MySQL基于SSL的主从复制

56u6i · 发表于 2016-3-22 08:23:06

将两台MySQL数据库节点配置为主从

1
2
3

log-bin=mysql-bin #主节点开启二进制日志
binlog_format=mixed
server-id = 1 #主节点server-id为1

授权从服务器复制账号并记录二进制日志位置：

1 2	server_id=2 #从服务器server-id为2 relay_log=relay-log #打开从服务器中继日志，并关闭二进制日志

从服务器连接主服务器，并打开复制线程：

查询从服务器连接状态：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

MariaDB [(none)]> SHOW SLAVE STATUS\G;
*************************** 1. row ***************************
            Slave_IO_State: Waiting for master to send event
               Master_Host: 172.16.61.6
               Master_User: repluser
               Master_Port: 3306
            Connect_Retry: 60
            Master_Log_File: mysql-bin.000004
      Read_Master_Log_Pos: 422
            Relay_Log_File: relay-log.000002
            Relay_Log_Pos: 529
      Relay_Master_Log_File: mysql-bin.000004
         Slave_IO_Running: Yes                #IO线程处于running状态
         Slave_SQL_Running: Yes                #SQL线程处于running状态
            Replicate_Do_DB:
      Replicate_Ignore_DB:
         Replicate_Do_Table:
   Replicate_Ignore_Table:
   Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
               Last_Errno: 0
               Last_Error:
               Skip_Counter: 0
      Exec_Master_Log_Pos: 422
            Relay_Log_Space: 817
            Until_Condition: None
            Until_Log_File:
            Until_Log_Pos: 0
         Master_SSL_Allowed: No
         Master_SSL_CA_File:
         Master_SSL_CA_Path:
            Master_SSL_Cert:
         Master_SSL_Cipher:
            Master_SSL_Key:
      Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
            Last_IO_Errno: 0
            Last_IO_Error:
            Last_SQL_Errno: 0
            Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
         Master_Server_Id: 1
1 row in set (0.00 sec)

主从复制测试：

在主节点创建数据库，并记录二进制日志位置：

在从节点查看：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

MariaDB [(none)]> SHOW SLAVE STATUS\G;
*************************** 1. row ***************************
            Slave_IO_State: Waiting for master to send event
               Master_Host: 172.16.61.6
               Master_User: repluser
               Master_Port: 3306
            Connect_Retry: 60
            Master_Log_File: mysql-bin.000004
      Read_Master_Log_Pos: 505                #主节点的二进制日志位置已经同步
            Relay_Log_File: relay-log.000002
            Relay_Log_Pos: 612
      Relay_Master_Log_File: mysql-bin.000004
         Slave_IO_Running: Yes
         Slave_SQL_Running: Yes
            Replicate_Do_DB:
      Replicate_Ignore_DB:
         Replicate_Do_Table:
   Replicate_Ignore_Table:
   Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
               Last_Errno: 0
               Last_Error:
               Skip_Counter: 0
      Exec_Master_Log_Pos: 505
            Relay_Log_Space: 900
            Until_Condition: None
            Until_Log_File:
            Until_Log_Pos: 0
         Master_SSL_Allowed: No
         Master_SSL_CA_File:
         Master_SSL_CA_Path:
            Master_SSL_Cert:
         Master_SSL_Cipher:
            Master_SSL_Key:
      Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
            Last_IO_Errno: 0
            Last_IO_Error:
            Last_SQL_Errno: 0
            Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
         Master_Server_Id: 1
1 row in set (0.01 sec)

实现SSL复制：

配置主服务器为CA:

1
2
3
4

[iyunv@node6 CA]# (umask 077;openssl genrsa -out private/cakey.pem 1024) #将主节点配置为CA
[iyunv@node6 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
[iyunv@node6 CA]# touch {index.txt,serial}
[iyunv@node6 CA]# echo 01> serial

生成主服务器证书：

1
2
3
4
5

[iyunv@node6 CA]# mkdir /mysql/ssl -pv
[iyunv@node6 CA]# cd /mysql/ssl
[iyunv@node6 ssl]# (umask 077;openssl genrsa -out master.key 1024)
[iyunv@node6 ssl]# openssl req -new -key master.key -out master.csr
[iyunv@node6 ssl]# openssl ca -in master.csr -out master.crt -days 3650

生成从服务器证书：

1
2
3
4
5
6
7

[iyunv@node8 ~]# mkdir /mysql/ssl -pv
[iyunv@node8 ~]# cd /mysql/ssl
[iyunv@node8 ssl]# (umask 077;openssl genrsa -out slave.key 1024)
[iyunv@node8 ssl]# openssl req -new -key slave.key -out slave.csr
[iyunv@node8 ssl]# scp slave.csr root@172.16.61.6:/tmp
[iyunv@node6 ssl]# openssl ca -in /tmp/slave.csr -out /tmp/slave.crt
[iyunv@node6 ssl]# scp /tmp/slave.crt root@172.16.61.8:/mysql/ssl/

拷贝CA证书到各节点：

1 2	[iyunv@node6 ssl]# cp /etc/pki/CA/cacert.pem ./ [iyunv@node6 ssl]# scp /etc/pki/CA/cacert.pem root@172.16.61.8:/mysql/ssl/

更改权限：

1 2	[iyunv@node6 ssl]# chown -R mysql.mysql ./ [iyunv@node8 ssl]# chown -R mysql.mysql ./

主从服务器配置SSL选项：（从服务器只需将文件名改为slave即可）

1
2
3
4
5

[mysqld]
ssl
ssl-ca = /mysql/ssl/cacert.pem
ssl-cert = /mysql/ssl/master.crt
ssl-key = /mysql/ssl/master.key

重启主节点查看ssl状态：

1
2
3
4
5
6
7
8
9
10
11
12

从节点：

1
2
3
4
5
6
7
8
9
10
11
12

主节点授权通过ssl连接的复制账号

1	MariaDB [(none)]> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON . TO 'repluser'@'172.16.61.8' IDENTIFIED BY 'replpass' REQUIRE SSL;

从节点ssl连接主节点测试：

1	[iyunv@node8 ssl]# mysql -urepluser -preplpass -h172.16.61.6 --ssl-ca=/mysql/ssl/cacert.pem --ssl-cert=/mysql/ssl/slave.crt --ssl-key=/mysql/ssl/slave.key

主节点授权基于ssl复制的帐号：

从节点连接主节点：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

MariaDB [(none)]> START SLAVE;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> SHOW SLAVE;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
MariaDB [(none)]> SHOW SLAVE STATUS\G;
*************************** 1. row ***************************
            Slave_IO_State: Waiting for master to send event
               Master_Host: 172.16.61.6
               Master_User: repluser
               Master_Port: 3306
            Connect_Retry: 60
            Master_Log_File: mysql-bin.000006
      Read_Master_Log_Pos: 434
            Relay_Log_File: relay-log.000002
            Relay_Log_Pos: 529
      Relay_Master_Log_File: mysql-bin.000006
         Slave_IO_Running: Yes
         Slave_SQL_Running: Yes
            Replicate_Do_DB:
      Replicate_Ignore_DB:
         Replicate_Do_Table:
   Replicate_Ignore_Table:
   Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
               Last_Errno: 0
               Last_Error:
               Skip_Counter: 0
      Exec_Master_Log_Pos: 434
            Relay_Log_Space: 817
            Until_Condition: None
            Until_Log_File:
            Until_Log_Pos: 0
         Master_SSL_Allowed: Yes                #ssl连接
         Master_SSL_CA_File: /mysql/ssl/cacert.pem
         Master_SSL_CA_Path:
            Master_SSL_Cert: /mysql/ssl/slave.crt
         Master_SSL_Cipher:
            Master_SSL_Key: /mysql/ssl/slave.key
      Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
            Last_IO_Errno: 0
            Last_IO_Error:
            Last_SQL_Errno: 0
            Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
         Master_Server_Id: 1
1 row in set (0.00 sec)

ERROR: No query specified

账号		自动登录	找回密码
密码			立即注册

Centos6.5×64安装配置openmeetings3.0.3详

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

[经验分享] MySQL基于SSL的主从复制

浏览过的版块

扫码加入运维网微信交流群