MySQL基于SSL的主从复制
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了MySQL基于SSL的主从复制相关的知识,希望对你有一定的参考价值。
将两台mysql数据库节点配置为主从
log-bin=mysql-bin #主节点开启二进制日志 binlog_format=mixed server-id = 1 #主节点server-id为1
授权从服务器复制账号并记录二进制日志位置:
server_id=2 #从服务器server-id为2 relay_log=relay-log #打开从服务器中继日志,并关闭二进制日志
从服务器连接主服务器,并打开复制线程:
查询从服务器连接状态:
MariaDB [(none)]> SHOW SLAVE STATUS\G; *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 172.16.61.6 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000004 Read_Master_Log_Pos: 422 Relay_Log_File: relay-log.000002 Relay_Log_Pos: 529 Relay_Master_Log_File: mysql-bin.000004 Slave_IO_Running: Yes #IO线程处于running状态 Slave_SQL_Running: Yes #SQL线程处于running状态 Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 422 Relay_Log_Space: 817 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec)
主从复制测试:
在主节点创建数据库,并记录二进制日志位置:
在从节点查看:
MariaDB [(none)]> SHOW SLAVE STATUS\G; *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 172.16.61.6 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000004 Read_Master_Log_Pos: 505 #主节点的二进制日志位置已经同步 Relay_Log_File: relay-log.000002 Relay_Log_Pos: 612 Relay_Master_Log_File: mysql-bin.000004 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 505 Relay_Log_Space: 900 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.01 sec)
实现SSL复制:
配置主服务器为CA:
[[email protected] CA]# (umask 077;openssl genrsa -out private/cakey.pem 1024) #将主节点配置为CA [[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 [[email protected] CA]# touch {index.txt,serial} [[email protected] CA]# echo 01> serial
生成主服务器证书:
[[email protected] CA]# mkdir /mysql/ssl -pv [[email protected] CA]# cd /mysql/ssl [[email protected] ssl]# (umask 077;openssl genrsa -out master.key 1024) [[email protected] ssl]# openssl req -new -key master.key -out master.csr [[email protected] ssl]# openssl ca -in master.csr -out master.crt -days 3650
生成从服务器证书:
[[email protected] ~]# mkdir /mysql/ssl -pv [[email protected] ~]# cd /mysql/ssl [[email protected] ssl]# (umask 077;openssl genrsa -out slave.key 1024) [[email protected] ssl]# openssl req -new -key slave.key -out slave.csr [[email protected] ssl]# scp slave.csr [email protected]:/tmp [[email protected] ssl]# openssl ca -in /tmp/slave.csr -out /tmp/slave.crt [[email protected] ssl]# scp /tmp/slave.crt [email protected]:/mysql/ssl/
拷贝CA证书到各节点:
[[email protected] ssl]# cp /etc/pki/CA/cacert.pem ./ [[email protected] ssl]# scp /etc/pki/CA/cacert.pem [email protected]:/mysql/ssl/
更改权限:
[[email protected] ssl]# chown -R mysql.mysql ./ [[email protected] ssl]# chown -R mysql.mysql ./
主从服务器配置SSL选项:(从服务器只需将文件名改为slave即可)
[mysqld] ssl ssl-ca = /mysql/ssl/cacert.pem ssl-cert = /mysql/ssl/master.crt ssl-key = /mysql/ssl/master.key
重启主节点查看ssl状态:
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE "%SSL%"; +---------------+-----------------------+ | Variable_name | Value | +---------------+-----------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/ssl/cacert.pem | | ssl_capath | | | ssl_cert | /mysql/ssl/master.crt | | ssl_cipher | | | ssl_key | /mysql/ssl/master.key | +---------------+-----------------------+
从节点:
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE "%SSL%"; +---------------+-----------------------+ | Variable_name | Value | +---------------+-----------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/ssl/cacert.pem | | ssl_capath | | | ssl_cert | /mysql/ssl/slave.crt | | ssl_cipher | | | ssl_key | /mysql/ssl/slave.key | +---------------+-----------------------+
主节点授权通过ssl连接的复制账号
MariaDB [(none)]> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO ‘repluser‘@‘172.16.61.8‘ IDENTIFIED BY ‘replpass‘ REQUIRE SSL;
从节点ssl连接主节点测试:
[[email protected] ssl]# mysql -urepluser -preplpass -h172.16.61.6 --ssl-ca=/mysql/ssl/cacert.pem --ssl-cert=/mysql/ssl/slave.crt --ssl-key=/mysql/ssl/slave.key
主节点授权基于ssl复制的帐号:
从节点连接主节点:
MariaDB [(none)]> START SLAVE; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> SHOW SLAVE; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘‘ at line 1 MariaDB [(none)]> SHOW SLAVE STATUS\G; *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 172.16.61.6 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000006 Read_Master_Log_Pos: 434 Relay_Log_File: relay-log.000002 Relay_Log_Pos: 529 Relay_Master_Log_File: mysql-bin.000006 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 434 Relay_Log_Space: 817 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes #ssl连接 Master_SSL_CA_File: /mysql/ssl/cacert.pem Master_SSL_CA_Path: Master_SSL_Cert: /mysql/ssl/slave.crt Master_SSL_Cipher: Master_SSL_Key: /mysql/ssl/slave.key Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec) ERROR: No query specified
以上是关于MySQL基于SSL的主从复制的主要内容,如果未能解决你的问题,请参考以下文章