SQL Server實例間同步登錄用戶 問題痛點:由於AlwaysOn和資料庫鏡像無法同步資料庫外實例對象,例如 登錄用戶、作業、鏈接伺服器等,導致主庫切換之後,應用連接不上資料庫或者作業不存在導致每晚跑批任務漏跑等 目前來看,作業等其他實例對象的同步還比較難實現,比如作業分為很多步驟,而且作業包含 ...
SQL Server實例間同步登錄用戶
問題痛點:由於AlwaysOn和資料庫鏡像無法同步資料庫外實例對象,例如 登錄用戶、作業、鏈接伺服器等,導致主庫切換之後,應用連接不上資料庫或者作業不存在導致每晚跑批任務漏跑等
目前來看,作業等其他實例對象的同步還比較難實現,比如作業分為很多步驟,而且作業包含的命令也比較複雜,作業也支持調用其他子系統,比如 PowerShell ,ActiveX,CmdExec等資料庫外部程式和命令,用動態SQL方式很難處理
本文主要介紹的是登錄用戶的同步,畢竟登錄用戶的重要性還是比較高的,應用需要先通過登錄用戶登錄DB實例才能執行後續的操作
要在SQLServer實例間同步登錄用戶,主要有幾種方法
1、創建操作系統域用戶,然後創建基於這個域用戶的登錄用戶,因為域用戶在域裡面是同步的,但是這種方法前提是需要有域環境,而且普通開發人員一般也沒有域控機器許可權創建域用戶
2、使用外部第三方工具,比如 sqlcmd,PowerShell
3、使用鏈接伺服器 和 動態拼接SQL方法
本文主要使用第三種方法,因為第三種方法本人認為有下麵幾種優勢
1、保證最低維護成本,純SQL實現,不需要藉助第三方工具
2、通用性,幾乎所有SQL Server版本都能用,也不需要像第三方工具例如 PowerShell那樣有時候需要升級版本
3、相容性,跨操作系統平臺Linux、Windows
4、高可靠性,使用SQLServer自帶原生工具,足夠簡單高效
這個工具腳本的主要流程如下
具體使用步驟
假設有三個AlwaysOn節點,分別是
node1 ip:192.168.10.10
node2 ip:192.168.10.11
node3 ip:192.168.10.12
step1: 創建鏈接伺服器,在所有AlwaysOn節點上創建其他節點的鏈接伺服器,比如在192.168.10.10上創建其他節點鏈接伺服器,下麵腳本在192.168.10.10伺服器上執行,其他節點以此類推
--create linkedserver USE [master] GO DECLARE @IP NVARCHAR(MAX) DECLARE @Login NVARCHAR(MAX) DECLARE @PWD NVARCHAR(MAX) SET @Login = N'sa' --★Do SET @PWD = N'xxxxxx' --★Do SET @IP ='192.168.10.11,1433' --★Do EXEC master.dbo.sp_addlinkedserver @server = @IP,@srvproduct = N'SQL Server' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'collation compatible', @optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'data access', @optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'dist',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'pub',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'rpc',@optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'rpc out',@optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'sub',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'connect timeout', @optvalue = N'0' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'collation name', @optvalue = NULL EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'lazy schema validation', @optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'query timeout', @optvalue = N'0' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'use remote collation', @optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'connect timeout', @optvalue = N'120' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'query timeout', @optvalue = N'120' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'remote proc transaction promotion',@optvalue = N'true' USE [master] EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = @IP, @locallogin = NULL, @useself = N'False', @rmtuser = @Login, @rmtpassword = @PWD --------------------------------------------------------------------------------------------------------------------------- --create linkedserver USE [master] GO DECLARE @IP NVARCHAR(MAX) DECLARE @Login NVARCHAR(MAX) DECLARE @PWD NVARCHAR(MAX) SET @Login = N'sa' --★Do SET @PWD = N'xxxxxx' --★Do SET @IP ='192.168.10.12,1433' --★Do EXEC master.dbo.sp_addlinkedserver @server = @IP,@srvproduct = N'SQL Server' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'collation compatible', @optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'data access', @optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'dist',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'pub',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'rpc',@optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'rpc out',@optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP, @optname = N'sub',@optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'connect timeout', @optvalue = N'0' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'collation name', @optvalue = NULL EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'lazy schema validation', @optvalue = N'false' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'query timeout', @optvalue = N'0' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'use remote collation', @optvalue = N'true' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'connect timeout', @optvalue = N'120' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'query timeout', @optvalue = N'120' EXEC master.dbo.sp_serveroption @server = @IP,@optname = N'remote proc transaction promotion',@optvalue = N'true' USE [master] EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = @IP, @locallogin = NULL, @useself = N'False', @rmtuser = @Login, @rmtpassword = @PWD
step2: 創建存儲過程,在所有AlwaysOn節點上創建存儲過程,記住是所有AlwaysOn節點都要執行
USE [master] GO -- ================================================================= -- Author: <steven> -- Create date: <2021-12-26> -- Description: <Synchronize login users between multiple SQLServer Instances> -- ================================================================= create PROCEDURE [dbo].[usp_SyncLoginUserRegularBetweenInstances] AS BEGIN IF EXISTS(SELECT 1 FROM sys.dm_hadr_availability_replica_states hars INNER JOIN sys.availability_groups ag ON ag.group_id = hars.group_id INNER JOIN sys.availability_replicas ar ON ar.replica_id = hars.replica_id WHERE [hars].[is_local] = 1 AND [hars].[role_desc] = 'PRIMARY'AND [hars].[operational_state_desc] = 'ONLINE' AND [hars].[synchronization_health_desc] = 'HEALTHY') BEGIN ----Check for prerequisite, if not present deploy it. IF NOT EXISTS (SELECT id FROM [master].[dbo].[sysobjects] where name='sp_hexadecimal' and xtype='P') BEGIN DECLARE @sp_hexadecimalcreatescript NVARCHAR(3000) SET @sp_hexadecimalcreatescript = N' CREATE PROCEDURE [dbo].[sp_hexadecimal] @binvalue VARBINARY(256) , @hexvalue VARCHAR(514) OUTPUT AS DECLARE @charvalue VARCHAR(514); DECLARE @i INT; DECLARE @length INT; DECLARE @hexstring CHAR(16); SELECT @charvalue = ''0x''; SELECT @i = 1; SELECT @length = DATALENGTH(@binvalue); SELECT @hexstring = ''0123456789ABCDEF''; WHILE ( @i <= @length ) BEGIN DECLARE @tempint INT; DECLARE @firstint INT; DECLARE @secondint INT; SELECT @tempint = CONVERT(INT, SUBSTRING(@binvalue, @i, 1)); SELECT @firstint = FLOOR(@tempint / 16); SELECT @secondint = @tempint - ( @firstint * 16 ); SELECT @charvalue = @charvalue + SUBSTRING(@hexstring, @firstint + 1, 1) + SUBSTRING(@hexstring, @secondint + 1, 1); SELECT @i = @i + 1; END; SELECT @hexvalue = @charvalue;' EXEC [master].[dbo].sp_executesql @sp_hexadecimalcreatescript END DECLARE @TempTable TABLE (id INT IDENTITY ,Script NVARCHAR(MAX)) DECLARE @Login NVARCHAR(MAX) DECLARE CURLOGIN CURSOR FOR SELECT name FROM sys.server_principals WHERE [type] = 'S' AND [is_disabled] =0 AND [name] <> 'sa' --WHERE CONVERT(VARCHAR(24), create_date, 103) = CONVERT(VARCHAR(24), GETDATE(), 103) -- OR CONVERT(VARCHAR(24), modify_date, 103) = CONVERT(VARCHAR(24), GETDATE(), 103) OPEN CURLOGIN FETCH NEXT FROM CURLOGIN INTO @Login WHILE @@FETCH_STATUS = 0 BEGIN SET NOCOUNT ON DECLARE @Script NVARCHAR(MAX) DECLARE @LoginName VARCHAR(1500) = @Login DECLARE @LoginSID VARBINARY(400) DECLARE @SID_String VARCHAR(1514) DECLARE @LoginPWD VARBINARY(1256) DECLARE @PWD_String VARCHAR(1514) DECLARE @LoginType CHAR(1) DECLARE @is_disabled BIT DECLARE @default_database_name SYSNAME DECLARE @default_language_name SYSNAME DECLARE @is_policy_checked BIT DECLARE @is_expiration_checked BIT DECLARE @createdDateTime DATETIME SELECT @LoginSID = P.[sid] , @LoginType = P.[type] , @is_disabled = P.is_disabled , @default_database_name = P.default_database_name , @default_language_name = P.default_language_name , @createdDateTime = P.create_date FROM sys.server_principals P WHERE P.name = @LoginName SET @Script = '' --If the login is a SQL Login, then do a lot of stuff... IF @LoginType = 'S' BEGIN SET @LoginPWD = CAST(LOGINPROPERTY(@LoginName, 'PasswordHash') AS VARBINARY(256)) EXEC [master].[dbo].[sp_hexadecimal] @LoginPWD, @PWD_String OUT EXEC [master].[dbo].[sp_hexadecimal] @LoginSID, @SID_String OUT SELECT @is_policy_checked = S.is_policy_checked , @is_expiration_checked = S.is_expiration_checked FROM sys.sql_logins S WHERE S.[type] = 'S' AND S.[is_disabled] =0 -- Create Script SET @Script = @Script + CHAR(13) + CHAR(13) + '''' + CHAR(13) + 'USE [master];' + CHAR(13) + 'IF EXISTS (SELECT name FROM sys.server_principals WHERE name= ''''' + @LoginName + ''''') ' + CHAR(13) + 'BEGIN ' + CHAR(13) + CHAR(9) + ' DECLARE @CurrentLoginPWD VARBINARY(512)' + CHAR(13) + CHAR(9) + ' DECLARE @CurrentPWD_String VARCHAR(1514)' + CHAR(13) + CHAR(9) + ' DECLARE @CurrentLoginSID VARBINARY(400)' + CHAR(13) + CHAR(9) + ' DECLARE @CurrentSID_String VARCHAR(1514)' + CHAR(13) + CHAR(9) + ' SELECT @CurrentLoginSID = [sid] FROM sys.server_principals WHERE name = '''''+ @LoginName +'''''' + CHAR(13) + CHAR(9) + ' SET @CurrentLoginPWD =CAST(LOGINPROPERTY(''''' + @LoginName + ''''', ' + '''''PasswordHash''''' +') AS VARBINARY(512))' + CHAR(13) + CHAR(9) + ' EXEC [master].[dbo].[sp_hexadecimal] @CurrentLoginPWD , @CurrentPWD_String OUT ' + CHAR(13) + CHAR(9) + '
