SQL audit query platform -Archery installation

It is not easy to carry out effective SQL management within the technical team, so how to carry out unified database management and unified audit of online SQL operations has become particularly important. Archery, the open source SQL audit query platform, may be able to bring significant efficiency improvements to SQL audit work.

A high-quality SQL statement can speed up an entire service many times over, and a faulty SQL statement can cause disaster and serious consequences, so the job of the database manager is very important, and they hold the fate of millions of data in their hands.

Introduction to the

Archery is hHYo’s open source SQL audit query platform on Github, located at github.com/hhyo/Archer… Open source on Gitee, located at gitee.com/rtttte/Arch…

Test site deployment

Test Environment introduction

Server: Centos7 IP address: 2C-16G-2TCopy the code

Docker deployment downloaded archery-1.7.13 decompression.

cd src/docker-compose/
archery  docker-compose.yml  inception  mysql
Copy the code

Install and Docker starts

If there are any ports occupied, you need to modify the docker-comemess. yml file ports, but you need to modify the configuration, the host should not occupy these ports

Redis port: 6379

Mysql port: 3306

Inception port: 6669

Goinception Port: 4000

Archery port: 9123

Docker-compose -f docker-compose. Yml up -d generates five docker instances: Docker exec-ti archery /bin/bash CD /opt/archery source docker exec-ti archery /bin/bash CD /opt/archery source / opt/venv4archery/bin/activate python3 manage. Py makemigrations SQL python3 manage. Py migrate # data initialization python3 manage. Py Dbshell < SQL /fixtures/auth_group. SQL python3 manage.py dbshell< SRC /init_sql/mysql_slow_query_review Manage.py createsuperuser archery logs archery -f --tail=50Copy the code


Disable the Docker service

docker stop redis
docker stop inception
docker stop archery
docker stop goinception
docker stop mysql
Copy the code

Role authorization

Default DBA Database Administrator RD Research and Development PM Project Manager QA (QUALITY ASSURANCE) Workflow: RD-->DBA-->CTOCopy the code


Functional specifications

The project provides a simple multi-level approval flow configuration. The approval flow is related to resource groups and approval types. Different resource groups and approval types can be configured with different approval flows

The related configuration

On the System Management – Configuration Item Management page, you can configure the work order approval process. For SQL online and SQL query permission work orders, If the user has (‘ SQL_review ‘, ‘audit SQL online order ‘), (‘ SQL_execute_for_resource_group ‘,’ execute SQL online order ‘), (‘query_review’, ‘audit query permission ‘), You can view all work orders of the resource group to which the current user belongs. When a work order is to be reviewed, users associated with the current approval permission group and the resource group to which the work order belongs can view all work orders that the current user can review. (Resource group isolation

Formal station establishment

Server Environment

Server: Centos7 IP address: 4C-8G-4TCopy the code

Install the docker – compose

Sudo curl - L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname - s) - $(uname -m)" - o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose /usr/local/bin/docker-compose -v Docker-compose version 1.24.1, build 4667896bCopy the code

Export the mirror

docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/hanchuanchuan/goinception latest 84fa8c5e2832 43 hours ago IO /mysql 5.7d589ea3123e0 3 days ago 448 MB Docker. IO /hhyo/ Archery 1.7.13 69dc37436859 9 days ago 2.03 GB Docker. IO/redis 5 f60d84d4d72c four weekes line 98.3 MB docker save 84 fa8c5e2832 > / data/docker/backup/goinception tar Docker save d589ea3123e0 > / data/docker/backup/mysql - 5.7. Tar docker save 69 dc37436859 > / data/docker/backup/archery. The tar Docker save f60d84d4d72c > / data/docker/backup/redis. Tar - rw - r - r - 1 root root 2.0 G Sep 8 when archery. The tar - rw - r - r - 1 root root 87M Sep 8 17:20 goinception. Tar -rw-r--r-- 1 root root 433M Sep 8 17:20 mysql-5.7.tar -rw-r--r-- 1 root root  98M Sep 8 17:22 redis.tarCopy the code

Copy the Docker image to formal

SCP -p 60920. / * root@ / data/docker/backup/restore image docker load < / data/docker/backup/archery. The tar # docker Images REPOSITORY TAG IMAGE ID CREATED SIZE < None > < None > 69dc37436859 9 days ago 2.03 GB TAG # docker TAG 69 dc37436859 docker. IO/hhyo/archery: 1.7.13 # docker images REPOSITORY TAG IMAGE ID CREATED the SIZE docker. IO/hhyo/archery 1.7.13 69DC37436859 9 days ago 2.03 GBCopy the code

Follow the preceding commands to restore other mirrors

# docker-compose -f docker-compose.yml up -d Creating redis ... done Creating goinception ... done Creating mysql ... done Creating inception ... done Creating archery ... Done # table structure to initialize the docker exec - ti archery/bin/bash CD/opt/archery source/opt/venv4archery/bin/activate python3 manage. Py Py # Data init python3 manage.py dbshell< SQL /fixtures/auth_group. SQL PYTHon3 Manage.py dbshell< SRC /init_sql/mysql_slow_query_review. SQL # Create admin user python3 manage.py createsuperuser # restart docker Docker logs archery -f --tail=50Copy the code

Visit next article explains how to configure the Archery

