- GreatSQL 社区原创内容未经受权不得随便应用,转载请分割小编并注明起源。
- GreatSQL 是 MySQL 的国产分支版本,应用上与 MySQL 统一。
- 作者:Yejinrong/ 叶金荣
- 文章起源:GreatSQL 社区原创
持续吹 MySQL 8.0~
在以前,当须要对 MySQL 数据库进行保护操作时,通常须要先进行主从切换,而后批改设置并重启实例,敞开网络监听,只容许从本地 socket 形式登入,再进行相应的保护操作;有时候甚至还要批改相应的防火墙,或者罗唆敞开前端业务服务,总体比拟麻烦。
从 MySQL 5.7 开始,反对设置为离线模式(offline_mode),再有保护操作需要就不必这么麻烦了。只需在线动静批改,可立刻失效,十分的简略粗犷:
mysql> set global offline_mode = on; -- 关上离线模式,回绝内部申请
mysql> set global offline_mode = off; -- 敞开离线模式,容许内部连贯申请当设置为离线模式后,普通用户将无奈持续发动连贯申请,甚至以后正在执行的 SQL 也会立刻被终止并被断开连接。
1. 无奈创立新连贯
$ mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtest
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 3032 (HY000): The server is currently in offline mode2. 即使是普通用户通过本地 socket 连贯,当启用离线模式后,也会被断开
$ mysql -S/data/MySQL/mysql.sock
...
mysql> show processlist;
+-----+------+-----------+------+---------+------+-------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+-----+------+-----------+------+---------+------+-------+------------------+
| 304 | yejr | localhost | NULL | Query | 0 | init | show processlist |
+-----+------+-----------+------+---------+------+-------+------------------+
1 row in set (0.00 sec)
[sbtest]>select *,sleep(10) from t1 limit 3; -- 正在运行的 SQL 会立刻被终止,并断开连接
ERROR 2013 (HY000): Lost connection to MySQL server during query
No connection. Trying to reconnect...
ERROR 3032 (HY000): The server is currently in offline mode
ERROR:
Can't connect to the server3. 正在运行中的 sysbench 压测,也会被立刻断开
[1s] thds: 16 tps: 442.02 qps: 9078.28 (r/w/o: 6382.37/1795.94/899.96) lat (ms,99%,99%,99.9%): 150.29/150.29/150.29 err/s: 0.00 reconn/s: 0.00
[2s] thds: 16 tps: 471.23 qps: 9387.56 (r/w/o: 6576.19/1868.91/942.46) lat (ms,99%,99%,99.9%): 61.08/61.08/65.65 err/s: 0.00 reconn/s: 0.00
[3s] thds: 16 tps: 386.03 qps: 7712.68 (r/w/o: 5399.48/1541.14/772.07) lat (ms,99%,99%,99.9%): 82.96/82.96/84.47 err/s: 0.00 reconn/s: 0.00
[4s] thds: 16 tps: 547.00 qps: 10894.97 (r/w/o: 7609.98/2190.99/1094.00) lat (ms,99%,99%,99.9%): 65.65/65.65/68.05 err/s: 0.00 reconn/s: 0.00
FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'COMMIT'
(last message repeated 1 times)
FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'SELECT c FROM sbtest1 WHERE id=4822870'
FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'COMMIT'
FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'UPDATE sbtest1 SET k=k+1 WHERE id=2265001'
FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'SELECT c FROM sbtest8 WHERE id BETWEEN 3389984 AND 3390083'另外,从 MySQL 8.0 开始,对于离线模式又做了些改良和欠缺,比方新引入 CONNECTION_ADMIN权限等,细化离线模式的权限管理模式。
简略几点小结对于离线模式:
- 必须要有
CONNECTION_ADMIN以及CONNECTION_ADMIN权限 或者SUPER权限(SUPER权限在将来会被废除,而细分成更多细粒度权限),能力在线设置离线模式。 - 复制线程不会受到离线模式影响,还能失常工作。
- 当设置为离线模式时,没有授予
CONNECTION_ADMIN或SUPER权限的普通用户,正在执行的 SQL 会被立刻终止,连贯也会被立刻断开。 - 当设置为离线模式时,领有
CONNECTION_ADMIN或SUPER权限的用户,不会被断开连接。 - 当设置离线模式的用户不具备
SYSTEM_USER权限(只领有CONNECTION_ADMIN以及CONNECTION_ADMIN权限)的话,领有SYSTEM_USER权限的沉闷用户连贯不会被断开(因为想要断开SYSTEM_USER权限级别用户连贯同样须要至多有SYSTEM_USER权限),详见上面的案例。
有 u1 和 u2 两个用户,受权模式不同
mysql> show grants for u1;
+----------------------------------------+
| Grants for u1@% |
+----------------------------------------+
| GRANT USAGE ON *.* TO `u1`@`%` |
| GRANT SELECT ON `sbtest`.* TO `u1`@`%` |
+----------------------------------------+
mysql> show grants for u2;
+----------------------------------------+
| Grants for u2@% |
+----------------------------------------+
| GRANT USAGE ON *.* TO `u2`@`%` |
| GRANT SYSTEM_USER ON *.* TO `u2`@`%` |
| GRANT SELECT ON `sbtest`.* TO `u2`@`%` |
+----------------------------------------+用户 yejr 的受权模式如下
+--------------------------------------------------------------------+
| Grants for yejr@% |
+--------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `yejr`@`%` |
| GRANT CONNECTION_ADMIN,SYSTEM_VARIABLES_ADMIN ON *.* TO `yejr`@`%` |
| GRANT ALL PRIVILEGES ON `sbtest`.* TO `yejr`@`%` |
+--------------------------------------------------------------------+当 yejr 用户设置离线模式后,u2 用户的连贯不会被断开(但不能再建设新连贯),而 u1 用户的连贯会被断开
# 三个用户先别离建设连贯
$ jobs
[1] Stopped mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtest
[2]- Stopped mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtest
[3]+ Stopped mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtest
# 设置离线模式
$ fg 1
mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtest
[yejr@db160] [sbtest]>set global offline_mode=on;
Query OK, 0 rows affected (0.00 sec)
# u1 用户被断开连接
$ fg 3
mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtest
[u1@db160] [sbtest]>select 1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
No connection. Trying to reconnect...
ERROR 3032 (HY000): The server is currently in offline mode
ERROR:
Can't connect to the server
# u2 用户不会被断开连接
$ fg 2
mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtest
[u2@db160] [sbtest]>select 1;
+---+
| 1 |
+---+
| 1 |
+---+
# 但 u1/u2 用户均不能再建设新链接
$ mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtest
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 3032 (HY000): The server is currently in offline mode
$ mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtest
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 3032 (HY000): The server is currently in offline mode是不是有点好玩呀~
联合后面的两篇文章 MySQL 8.0 不再放心被垃圾 SQL 搞爆内存 以及 InnoDB buffer pool size 进度更通明 能够看到 MySQL 8.0 在各个细节方面做的是越来越好了。
延长浏览
- \#sysvar_offline_mode, https://dev.mysql.com/doc/refman/8.0/en/server-system-variabl…
- Changes in MySQL 8.0.31, https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html
Enjoy GreatSQL :)
## 对于 GreatSQL
GreatSQL 是由万里数据库保护的 MySQL 分支,专一于晋升 MGR 可靠性及性能,反对 InnoDB 并行查问个性,是实用于金融级利用的 MySQL 分支版本。
相干链接:GreatSQL 社区 Gitee GitHub Bilibili
GreatSQL 社区:
社区博客有奖征稿详情:https://greatsql.cn/thread-100-1-1.html
技术交换群:
微信:扫码增加
GreatSQL 社区助手微信好友,发送验证信息加群。