Yearning 安装使用

原创蔡璐云和恩墨交付战队 2022-09-22

1735

1. 简介

Yearning 面向中小型企业的轻量级MySQL SQL语句审核平台.提供查询审计，SQL审核等多种功能.

2. 主要功能

SQL 查询
- 查询工单
- 导出
- 自动补全，智能提示
- 查询语句审计
- 查询结果脱敏
SQL 审核
- 流程化工单
- SQL语句语法检测
- 根据规则检测SQL语句合规性
- 自动生成DDL/DML回滚语句
- 历史审核记录
推送
- E-mail 工单推送
- 钉钉 webhook 机器人工单推送
用户权限及管理
- 角色划分
- 基于用户的细粒度权限
- 注册
其他
- todoList
- LDAP 登录
- 动态审核规则配置
- 自定义审核层级
AutoTask 自动执行

3. 安装

3.1 注意事项

Yearning 不依赖于任何第三方 SQL 审核工具作为审核引擎,内部已自己实现审核/回滚相关逻辑。

仅依赖 Mysql 数据库。

mysql 版本必须为5.7及以上版本(8.0及以上请将sql_mode 设置为空)并已事先自行安装完毕且创建 Yearning 库,字符集应为 UTF8mb4 (仅 Yearning 所需 mysql 版本)

Yearning 基于 1080p 分辨率开发仅支持 1080p 及以上显示器访问

对于设置页面配置重叠的问题请确认自己的分辨率以及是否进行了放大操作

请使用Chrome最新版本(不包括 360 等其他魔改版本)

3.2 Yearning 下载

Yearning-go 提供二进制下载包
下载地址官方地址

请选择最新版本在 Assets 中选择 Yearning-x.x.x.linux-amd64.zip 包进行下载

如需进行代码修改或自己编译请移步至二次开发页面

3.3 Yearning 目录结构

总用量 24M
-rw-r--r-- 1 root root 2.1K 4月  12 14:08 README.md
-rw-r--r-- 1 root root  137 5月  20 11:01 conf.toml
-rwxr-xr-x 1 root root 7.4M 6月   2 09:43 migrate
-rwxr-xr-x 1 root root  17M 6月  20 13:53 Yearning

3.3.1 配置文件

[root@VM_0_6_centos Yearning]# cat conf.toml 
[Mysql]
Db = "Yearning"
Host = "127.0.0.1"
Port = "3306"
Password = ""
User = "root"

[General]
SecretKey = "dbcjqheupqjsuwsm"
Hours = 4

关于 SecretKey

SecretKey 是 token/数据库密码加密/解密的 salt。

建议所有用户在初次安装 Yearning 之前将 SecretKey 更改(不更改将存在安全风险)

格式: 大小写字母均可, 长度必须为 16 位如长度不是16位将会导致无法新建数据源

特别注意:

此 key 仅可在初次安装时更改!之后不可再次更改!如再次更改会导致之前已存放的数据源密码无法解密,最终导致无法获取相关数据源信息

使用帮助

[root@VM_0_6_centos Yearning]# ./Yearning --help
Yearning Mysql数据审核平台 (Version: 3.0.0 Uranus)
Usage:
  ./Yearning [Global Options...] {command} [--option ...] [argument ...]

Global Options:
  -h, --help              Display the help information
      --no-color          Disable color when outputting message
      --no-interactive    Disable interactive confirmation operations
      --no-progress       Disable display progress message
      --verbose           Set error reporting level(quiet 0 - 4 debug) (default 1)
  -V, --version           Display app version information

Available Commands:
  genac        Generate auto complete scripts for current application (alias: gen-ac)
  install      Yearning安装及数据初始化
  migrate      破坏性版本升级修复
  reset_super  重置超级管理员密码
  run          启动Yearning

  help         Display help information

Use "./Yearning {COMMAND} -h" for more information about a command

3.3.2 初始化及安装

./Yearning install
是否已将数据库字符集设置为UTF8/UTF8MB4? [yes|no]: yes

(/Users/henryyee/Yearning-go/src/service/migrate.go:33) 
[2022-07-05 09:57:03]  Error 1665: Cannot execute statement: impossible to write to binary log since BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited to row-based logging. InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED. 

(/Users/henryyee/Yearning-go/src/service/migrate.go:33) 
[2022-07-05 09:57:03]  [0.42ms]  INSERT INTO `core_accounts` (`username`,`password`,`department`,`real_name`,`email`,`is_recorder`) VALUES ('admin','pbkdf2_sha256$120000$s6BQ1ec5G9Ls$NIYUHkzLFXJ8Pfy+eaWhXiKerOyinEuaDzmn1M4wYBk=','DBA','超级管理员','',0)  
[0 rows affected or returned ] 

(/Users/henryyee/Yearning-go/src/service/migrate.go:40) 
[2022-07-05 09:57:03]  Error 1665: Cannot execute statement: impossible to write to binary log since BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited to row-based logging. InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED. 

(/Users/henryyee/Yearning-go/src/service/migrate.go:40) 
[2022-07-05 09:57:03]  [0.50ms]  INSERT INTO `core_global_configurations` (`authorization`,`ldap`,`message`,`other`,`stmt`,`audit_role`,`board`) VALUES ('global','{"url":"","user":"","password":"","type":"(\u0026(objectClass=organizationalPerson)(sAMAccountName=%s))","sc":"","ldaps":false,"map":"","test_user":"","test_password":""}','{"web_hook":"","host":"","port":25,"user":"","password":"","to_user":"","mail":false,"ding":false,"ssl":false,"push_type":false,"key":""}','{"limit":1000,"idc":["Aliyun","AWS"],"query":false,"register":false,"export":false,"ex_query_time":60}',0,'{"DMLAllowLimitSTMT":false,"DMLInsertColumns":false,"DMLMaxInsertRows":10,"DMLWhere":false,"DMLOrder":false,"DMLSelect":false,"DMLInsertMustExplicitly":false,"DDLEnablePrimaryKey":false,"DDLCheckTableComment":false,"DDlCheckColumnComment":false,"DDLCheckColumnNullable":false,"DDLCheckColumnDefault":false,"DDLEnableAcrossDBRename":false,"DDLEnableAutoincrementInit":false,"DDLEnableAutoIncrement":false,"DDLEnableAutoincrementUnsigned":false,"DDLEnableDropTable":false,"DDLEnableDropDatabase":false,"DDLEnableNullIndexName":false,"DDLIndexNameSpec":false,"DDLMaxKeyParts":5,"DDLMaxKey":5,"DDLMaxCharLength":10,"MaxTableNameLen":10,"MaxAffectRows":1000,"MaxDDLAffectRows":0,"SupportCharset":"","SupportCollation":"","CheckIdentifier":false,"MustHaveColumns":"","DDLMultiToCommit":false,"DDLPrimaryKeyMust":false,"DDLAllowColumnType":false,"DDLImplicitTypeConversion":false,"DDLAllowPRINotInt":false,"DDLAllowMultiAlter":false,"DDLEnableForeignKey":false,"DDLTablePrefix":"","DDLColumnsMustHaveIndex":"","DDLAllowChangeColumnPosition":false,"DDLCheckFloatDouble":false,"IsOSC":false,"OSCExpr":"","OscSize":0,"AllowCreateView":false,"AllowCrateViewWithSelectStar":false,"AllowCreatePartition":false,"AllowSpecialType":false,"PRIRollBack":false}','')  
[0 rows affected or returned ] 

(/Users/henryyee/Yearning-go/src/service/migrate.go:47) 
[2022-07-05 09:57:03]  Error 1665: Cannot execute statement: impossible to write to binary log since BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited to row-based logging. InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED. 

(/Users/henryyee/Yearning-go/src/service/migrate.go:47) 
[2022-07-05 09:57:03]  [0.25ms]  INSERT INTO `core_graineds` (`username`,`group`) VALUES ('admin','["admin"]')  
[0 rows affected or returned ] 

(/Users/henryyee/Yearning-go/src/service/migrate.go:51) 
[2022-07-05 09:57:03]  Error 1665: Cannot execute statement: impossible to write to binary log since BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited to row-based logging. InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED. 

(/Users/henryyee/Yearning-go/src/service/migrate.go:51) 
[2022-07-05 09:57:03]  [0.28ms]  INSERT INTO `core_role_groups` (`name`,`permissions`,`group_id`) VALUES ('admin','{"ddl_source":[],"dml_source":[],"query_source":[]}','')  
[0 rows affected or returned ] 
初始化成功!
用户名: admin
密码:Yearning_admin
请通过./Yearning run 运行,默认地址:http://<host>:8000

如要再次安装，请先把 yearning 库下所有表删除，否则重复执行无效

3.3.3 启动服务

默认启动

./Yearning run
检查更新.......
数据已更新!

    __  __          
    _ \/ /_________ 
    __  /_  _ \  _ \
    _  / /  __/  __/
    /_/  \___/\___/   yee v0.3.3
-----Easier and Faster-----
Creator: Henry Yee

参数启动
./Yearning run --push "172.27.80.35" -port "8000"

指定浏览器端口 http://127.0.0.1:8000; 默认账号/密码：admin/Yearning_admin

4. 服务更新

Yearning采用自动表结构同步无需手动更新表结构。只需停止原服务并替换安装包后重新启动即可

在一些特殊的升级情况中(破坏性变更)需要手动进行数据同步操作.如在版本更新公告中并无提示破坏性升级则无视以下命令!

./Yearning migrate

5. 容器化安装

Yearning安装包内已含有Dockerfile文件,可直接进行build打包成镜像

Yearning 从v2.0.4版本开始支持环境变量传参

容器启动时可通过环境变量的方式传入数据库地址。

如下所示：
docker run -d -it -p8000:8000 -e MYSQL_USER=root -e MYSQL_ADDR=10.0.0.3:3306 -e MYSQL_PASSWORD=123123 -e MYSQL_DB=Yearning test/yearning

yearning

「喜欢这篇文章，您的关注和赞赏是给作者最好的鼓励」

关注作者