MySQL master-master replication + SSL Authentication

Source: Internet
Author: User

I. node information:
Master1: 192.168.80.143/24 + Ca
Master2: 192.168.80.144/24

The two nodes are the same as the master node and the slave of the other node.

Ii. Basic Configuration:

(1) MySQL is installed on both servers.

 
 
  1. # pvcreate /dev/sda5   
  2. # vgcreate myvg /dev/sda5  
  3. # lvcreate -L 10G -n mydata myvg  
  4. # mkdir -p /data/mydata  
  5. # mke2fs -j /dev/myvg/mydata   
  6. # mount /dev/myvg/mydata /data/mydata/  
  7.  
  8. # tar xf mysql-5.5.24-linux2.6-i686.tar.gz  -C /usr/local/  
  9. # cd /usr/local/  
  10. # ln -s mysql-5.5.24-linux2.6-i686/ mysql  
  11. # cd mysql  
  12. # useradd -r mysql  
  13. # chown -R mysql.mysql .  
  14. # scripts/mysql_install_db --datadir=/data/mydata/ --user=mysql 
  15. # chown -R root .  
  16. # cp support-files/my-large.cnf /etc/my.cnf  
  17. # vim /etc/my.cnf   
  18. thread_concurrency = 2 
  19. datadir = /data/mydata  
  20.  
  21. # cp support-files/mysql.server /etc/rc.d/init.d/mysqld  
  22. # chmod +x /etc/rc.d/init.d/mysqld  
  23. # service mysqld start 

(2) configure the CA Service on master1

 
 
  1. # Vim/etc/pki/tls/OpenSSL. CNF
  2. Dir =/etc/pki/CA
  3.  
  4. # Cd/etc/pki/CA/
  5. # Mkdir certs newcerts CRL
  6. # Touch index.txt
  7. # Echo 01> serial
  8.  
  9. # (Umask 077; OpenSSL genrsa-out private/cakey. pem1024)
  10. # OpenSSL req-X509-New-key private/cakey. pem
  11.  
  12. # Mkdir/usr/local/MySQL/SSL
  13. # Cd/usr/local/MySQL/SSL
  14.  
  15. Certificates are required for both master and slave servers. Therefore, four certificates are required.
  16. # (Umask 077; OpenSSL genrsa 1024> master1.key)
  17. # OpenSSL req-New-key master1.key-out master1.csr
  18. # OpenSSL ca-In master1.csr-out master1.crt-days 365
  19.  
  20. # (Umask 077; OpenSSL genrsa 1024> master1slave. Key)
  21. # OpenSSL req-New-key master1slave. Key-out master1slave. CSR
  22. # OpenSSL ca-In master1slave. CSR-out master1slave. CRT-days 365
  23.  
  24. # (Umask 077; OpenSSL genrsa 1024> master2.key)
  25. # OpenSSL req-New-key master2.key-out master2.csr
  26. # OpenSSL ca-In master2.csr-out master2.crt-days 365
  27.  
  28. # (Umask 077; OpenSSL genrsa 1024> master2slave. Key)
  29. # OpenSSL req-New-key master2slave. Key-out master2slave. CSR
  30. # OpenSSL ca-In master2slave. CSR-out master2slave. CRT-days 365
  31.  
  32. # Cp/etc/pki/CA/cacert. pem.
  33.  
  34. # Chown-r mysql. MySQL/user/local/MySQL/SSL
  35.  
  36. # SCP-P/etc/pki/CA/cacert. pem master1slave. * master2. * 192.168.80.144:/usr/local/MySQL/SSL/

3. Two-node configuration:

Master1:

 
 
  1. # Vim/etc/My. CNF
  2. Skip-slave-Start = 1 // you need to manually enable the thread when the Restart service is disabled.
  3.  
  4. SSL // specify SSL and Ca Information
  5. SSL-CA =/usr/local/MySQL/SSL/cacert. pem
  6. SSL-Cert =/usr/local/MySQL/SSL/master1.crt
  7. SSL-Key =/usr/local/MySQL/SSL/master1.key
  8.  
  9. Log-bin = mysql-bin
  10. Relay-log = mysql-relay // enable relay log
  11. Auto-increment = 2 // Add 2 to each ID
  12. Auto-increment-offset = 1 // you can specify the auto-increment ID.
  13.  
  14. Server-id = 1

Master2:

 
 
  1. # vim /etc/my.cnf  
  2. skip-slave-start=1 
  3.  
  4. ssl  
  5. ssl-ca=/usr/local/mysql/ssl/cacert.pem  
  6. ssl-cert=/usr/local/mysql/ssl/master2.crt  
  7. ssl-key=/usr/local/mysql/ssl/master2.key  
  8.  
  9. log-bin=mysql-bin  
  10. relay-log=mysql-relay  
  11. auto-increment-increment = 2 
  12. auto-increment-offset = 2 
  13.  
  14. server-id       = 2 
  15.  

Restart service to take effect

# Service mysqld restart

Configure and copy user information together, and specify to use SSL:

 
 
  1. mysql> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO repluser@'192.168.80.%' IDENTIFIED BY 'RedHat' REQUIRE SSL;  
  2.  
  3. mysql> flush privileges; 


View log location information separately:
Master1:

 
 
  1. mysql>show master status;  
  2. +------------------+----------+--------------+------------------+  
  3. | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |  
  4. +------------------+----------+--------------+------------------+  
  5. | mysql-bin.000011 |      107 |              |                  |  
  6. +------------------+----------+--------------+------------------+  
  7. 1 row in set (0.00 sec 

Master2:

 
 
  1. mysql>show master status;  
  2. +------------------+----------+--------------+------------------+  
  3. | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |  
  4. +------------------+----------+--------------+------------------+  
  5. | mysql-bin.000017 |      107 |              |                  |  
  6. +------------------+----------+--------------+------------------+  
  7. 1 row in set (0.00 sec 


Configure the slave information of master1 on master2:

 
 
  1. Mysql> change master to master_host = '192. 168.80.143 ', // specify the master server
  2. -> Master_user = 'repluser', // specify the user
  3. -> Master_password = 'redhat', // Password
  4. -> Master_log_file = 'mysql-bin.000017', // specify the log
  5. -> Master_log_pos = 107, // specify the log bit
  6. -> Master_ssl = 1,
  7. -> Master_ssl_ca = '/usr/local/MySQL/SSL/cacert. pem ',
  8. -> Master_ssl_cert = '/usr/local/MySQL/SSL/master1slave. CRT ',
  9. -> Master_ssl_key = '/usr/local/MySQL/SSL/master1slave. key ';


Configure the slave information of master2 on master1:

 
 
  1. mysql> CHANGE MASTER TO MASTER_HOST = '192.168.80.144' ,    
  2.     -> MASTER_USER = 'repluser' ,     
  3.     -> MASTER_PASSWORD = 'redhat' ,      
  4.     -> MASTER_LOG_FILE = 'mysql-bin.000011' ,    
  5.     -> MASTER_LOG_POS = 107 ,      
  6.     -> MASTER_SSL = 1 ,  
  7.     -> MASTER_SSL_CA = '/usr/local/mysql/ssl/cacert.pem' ,  
  8.     -> MASTER_SSL_CERT = '/usr/local/mysql/ssl/master2slave.crt' ,  
  9.     -> MASTER_SSL_KEY = '/usr/local/mysql/ssl/master2slave.key';      
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.