解決clickhouse裸奔問題

上次安裝完成以後，遺漏了3個問題

1、查看集羣信息爲什麼會出現這麼多test的集羣

2、用戶鑑權問題

3、如何放開連接的IP地址

問題1： 查看集羣信息爲什麼會出現這麼多test的集羣。

只需要將/etc/clickhouse-server/config.xml配置文件中的test註釋就可以了再次查詢就正常了

<remote_servers incl="clickhouse_remote_servers" >
        <!-- Test only shard config for testing distributed storage -->
   <!--     <test_shard_localhost>
            <shard>
                <replica>
                    <host>localhost</host>
                    <port>9000</port>
                </replica>
            </shard>
        </test_shard_localhost>
        <test_cluster_two_shards_localhost>
             <shard>
                 <replica>
                     <host>localhost</host>
                     <port>9000</port>
                 </replica>
             </shard>
             <shard>
                 <replica>
                     <host>localhost</host>
                     <port>9000</port>
                 </replica>
             </shard>
        </test_cluster_two_shards_localhost>
        <test_cluster_two_shards>
            <shard>
                <replica>
                    <host>127.0.0.1</host>
                    <port>9000</port>
                </replica>
            </shard>
            <shard>
                <replica>
                    <host>127.0.0.2</host>
                    <port>9000</port>
                </replica>
            </shard>
        </test_cluster_two_shards>
        <test_shard_localhost_secure>
            <shard>
                <replica>
                    <host>localhost</host>
                    <port>9440</port>
                    <secure>1</secure>
                </replica>
            </shard>
        </test_shard_localhost_secure>
        <test_unavailable_shard>
            <shard>
                <replica>
                    <host>localhost</host>
                    <port>9000</port>
                </replica>
            </shard>
            <shard>
                <replica>
                    <host>localhost</host>
                    <port>1</port>
                </replica>
            </shard>
        </test_unavailable_shard> -->
    </remote_servers>

再次查詢就沒有test集羣了

cdh3 :) SELECT * FROM system.clusters;

SELECT *
FROM system.clusters

┌─cluster────────────────────┬─shard_num─┬─shard_weight─┬─replica_num─┬─host_name─┬─host_address───┬─port─┬─is_local─┬─user────┬─default_database─┬─errors_count─┬─estimated_recovery_time─┐
│ perftest_3shards_2replicas │         1 │            1 │           1 │ cdh1      │ 192.168.18.160 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         2 │            1 │           1 │ cdh2      │ 192.168.18.161 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         3 │            1 │           1 │ cdh3      │ 192.168.18.162 │ 9000 │        1 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         4 │            1 │           1 │ cdh4      │ 192.168.18.163 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         5 │            1 │           1 │ cdh5      │ 192.168.18.164 │ 9000 │        0 │ default │                  │            0 │                       0 │
└────────────────────────────┴───────────┴──────────────┴─────────────┴───────────┴────────────────┴──────┴──────────┴─────────┴──────────────────┴──────────────┴─────────────────────────┘

5 rows in set. Elapsed: 0.005 sec.

問題2:用戶鑑權問題

修改user.xml文件

如果使用明文直接配置下面這個就可以了，clickhouse還支持sha256和sha1這2種password_sha256_hex、password_double_sha1_hex

<password></password>

這裏我選擇了password_sha256_hex。需要註釋了明文的標籤

<!--
<password></password>
        -->
 <password_sha256_hex>d212ca06a4aa364b46fbbd7464f27866a69009e0c1a82a0caf5771fe55b1de35</password_sha256_hex>

另外增加了一個用戶xlucas只讀用戶

其中部分的配置如下

<users>

        <default>
        <password_sha256_hex>d212ca06a4aa364b46fbbd7464f27866a69009e0c1a82a0caf5771fe55b1de35</password_sha256_hex>
            
            <networks incl="networks" replace="replace">
                <ip>::/0</ip>
            </networks>
            <quota>default</quota>
        </default>
        <xlucas>
            <password>123456</password>
            <networks incl="networks" replace="replace">
            <ip>::/0</ip>
            </networks>
            <profile>readonly</profile>
            <quota>default</quota>
        </xlucas>
    </users>

其中生成sha256sum的Hash值可以執行如下命令（第一行），回車後輸出兩行信息（第二行和第三行），其中第二行是原始密碼，第三行是加密的密文，配置文件使用第三行的字符串，客戶端登陸是使用第二行的密碼

[root@cdh3 bin]# PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
hogxNyM9
d212ca06a4aa364b46fbbd7464f27866a69009e0c1a82a0caf5771fe55b1de35

修改metrika.xml文件，在每臺機器下面的每個配置都需要增user和password

<internal_replication>true</internal_replication>  
          <host>cdh2</host>  
          <port>9000</port> 
        <user>default</user>
        <password>hogxNyM9</password>

重啓服務：

/etc/init.d/clickhouse-server stop
/etc/init.d/clickhouse-server start
查看服務是否是running
/etc/init.d/clickhouse-server status

驗證
不使用密碼連接是會報錯的

[root@cdh2 clickhouse-server]# clickhouse-client
ClickHouse client version 20.1.6.30 (official build).
Connecting to localhost:9000 as user default.
Code: 194. DB::Exception: Received from localhost:9000. DB::Exception: Password required for user default.

使用用戶和密碼連接

[root@cdh4 clickhouse-server]# clickhouse-client -h 127.0.0.1 --port 9000 -u default --password hogxNyM9  --multiline
ClickHouse client version 20.1.6.30 (official build).
Connecting to 127.0.0.1:9000 as user default.
Connected to ClickHouse server version 20.1.6 revision 54431.

cdh4 :) select now();

SELECT now()

┌───────────────now()─┐
│ 2020-03-15 20:09:46 │
└─────────────────────┘

1 rows in set. Elapsed: 0.071 sec. 

cdh4 :) SELECT * FROM system.clusters;

SELECT *
FROM system.clusters

┌─cluster────────────────────┬─shard_num─┬─shard_weight─┬─replica_num─┬─host_name─┬─host_address───┬─port─┬─is_local─┬─user────┬─default_database─┬─errors_count─┬─estimated_recovery_time─┐
│ perftest_3shards_2replicas │         1 │            1 │           1 │ cdh1      │ 192.168.18.160 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         2 │            1 │           1 │ cdh2      │ 192.168.18.161 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         3 │            1 │           1 │ cdh3      │ 192.168.18.162 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         4 │            1 │           1 │ cdh4      │ 192.168.18.163 │ 9000 │        1 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         5 │            1 │           1 │ cdh5      │ 192.168.18.164 │ 9000 │        0 │ default │                  │            0 │                       0 │
└────────────────────────────┴───────────┴──────────────┴─────────────┴───────────┴────────────────┴──────┴──────────┴─────────┴──────────────────┴──────────────┴─────────────────────────┘

5 rows in set. Elapsed: 0.005 sec. 

cdh4 :)

使用非默認用戶連接

[root@cdh3 clickhouse-server]# clickhouse-client -h 127.0.0.1 --port 9000 -u xlucas --password 123456  --multiline -q "SELECT now()" 
2020-03-15 20:36:16

問題3：如何放開連接的IP地址

默認情況下面如果是ip加上端口去連接會報錯連接不上。如果不指定或者用127.0.0.7去連接是可以連接上的

[root@cdh3 clickhouse-server]# clickhouse-client -h 192.168.18.162 --port 9000 -u xlucas --password 123456  --multiline -q "SELECT now()" 
Code: 210. DB::NetException: Connection refused (192.168.18.162:9000)

需要修改config.xml 將下面這個listen_host打開，對所有IP開放，打開以後重啓服務

<!-- Listen specified host. use :: (wildcard IPv6 address), if you want to accept connections both with IPv4 and IPv6 from everywhere. -->
     <listen_host>::</listen_host>

驗證：

本機客戶端訪問

[root@cdh1 clickhouse-server]#  clickhouse-client -h 192.168.18.160 --port 9000 -u default --password hogxNyM9  --multiline
ClickHouse client version 20.1.6.30 (official build).
Connecting to 192.168.18.160:9000 as user default.
Connected to ClickHouse server version 20.1.6 revision 54431.

cdh1 :)

集羣其他客戶端訪問

[root@cdh2 clickhouse-server]#  clickhouse-client -h 192.168.18.160 --port 9000 -u default --password hogxNyM9  --multiline
ClickHouse client version 20.1.6.30 (official build).
Connecting to 192.168.18.160:9000 as user default.
Connected to ClickHouse server version 20.1.6 revision 54431.

cdh1 :)  SELECT * FROM system.clusters;

SELECT *
FROM system.clusters

┌─cluster────────────────────┬─shard_num─┬─shard_weight─┬─replica_num─┬─host_name─┬─host_address───┬─port─┬─is_local─┬─user────┬─default_database─┬─errors_count─┬─estimated_recovery_time─┐
│ perftest_3shards_2replicas │         1 │            1 │           1 │ cdh1      │ 192.168.18.160 │ 9000 │        1 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         2 │            1 │           1 │ cdh2      │ 192.168.18.161 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         3 │            1 │           1 │ cdh3      │ 192.168.18.162 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         4 │            1 │           1 │ cdh4      │ 192.168.18.163 │ 9000 │        0 │ default │                  │            0 │                       0 │
│ perftest_3shards_2replicas │         5 │            1 │           1 │ cdh5      │ 192.168.18.164 │ 9000 │        0 │ default │                  │            0 │                       0 │
└────────────────────────────┴───────────┴──────────────┴─────────────┴───────────┴────────────────┴──────┴──────────┴─────────┴──────────────────┴──────────────┴─────────────────────────┘

5 rows in set. Elapsed: 0.090 sec.

更多內容關注公衆號"數據專場"