Using MOTService from Scratch

Scenario

Create a custom MOTService database.

Prerequisites

MOTService has been installed in the cluster and all components in the cluster are running properly.

Procedure

1. Log in to FusionInsight Manager, choose Cluster > Services > MOTService, click Instance, and view and record the service IP address of the MOTServer(Active) instance.
2. Log in to the active MOTService node recorded in 1 as user omm.
3. Run the following command to switch to the MOTService installation directory:

   cd $MOTSERVER_HOME

4. Run the following command to configure environment variables:

   source .motservice_profile

5. Run the following command to log in to MOTService and enter the password of the MOTService database user omm:

   gsql -d postgres -p 20105

   

   Contact the system administrator to obtain the password of user omm for the MOTService database.

6. Create a user and set the password, for example, motuser.

   CREATE USER motuser PASSWORD 'password';

7. Create a database, for example, db_mot.

   CREATE DATABASE db_mot OWNER motuser;

8. Grant all permissions to the user created in 6.

   GRANT ALL PRIVILEGES TO motuser;

9. Run the \q command to exit.
10. Enable external access ports for fixed network segments based on service requirements. (Perform this step as user omm.)

    gs_guc reload -N all -I all -h "host all motuser 10.10.0.30/32 sha256"

    

    • If applications (such as Containers and RTDService) that access the MOTService database are deployed on the same node as MOTService, skip this step.
    • In the preceding example, the MOTService user (for example, user motuser created in 6) from 10.10.0.30 is allowed to log in to the database. 32 indicates the subnet mask. For example:
      • 10.10.0.30/31: MOTService users from 10.10.0.30 and 10.10.0.31 are allowed to log in to the database.
      • 10.10.0.30/30: MOTService users from 10.10.0.30, 10.10.0.31, 10.10.0.32, and 10.10.0.33 are allowed to log in to the database.
      • 10.10.0.30/24: MOTService users from the 10.10.0.xxx network segment are allowed to log in to the database.

11. Log in to the user-defined database.

    gsql -d Database name -p Database connection port -U Username -W User password -r

    Example:

    gsql -d db_mot -p 20105 -U motuser -W password -r

    If the following information is displayed, the login is successful:

    gsql ((openGauss x.x.x) compiled at xxxx-xx-xx 18:03:55 commit 0 last mr 169 )
    Non-SSL connection (SSL connection is recommended when requiring high-security)
    Type "help" for help.
    
    db_mot=>

    If the service generation node and the MOTService node are not the same one, you can add the -h parameter. By default, the SSL connection is used. For example:

    gsql -d db_mot -p 20105 -U motuser -W password -h 'IP address for logging in to the MOTService database' -r

    If the following information is displayed, the login is successful:

    gsql ((openGauss x.x.x) compiled at xxxx-xx-xx 18:03:55 commit 0 last mr 169 )
    SSL connection (cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128)
    Type "help" for help.
    
    db_mot=>

    

    Perform the following operations to determine whether to use only SSL connections:

    Log in to FusionInsight Manager, choose Cluster > Services > MOTService, and click Configurations then All Configurations. Search for REQUIRE_SSL and configure it.

    • true: The server supports only SSL connections.
    • false: The server can use or not use SSL connections. If SSL connections are not used, there are security risks.