hghac和hgproxy版本升级相关操作和注意事项

环境

系统平台：N/A
版本：4.5.6,4.5.7,4.5.8

文档用途

本文档用于高可用集群环境中hghac组件和hgproxy组件替换和升级操作

详细信息

1.关闭服务
所有数据节点都执行

1、关闭hgproxy服务

[root@hgdb01 tools]# systemctl stop hgproxy.service
[root@hgdb02 tools]# systemctl stop hgproxy.service

2、关闭hghac服务

[root@hgdb01 tools]# systemctl stop hghac.service
[root@hgdb02 tools]# systemctl stop hghac.service

3、关闭etcd服务

[root@hgdb01 tools]# systemctl stop etcd.service
[root@hgdb02 tools]# systemctl stop etcd.service
[root@localhost ~]# systemctl stop etcd.service

2.升级过程
操作前请先备份原集群配置文件。

1、安装软件包
验证md5值

[root@hgdb01 tools]# md5sum hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm
0d960d0ac4925b272c30849e415031fd  hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm

安装软件包

[root@hgdb01 tools]# rpm -ivh hghac4.2.3.3-see-17f931d-20240620.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...
1:hghac-4.2.3.3-17f931d            ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/hghac.service to /usr/lib/systemd/system/hghac.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/vip-manager.service to /usr/lib/systemd/system/vip-manager.service.

2、配置并启动etcd
01节点：

[root@hgdb01 tools]# vim /usr/local/hghac/etcd/etcd.yml 
# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_01'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd01# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.101:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.101:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.101:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.101:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false

02节点配置

# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_02'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd02# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.102:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.102:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.102:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.102:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false

03节点配置

# This is the configuration file for the etcd server.# Human-readable name for this member.
name: 'etcd_03'# Path to the data directory.
data-dir: /usr/local/hghac/etcd/etcd03# Path to the dedicated wal directory.
wal-dir:# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100# Time (in milliseconds) for an election to timeout.
election-timeout: 1000# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://x.x.0.103:2380# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://x.x.0.103:2379,http://127.0.0.1:2379# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://x.x.0.103:2380# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://x.x.0.103:2379# Discovery URL used to bootstrap the cluster.
discovery:# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'# HTTP proxy to use for traffic to discovery service.
discovery-proxy:# DNS domain used to bootstrap initial cluster.
discovery-srv:# Initial cluster configuration for bootstrapping.
initial-cluster: etcd_01=http://x.x.0.101:2380,etcd_02=http://x.x.0.102:2380,etcd_03=http://x.x.0.103:2380# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false# Accept etcd V2 client requests
enable-v2: true# Enable runtime profiling data via HTTP server
enable-pprof: false# Valid values include 'on', 'readonly', 'off'
proxy: 'off'# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0client-transport-security:# DEPRECATED: Path to the client server TLS CA file.ca-file:# Path to the client server TLS cert file.cert-file:# Path to the client server TLS key file.key-file:# Enable client cert authentication.client-cert-auth: false# Path to the client server TLS trusted CA cert file.trusted-ca-file:# Client TLS using generated certificatesauto-tls: falsepeer-transport-security:# DEPRECATED: Path to the peer server TLS CA file.ca-file:# Path to the peer server TLS cert file.cert-file:# Path to the peer server TLS key file.key-file:# Enable peer client cert authentication.peer-client-cert-auth: false# Path to the peer server TLS trusted CA cert file.trusted-ca-file:# Peer TLS using generated certificates.auto-tls: false# Enable debug-level logging for etcd.
debug: false# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels:# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-output: default# Force to create a new one member cluster.
force-new-cluster: false

启动etcd（三台间隔时间不要太长）

[root@hgdb01 ~]# systemctl  start  etcd.service
[root@hgdb02 ~]# systemctl  start  etcd.service
[root@hgdb03 ~]# systemctl  start  etcd.service

查看etcd集群状态

[root@hgdb01 tools]# /usr/local/hghac/etcd/etcdctl  --endpoints=http://x.x.0.101:2379,http://x.x.0.102:2379,http://x.x.0.103:2379 endpoint status --write-out=table
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|          ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| http://x.x.0.101:2379  | 7a586afca670fdcd |  3.4.15 |   20 kB |     false |      false |         2 |          8 |                  8 |        |
| http://x.x.0.102:2379  |  5506b0263532a5d |  3.4.15 |   25 kB |     false |      false |         2 |          8 |                  8 |        |
| http://x.x.0.103:2379  | 21d26eb730319e20 |  3.4.15 |   25 kB |      true |      false |         2 |          8 |                  8 |        |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+

3、配置hghac组件
01节点

scope: highgo-see-cluster
namespace: /service/
name: see_01 restapi:listen: x.x.0.101:8008connect_address: x.x.0.101:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
#  hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.101:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local   all             all                                     sm3- host    all             all             0.0.0.0/0               sm3- host    all             all             ::1/128                 sm3- local   replication     all                                     sm3- host    replication     all             0.0.0.0/0               sm3- host    replication     all             ::1/128                 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac

启动hghac

# systemctl start hgahc.service

查看集群状态

# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list

02节点

scope: highgo-see-cluster
namespace: /service/
name: see_02 restapi:listen: x.x.0.102:8008connect_address: x.x.0.102:8008etcd3:hosts: x.x.0.101:2379,x.x.0.102:2379,x.x.0.103:2379#zookeeper:
#  hosts: ['x.x.31.101:2181', 'x.x.31.102:2181', 'x.x.31.103:2181']bootstrap:dcs:ttl: 30loop_wait: 10retry_timeout: 10maximum_lag_on_failover: 1048576master_start_timeout: 300synchronous_mode: falsepostgresql:use_pg_rewind: trueparameters:wal_level: replicahot_standby: "on"wal_keep_size: 100max_wal_senders: 10max_replication_slots: 10wal_log_hints: "on"archive_mode: "off"archive_timeout: 1800slogging_collector: "on"method: initdb_keygeninitdb_keygen:command: /usr/local/hghac/hac/initdb_keygen.shkeep_existing_recovery_conf: Trueno_params: Truepostgresql:database: highgolisten: 0.0.0.0:5866connect_address: x.x.0.102:5866bin_dir: /opt/highgo/hgdb-see-4.5.8/bindata_dir: /data/highgo/dataconfig_dir: /data/highgo/datapgpass: /tmp/.pgpassauthentication:replication:username: sysdbapassword: Hello@1234rewind:username: sysdbapassword: Hello@1234sysdba:password: Hello@1234syssso:password: Hello@1234syssao:password: Hello@1234parameters:ssl: 'on'ssl_cert_file: /data/highgo/data/server.crtssl_key_file: /data/highgo/data/server.keypg_hba:- local   all             all                                     sm3- host    all             all             0.0.0.0/0               sm3- host    all             all             ::1/128                 sm3- local   replication     all                                     sm3- host    replication     all             0.0.0.0/0               sm3- host    replication     all             ::1/128                 sm3tags:nofailover: falsenoloadbalance: falseclonefrom: falsenosync: falselog:level: INFOtraceback_level: INFOdir: /usr/local/hghac/hac

启动hghac

# systemctl start hgahc.service

查看集群状态

# /usr/local/hghac/hac/hghactl/hghactl -c /usr/local/hghac/hac/hghac.yml list

4、配置hgproxy
所有节点配置相同

[root@hgdb01 hgproxy]# cat  /usr/local/hgproxy/etc/proxy.conf
# version: 4.0.27[Log]
log_collector       = on# 是否开始日志功能log_level           = log#  可选日志级别如下:#    debug5#    debug4#    debug3#    debug2    - 显示设置路由节点的关键点#    debug1    - 显示语句与协议包的路由节点#    log       - 显示会话的开始与结束#    commerror#    info#    notice#    warning#    error#    fatal#    paniclog_destination     = file# stdout： 标准输出# stderr:  标准错误输出# file:    输出到文件log_filename        = /data/hglog/hgproxy.log# 日志输出文件# 设置按日期输出到不同文件, 只需要在文件名中添加时间转换字符 %d(%Y%m%d), 例如：/tmp/log/hgproxy.%d(%Y%m%d).log, 输出文件名样式为：hgproxy.20200808.loglog_format          = "%d.%us %-7V [pid:%-7p cid:%-7U %18F:%-5L] %m%n"# 格式说明:# %d           :时间格式(2012-01-01 17:03:12)# %d.%ms       :时间格式(2012-01-01 17:03:12.123)# %d.%us       :时间格式(2012-01-01 17:03:12.123456)# %m           :用户日志(必须)# %n           :换行符(必须)# %p           :进程id# %t           :线程id# %U           :协程id# %V           :日志级别,大写# %v           :日志级别,小写# %F           :源代码文件名# %L           :源代码行数log_rotation_size   = 500MB# 日志文件自动转存大小(转存文件后缀数字越大，日志时间越新).# 设置为0, 则关闭此功能.log_max_rotation_file_num = 0# 转存文件最大保留个数(设置的值大于1时, 此功能生效).# 当转存文件达到设置的个数时，依次自动删除最旧的文件.# 当日志文件比较重要时，请谨慎决定是否打开此功能.[Proxy]
listen_addresses    = *
port                = 5888
socket_dir          = /tmpprocess_nums        = 0# 负责处理会话的进程个数(建议设置为服务器核心数; 设置为0时, 自动获取CPU核心数进行设置)session_balance     = on# 以轮询的的方式使进程间处理的会话尽量均衡process_bind_cpu    = off# 负责处理会话的进程, 是否绑定CPU运行extension_module    = librwsplit.so# hgproxy扩展模块, 目前只有读写分离模块，默认即可auto_replace_application_name  = "hgproxy: app[__IP__:__PORT__:__ORIGINAL__]"# 自动修改 application_name 参数.# __IP__       : 应用的IP.# __PORT__     : 应用的端口.# __ORIGINAL__ : 原始数据.# 注意：由于数据库限制，开启此功能后，hgproxy会添加额外的信息，因此应用可自定义设置的 application_name 字符串会减少。# 参数值设置为空，则关闭此功能use_mctx = off# 使用内存上下文机制管理内存transaction_mode = Auto# Auto     事务内会进行读写分离，路由节点自动判断# Primary  事务内不进行读写分离，固定发往主节点read_write_separation = on# 读写分离开关# 该配置项支持使用 proxy_ctl reloadcfg 生效，无需重启[BackendNode]
node_num            = 2# 后端节点数量load_balancing_mode = 1# 负载均衡模式（目前只有一种模式，默认即可）# 1：权重模式startup_check       = off# 启动时, 检查配置的数据库是否能够连接hostname0           = x.x.0.101
port0               = 5866
backend_weigh0      = 1# hostnameN        第N个节点IP# portN            第N个节点端口# backend_weightN  第N个节点权重比hostname1           = x.x.0.102
port1               = 5866
backend_weigh1      = 1#hostname2           = 127.0.0.1
#port2               = 5868
#backend_weigh2      = 1read_timeout_close  = 0# 当读取数据库超时自动断开连接.# 此值不能设置为负数，设置的值大于0时, 此功能生效.# 单位：秒，取值最大为604800(一周)standby_additional_check = "select count(pid) > 0 from pg_stat_wal_receiver;"# 备节点额外的检测# 请确保该SQL的返回结果为单行单列，且值为 t 或 f;[Replication]streaming_replication_delay_time    = 100000# 假设流复制延迟时间, 单位: 微秒# 设置为 0 则关闭此功能# 取值范围: 0 - 3600000000(1小时)[DatabaseCheck]lifecheck_user      = sysdba# 用于检测时的用户名lifecheck_dbname    = highgo# 用于检测时的数据库lifecheck_time      = 10# 连接间隔时间，取值范围 1 - 3600, 单位：秒lifecheck_num       = 3# 连续连接失败指定次数，达到该次数，节点将置为异常, 取值范围 1 - 10[routing]
null_query_routing = both# 空语句发送的节点: primary/standby/both# 该配置项支持使用 proxy_ctl reloadcfg 生效，无需重启regex_routing_file  =# 正则路由配置文件，配置模板文件见 etc/regex_routing_settings.json# 注意事项：请配置 json 文件绝对路径# 该配置项支持使用 proxy_ctl reloadcfg 生效，无需重启routing_unnamed_parse_to_both = no# 未命名的 parse 协议是否发送到双节点# 该配置项支持使用 proxy_ctl reloadcfg 生效，无需重启[BlackList]# 此配置参数未来会移除，建议使用 regex_routing_file 配置
ignore_regex_case               = off# on:  匹配时忽略大小写# off: 匹配时不忽略大小写# 此配置参数未来会移除，建议使用 regex_routing_file 配置
black_regex_token_list          =# 匹配到了发往主节点# 此配置参数未来会移除，建议使用 regex_routing_file 配置
white_regex_token_list          =# 匹配成功发往备节点object_relationship_list        = /usr/local/hgproxy/etc/object_relationship_list.json[watchdog]server_watchdog                 = on# 检测 hgproxy 端口是否可以连接server_watchdog_interval        = 30# 检测时间间隔(秒)# 取值范围: 1 - 3600server_watchdog_auto_restart    = on# 检测 hgproxy 端口不可用后, 是否自动重启 hgproxy.server_watchdog_failed_count    = 3# 连续失败次数, 达到该计数后,# 如果 server_watchdog_auto_restart 为 on, 则会自动重启 hgproxy# 取值范围: 1 - 3600status_watchdog                 = on# 内部统计打印日志输出status_watchdog_interval        = 60# 内部统计打印日志输出时间间隔(秒)# 取值范围: 1 - 3600status_watchdog_pretty_log      = off# 是否对日志输出进行美化处理[SSL]
ssl_switch                = offssl_cert                  = /usr/local/hgproxy/etc/server.crt
ssl_key                   = /usr/local/hgproxy/etc/server.key
ssl_ca_cert               = /usr/local/hgproxy/etc/root.crt
ssl_ca_cert_dir           = /usr/local/hgproxy/etcssl_ciphers               = HIGH:MEDIUM:+3DES:!aNULL
ssl_prefer_server_ciphers = on
ssl_ecdh_curve            = prime256v1
ssl_dh_params_file        =[admin]virtual_database                = hgproxy# 虚拟数据库, 无需数据中存在virtual_user                    = hgproxy# 虚拟用户, 无需数据中存在virtual_user_auth_method        = password# 可选取值: "md5", "password"virtual_user_password           = hgproxy@123# 如果 virtual_user_auth_method 配置为 md5,# md5密码生成方法: echo -n "123456hgproxy" | md5sum# 123456 是登录密码, hgproxy 是 virtual_user 配置的用户名

拷贝ssl证书文件

[root@xxdb01 etc]# cp  /data/highgo/data/server.*   /opt/HighGo/tools/hgproxy/etc/
[root@xxdb01 etc]# cp  /data/highgo/data/root.crt   /opt/HighGo/tools/hgproxy/etc/

初始化hgproxy

[root@hgdb01 etc]# /usr/local/hgproxy/bin/proxy_ctl  init -h x.x.0.101 -U sysdba -d highgo -p 5866
ip       == [x.x.0.101]
port     == [5866]
database == [highgo]
username == [sysdba]please enter password:
init successfully

启动服务

[root@xxdb01 etc]# systemctl start hgproxy

验证登录

[root@xxdb01 etc]# psql highgo sysdba -p 5888

3.注意事项
1、如果用的是tar包安装，etcd.service和hghac.service需要手动拷贝到/usr/lib/systemd/system/文件夹下

# cp /usr/local/hghac/etcd/etcd.service /usr/lib/systemd/system/
# cp /usr/local/hghac/hac/hghac.service /usr/lib/systemd/system/
# systemctl daemon-reload

2、关闭服务时先停止hghac.service，再关闭etcd.service，防止数据库都变成备库模式。

3、注意备份原集群配置文件，参数尽量保持与原配置相同。