- 在 Oracle Compute Cloud@Customer 上安裝 Oracle Key Vault
- 瞭解如何設定伺服器和叢集
瞭解如何設定伺服器和叢集
安裝並設定 Oracle Key Vault 之後,必須同時設定伺服器與叢集,如本文所述。
設定伺服器
您將用來執行組態的伺服器上,下載 RESTful OKV 服務套裝軟體的方式如下:
附註:
您必須在每個伺服器上執行此動作一次,因為下載包含 OKV 伺服器的憑證。- 在伺服器根目錄 (例如,
[root@c3bastion tmp]#) 建立並瀏覽至目錄/tmp/okv:mkdir /tmp/okvcd /tmp/okvcurl -Ok --tlsv1.2 https://10.122.56.16:5695/okvrestclipackage.zip系統回應:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2740 100 2740 0 0 78 0 0:00:35 0:00:34 0:00:01 741 - 解壓縮
okvrestclipackage.zip:unzip okvrestclipackage.zip系統回應:Archive: okvrestclipackage.zip creating: lib/ creating: bin/ inflating: bin/okv inflating: bin/okv.bat creating: conf/ inflating: conf/okvrestcli.ini inflating: conf/okvrestcli_logging.properties inflating: lib/okvrestcli.jar然後導覽至bin:cd bin - 編輯
bin/okv可移除井字號 (#) 以啟用第二個export敘述句:#!/bin/bash export OKV_RESTCLI_DIR=$(dirname "${0}")/.. #export OKV_RESTCLI_CONFIG=$OKV_RESTCLI_DIR/conf/okvrestcli.ini if [ -z "$JAVA_HOME" ] then echo "JAVA_HOME environment variable is not set." exit 1 fi if [ -z "$OKV_RESTCLI_CONFIG" ] then echo "OKV_RESTCLI_CONFIG environment variable is not set." exit 1 fi export OKV_RESTCLI_JAR=$OKV_RESTCLI_DIR/lib/okvrestcli.jar $JAVA_HOME/bin/java jar $OKV_RESTCLI_JAR "$@"前三行現在的外觀如下:!/bin/bash export OKV_RESTCLI_DIR=$(dirname "${0}")/.. export OKV_RESTCLI_CONFIG=$OKV_RESTCLI_DIR/conf/okvrestcli.ini - 編輯
conf/okvrestcli.ini並移除第四個到第六行開頭的井號、新增第一部伺服器的專用 IP 位址、新增使用者名稱,以及刪除開頭為password的行:#Provide absolute path for log_property, okv_client_config properties [Default] #log_property=./conf/okvrestcli_logging.properties #server= #okv_client_config=./conf/okvclient.ora #user=name of an OKV-administrator with the SYSADMIN privilege client_wallet = .檔案現在看起來會像是下列內容:#Provide absolute path for log_property, okv_client_config properties [Default] log_property=./conf/okvrestcli_logging.properties server=IP_address of OKV01 okv_client_config=./conf/okvclient.ora user=name of an OKV-administrator with the SYSADMIN privilege client_wallet = . - 接著,設定您的 JAVA_HOME 變數。必須完成此動作,
OKVREST 命令才能運作。- 識別您的 Java 版本:
java -version系統回應:openjdk version "1.8.0_372" OpenJDK Runtime Environment (build 1.8.0_372-b07) OpenJDK 64-Bit Server VM (build 25.372-b07, mixed mode) - 不支援 OpenJDK;Linux 程式
namei遵循符號連結,可協助確認安裝 OpenJDK 的位置。請輸入:which java系統回應:/usr/bin/java接著輸入:namei /usr/bin/java | grep " l "系統回應:l java --> /etc/alternatives/java l java --> /usr/lib/jvm/java 1.8.0 openjdk 1.8.0.372.b07 1.el7_9.x86_64/jre/bin/java - 現在,使用命令檔易記命令從伺服器根目錄 (例如
[root@c3bastion okv]) 下載 Oracle Java;輸入:wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm系統回應 (已編輯此範例以求違反):Saving to: ‘jdk-17_linux-x64_bin.rpm’ 100%[============================================================================================================>] 182,170,753 22.3MB/s in 4.9s 2023-11-14 10:21:48 (35.5 MB/s) - ‘jdk-17_linux-x64_bin.rpm’ saved [182170753/182170753]現在,使用 yum 命令localinstall來安裝 JDK:yum localinstall ./jdk-17_linux-x64_bin.rpm系統回應:Loaded plugins: ulninfo Examining ./jdk-17_linux-x64_bin.rpm: 2000:jdk-17-17.0.9-11.x86_64 Marking ./jdk-17_linux-x64_bin.rpm to be installed . . . Installed: jdk-17.x86_64 2000:17.0.9-11 Complete! - 確認 java 安裝處理作業已更新「替代項目」:
namei /usr/bin/java | grep " l "系統回應:l java --> /etc/alternatives/java l java --> /usr/lib/jvm/jdk 17 oracle x64/bin/java - 請注意,先前的輸出會識別
JAVA_HOME。現在,將JAVA_HOME變數匯出至系統:export JAVA_HOME=/usr/lib/jvm/jdk-17-oracle-x64 - 最後,為了簡化建置處理作業,請將具有
SYSADMIN權限的 OKV 管理員密碼儲存在公事包中:okv admin client-wallet add --client-wallet . --wallet-user name of an OKV-administrator with the SYSADMIN privilege系統會提示您輸入密碼:Password:輸入具備SYSADMIN權限的 OKV 管理員密碼,系統便會確認成功的儲存體:{ "result" : "Success" }
- 識別您的 Java 版本:
設定叢集
在伺服器上安裝並設定初始 OKV 軟體之後,您現在可以設定叢集。
從伺服器根命令行執行下列步驟 (例如,
[root@c3bastion okv])。
- 將獨立 OKV 轉換為候選節點;輸入:
bin/okv cluster node create --cluster-name OCEAN11 --cluster-subgroup WEST_COAST --node-name OKV04系統回應:{ "result" : "Success", "value" : { "requestId" : "26032" } } - 現在檢查叢集節點狀態:
bin/okv cluster node status --pairing-request-id 26032系統回應:{ "result" : "Success", "value" : { "status" : "IN-PROGRESS" } }在片刻之後, "IN-PROGRESS" 變更為 "SUCCEEDED" :{ "result" : "Success", "value" : { "status" : "SUCCEEDED" } }完成此步驟之後,節點應該會顯示在叢集管理和監督頁籤中。
- 現在,請先新增第二個獨立 OKV 伺服器,以建立讀寫組。此命令會先詢問唯一的 nodeID,再新增節點並確認已經使用哪一個 nodeID:
okv cluster info get | jq -r '.value.nodes[].nodeID'okv cluster node add --candidate-node-ip-address 172.20.0.33 --candidate-node-user sadmin --cluster-subgroup WEST_COAST --mode READ-WRITE --node-id 2 --node-name OKV06系統回應:Recovery Passphrase:輸入第一個 OKV 節點的密碼。
Candidate Node Password:輸入具備 SYSADMIN 權限之 OKV 管理員的密碼。系統回應:{ "result" : "Success", "value" : { "requestId" : "3060" } } - 現在監督第一個節點的組態處理作業:
bin/okv cluster node status --pairing-steps TRUE --node-name OKV04系統回應:{ "result" : "Success", "value" : { "stages" : [ { "step1" : "Open transport channel with the candidate node", "status" : "COMPLETED" }, { "step2" : "Verify the candidate node details", "status" : "COMPLETED" }, { "step4" : "Generate the controller node details", "status" : "COMPLETED" }, { "step5" : "Generate backup of the controller node for cloning", "status" : "COMPLETED" }, { "step6" : "Send clone bundle to the candidate node", "status" : "" }, { "step7" : "Enable data replication (downstream mining configuration) to the candidate node", "status" : "" }, { "step8" : "Enable data replication to other cluster nodes", "status" : "" }, { "step9" : "The candidate node successfully joins the cluster", "status" : "" } ] } } - 現在檢查第二個節點的進度 :
bin/okv cluster node status --pairing-steps TRUE --candidate-node-ip-address 172.20.0.21 --candidate-node-user sadmin系統回應:Candidate Node Password輸入密碼並顯示叢集組態:{ "result" : "Success", "value" : { "stages" : [ { "step1" : "Send node details to the controller node", "status" : "COMPLETED" }, { "step2" : "Receive clone bundle from the controller node", "status" : "COMPLETED" }, { "step3" : "Restore backup on the candidate node", "status" : "COMPLETED" }, { "step4" : "Update credentials of the candidate node", "status" : "COMPLETED" }, { "step5" : "Tune the database on the candidate node", "status" : "COMPLETED" }, { "step6" : "Setup network configuration on the candidate node", "status" : "COMPLETED" }, { "step7" : "Enable data replication (downstream mining configuration) on the candidate node", "status" : "COMPLETED" }, { "step8" : "Enable data replication on the candidate node", "status" : "COMPLETED" } ] } } - 檢查配對狀態。如果組態成功,它會顯示為無配對狀態:
bin/okv cluster node status --pairing-steps TRUE --node-name OKV10系統回應:{ "result" : "Failure", "message" : "No pairing status" } - 最後,確認前兩個節點的 OKV 讀寫組已可供使用:
bin/okv cluster info get系統回應:{ "result" : "Success", "value" : { "clusterName" : "OCEAN11", "clusterSubgroups" : [ "WEST_COAST" ], "clusterVersion" : "21.7.0.0.0", "maximumDisableNodeDuration" : "24 hrs", "nodes" : [ { "nodeName" : "OKV04", "nodeID" : "1", "ipAddress" : "172.20.0.33", "mode" : "Read-Write", "status" : "ACTIVE", "readWritePeer" : "OKV05", "clusterSubgroup" : "WEST_COAST", "joinDate" : "2023-11-16 20:53:25", "disableDate" : "", "version" : "21.7.0.0.0" }, { "nodeName" : "OKV05", "nodeID" : "2", "ipAddress" : "172.20.0.21", "mode" : "Read-Write", "status" : "ACTIVE", "readWritePeer" : "OKV04", "clusterSubgroup" : "WEST_COAST", "joinDate" : "2023-11-16 21:02:24", "disableDate" : "", "version" : "21.7.0.0.0" } ] } }
Oracle Key Vault 現在應完整安裝,且如 Oracle Key Vault 文件中所述加以使用。