一、Mariabd数据复制原理和功能
Mysql内建的复制功能是构建大型,高性能应用程序的基础。将Mysql的数据分布到多个系统上去,这种分布的机制,是通过将Mysql的某一台主机的数据复制到其它主机(slaves)上,并重新执行一遍来实现的。复制过程中一个服务器充当主服务器,而一个或多个其它服务器充当从服务器。主服务器将更新写入二进制日志文件,并维护文件的一个索引以跟踪日志循环。这些日志可以记录发送到从服务器的更新。当一个从服务器连接主服务器时,它通知主服务器从服务器在日志中读取的最后一次成功更新的位置。从服务器接收从那时起发生的任何更新,然后封锁并等待主服务器通知新的更新。
复制的功用:数据分布;负载均衡读;数据备份;高可用和故障切换;MySQL升级测试
二、Mariabd主从复制的实现
主节点(MASTER)配置
①、启动二进制日志、为当前节点设置一个全局惟的ID号
1
2
3
4
5
6
| [iyunv@localhost ~]# vim /etc/my.cn
log_bin = mysql-bin #启动二进制日志
server_id = 1 #设置服务器ID
innodb_file_per_table = ON #设置每表使用单独事务日志
skip-name-resolve #跳过域名解析
[iyunv@localhost ~]# systemctl restart mariadb.service
|
②、创建有复制权限的用户账号
1
2
3
4
5
6
7
8
9
| MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'wlw'@'192.168.0.%' IDENTIFIED BY 'wlw';
MariaDB [(none)]> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 413 | | |
+------------------+----------+--------------+------------------+
#这里二进制日志已经滚到到第三个文件了,前两个文件为数据库初始化创建的mysql管理库等信息,所以我们等一下配置
#配置从的Position只需要从这一刻的413开始即可
|
从节点(SLAVE)配置
①、启动中继日志、为当前节点设置一个全局惟的ID号
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# vim /etc/my.cn
relay_log = relay-log #启动中继日志
relay_log_index = relay-log.index
read-only = 1 #开启只读模式,此限制对拥有SUPER权限的用户均无效
#如果需要锁定所有用户,可以执行SQL语句(FLUSH TABLES WITH READ LOCK;)
server_id = 8
innodb_file_per_table = ON
skip-name-resolve
|
②、配置前查看一下从服务器的状态和是否启动了复制线程
1
2
3
4
5
6
7
8
9
10
| MariaDB [(none)]> SHOW SLAVE STATUS;
Empty set (0.01 sec)
#这里我们查看从服务器的状态,可以看到还没有配置,为空
MariaDB [(none)]> SHOW PROCESSLIST;
+----+------+-----------+------+---------+------+-------+------------------+----------+
| Id | User | Host | db | Command | Time | State | Info | Progress |
+----+------+-----------+------+---------+------+-------+------------------+----------+
| 2 | root | localhost | NULL | Query | 0 | NULL | SHOW PROCESSLIST | 0.000 |
+----+------+-----------+------+---------+------+-------+------------------+----------+
#可以看到从服务器还没有启动复制线程
|
③、使用有复制权限的用户账号连接至主服务器,并启动复制线程
1
2
| MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='192.168.0.151', MASTER_USER='wlw', MASTER_PASSWORD='wlw', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=413;
MariaDB [(none)]> START SLAVE;
|
④、配置后查看一下从服务器的状态和是否启动了复制线程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| MariaDB [(none)]> SHOW SLAVE STATUS\G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.0.151 #主服务器IP
Master_User: wlw #复制授权的用户
Master_Port: 3306 #主服务器端口
Connect_Retry: 60 #重试时间
Master_Log_File: mysql-bin.000003 #读取二进制的文件
Read_Master_Log_Pos: 413 #读取二进制的开始位置
Relay_Log_File: relay-log.000002 #读取的中继日志文件
Relay_Log_Pos: 529 #读取的中继日志位置
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes #I/O Thread启动
Slave_SQL_Running: Yes #SQL Thread启动
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 413
Relay_Log_Space: 817
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
MariaDB [(none)]> SHOW PROCESSLIST;
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
| Id | User | Host | db | Command | Time | State | Info | Progress |
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
| 2 | root | localhost | NULL | Query | 0 | NULL | SHOW PROCESSLIST | 0.000 |
| 3 | system user | | NULL | Connect | 404 | Waiting for master to send event | NULL | 0.000 |
| 4 | system user | | NULL | Connect | 403 | Slave has read all relay log; waiting for the slave I/O thread to update it | NULL | 0.000 |
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
#可以看到启动了两个线程,一个时等待主服务器发送的时间,一个是读取中继日志做同步
[iyunv@c7node1 ~]# ll /var/lib/mysql/master.info
-rw-rw----. 1 mysql mysql 75 Nov 8 09:00 /var/lib/mysql/master.info
#这个文件保存了主服务器的链接信息,包括账号密码等,下次重启服务会自动通过此文件连接主服务器
[iyunv@c7node1 ~]# cat /var/lib/mysql/relay-log.info
./relay-log.000002
691
mysql-bin.000003
575
#此文件保存从服务器使用的中继日志、POS和主服务器使用的二进制日志、POS,服务器启动也会读取此文件
|
⑤、测试实验结果,在主服务器创建数据库看从服务器是否自动复制
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| MariaDB [(none)]> CREATE DATABASE wlw;
MariaDB [(none)]> CREATE DATABASE WLW;
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| WLW |
| mysql |
| performance_schema |
| test |
| wlw |
+--------------------+
#可以看到主服务器创建的数据库从服务器已经自动复制完成
|
三、Mariabd双主复制的实现(容易产生数据不一致,慎用)
主节点一:c7node1.wlw.com 192.168.88.11 主节点二:c7node2.wlw.com 192.168.88.22 ①、各节点使用一个惟一server_id、启动binary log和relay log 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| [iyunv@c7node1 ~]# vim /etc/my.cnf
log_bin = mysql-bin
relay_log = relay-log
server_id = 1
innodb_file_per_table = ON
skip-name-resolve
auto_increment_offset = 1
auto_increment_increment = 2
#如果表中有字段为自动增长,需要配置上面两项,防止数据不一致
[iyunv@c7node2 ~]# vim /etc/my.cnf
log_bin = mysql-bin
relay_log = relay-log
server_id = 8
innodb_file_per_table = ON
skip-name-resolve
auto_increment_offset = 2
auto_increment_increment = 2
|
②、各节点创建拥有复制权限的用户账号 1
2
3
4
5
6
7
| c7node1节点数据库:
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'wlw'@'192.168.88.22' IDENTIFIED BY 'wlw';
MariaDB [(none)]> FLUSH PRIVILEGES;
c7node2节点数据库:
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'wlw'@'192.168.88.11' IDENTIFIED BY 'wlw';
MariaDB [(none)]> FLUSH PRIVILEGES;
|
③、各节点均把对方指定为主节点,并启动复制线程 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| c7node1节点数据库:
MariaDB [(none)]> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 500 | | |
+------------------+----------+--------------+------------------+
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='192.168.88.22', MASTER_USER='wlw', MASTER_PASSWORD='wlw', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=500;
MariaDB [(none)]> START SLAVE;
c7node2节点数据库:
MariaDB [(none)]> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 500 | | |
+------------------+----------+--------------+------------------+
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='192.168.88.11', MASTER_USER='wlw', MASTER_PASSWORD='wlw', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=500;
MariaDB [(none)]> START SLAVE;
|
③、测试实验结果,在c7node1和c7node2节点上各创建自动增长字段的表进行测试 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| c7node1节点数据库:
MariaDB [(none)]> CREATE DATABASE wlw;
MariaDB [wlw]> INSERT INTO tb1 (name) VALUES ('wlw4'),('wlw5');
c7node2节点数据库:
MariaDB [(none)]> USE wlw
#可以看到从节点一复制过来的wlw数据库,我们在此数据库创建一个表做测试
MariaDB [wlw]> CREATE TABLE tb1 (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,name CHAR(30));
MariaDB [wlw]> INSERT INTO tb1 (name) VALUES ('wlw1'),('wlw2'),('wlw3');
MariaDB [wlw]> SELECT * FROM tb1;
+----+------+
| id | name |
+----+------+
| 2 | wlw1 |
| 4 | wlw2 |
| 6 | wlw3 |
| 7 | wlw4 |
| 9 | wlw5 |
+----+------+
|
四、Mariabd半同步复制的实现(基于插件实现) 1
2
3
4
| [iyunv@localhost ~]# rpm -ql mariadb-server
/usr/lib64/mysql/plugin/semisync_master.so
/usr/lib64/mysql/plugin/semisync_slave.so
#半同步复制使用的插件
|
主节点(MASTER)配置 ①、启动二进制日志、为当前节点设置一个全局惟的ID号 1
2
3
4
5
| [iyunv@localhost ~]# vim /etc/my.cnf
log_bin = mysql-bin
server_id = 1
innodb_file_per_table = ON
skip-name-resolve
|
②、创建拥有复制权限的用户账号 1
2
3
4
5
6
7
8
| MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'wlw'@'192.168.88.22' IDENTIFIED BY 'wlw';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 490 | | |
+------------------+----------+--------------+------------------+
|
③、安装插件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| MariaDB [(none)]> INSTALL PLUGIN rpl_semi_sync_master SONAME 'semisync_master.so';
MariaDB [(none)]> SHOW PLUGINS;
#查看插件是否加载成功
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%';
+------------------------------------+-------+
| Variable_name | Value |
+------------------------------------+-------+
| rpl_semi_sync_master_enabled | OFF | #是否启动为半同步复制的主节点
| rpl_semi_sync_master_timeout | 10000 | #等待从节点的超时时间,10s
| rpl_semi_sync_master_trace_level | 32 | #跟踪级别
| rpl_semi_sync_master_wait_no_slave | ON | #在没有从节点的时候是否等待
+------------------------------------+-------+
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 0 | #有多少个半同步节点
| Rpl_semi_sync_master_net_avg_wait_time | 0 |
| Rpl_semi_sync_master_net_wait_time | 0 |
| Rpl_semi_sync_master_net_waits | 0 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | OFF |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 |
| Rpl_semi_sync_master_tx_wait_time | 0 |
| Rpl_semi_sync_master_tx_waits | 0 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
MariaDB [(none)]> SET GLOBAL rpl_semi_sync_master_enabled = ON;
#启动为半同步复制的主节点
|
从节点(SLAVE)配置 ①、启动中继日志、为当前节点设置一个全局惟的ID号 1
2
3
4
5
| [iyunv@localhost ~]# vim /etc/my.cnf
relay_log = relay-log
server_id = 8
innodb_file_per_table = ON
skip-name-resolve
|
②、安装插件
1
2
3
4
5
6
7
8
9
10
11
| MariaDB [(none)]> INSTALL PLUGIN rpl_semi_sync_slave SONAME 'semisync_slave.so';
MariaDB [(none)]> SHOW PLUGINS;
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| rpl_semi_sync_slave_enabled | OFF | #是否启动为半同步复制的从节点
| rpl_semi_sync_slave_trace_level | 32 | #跟踪级别
+---------------------------------+-------+
MariaDB [(none)]> SET GLOBAL rpl_semi_sync_slave_enabled = ON;
#启动为半同步复制的从节点
|
③、使用有复制权限的用户账号连接至主服务器,并启动复制线程
1
2
| MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='192.168.88.11', MASTER_USER='wlw', MASTER_PASSWORD='wlw', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=490;
MariaDB [(none)]> START SLAVE;
|
④、实验测试结果,创建数据库和数据表并查看状态信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| MariaDB [(none)]> CREATE DATABASE wlw;
MariaDB [(none)]> USE wlw
MariaDB [wlw]> CREATE TABLE tb(id int);
MariaDB [wlw]> SHOW GLOBAL STATUS LIKE '%semi%';
+--------------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------------+--------+
| Rpl_semi_sync_master_clients | 1 |
| Rpl_semi_sync_master_net_avg_wait_time | 55693 |
| Rpl_semi_sync_master_net_wait_time | 111387 |
| Rpl_semi_sync_master_net_waits | 2 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 85545 |
| Rpl_semi_sync_master_tx_wait_time | 171091 |
| Rpl_semi_sync_master_tx_waits | 2 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 2 |
+--------------------------------------------+--------+
|
五、Mariabd复制过滤器
①、让从节点仅复制指定的数据库,或指定数据库的指定表;
(1) 主服务器仅向二进制日志中记录与特定数据库(特定表)相关的事件(时间还原无法实现,不建议使用)
1
2
3
| [iyunv@localhost ~]# vim /etc/my.cnf
binlog_do_db= # 数据库白名单列表
binlog_ignore_db= # 数据库黑名单列表
|
(2) 从服务器SQL_THREAD在replay中继日志中的事件时,仅读取与特定数据库(特定表)相关的事件并应用于本地(会造成网络及磁盘IO浪费)
1
2
3
4
5
6
7
| [iyunv@localhost ~]# vim /etc/my.cnf
replicate_do_db= #数据库白名单列表
replicate_ignore_db= #数据库黑名单列表
replicate_do_table= #表白名单列表
replicate_ignore_table= #表黑名单列表
replicate_wild_do_table= #使用通配符定义表白名单列表
replicate_wild_ignore_table= #使用通配符定义表黑名单列表
|
如果需要永久有用需要保存到配置文件中,下面我们测试在会话级别修改测试实验
从节点(SLAVE)配置
1
2
3
4
5
6
7
8
9
10
| MariaDB [(none)]> STOP SLAVE;
#关闭复制线程
MariaDB [(none)]> SET GLOBAL replicate_do_db = wlw;
#设置wlw数据库为数据库白名单,只有此数据库才能同步复制
MariaDB [(none)]> START SLAVE;
#启动复制线程
MariaDB [(none)]> SHOW SLAVE STATUS\G
Replicate_Do_DB: wlw
#这里可以看到白名单列表
|
主节点的创建其他数据库并在wlw数据库中插入表或修改数据查看实验结果
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| 主服务器Mariadb
MariaDB [wlw]> CREATE DATABASE slaves;
Query OK, 1 row affected (0.09 sec)
从服务器Mariadb
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| wlw |
+--------------------+
#可以看到新创建的slaves数据库并没有复制过来
主服务器Mariadb
MariaDB [wlw]> INSERT INTO tb VALUES (99);
Query OK, 1 row affected (0.03 sec)
从服务器Mariadb
MariaDB [(none)]> SELECT * FROM wlw.tb;
+------+
| id |
+------+
| 0 |
| 99 |
+------+
#可以看到,只有对数据库白名单的操作才能复制,其他数据库的任何操作都不进行复制
|
六、Mariabd基于SSL复制的实现
①、在主服务器上为CA生成私钥
1
2
3
4
| [iyunv@localhost ~]# cd /etc/pki/CA/
[iyunv@localhost CA]# touch index.txt
[iyunv@localhost CA]# echo 01 > serial
[iyunv@localhost CA]# (umask 077;openssl genrsa 2048 > private/cakey.pem)
|
②、生成自签证书
1
| [iyunv@localhost CA]#[iyunv@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300
|
③、主服务器生成证书
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@localhost CA]# mkdir /var/lib/mysql/ssl
[iyunv@localhost CA]# cd /var/lib/mysql/ssl
[iyunv@localhost ssl]# (umask 077;openssl genrsa 1024 > master.key)
[iyunv@localhost ssl]# openssl req -new -key master.key -out master.csr
[iyunv@localhost ssl]# openssl ca -in master.csr -out master.crt -days 365
[iyunv@localhost ssl]# cp /etc/pki/CA/cacert.pem /var/lib/mysql/ssl/
[iyunv@localhost ssl]# chown -R mysql.mysql /var/lib/mysql/ssl//*
[iyunv@localhost ssl]# ll
总用量 16
-rw-r--r--. 1 mysql mysql 1407 11月 8 12:50 cacert.pem
-rw-r--r--. 1 mysql mysql 3847 11月 8 12:49 master.crt
-rw-r--r--. 1 mysql mysql 696 11月 8 12:48 master.csr
-rw-------. 1 mysql mysql 887 11月 8 12:47 master.key
|
④、从服务器生成签署证书
1
2
3
4
| [iyunv@c7node1 ~]# mkdir /var/lib/mysql/ssl
[iyunv@c7node1 ~]# cd /var/lib/mysql/ssl
[iyunv@c7node1 ssl]# (umask 077;openssl genrsa 1024 > slave.key)
[iyunv@c7node1 ssl]# openssl req -new -key slave.key -out slave.csr
|
⑤、把签署证书发送到主服务器上,在主服务器上签署证书后在发给从服务器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [iyunv@c7node1 ssl]# scp ./slave.csr 192.168.88.11:/root
[iyunv@localhost ~]# openssl ca -in slave.csr -out slave.crt -days 360
[iyunv@localhost ~]# scp ./slave.crt 192.168.88.22:/var/lib/mysql/ssl
[iyunv@localhost ~]# cd /etc/pki/CA
[iyunv@localhost CA]# scp ./cacert.pem 192.168.88.22:/var/lib/mysql/ssl
[iyunv@c7node1 ssl]# cd /var/lib/mysql/ssl
[iyunv@c7node1 ssl]# chown -R mysql:mysql /var/lib/mysql/ssl/.*
[iyunv@c7node1 ssl]# ll
total 16
-rw-r--r--. 1 mysql mysql 1407 Nov 8 17:27 cacert.pem
-rw-r--r--. 1 mysql mysql 3842 Nov 8 17:23 slave.crt
-rw-r--r--. 1 mysql mysql 696 Nov 8 17:18 slave.csr
-rw-------. 1 mysql mysql 891 Nov 8 17:17 slave.key
|
⑥、修改主从的数据库配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
| 主节点配置
[iyunv@localhost ~]# vim /etc/my.cnf
log_bin = mysql-bin
server_id = 1
innodb_file_per_table = ON
skip-name-resolve
ssl
ssl-ca = /var/lib/mysql/ssl/cacert.pem
ssl-cert = /var/lib/mysql/ssl/master.crt
ssl-key = /var/lib/mysql/ssl/master.key
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%ssl%';
+---------------+-------------------------------+
| Variable_name | Value |
+---------------+-------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /var/lib/mysql/ssl/cacert.pem |
| ssl_capath | |
| ssl_cert | /var/lib/mysql/ssl/master.crt |
| ssl_cipher | |
| ssl_key | /var/lib/mysql/ssl/master.key |
+---------------+-------------------------------+
#只要查询到have_openssl和have_ssl为YES,代表配置没有错,正常开启了ssl功能
从节点配置
[iyunv@c7node1 ssl]# vim /etc/my.cnf
relay_log = relay-log
server_id = 8
innodb_file_per_table = ON
skip-name-resolve
ssl
ssl-ca = /var/lib/mysql/ssl/cacert.pem
ssl-cert = /var/lib/mysql/ssl/slave.crt
ssl-key = /var/lib/mysql/ssl/slave.key
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%ssl%';
+---------------+-------------------------------+
| Variable_name | Value |
+---------------+-------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /var/lib/mysql/ssl/cacert.pem |
| ssl_capath | |
| ssl_cert | /var/lib/mysql/ssl/slave.crt |
| ssl_cipher | |
| ssl_key | /var/lib/mysql/ssl/slave.key |
+---------------+-------------------------------+
|
⑦、主上创建ssl链接的用户
1
2
3
4
5
6
7
8
9
| MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'wlw'@'192.168.88.22' IDENTIFIED BY 'wlw' REQUIRE SSL;
#授权只能通过SSL连接的账户
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 245 | | |
+------------------+----------+--------------+------------------+
|
⑧、从服务器上通过ssl链接主服务器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='192.168.88.11', MASTER_USER='wlw', MASTER_PASSWORD='wlw', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=245,master_ssl=1,master_ssl_ca='/var/lib/mysql/ssl/cacert.pem', master_ssl_cert='/var/lib/mysql/ssl/slave.crt', master_ssl_key='/var/lib/mysql/ssl/slave.key';
MariaDB [(none)]> START SLAVE;
MariaDB [(none)]> SHOW SLAVE STATUS\G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.88.11
Master_User: wlw
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 577
Relay_Log_File: relay-log.000002
Relay_Log_Pos: 861
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 577
Relay_Log_Space: 1149
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /var/lib/mysql/ssl/cacert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /var/lib/mysql/ssl/slave.crt
Master_SSL_Cipher:
Master_SSL_Key: /var/lib/mysql/ssl/slave.key
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
|
⑧、验证是否使用了ssl加密
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| [iyunv@c7node1 mysql]# mysql --ssl-ca='/var/lib/mysql/ssl/cacert.pem' --ssl-cert='/var/lib/mysql/ssl/slave.crt' --ssl-key='/var/lib/mysql/ssl/slave.key' -uwlw -h192.168.88.11 -pwlw
MariaDB [(none)]> \s
--------------
mysql Ver 15.1 Distrib 5.5.41-MariaDB, for Linux (x86_64) using readline 5.1
Connection id: 12
Current database:
Current user: wlw@192.168.88.22
SSL: Cipher in use is DHE-RSA-AES256-GCM-SHA384 #可以看到是于SSL加密
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 5.5.41-MariaDB-log MariaDB Server
Protocol version: 10
Connection: 192.168.88.11 via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 20 min 1 sec
Threads: 3 Questions: 20 Slow queries: 0 Opens: 0 Flush tables: 2 Open tables: 26 Queries per second avg: 0.016
#由于SSL相关的配置写进了配置文件,则默认是加密连接的。也可以使用--skip-ssl选项取消加密连接。
|
七、复制的监控和维护
①、清理日志:
1
2
3
4
| MariaDB [(none)]> PURGE BINARY LOGS TO 'mysql-bin.000002';
#只会清理mysql-bin.000002之前的,不会清理mysql-bin.000002
MariaDB [(none)]> PURGE BINARY LOGS BEFORE '2015-11-11 11:11:11';
#只会清理指定时间前的二进制日志
|
②、复制监控
1
2
3
4
5
| MariaDB [(none)]> SHOW MASTER STATUS;
MariaDB [(none)]> SHOW BINLOG EVENTS;
MariaDB [(none)]> SHOW BINARY LOGS
MariaDB [(none)]> SHOW SLAVE STATUS;
MariaDB [(none)]> SHOW PROCESSLIST;
|
③、从服务器是否落后于主服务:
1
2
| MariaDB [(none)]> SHOW BINLOG LOGS;
Seconds_Behind_Master: 0
|
④、如何确定主从节点数据是否一致;
使用工具:percona-tools
⑤、数据不一致如何修复
以主节点为准,停止从服务器,删除数据,备份主服务器数据重新复制;
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-9 09:13:14
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡