入:wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm系统响应(为了简洁起见,已编辑此示例):Saving to: ‘jdk-17_linux-x64_bin.rpm’ 100%[============================================================================================================>] 182,170,753 22.3MB/s in 4.9s 2023-11-14 10:21:48 (35.5 MB/s) - ‘jdk-17_linux-x64_bin.rpm’ saved [182170753/182170753]现在,使用 yum 命令localinstall安装 JDK:yum localinstall ./jdk-17_linux-x64_bin.rpm系统响应:Loaded plugins: ulninfo Examining ./jdk-17_linux-x64_bin.rpm: 2000:jdk-17-17.0.9-11.x86_64 Marking ./jdk-17_linux-x64_bin.rpm to be installed . . . Installed: jdk-17.x86_64 2000:17.0.9-11 Complete! - 确认 java 安装过程已更新“alternatives(替代方案):
namei /usr/bin/java | grep " l "系统响应:l java --> /etc/alternatives/java l java --> /usr/lib/jvm/jdk 17 oracle x64/bin/java - 请注意,前面的输出标识了
JAVA_HOME。现在,将JAVA_HOME变量导出到系统:export JAVA_HOME=/usr/lib/jvm/jdk-17-oracle-x64 - 最后,要简化部署过程,请将具有
SYSADMIN权限的 OKV 管理员的密码存储在 wallet 中:okv admin client-wallet add --client-wallet . --wallet-user name of an OKV-administrator with the SYSADMIN privilege系统将提示键入口令:Password:输入具有SYSADMIN特权的 OKV 管理员的密码,系统将确认存储成功:{ "result" : "Success" }
- 确定 Java 版本:
配置集群
在服务器上安装和配置初始 OKV 软件后,现在可以配置群集。
从服务器根命令行执行以下步骤(例如,
[root@c3bastion okv])。
- 将独立 OKV 转换为候选节点;输入:
bin/okv cluster node create --cluster-name OCEAN11 --cluster-subgroup WEST_COAST --node-name OKV04系统响应:{ "result" : "Success", "value" : { "requestId" : "26032" } } - 现在检查集群节点状态:
bin/okv cluster node status --pairing-request-id 26032系统响应:{ "result" : "Success", "value" : { "status" : "IN-PROGRESS" } }几分钟后,“正在处理”将更改为“已成功”:{ "result" : "Success", "value" : { "status" : "SUCCEEDED" } }完成此步骤后,节点应显示在群集管理和监视选项卡中。
- 现在先添加第二个独立 OKV 服务器,以构建读写对。此命令在添加节点之前要求提供唯一的 nodeID 并确认已执行了哪个 nodeID:
okv cluster info get | jq -r '.value.nodes[].nodeID'okv cluster node add --candidate-node-ip-address 172.20.0.33 --candidate-node-user sadmin --cluster-subgroup WEST_COAST --mode READ-WRITE --node-id 2 --node-name OKV06系统响应:Recovery Passphrase:输入第一个 OKV 节点的密码。
Candidate Node Password:输入具有 SYSADMIN 权限的 OKV 管理员的密码。系统响应:{ "result" : "Success", "value" : { "requestId" : "3060" } } - 现在监视第一个节点的配置过程:
bin/okv cluster node status --pairing-steps TRUE --node-name OKV04系统响应:{ "result" : "Success", "value" : { "stages" : [ { "step1" : "Open transport channel with the candidate node", "status" : "COMPLETED" }, { "step2" : "Verify the candidate node details", "status" : "COMPLETED" }, { "step4" : "Generate the controller node details", "status" : "COMPLETED" }, { "step5" : "Generate backup of the controller node for cloning", "status" : "COMPLETED" }, { "step6" : "Send clone bundle to the candidate node", "status" : "" }, { "step7" : "Enable data replication (downstream mining configuration) to the candidate node", "status" : "" }, { "step8" : "Enable data replication to other cluster nodes", "status" : "" }, { "step9" : "The candidate node successfully joins the cluster", "status" : "" } ] } } - 现在检查第二个节点的进度:
bin/okv cluster node status --pairing-steps TRUE --candidate-node-ip-address 172.20.0.21 --candidate-node-user sadmin系统响应:Candidate Node Password输入口令并显示群集配置:{ "result" : "Success", "value" : { "stages" : [ { "step1" : "Send node details to the controller node", "status" : "COMPLETED" }, { "step2" : "Receive clone bundle from the controller node", "status" : "COMPLETED" }, { "step3" : "Restore backup on the candidate node", "status" : "COMPLETED" }, { "step4" : "Update credentials of the candidate node", "status" : "COMPLETED" }, { "step5" : "Tune the database on the candidate node", "status" : "COMPLETED" }, { "step6" : "Setup network configuration on the candidate node", "status" : "COMPLETED" }, { "step7" : "Enable data replication (downstream mining configuration) on the candidate node", "status" : "COMPLETED" }, { "step8" : "Enable data replication on the candidate node", "status" : "COMPLETED" } ] } } - 检查配对状态。如果配置成功,它将显示为无配对状态:
bin/okv cluster node status --pairing-steps TRUE --node-name OKV10系统响应:{ "result" : "Failure", "message" : "No pairing status" } - 最后,验证第一个双节点 OKV 读写对是否已准备好使用:
bin/okv cluster info get系统响应:{ "result" : "Success", "value" : { "clusterName" : "OCEAN11", "clusterSubgroups" : [ "WEST_COAST" ], "clusterVersion" : "21.7.0.0.0", "maximumDisableNodeDuration" : "24 hrs", "nodes" : [ { "nodeName" : "OKV04", "nodeID" : "1", "ipAddress" : "172.20.0.33", "mode" : "Read-Write", "status" : "ACTIVE", "readWritePeer" : "OKV05", "clusterSubgroup" : "WEST_COAST", "joinDate" : "2023-11-16 20:53:25", "disableDate" : "", "version" : "21.7.0.0.0" }, { "nodeName" : "OKV05", "nodeID" : "2", "ipAddress" : "172.20.0.21", "mode" : "Read-Write", "status" : "ACTIVE", "readWritePeer" : "OKV04", "clusterSubgroup" : "WEST_COAST", "joinDate" : "2023-11-16 21:02:24", "disableDate" : "", "version" : "21.7.0.0.0" } ] } }
Oracle Key Vault 现在应完全安装,您可以按 Oracle Key Vault 文档中所述使用它。