MySQL 主-主复制 + SSL认证
MySQL 主-主复制 + SSL认证
一、节点信息:
Master1:192.168.80.143/24 + CA
Master2:192.168.80.144/24
这里两节点同为master,并且是对方节点的slave
二、基本配置:
(1)首先2台都安装mysql
- # pvcreate /dev/sda5
- # vgcreate myvg /dev/sda5
- # lvcreate -L 10G -n mydata myvg
- # mkdir -p /data/mydata
- # mke2fs -j /dev/myvg/mydata
- # mount /dev/myvg/mydata /data/mydata/
- # tar xf mysql-5.5.24-linux2.6-i686.tar.gz -C /usr/local/
- # cd /usr/local/
- # ln -s mysql-5.5.24-linux2.6-i686/ mysql
- # cd mysql
- # useradd -r mysql
- # chown -R mysql.mysql .
- # scripts/mysql_install_db --datadir=/data/mydata/ --user=mysql
- # chown -R root .
- # cp support-files/my-large.cnf /etc/my.cnf
- # vim /etc/my.cnf
- thread_concurrency = 2
- datadir = /data/mydata
- # cp support-files/mysql.server /etc/rc.d/init.d/mysqld
- # chmod +x /etc/rc.d/init.d/mysqld
- # service mysqld start
(2)在master1上配置CA服务
- # vim /etc/pki/tls/openssl.cnf
- dir = /etc/pki/CA
- # cd /etc/pki/CA/
- # mkdir certs newcerts crl
- # touch index.txt
- # echo 01 > serial
- # (umask 077;openssl genrsa -out private/cakey.pem 1024)
- # openssl req -x509 -new -key private/cakey.pem
- # mkdir /usr/local/mysql/ssl
- # cd /usr/local/mysql/ssl
- 主从服务器都需要证书,所以需要4个
- # (umask 077;openssl genrsa 1024 > master1.key)
- # openssl req -new -key master1.key -out master1.csr
- # openssl ca -in master1.csr -out master1.crt -days 365
- # (umask 077;openssl genrsa 1024 > master1slave.key)
- # openssl req -new -key master1slave.key -out master1slave.csr
- # openssl ca -in master1slave.csr -out master1slave.crt -days 365
- # (umask 077;openssl genrsa 1024 > master2.key)
- # openssl req -new -key master2.key -out master2.csr
- # openssl ca -in master2.csr -out master2.crt -days 365
- # (umask 077;openssl genrsa 1024 > master2slave.key)
- # openssl req -new -key master2slave.key -out master2slave.csr
- # openssl ca -in master2slave.csr -out master2slave.crt -days 365
- # cp /etc/pki/CA/cacert.pem .
- # chown -R mysql.mysql /user/local/mysql/ssl
- # scp -p /etc/pki/CA/cacert.pem master1slave.* master2.* 192.168.80.144:/usr/local/mysql/ssl/
三、两节点配置:
Master1:
- # vim /etc/my.cnf
- skip-slave-start=1 //设置重启服务不自动开启线程,需要手动开启
- ssl //指定ssl,CA信息
- ssl-ca=/usr/local/mysql/ssl/cacert.pem
- ssl-cert=/usr/local/mysql/ssl/master1.crt
- ssl-key=/usr/local/mysql/ssl/master1.key
- log-bin=mysql-bin
- relay-log=mysql-relay //开启中继日志
- auto-increment-increment = 2 //每次ID加2
- auto-increment-offset = 1 //设置起始自动增长ID
- server-id = 1
Master2:
- # vim /etc/my.cnf
- skip-slave-start=1
- ssl
- ssl-ca=/usr/local/mysql/ssl/cacert.pem
- ssl-cert=/usr/local/mysql/ssl/master2.crt
- ssl-key=/usr/local/mysql/ssl/master2.key
- log-bin=mysql-bin
- relay-log=mysql-relay
- auto-increment-increment = 2
- auto-increment-offset = 2
- server-id = 2
重启服务生效
# service mysqld restart
共同配置复制用户信息,并指定通过SSL:
- mysql> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO repluser@'192.168.80.%' IDENTIFIED BY 'RedHat' REQUIRE SSL;
- mysql> flush privileges;
分别查看日志位置信息:
Master1:
- mysql>show master status;
- +------------------+----------+--------------+------------------+
- | File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
- +------------------+----------+--------------+------------------+
- | mysql-bin.000011 | 107 | | |
- +------------------+----------+--------------+------------------+
- 1 row in set (0.00 sec
Master2:
- mysql>show master status;
- +------------------+----------+--------------+------------------+
- | File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
- +------------------+----------+--------------+------------------+
- | mysql-bin.000017 | 107 | | |
- +------------------+----------+--------------+------------------+
- 1 row in set (0.00 sec
在Master2上配置Master1的slave信息:
- mysql> CHANGE MASTER TO MASTER_HOST = '192.168.80.143' , //指定主服务器
- -> MASTER_USER = 'repluser' , //指定用户
- -> MASTER_PASSWORD = 'redhat' , //密码
- -> MASTER_LOG_FILE = 'mysql-bin.000017' , //指定日志
- -> MASTER_LOG_POS = 107 , //指定日志位
- -> MASTER_SSL = 1 ,
- -> MASTER_SSL_CA = '/usr/local/mysql/ssl/cacert.pem' ,
- -> MASTER_SSL_CERT = '/usr/local/mysql/ssl/master1slave.crt' ,
- -> MASTER_SSL_KEY = '/usr/local/mysql/ssl/master1slave.key';
在Master1上配置Master2的slave信息:
- mysql> CHANGE MASTER TO MASTER_HOST = '192.168.80.144' ,
- -> MASTER_USER = 'repluser' ,
- -> MASTER_PASSWORD = 'redhat' ,
- -> MASTER_LOG_FILE = 'mysql-bin.000011' ,
- -> MASTER_LOG_POS = 107 ,
- -> MASTER_SSL = 1 ,
- -> MASTER_SSL_CA = '/usr/local/mysql/ssl/cacert.pem' ,
- -> MASTER_SSL_CERT = '/usr/local/mysql/ssl/master2slave.crt' ,
- -> MASTER_SSL_KEY = '/usr/local/mysql/ssl/master2slave.key';
|
评论暂时关闭