Starting from V3.2.0, OBD supports viewing and modifying kernel parameters of a node. This topic describes the commands related to this feature. You can use the -h or --help option in a command to obtain its help information. You can also use the -v or --verbose option to obtain the details of command execution in case of errors.
Notes
Within this article, the target machine refers to the machine where you want to initialize users, view kernel parameters, or modify kernel parameters.
obd host user init
Remarks
The obd tool since V3.5.0 supports using this command to initialize a user.
This command initializes the specified user on the specified machine. If the user does not exist, it will create the user and execute the following initialization settings:
Set the ulimit parameters: Modify the system resource limit parameters. After the user is created, you can log in to the user on the target machine and execute the
ulimit -acommand to check whether the configuration takes effect.Configure passwordless sudo privileges: Configure the specified user with passwordless sudo privileges.
Note
Sudo passwordless configuration is done for convenience. After the cluster is deployed, you can manually remove the sudo passwordless configuration.
Enable password login: Ensure that users can log in with their password.
Change owner of directory: If the target server contains
/data/1and/data/log1directories, change their owners to the specified user.
obd host user init [options]
The following table describes the options.
Option name |
Required |
Data type |
Default value |
Description |
|---|---|---|---|---|
| -u/--username | No | string | admin | Specifies the username for the user to initialize. If the user does not exist, it will be created. |
| -p/--password | No | string | none | Specify the new login password for the specified user. This option is required if the specified user does not exist. |
| --host | No | string | 127.0.0.1 | IP address of the host where the user to be initialized resides. Currently, only one IP can be configured. |
Use an example
You can use obd to initialize the test user on the target node 10.10.10.1 and set the password for the user:
obd host user init -u test --host=10.10.10.1 -p ********
The obd init command will attempt to log in to the target server (10.10.10.1) using the configured user (e.g. test) as specified in the command line. If the login fails, the sudo user and password are required. The obd service logs in to the target server using the specified user, and then initializes the target user.
Explanation
If you initialize the local user by using this command, obd will verify whether the current execution user has passwordless sudo privilege. If yes, obd will directly use the current execution user to initialize the specified user.
The output would look like this:
Connecting to the server
Please input username with sudo privileges. (default: root):
Please input root password:
Create user test
Change test password
Configure passwordless sudo for test
Enable password login
Modify ulimit parameters
10.10.10.1: ( open files,max user processes,core file size,stack size... ) have been successfully modified!
Trace ID: a2230822-71a7-11f0-8356-00163e513302
If you want to view detailed obd logs, please run: obd display-trace a2230822-71a7-11f0-8356-00163e513302
obd host precheck
When you deploy OceanBase Database, certain requirements apply to the host, such as the Linux kernel version and kernel parameters. Use this command to verify whether the target user meets the requirements. The following items are checked, and only items that fail to meet the requirements are output.
Check the kernel parameters: Check the recommended modified kernel parameters.
Security Settings Check: Check if the firewall and SELinux features are disabled.
Login setting check: Check whether it supports login using a password.
System privilege check: Checks whether the specified user has the privilege to execute sudo commands without a password.
Network component check: Check whether the network component is installed.
Memory Check: Check whether the available memory is greater than 3 GB.
Check the kernel version: Verify that the kernel version of the machine meets the requirements (Linux 3.1.0 or later).
Directory owner check: If the
/data/1and/data/log1directories exist on the target machine, it will check whether the directories are owned by the specified user.Check for instructions: On the x86 architecture, check whether the CPU supports AVX instructions; on the ARM architecture, check whether the CPU supports LSE instructions.
Notes
When an OceanBase Database instance is deployed on an x86 server, the results of the AVX instruction check can be ignored if the version of OceanBase Database to be deployed is in the following list:
- For V4.2.x, the version must be V4.2.5.6 or later.
- For V4.3.x, a version of V4.3.5.4 or later is required.
- For versions earlier than V4.4.x, the software version must be V4.4.1.0 or later.
obd host precheck [<ssh username>] [<server ip>]
The ssh username and server ip parameters are both optional. The ssh username parameter specifies the username to use for logging in to the target device. If it is not configured, it will default to the current user. The server ip parameter specifies the IP address of the target device. It can currently be configured for only one IP address. If it is not configured, it will default to the current host.
The following table describes the options:
Option |
Required |
Type |
Default |
Description |
|---|---|---|---|---|
| -u/--username | No | string | User for login | Specifies the user to be checked by the check feature of the precheck command. The default value is the login user, which is the <ssh username> value in the command. |
| -p/--password | No | string | empty | The login password of the user to be logged in. This option is required if the SSH connection between the user executing the command and the login user of the target device is configured without password authentication, and if the login user of the target device is configured with a password. |
| --ssh-key-file | No | string | Default is empty | Specify the path to the private key file, which must be an absolute path, for passwordless SSH authentication based on the private key. |
Example
The following command can be executed with a default private key ~/.ssh/id_rsa of the root user, to check whether user test exists on target host 10.10.10.1:
Note
This is just an example; you can set the login user to any user that can log in to the specified machine. For this example, if you can access the target machine by using a password for the test user, the following sample command has the same effect as the obd host precheck test 10.10.10.1 -p ****** command.
obd host precheck root 10.10.10.1 -u test
The output is as follows. The output indicates that password login is disabled on the target host, that the test user does not have the permissions to execute sudo commands without a password, and that the ownership of the directories /data/1 and /data/log1 is not set to the test user. The output also provides suggestions for modifying the kernel parameters.
get system config ok
[WARN] Transparent Hugepages needs to be set to nevere to ensure system stability.
[WARN] Password login permission is not enabled.
[WARN] The test user's sudo privileges are not configured for password-free access.
[WARN] The owner of the ['/data/1', '/data/log1'] directory is not test.
+-------------------------------------------------------------------------------------------------+
| System Parameter Change List |
+---------------+-------------------------------------------+---------------+---------------------+
| ip | name | current_value | expected_value |
+---------------+-------------------------------------------+---------------+---------------------+
| 10.10.10.1 | fs.aio-max-nr | 65536 | 1048576 |
| 10.10.10.1 | net.core.somaxconn | 128 | 2048 |
| 10.10.10.1 | net.core.netdev_max_backlog | 1000 | 10000 |
| 10.10.10.1 | net.core.rmem_default | 212992 | 16777216 |
| 10.10.10.1 | net.core.wmem_default | 212992 | 16777216 |
| 10.10.10.1 | net.core.rmem_max | 212992 | 16777216 |
| 10.10.10.1 | net.core.wmem_max | 212992 | 16777216 |
| 10.10.10.1 | net.ipv4.conf.default.rp_filter | 0 | 1 |
| 10.10.10.1 | net.ipv4.conf.default.accept_source_route | 1 | 0 |
| 10.10.10.1 | net.ipv4.tcp_rmem | 6291456 | 4096 87380 16777216 |
| 10.10.10.1 | net.ipv4.tcp_wmem | 16384 | 4096 65536 16777216 |
| 10.10.10.1 | net.ipv4.tcp_max_syn_backlog | 1024 | 16384 |
| 10.10.10.1 | net.ipv4.tcp_fin_timeout | 60 | 15 |
| 10.10.10.1 | vm.min_free_kbytes | 67584 | 2097152 |
| 10.10.10.1 | fs.file-max | 3205772 | 6573688 |
| 10.10.10.1 | fs.pipe-user-pages-soft | 16384 | 0 |
| 10.10.10.1 | vm.max_map_count | 65530 | 655360 |
| 10.10.10.1 | nofile | 65535 | 655350 |
+---------------+-------------------------------------------+---------------+---------------------+
Please run `obd host user init -u test --host=10.10.10.1` to init user.
Please run `obd host init root 10.10.10.1 -u test` to init host.
Trace ID: 0f1219da-71d7-11f0-a56f-00163e513302
If you want to view detailed obd logs, please run: obd display-trace 0f1219da-71d7-11f0-a56f-00163e513302
obd host init
You can run this command to automatically modify recommended kernel parameters for deploying OceanBase Database, disable the firewall and SELinux, modify the owner of the /data/1 and /data/log1 directories (if they exist), and install the network component.
obd host init [<ssh username>] [<server ip>]
The ssh username and server ip parameters are optional. The ssh username parameter specifies the username for logging in to the target machine. If this parameter is not configured, the current user is used, and it is necessary to ensure that the login user has sudo privileges. The server ip parameter specifies the IP address of the target machine. Currently, only one IP address can be configured. If this parameter is not configured, the IP address of the current host is used.
The following table describes the options:
Option |
Required |
Data type |
Default value |
Description |
|---|---|---|---|---|
| -u/--username | No | string | User for login | Specifies the user to modify in the init command. If not specified, the login user is used by default, which is <ssh username> in the command. |
| -p/--password | No | string | None | Set the login password for the user. If a login user is set on the destination server and there is no password for SSH connection between the user specified for the current command and the login user on the destination server, you must specify the password for the user through this option. |
| --ssh-key-file | No | string | Default is empty | Specifies the path to the private key file. It must be an absolute path and is used for passwordless SSH authentication based on the private key. |
Sample usage
Here we assume that the target machine does not support password access and that the only configuration is for password-free SSH login as the root user (with the private key file at the default path ~/.ssh/id_rsa). You can execute the following command to log in to the target machine 10.10.10.1 as the root user and change the password for the test user:
Note
The following code is provided as an example. Replace the logged-in user with any user that has sudo privileges and can log in to the specified server.
obd host init root 10.10.10.1 -u test
The output is as follows. The kernel parameter is changed, and the ownership of directories /data/1 and /data/log1 is changed to user test.
get system config ok
+-------------------------------------------------------------------------------------------------+
| System Parameter Change List |
+---------------+-------------------------------------------+---------------+---------------------+
| ip | name | current_value | expected_value |
+---------------+-------------------------------------------+---------------+---------------------+
| 10.10.10.1 | fs.aio-max-nr | 65536 | 1048576 |
| 10.10.10.1 | net.core.somaxconn | 128 | 2048 |
| 10.10.10.1 | net.core.netdev_max_backlog | 1000 | 10000 |
| 10.10.10.1 | net.core.rmem_default | 212992 | 16777216 |
| 10.10.10.1 | net.core.wmem_default | 212992 | 16777216 |
| 10.10.10.1 | net.core.rmem_max | 212992 | 16777216 |
| 10.10.10.1 | net.core.wmem_max | 212992 | 16777216 |
| 10.10.10.1 | net.ipv4.conf.default.rp_filter | 0 | 1 |
| 10.10.10.1 | net.ipv4.conf.default.accept_source_route | 1 | 0 |
| 10.10.10.1 | net.ipv4.tcp_rmem | 6291456 | 4096 87380 16777216 |
| 10.10.10.1 | net.ipv4.tcp_wmem | 16384 | 4096 65536 16777216 |
| 10.10.10.1 | net.ipv4.tcp_max_syn_backlog | 1024 | 16384 |
| 10.10.10.1 | net.ipv4.tcp_fin_timeout | 60 | 15 |
| 10.10.10.1 | vm.min_free_kbytes | 67584 | 2097152 |
| 10.10.10.1 | fs.file-max | 3205772 | 6573688 |
| 10.10.10.1 | fs.pipe-user-pages-soft | 16384 | 0 |
| 10.10.10.1 | vm.max_map_count | 65530 | 655360 |
| 10.10.10.1 | nofile | 65535 | 655350 |
+---------------+-------------------------------------------+---------------+---------------------+
chown dir ok
disable transparent_hugepage ok
modify system parameters
10.10.10.1: ( fs.aio-max-nr,net.core.somaxconn,net.core.netdev_max_backlog,net.core.rmem_default,net.core.wmem_default... ) have been successfully modified!
You must reboot the following servers to ensure the ulimit parameters take effect: (10.10.10.1).
Trace ID: f9491158-71db-11f0-81f0-00163e513302
If you want to view detailed obd logs, please run: obd display-trace f9491158-71db-11f0-81f0-00163e513302
