1. 使用 命令安装 安装 psycopg2

pip3 install psycopg2

  1. 编写python文件 test2.py连接数据库

import psycopg2

#创建连接对象

conn=psycopg2.connect(dbname=”db_tpcc“,user=”tpcc_user“,password=”password“,host=”10.201.65.207″,port=30100)

cur=conn.cursor() #创建针对

#创建连接对象(SSl连接

#conn = psycopg2.connect(dbname=”db_tpcc“, user=”tpcc_user“, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verifyca“, sslcert=”client.crt“,sslkey=”client.key.unsecure“,sslrootcert=”ca.pem“)

cur=conn.cursor() #创建针对

# 创建

cur.execute(“CREATE TABLE student(id integer,name varchar,sex varchar);”)

#插入数据

cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(1,’Aspirin‘,’M’))

cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(2,’Taxol‘,’F’))

cur.execute(“INSERT INTO student(id,name,sex) VALUES(%s,%s,%s)”,(3,’Dixheral’,’M’))

# 获取结果

cur.execute(‘SELECT * FROM student’)

results=cur.fetchall()

print (results)

# 关闭连接

conn.commit()

cur.close()

conn.close()

  1. 运行test2.py 报错

conn = _connect(dsn, connection_factory=connection_factory, **kwasync)

psycopg2.OperationalError: connection to server at “10.201.65.207”, port 30100 failed: none of the server’s SASL authentication mechanisms are supported

  1. 部分程序采用如下方法解决

A.执行命令修改加密参数 gs_guc reload -N all -I all –cpassword_encryption_type=1″;

B.修改数据库每台机器pg_hba.conf文件

切换到你们那边的gaussdb用户,在所有DN节点都要修改如下内容

cd /data/cluster/data/dn/dn_6001(目录改成你那边的)

vi pg_hba.conf ,将下图标注的sha256改为md5

C.改完重启数据库

停止:gs_om -t stop

启动gs_om -t start

D.修改加密方式,以前创建的用户都不能登录使用超级用户RsAdmin免密登录使用下面的命令修改用户密码

执行 alter user test_user3 identified bypassword

MD5这种加密方式,是不安全加密方式华为官方也不推荐.我们下面讨论,不修改高斯数据库加密方式的前提下处理问题

  1. 华为官网https://opengauss.org/zh/download/下载对应版本的Python-psycopg2_3.1.1,目前只支持LINUX系统,还不支持WINDOWS

下载文件名如下openGauss-3.1.1-openEuler-aarch64-Python.tar.gz

  1. 将包上传到 LINUX 的任意目录下,这里为 /setup/openGauss,并解压

tar -zxvf openGauss-3.1.1-openEuler-aarch64-Python.tar.gz

解压目录结构如下

  1. 依赖lib 文件复制到/usr/lib64

cp lib/* /usr/lib64

这里提示是否覆盖,全部选否

  1. psycopg2文件夹 copy 到 /usr/lib/python3.7/sitepackages授权

如果不知道 sitepackages路径使用下面的命令查找

find /usr -name *site-p*

cp -r /setup/openGauss/psycopg2 /usr/lib/python3.7/sitepackages/

chmod -R 755 /usr/lib/python3.7/sitepackages/psycopg2

  1. step2编写test2文件运行运行成功

python3 test2.py

这里我们连接方式使用的是明文方式绕过pip install psycopg2 的MD5 加密方式

conn=psycopg2.connect(dbname=”db_tpcc“,user=”tpcc_user”,password=”password“,host=”10.201.65.207″,port=30100)

  1. 为了更安全网络连接我们应该使用证书链接方式

注释掉明文链接使用下面的连接方式

conn = psycopg.connect(dbname=”db_tpcc“, user=”tpcc_user”, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verify-ca“, sslcert=”client.crt”,sslkey=”client.key“,sslrootcert=”ca.pem“)

  1. 登录高斯数据库服务器端,并编写 client生成脚本genCertificate_client.sh

vim /setup/genCertificate_client.sh

脚本内容如下

curDir=/setup

logFile=genCertificate.log

user_pwd=password #这里配置客户端运行python程序的用户密码

function genCertificate()

{

echo “Start to genCertificate” >> ${logFile}

openssl=$(openssl version)

ca_dir=$(awk ‘/Where everything is kept/{print $3}’ /etc/pki/tls/openssl.cnf)

if [ -z “${openssl}” -o -z “${ca_dir}” ]; then

echo “genCertificate failed: openssl is not installed” >> ${logFile}

exit 1

fi

mkdir -p ${curDir}/certificate

cd ${curDir}/certificate

if [ “${string:0:1}” == “.” ]; then

ca_dir=${curDir}/certificate/${ca_dir}

fi

mkdir -p ${ca_dir}/newcerts

touch ${ca_dir}/index.txt

sed -i “s/^unique_subject =.*/unique_subject = no/” ${ca_dir}/index.txt.attr

echo ’01’ >> ${ca_dir}/serial

# openssl genrsaout ca.key 2048

# expect <<-EOF

# spawn openssl req -new –key ca.key –out ca.csr

# expect “Country Name” {send “CNr”}

# expect “State or Province Name” {send “GDr”}

# expect “Locality Name” {send “SZr”}

# expect “Organization Name” {send “HWr”}

# expect “Organizational Unit Name” {send “OMr”}

# expect “Common Name” {send “GAUSSr”}

# expect “Email Address” {send “r”}

# expect “A challenge password” {send “r”}

# expect “An optional company name” {send “r”}

# expect “]#” {send “r”}

#EOF

# openssl x509 –reqdays 3650 –in ca.csr –signkey ca.key –out ca.crt

expect <<-EOF

spawn clear

spawn openssl genrsades3 -out client.key 2048

expect “Enter pass phrase for client.key:”

send “${user_pwd}r”

expect “Verifying – Enter pass phrase for client.key:”

send “${user_pwd}r”

send “r”

expect “]#” {send “r”}

EOF

expect <<-EOF

spawn openssl req -new -key client.key -out client.csr

expect “Enter pass phrase for client.key” {send “${user_pwd}r”}

expect “Country Name” {send “CNr”}

expect “State or Province Name” {send “GDr”}

expect “Locality Name” {send “SZr”}

expect “Organization Name” {send “HWr”}

expect “Organizational Unit Name” {send “OMr”}

expect “Common Name” {send “GAUSSr”}

expect “Email Address” {send “r”}

expect “A challenge password” {send “r”}

expect “An optional company name” {send “r”}

expect “]#” {send “r”}

EOF

expect <<-EOF

spawn openssl ca –in client.csr -out client.crt -cert ca.crt -keyfile ca.key

expect “Sign the certificate” {send “yr”}

expect “certificate requests certified” {send “yr”}

expect “]#” {send “r”}

EOF

openssl x509 –in ca.crt -out ca.pem

if [ ! -s ${curDir}/certificate/ca.pem -o ! -s ${curDir}/certificate/client.crt -o ! -s ${curDir}/certificate/client.key ]; then

echo “genCertificate failed, please executesh ${curDir}/install_cluster.sh genCertificate” cmd for details” >> ${logFile}

exit 1

fi

echo “genCertificate finished, begin to deliver it to all nodes” >> ${logFile}

cat client.crt > client.pem

shift

while [ $# != 0 ]; do

echo “Start to deliver cert to $1″ >> ${logFile}

scpCmd=”scp -q ${curDir}/certificate/ca.pem ${curDir}/certificate/client.key ${curDir}/certificate/client.pem root@$1:/home/${user}/sslcrt”

executeRemoteCmd “${scpCmd}” ${root_pwd}

sshCmd=”ssh -t root@$1 “chown -R ${user}:${user_group} /home/${user}/sslcrt””

executeRemoteCmd “${sshCmd}” ${root_pwd}

shift

done

echo “End to genCertificate” >> ${logFile}

}

genCertificate

  1. 赋予脚本执行权限,并copy 高斯安装目录下的certificate目录setup目录

chmod +x /setup/genCertificate_client.sh

cp -r /data/GaussDBInstaller/certificate /setup/

  1. 运行脚本genCertificate_client.sh

./genCertificate_client.sh

  1. python程序客户端运行 scp 命令,copy 文件到 test2.py目录

scp 10.201.65.207:/setup/certificate/ca.pem /setup/

scp 10.201.65.207:/setup/certificate/client.key /setup/

scp 10.201.65.207:/setup/certificate/client.crt /setup/

  1. 运行 test2.py

提示输入Enter PEM pass phrase,这里为我们 step11 中配置客户端用户密码

输入密码后 test2.py运行成功

  1. 在真实应用我们可能每次输入密码,修改 client key 为不需要每次输入密码

openssl rsain client.key -out client.key.unsecure

  1. 修改程序连接,并运行test2.py,不需要输入密码,python程序运行成功

修改连接为

conn = psycopg2.connect(dbname=”db_tpcc”, user=”tpcc_user”, password=”password“, host=”10.201.65.207″, port=30100,sslmode=”verify-ca”, sslcert=”client.crt”,sslkey=”client.key.unsecure“,sslrootcert=”ca.pem“)

python3 test2.py

原文地址:https://blog.csdn.net/liuxinglei13/article/details/129752154

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任

如若转载,请注明出处:http://www.7code.cn/show_30888.html

如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱suwngjj01@126.com进行投诉反馈,一经查实,立即删除

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注