conn=psycopg2.connect(dbname=”db_tpcc“,user=”tpcc_user“,password=”password“,host=”10.201.65.207″,port=30100)
#conn = psycopg2.connect(dbname=”db_tpcc“, user=”tpcc_user“, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verify–ca“, sslcert=”client.crt“,sslkey=”client.key.unsecure“,sslrootcert=”ca.pem“)
# 创建表
cur.execute(“CREATE TABLE student(id integer,name varchar,sex varchar);”)
cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(1,’Aspirin‘,’M’))
cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(2,’Taxol‘,’F’))
cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(3,’Dixheral’,’M’))
cur.execute(‘SELECT * FROM student’)
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
psycopg2.OperationalError: connection to server at “10.201.65.207”, port 30100 failed: none of the server’s SASL authentication mechanisms are supported
A.执行命令修改加密参数 gs_guc reload -N all -I all –c “password_encryption_type=1″;
切换到你们那边的gaussdb用户,在所有DN节点都要修改如下内容
cd /data/cluster/data/dn/dn_6001(目录改成你那边的)
vi pg_hba.conf ,将下图标注的sha256改为md5
D.修改了加密方式,以前创建的用户都不能登录,使用超级用户RsAdmin免密登录,使用下面的命令修改用户密码
执行 alter user test_user3 identified by ‘password‘
MD5这种加密方式,是不安全的加密方式,华为官方也不推荐.我们下面讨论,不修改高斯数据库加密方式的前提下处理问题
下载后文件名如下openGauss-3.1.1-openEuler-aarch64-Python.tar.gz
tar -zxvf openGauss-3.1.1-openEuler-aarch64-Python.tar.gz
如果不知道 site–packages的路径,使用下面的命令查找
cp -r /setup/openGauss/psycopg2 /usr/lib/python3.7/site–packages/
chmod -R 755 /usr/lib/python3.7/site–packages/psycopg2
这里我们的连接方式使用的是明文方式,绕过了 pip install psycopg2 的MD5 加密方式
conn=psycopg2.connect(dbname=”db_tpcc“,user=”tpcc_user”,password=”password“,host=”10.201.65.207″,port=30100)
conn = psycopg.connect(dbname=”db_tpcc“, user=”tpcc_user”, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verify-ca“, sslcert=”client.crt”,sslkey=”client.key“,sslrootcert=”ca.pem“)
vim /setup/genCertificate_client.sh
user_pwd=password #这里配置为客户端运行python程序的用户密码
{
echo “Start to genCertificate” >> ${logFile}
ca_dir=$(awk ‘/Where everything is kept/{print $3}’ /etc/pki/tls/openssl.cnf)
if [ -z “${openssl}” -o -z “${ca_dir}” ]; then
echo “genCertificate failed: openssl is not installed” >> ${logFile}
exit 1
fi
mkdir -p ${curDir}/certificate
if [ “${string:0:1}” == “.” ]; then
ca_dir=${curDir}/certificate/${ca_dir}
fi
sed -i “s/^unique_subject =.*/unique_subject = no/” ${ca_dir}/index.txt.attr
echo ’01’ >> ${ca_dir}/serial
# openssl genrsa –out ca.key 2048
# expect <<-EOF
# spawn openssl req -new –key ca.key –out ca.csr
# expect “Country Name” {send “CNr”}
# expect “State or Province Name” {send “GDr”}
# expect “Locality Name” {send “SZr”}
# expect “Organization Name” {send “HWr”}
# expect “Organizational Unit Name” {send “OMr”}
# expect “Common Name” {send “GAUSSr”}
# expect “Email Address” {send “r”}
# expect “A challenge password” {send “r”}
# expect “An optional company name” {send “r”}
#EOF
# openssl x509 –req –days 3650 –in ca.csr –signkey ca.key –out ca.crt
expect <<-EOF
spawn openssl genrsa –des3 -out client.key 2048
expect “Enter pass phrase for client.key:”
expect “Verifying – Enter pass phrase for client.key:”
send “r”
expect “]#” {send “r”}
EOF
expect <<-EOF
spawn openssl req -new -key client.key -out client.csr
expect “Enter pass phrase for client.key” {send “${user_pwd}r”}
expect “Country Name” {send “CNr”}
expect “State or Province Name” {send “GDr”}
expect “Locality Name” {send “SZr”}
expect “Organization Name” {send “HWr”}
expect “Organizational Unit Name” {send “OMr”}
expect “Common Name” {send “GAUSSr”}
expect “Email Address” {send “r”}
expect “A challenge password” {send “r”}
expect “An optional company name” {send “r”}
expect “]#” {send “r”}
EOF
expect <<-EOF
spawn openssl ca –in client.csr -out client.crt -cert ca.crt -keyfile ca.key
expect “Sign the certificate” {send “yr”}
expect “certificate requests certified” {send “yr”}
expect “]#” {send “r”}
EOF
openssl x509 –in ca.crt -out ca.pem
if [ ! -s ${curDir}/certificate/ca.pem -o ! -s ${curDir}/certificate/client.crt -o ! -s ${curDir}/certificate/client.key ]; then
echo “genCertificate failed, please execute “sh ${curDir}/install_cluster.sh genCertificate” cmd for details” >> ${logFile}
exit 1
fi
echo “genCertificate finished, begin to deliver it to all nodes” >> ${logFile}
while [ $# != 0 ]; do
echo “Start to deliver cert to $1″ >> ${logFile}
scpCmd=”scp -q ${curDir}/certificate/ca.pem ${curDir}/certificate/client.key ${curDir}/certificate/client.pem root@$1:/home/${user}/sslcrt”
executeRemoteCmd “${scpCmd}” ${root_pwd}
sshCmd=”ssh -t root@$1 “chown -R ${user}:${user_group} /home/${user}/sslcrt””
executeRemoteCmd “${sshCmd}” ${root_pwd}
done
echo “End to genCertificate” >> ${logFile}
}
genCertificate
chmod +x /setup/genCertificate_client.sh
cp -r /data/GaussDBInstaller/certificate /setup/
./genCertificate_client.sh
scp 10.201.65.207:/setup/certificate/ca.pem /setup/
scp 10.201.65.207:/setup/certificate/client.key /setup/
scp 10.201.65.207:/setup/certificate/client.crt /setup/
提示输入Enter PEM pass phrase,这里为我们 step11 中配置的客户端用户密码 。
openssl rsa –in client.key -out client.key.unsecure
修改连接为
conn = psycopg2.connect(dbname=”db_tpcc”, user=”tpcc_user”, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verify-ca”, sslcert=”client.crt”,sslkey=”client.key.unsecure“,sslrootcert=”ca.pem“)
原文地址:https://blog.csdn.net/liuxinglei13/article/details/129752154
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_30888.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!