This content originally appeared on DEV Community and was authored by SameX
During the development of HarmonyOS Next, the ohpm-repo private repository plays a crucial role as it stores a large number of project dependency packages and metadata. Therefore, it is particularly important to configure a secure data storage solution and ensure data consistency. Below, I will introduce the relevant content in detail, combining practical usage experience.
How to Configure MySQL as a Secure Storage?
db Configuration
To use MySQL to store metadata in ohpm-repo, the db configuration needs to be made in the config.yaml file. Here is an example:
db:
type: mysql
config:
host: "Database host address"
port: 3366
username: "Database username"
password: "Database user password"
database: "repo"
It should be noted that for security reasons, it is recommended to use a database account with non - highest privileges for connection. For example, create a user specifically for ohpm-repo and assign it the minimum necessary privileges, allowing the user to only read and write to the repo database.
Encrypted Storage
To further enhance data security, encrypted storage can be adopted. MySQL provides a variety of encryption functions. For example, sensitive fields in database tables can be encrypted. The AES_ENCRYPT() and AES_DECRYPT() functions in MySQL can be used to achieve field - level encryption. The sample code is as follows:
-- Create a table with encrypted fields
CREATE TABLE packages (
id INT AUTO_INCREMENT PRIMARY KEY,
package_name VARCHAR(255),
encrypted_data VARBINARY(255)
);
-- Insert encrypted data
INSERT INTO packages (package_name, encrypted_data)
VALUES ('example_package', AES_ENCRYPT('sensitive_data', 'encryption_key'));
-- Query and decrypt data
SELECT package_name, AES_DECRYPT(encrypted_data, 'encryption_key')
FROM packages;
It should be noted that the encryption key should be properly kept to avoid leakage.
Custom Storage Plugin
If the default storage method cannot meet specific security requirements, a custom storage plugin can be used. In config.yaml, configure store as a custom type and specify the relevant information of the plugin:
store:
type: custom
config:
export_name: "MyStorage"
plugin_path: "plugins/storagePlugin/MyStorage"
custom_field: "test"
server: http://localhost:8088
Through custom storage plugins, more flexible security storage strategies can be implemented, such as integrating with the enterprise's internal secure storage system.
Multi-instance High-availability Deployment Scheme
How to Ensure Data Consistency
In multi-instance deployment, ensuring data consistency is the key. Since we use MySQL to store metadata, MySQL itself provides a replication function, which can achieve master - slave replication or multi - master replication. Taking master - slave replication as an example, the configuration steps are as follows:
- Modify the
my.cnffile on the master server to enable binary logging:
[mysqld]
log-bin=mysql-bin
server-id=1
- Restart the MySQL service on the master server and create a user for replication:
CREATE USER'repl_user'@'%' IDENTIFIED BY 'password';
GRANT REPLICATION SLAVE ON *.* TO'repl_user'@'%';
FLUSH PRIVILEGES;
- Modify the
my.cnffile on the slave server and setserver-idto a different value:
[mysqld]
server-id=2
- Restart the MySQL service on the slave server and configure the slave server to connect to the master server:
CHANGE MASTER TO
MASTER_HOST='Master server IP address',
MASTER_USER='repl_user',
MASTER_PASSWORD='password',
MASTER_LOG_FILE='Master server binary log file name',
MASTER_LOG_POS=Master server binary log position;
START SLAVE;
Through master - slave replication, the slave server will automatically synchronize the data on the master server, ensuring the data consistency accessed by multiple ohpm - repo instances.
Load Balancing Configuration
To achieve high availability and load balancing of multi - instances, load balancers such as Nginx or HAProxy can be used. Taking Nginx as an example, the configuration in nginx.conf is as follows:
upstream ohpm-repo-instances {
server instance1_ip:port;
server instance2_ip:port;
# More instances can be added according to the actual situation
}
server {
listen 80;
server_name your_domain.com;
location / {
proxy_pass http://ohpm-repo-instances;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
In this way, Nginx will evenly distribute user requests to each ohpm - repo instance, improving the system's concurrent processing ability and availability.
Data Migration and Secure Backup Strategies
How to Automatically Back up Data
To prevent data loss, the MySQL database needs to be backed up regularly. The mysqldump command combined with the system's scheduled tasks (such as cron tasks) can be used to achieve automatic backup. Here is a simple backup script:
#!/bin/bash
BACKUP_DIR="/path/to/backup"
DATE=$(date +%Y%m%d%H%M%S)
MYSQL_USER="Database username"
MYSQL_PASSWORD="Database user password"
MYSQL_DATABASE="repo"
mkdir -p $BACKUP_DIR
mysqldump -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > $BACKUP_DIR/backup_$DATE.sql
Save the above script as backup.sh and add execution permissions:
chmod +x backup.sh
Then use the crontab -e command to edit the scheduled task. For example, perform the backup at 2 am every day:
0 2 * * * /path/to/backup.sh
Disaster Recovery Plan
When a disaster occurs and data is lost, it is necessary to be able to restore the data quickly. The previously backed - up SQL file can be used for restoration. Execute the following command in MySQL:
mysql -u Database username -p Database name < /path/to/backup_xxxx.sql
At the same time, to ensure the smooth progress of the restoration process, it is recommended to regularly test the restoration of the backup data to check the integrity and availability of the backup.
Through the above configurations and strategies, secure data storage can be achieved in the ohpm - repo private repository, data consistency can be guaranteed, and data can be quickly restored in case of problems, providing stable and reliable support for HarmonyOS Next development.
This content originally appeared on DEV Community and was authored by SameX
SameX | Sciencx (2025-03-26T01:21:40+00:00) Data Storage Security and Multi-instance High-availability Deployment of ohpm-repo in HarmonyOS Next. Retrieved from https://www.scien.cx/2025/03/26/data-storage-security-and-multi-instance-high-availability-deployment-of-ohpm-repo-in-harmonyos-next/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.