layout: post
title: Mysql数据复制—-主从复制、级联复制、半同步复制、主主复制、复制过滤器、主从复制ssl加密
date: 2018-02-27
tags: [“Mariadb”,”软件服务”]
一、Mysql复制的概念
MySQL主从复制是其最重要的功能之一。主从复制是指一台服务器充当主数据库服务器,另一台或多台服务器充当从数据库服务器,主服务器中的数据自动复制到从服务器之中。对于多级复制,数据库服务器即可充当主机,也可充当从机。MySQL主从复制的基础是主服务器对数据库修改记录二进制日志,从服务器通过主服务器的二进制日志自动执行更新。
二、Mysql主从复制的原理
主从复制线程:
主节点:
dump Thread:为每个Slave的I/O Thread启动一个dump线程,用于向其发送binary log events
从节点:
I/O Thread:向Master请求二进制日志事件,并保存于中继日志中
SQL Thread:从中继日志中读取日志事件,在本地完成重放
跟复制功能相关的文件:
master.info:用于保存slave连接至master时的相关信息,例如账号、密码、服务器地址等
relay-log.info:保存在当前slave节点上已经复制的当前二进制日志和本地replay log日志的对应关系
主从复制的特点:
异步复制: 主从数据不一致比较常见,但是主服务器响应速度块
同步复制:主从数据不一致的数据比较少,主服务器响应速度慢
制需要考虑二进制日志事件记录格式:
STATEMENT
ROW
MIXED
三、Mysql主从复制的架构
复制架构:
Master/Slave, Master/Master
环状复制
一主多从
从服务器还可以再有从服务器
一从多主:适用于多个不同数据库
四、演示mysql的复制环境配置
1、需要3台Linux服务器(Centos7系统,10.2.版本mariadb)
2、服务器ip配置:
A:172.18.30.1(主)
B:172.18.30.2(1从)
C:172.18.30.3(2从)
五、配置主从之前的预数据处理
1、二进制日志记录格式设置
- show variables like '%binlog_format%';
二进制日志的格式有三种:
基于”语句”记录:statement,记录语句,默认模式
基于”行”记录:row,记录数据,日志量较大
混合模式:mixed, 让系统自行判定该基于哪种方式进行
可以在配置文件中设置
2、为主服务器做备份并恢复到从服务器上 不论做哪种数据复制,在安装好我们slave-mysql之后,我们首先需要将主server端的数据做一个完整备份,并将其恢复到从服务器,并记录binlog的position,当然,如果主从服务器都是新安装的没有数据的服务器,则不需要此步骤了。 数据库安装的步骤这里不再演示 在A机器上进行操作:
- vim /etc/my.cnf.d/server.cnf
- [mysqld]下面添加
- binlog_format=
- mysqldump -A -F --master-data=1 --single-transaction > /backup/mysql-`date +%F_%T`.sql #--master-data=1 该选项会记录,当前binlog的position
- scp /backup/mysql-2018-02-27_16:15:02.sql 172.18.30.2:/backup/ #将A机器的备份文件复制到B机器
- scp /backup/mysql-2018-02-27_16:15:02.sql 172.18.30.3:/backup/ #将A机器的备份文件复制到C机器
六、配置主从复制
主从复制需要最少两台机器,我们这里只使用AB两台机器来做
1、登录A机器,并做配置
- 修改mysql配置文件
- vim /etc/my.cnf.d/server.cnf
- [mysqld] 下添加如下选项
- innodb_file_per_table
- log-bin
- server_id=1
- 登录数据库并做配置
- [root@localhost backup]# mysql
- MariaDB [(none)]> set global server_id=1; #添加server编号
- MariaDB [(none)]> grant replication slave on *.* to repluser@'172.18.30.2' identified by '123123'; #添加主从复制用户
- MariaDB [(none)]> flush privileges;
2、登录B机器,并做配置
修改B机器的配置文件
- vim /etc/my.cnf.d/server.cnf
- [mysqld] 下添加如下选项
- innodb_file_per_table
- read-only
- server_id=2
启动B机器,并使用A机器的备份恢复完整数据
- MariaDB [test]> source /backup/mysql-2018-02-27_16:15:02.sql;
- MariaDB [(none)]> CHANGE MASTER TO
- -> MASTER_HOST='172.18.30.1',
- -> MASTER_USER='repluser',
- -> MASTER_PASSWORD='123123';
开启B机器的slave
- MariaDB [test]> show slave status \G
- *************************** 1. row ***************************
- Slave_IO_State:
- Master_Host: 172.18.30.1
- Master_User: repluser
- Master_Port: 3306
- Connect_Retry: 60
- Master_Log_File: localhost-bin.000003 #完全备份binlog的位置
- Read_Master_Log_Pos: 393 #完全备份binlog的position
- Relay_Log_File: localhost-relay-bin.000001
- Relay_Log_Pos: 4
- Relay_Master_Log_File: localhost-bin.000003
- Slave_IO_Running: No
- Slave_SQL_Running: No
- Replicate_Do_DB:
- Replicate_Ignore_DB:
- Replicate_Do_Table:
- Replicate_Ignore_Table:
- Replicate_Wild_Do_Table:
- Replicate_Wild_Ignore_Table:
- Last_Errno: 0
- Last_Error:
- Skip_Counter: 0
- Exec_Master_Log_Pos: 393
- Relay_Log_Space: 256
- Until_Condition: None
- Until_Log_File:
- Until_Log_Pos: 0
- Master_SSL_Allowed: No
- Master_SSL_CA_File:
- Master_SSL_CA_Path:
- Master_SSL_Cert:
- Master_SSL_Cipher:
- Master_SSL_Key:
- Seconds_Behind_Master: NULL
- Master_SSL_Verify_Server_Cert: No
- Last_IO_Errno: 0
- Last_IO_Error:
- Last_SQL_Errno: 0
- Last_SQL_Error:
- Replicate_Ignore_Server_Ids:
- Master_Server_Id: 1
- Master_SSL_Crl:
- Master_SSL_Crlpath:
- Using_Gtid: No
- Gtid_IO_Pos:
- Replicate_Do_Domain_Ids:
- Replicate_Ignore_Domain_Ids:
- Parallel_Mode: conservative
- SQL_Delay: 0
- SQL_Remaining_Delay: NULL
- Slave_SQL_Running_State:
- 1 row in set (0.01 sec)
- MariaDB [test]> start slave;
- MariaDB [test]> show slave status \G
- *************************** 1. row ***************************
- Slave_IO_State: Waiting for master to send event
- Master_Host: 172.18.30.1
- Master_User: repluser
- Master_Port: 3306
- Connect_Retry: 60
- Master_Log_File: localhost-bin.000003
- Read_Master_Log_Pos: 714
- Relay_Log_File: localhost-relay-bin.000002
- Relay_Log_Pos: 880
- Relay_Master_Log_File: localhost-bin.000003
- Slave_IO_Running: Yes #线程已启动
- Slave_SQL_Running: Yes #线程已启动
- Replicate_Do_DB:
- Replicate_Ignore_DB:
- Replicate_Do_Table:
- Replicate_Ignore_Table:
- Replicate_Wild_Do_Table:
- Replicate_Wild_Ignore_Table:
- Last_Errno: 0
- Last_Error:
- Skip_Counter: 0
- Exec_Master_Log_Pos: 714
- Relay_Log_Space: 1193
- Until_Condition: None
- Until_Log_File:
- Until_Log_Pos: 0
- Master_SSL_Allowed: No
- Master_SSL_CA_File:
- Master_SSL_CA_Path:
- Master_SSL_Cert:
- Master_SSL_Cipher:
- Master_SSL_Key:
- Seconds_Behind_Master: 0
- Master_SSL_Verify_Server_Cert: No
- Last_IO_Errno: 0
- Last_IO_Error:
- Last_SQL_Errno: 0
- Last_SQL_Error:
- Replicate_Ignore_Server_Ids:
- Master_Server_Id: 1
- Master_SSL_Crl:
- Master_SSL_Crlpath:
- Using_Gtid: No
- Gtid_IO_Pos:
- Replicate_Do_Domain_Ids:
- Replicate_Ignore_Domain_Ids:
- Parallel_Mode: conservative
- SQL_Delay: 0
- SQL_Remaining_Delay: NULL
- Slave_SQL_Running_State: Slave has read all relay log; waiting for the slave I/O thread to update it
- 1 row in set (0.00 sec)
3、在A机器修改数据,查看B机器是否同步成功
登录A机器插入一条数据
- [root@localhost backup]# mysql -e "insert into test.test (runoob_title,runoob_author,submission_date) values ('1122','2233',now());"
登录B机器查看是否同步成功
- [root@localhost backup]# mysql
- MariaDB [(none)]> use test;
- MariaDB [test]> select * from test;
- +-----------+--------------+---------------+-----------------+
- ' runoob_id ' runoob_title ' runoob_author ' submission_date '
- +-----------+--------------+---------------+-----------------+
- ' 1 ' test1 ' stuff ' 2018-02-23 '
- ' 2 ' test2 ' stuff ' 2018-02-23 '
- ' 3 ' test3 ' Goodluck ' 2018-02-23 '
- ' 4 ' Thanks a lot ' sun ' 2018-02-23 '
- ' 5 ' ok ' ook ' 2018-02-26 '
- ' 6 ' 1122 ' 2233 ' 2018-02-27 '
- +-----------+--------------+---------------+-----------------+
- 6 rows in set (0.00 sec)
- MariaDB [test]>
同步完成
七、基于主从复制的级联复制
我们使用ABC三台主机来做实验
其表现形式:
A(主)<—B(辅主)<—C(辅)
也就是说,B从A上复制数据,C从B上复制数据
基于上个实验主从复制,我们只需要在B机器上更改一些配置,在C机器上配置从B机器复制数据
1、配置B机器的配置
- [root@localhost backup]# vim /etc/my.cnf.d/server.cnf
- 删除read_only
- 在[mysqld] 下添加
- log_slave_updates
- log-bin
重启B机器上的服务
- [root@localhost backup]# systemctl restart mariadb
登录mysql添加授权用户
- [root@localhost backup]# mysql
- MariaDB [(none)]> grant all on *.* to 'repluser'@'172.18.30.3' identified by '123123';
- MariaDB [(none)]> flush privileges;
备份B机器的数据
- mysqldump -A -F --master-data=1 --single-transaction > /backup/mysql-`date +%F_%T`.sql
2、配置C机器
- innodb_file_per_table
- read-only
- server-id=3
登录C机器恢复从B机器拷贝的数据
- [root@localhost yum.repos.d]# systemctl start mariadb
- [root@localhost yum.repos.d]# scp 172.18.30.2:/backup/mysql-2018-02-27_19:44:09.sql /backup/
- [root@localhost yum.repos.d]# mysql
- MariaDB [test]> source /backup/mysql-2018-02-27_19:44:09.sql
开启数据同步
- MariaDB [test]> CHANGE MASTER TO MASTER_HOST='172.18.30.2', MASTER_USER='repluser', MASTER_PASSWORD='123123';
- MariaDB [(none)]> show slave status\G
- *************************** 1. row ***************************
- Slave_IO_State:
- Master_Host: 172.18.30.2
- Master_User: repluser
- Master_Port: 3306
- Connect_Retry: 60
- Master_Log_File:
- Read_Master_Log_Pos: 4
- Relay_Log_File: localhost-relay-bin.000001
- Relay_Log_Pos: 4
- Relay_Master_Log_File:
- Slave_IO_Running: No
- Slave_SQL_Running: No
- Replicate_Do_DB:
- Replicate_Ignore_DB:
- Replicate_Do_Table:
- Replicate_Ignore_Table:
- Replicate_Wild_Do_Table:
- Replicate_Wild_Ignore_Table:
- Last_Errno: 0
- Last_Error:
- Skip_Counter: 0
- Exec_Master_Log_Pos: 0
- Relay_Log_Space: 256
- Until_Condition: None
- Until_Log_File:
- Until_Log_Pos: 0
- Master_SSL_Allowed: No
- Master_SSL_CA_File:
- Master_SSL_CA_Path:
- Master_SSL_Cert:
- Master_SSL_Cipher:
- Master_SSL_Key:
- Seconds_Behind_Master: NULL
- Master_SSL_Verify_Server_Cert: No
- Last_IO_Errno: 0
- Last_IO_Error:
- Last_SQL_Errno: 0
- Last_SQL_Error:
- Replicate_Ignore_Server_Ids:
- Master_Server_Id: 0
- Master_SSL_Crl:
- Master_SSL_Crlpath:
- Using_Gtid: No
- Gtid_IO_Pos:
- Replicate_Do_Domain_Ids:
- Replicate_Ignore_Domain_Ids:
- Parallel_Mode: conservative
- SQL_Delay: 0
- SQL_Remaining_Delay: NULL
- Slave_SQL_Running_State:
- 1 row in set (0.00 sec)
- MariaDB [(none)]> start slave;
- MariaDB [(none)]> show slave status\G
- *************************** 1. row ***************************
- Slave_IO_State: Waiting for master to send event
- Master_Host: 172.18.30.2
- Master_User: repluser
- Master_Port: 3306
- Connect_Retry: 60
- Master_Log_File: localhost-bin.000009
- Read_Master_Log_Pos: 409
- Relay_Log_File: localhost-relay-bin.000015
- Relay_Log_Pos: 712
- Relay_Master_Log_File: localhost-bin.000009
- Slave_IO_Running: Yes #以开启传输
- Slave_SQL_Running: Yes #以开启传输
- Replicate_Do_DB:
- Replicate_Ignore_DB:
- Replicate_Do_Table:
- Replicate_Ignore_Table:
- Replicate_Wild_Do_Table:
- Replicate_Wild_Ignore_Table:
- Last_Errno: 0
- Last_Error:
- Skip_Counter: 0
- Exec_Master_Log_Pos: 409
- Relay_Log_Space: 1076
- Until_Condition: None
- Until_Log_File:
- Until_Log_Pos: 0
- Master_SSL_Allowed: No
- Master_SSL_CA_File:
- Master_SSL_CA_Path:
- Master_SSL_Cert:
- Master_SSL_Cipher:
- Master_SSL_Key:
- Seconds_Behind_Master: 0
- Master_SSL_Verify_Server_Cert: No
- Last_IO_Errno: 0
- Last_IO_Error:
- Last_SQL_Errno: 0
- Last_SQL_Error:
- Replicate_Ignore_Server_Ids:
- Master_Server_Id: 2
- Master_SSL_Crl:
- Master_SSL_Crlpath:
- Using_Gtid: No
- Gtid_IO_Pos:
- Replicate_Do_Domain_Ids:
- Replicate_Ignore_Domain_Ids:
- Parallel_Mode: conservative
- SQL_Delay: 0
- SQL_Remaining_Delay: NULL
- Slave_SQL_Running_State: Slave has read all relay log; waiting for the slave I/O thread to update it
- 1 row in set (0.00 sec)
级联复制完成
八、基于主从复制的半同步复制
默认情况下,MySQL的复制功能是异步的,异步复制可以提供最佳的性能,主库把binlog日志发送给从库即结束,并不验证从库是否接收完毕。这意味着当主服务器或从服务器端发生
故障时,有可能从服务器没有接收到主服务器发送过来的binlog日志,这就会造成主服务器和从服务器的数据不一致,甚至在恢复时造成数据的丢失。
1、主服务器配置(A机器)
- MariaDB [test]> install plugin rpl_semi_sync_master SONAME 'semisync_master.so';
- MariaDB [test]> set global rpl_semi_sync_master_enabled=1;
- MariaDB [test]> show variables like '%rpl%';
- +------------------------------------+--------------+
- ' Variable_name ' Value '
- +------------------------------------+--------------+
- ' rpl_semi_sync_master_enabled ' ON '
- ' rpl_semi_sync_master_timeout ' 10000 '
- ' rpl_semi_sync_master_trace_level ' 32 '
- ' rpl_semi_sync_master_wait_no_slave ' ON '
- ' rpl_semi_sync_master_wait_point ' AFTER_COMMIT '
- +------------------------------------+--------------+
- MariaDB [test]> show status like '%semi%';
- +--------------------------------------------+-------+
- ' Variable_name ' Value '
- +--------------------------------------------+-------+
- ' Rpl_semi_sync_master_clients ' 0 '
- ' Rpl_semi_sync_master_net_avg_wait_time ' 0 '
- ' Rpl_semi_sync_master_net_wait_time ' 0 '
- ' Rpl_semi_sync_master_net_waits ' 0 '
- ' Rpl_semi_sync_master_no_times ' 0 '
- ' Rpl_semi_sync_master_no_tx ' 0 '
- ' Rpl_semi_sync_master_status ' ON '
- ' Rpl_semi_sync_master_timefunc_failures ' 0 '
- ' Rpl_semi_sync_master_tx_avg_wait_time ' 0 '
- ' Rpl_semi_sync_master_tx_wait_time ' 0 '
- ' Rpl_semi_sync_master_tx_waits ' 0 '
- ' Rpl_semi_sync_master_wait_pos_backtraverse ' 0 '
- ' Rpl_semi_sync_master_wait_sessions ' 0 '
- ' Rpl_semi_sync_master_yes_tx ' 0 '
- +--------------------------------------------+-------+
2、从服务器配置(B机器)
- MariaDB [(none)]> install plugin rpl_semi_sync_slave SONAME 'semisync_slave.so';
- MariaDB [(none)]> set global rpl_semi_sync_slave_enabled=1;
- MariaDB [(none)]> show variables like '%rpl%';
- +---------------------------------+-------+
- ' Variable_name ' Value '
- +---------------------------------+-------+
- ' rpl_semi_sync_slave_enabled ' ON '
- ' rpl_semi_sync_slave_trace_level ' 32 '
- +---------------------------------+-------+
- MariaDB [(none)]> show status like '%semi%';
- +----------------------------+-------+
- ' Variable_name ' Value '
- +----------------------------+-------+
- ' Rpl_semi_sync_slave_status ' OFF '
- +----------------------------+-------+
我们看到”Rpl_semi_sync_slave_status”的状态是”OFF’,我们需要停止之前的同步,并重启开启
- MariaDB [(none)]> stop slave;
- MariaDB [(none)]> start slave;
- MariaDB [(none)]> show status like '%semi%';
- +----------------------------+-------+
- ' Variable_name ' Value '
- +----------------------------+-------+
- ' Rpl_semi_sync_slave_status ' ON '
- +----------------------------+-------+
OK半同步配置完成
九、基于主从复制的双主复制
我们使用AB两台主机来做实验
所谓双主复制,即两台server互为主备
其实现原理就是互相同步数据,由于表中数据有些字段是会自动递增的,所以主主复制模式需要配置自动递增数据的步长。
在真正的生产环境中不推荐使用主主复制,因为会产生数据不一致的问题。
1、在A机器上配置(删除之前添加的选项,重新配置)
- vim /etc/my.cnf.d/server.cnf
- [mysqld] 下添加如下选项
- log-bin
- server_id=1
- auto_increment_offset=1 #递增字段起始的偏移量
- auto_increment_increment=2 #递增字段的不长
- innodb_file_per_table
- systemctl restart mariadb
2、在B机器上配置(删除之前添加的选项,重新配置)
- vim /etc/my.cnf.d/server.cnf
- [mysqld] 下添加如下选项
- log-bin
- server_id=2
- auto_increment_offset=2 #递增字段其实偏移量
- auto_increment_increment=2 #递增字段递增步长
- innodb_file_per_table
- systemctl restart mariadb
3、因为现在两台机器已经互为主备,并且都已经有数据了,如果我们在这种情况下做双主,那么需要确定各自的binlog和position才能开启同步,否则会出现数据不一致的问题(再加一点,隔离外界环境,禁止外界增删改数据)
A机器的binlog和position:
- [root@localhost yum.repos.d]# mysql -e 'show master logs;'
- +----------------------+-----------+
- ' Log_name ' File_size '
- +----------------------+-----------+
- ' localhost-bin.000001 ' 510 '
- ' localhost-bin.000002 ' 1532 '
- ' localhost-bin.000003 ' 989 '
- +----------------------+-----------+
B机器的binlog和position
- [root@localhost backup]# mysql -e 'show master logs;'
- +----------------------+-----------+
- ' Log_name ' File_size '
- +----------------------+-----------+
- ' localhost-bin.000001 ' 1038982 '
- ' localhost-bin.000002 ' 444 '
- ' localhost-bin.000003 ' 444 '
- ' localhost-bin.000004 ' 444 '
- ' localhost-bin.000005 ' 1558861 '
- ' localhost-bin.000006 ' 385 '
- ' localhost-bin.000007 ' 385 '
- ' localhost-bin.000008 ' 722 '
- ' localhost-bin.000009 ' 409 '
- +----------------------+-----------+
- [root@localhost backup]#
4、在A机器上设置同步
- MariaDB [(none)]> grant replication slave on *.* to repluser@'172.18.30.2' identified by '123123';
- MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.18.30.2',MASTER_USER='repluser',MASTER_PASSWORD='123123',MASTER_LOG_FILE='localhost-bin.000009',MASTER_LOG_POS=409;
5、在B机器上设置同步
- MariaDB [(none)]> grant replication slave on *.* to repluser@'172.18.30.1' identified by '123123';
- MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.18.30.1',MASTER_USER='repluser',MASTER_PASSWORD='123123',MASTER_LOG_FILE='localhost-bin.000003',MASTER_LOG_POS=989;
6、两台机器同时开启同步
- MariaDB [(none)]> start slave;
7、测试
在A机器插入一条数据
- MariaDB [(none)]> insert into test.test (runoob_title,runoob_author,submission_date) values ('A_a','A_a',now());
在B机器插入一条数据
- MariaDB [(none)]> insert into test.test (runoob_title,runoob_author,submission_date) values ('B_b','B_b',now());
在A机器上查询数据
- MariaDB [test]> select * from test.test;
- +-----------+--------------+---------------+-----------------+
- ' runoob_id ' runoob_title ' runoob_author ' submission_date '
- +-----------+--------------+---------------+-----------------+
- ' 1 ' test1 ' stuff ' 2018-02-23 '
- ' 2 ' test2 ' stuff ' 2018-02-23 '
- ' 3 ' test3 ' Goodluck ' 2018-02-23 '
- ' 4 ' Thanks a lot ' sun ' 2018-02-23 '
- ' 5 ' ok ' ook ' 2018-02-26 '
- ' 6 ' 1122 ' 2233 ' 2018-02-27 '
- ' 7 ' A_a ' A_a ' 2018-02-27 '
- ' 8 ' B_b ' B_b ' 2018-02-27 '
- +-----------+--------------+---------------+-----------------+
在B机器上查询数据
- MariaDB [(none)]> select * from test.test;
- +-----------+--------------+---------------+-----------------+
- ' runoob_id ' runoob_title ' runoob_author ' submission_date '
- +-----------+--------------+---------------+-----------------+
- ' 1 ' test1 ' stuff ' 2018-02-23 '
- ' 2 ' test2 ' stuff ' 2018-02-23 '
- ' 3 ' test3 ' Goodluck ' 2018-02-23 '
- ' 4 ' Thanks a lot ' sun ' 2018-02-23 '
- ' 5 ' ok ' ook ' 2018-02-26 '
- ' 6 ' 1122 ' 2233 ' 2018-02-27 '
- ' 7 ' A_a ' A_a ' 2018-02-27 '
- ' 8 ' B_b ' B_b ' 2018-02-27 '
- +-----------+--------------+---------------+-----------------+
实验完成
十、复制过滤器
复制过滤器让从节点仅复制指定的数据库,或指定数据库的指定表
两种实现方式:
1、主服务器仅向二进制日志中记录与特定数据库(特定表)相关的事件
问题:时间还原无法实现;不建议使用
binlog_do_db= 数据库白名单列表,用逗号分隔
binlog_ignore_db= 数据库黑名单列表,和前项不要同时使用
2、从服务器SQL_THREAD在replay中继日志中的事件时,仅读取与特定数据库(特定表)相关的事件并应用于本地
问题:会造成网络及磁盘IO浪费
复制过滤器从服务器上的相关设置
replicate_do_db= 指定复制库的白名单
replicate_ignore_db= 指定复制库黑名单
replicate_do_table= 指定复制表的白名单
replicate_ignore_table= 指定复制表的黑名单
replicate_wild_do_table= foo%.bar% 支持通配符
replicate_wild_ignore_table=
复制过滤器在这里不再演示
十一、主从复制SSL加密
通信加密必然用到证书
参考文献:https://mariadb.com/kb/en/library/replication-with-secure-connections/
在默认的主从复制过程或远程连接到MySQL/MariaDB所有的链接通信中的数据都是明文的,外网里访问数据或则复制,存在安全隐患。通过SSL/TLS加密的方式进行复制的方法,来进一步提高数据的安全性
1、CA的配置
- mkdir /etc/my.cnf.d/ssl
- cd /etc/my.cnf.d/ssl
- openssl genrsa 2048 > cakey.pem
- chmod 600 cakey.pem
- openssl req -new -x509 -key cakey.pem -days 3650 -out cacert.pem #自签名证书
- openssl req -newkey rsa:1024 -days 365 -nodes -keyout master.key > master.csr #生成master的key和请求文件
- openssl x509 -req -in master.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > master.crt #签名证书
- openssl req -newkey rsa:1024 -days 365 -nodes -keyout slave.key > slave.csr #生成slave的key和请求文件
- openssl x509 -req -in slave.csr -CA cacert.pem -CAkey cakey.pem -set_serial 02 > slave.crt #签名证书
将生成好的证书复制到每台机器
- scp -r /etc/my.cnf.d/ssl/ 172.18.30.1:/etc/my.cnf.d/
- scp -r /etc/my.cnf.d/ssl/ 172.18.30.2:/etc/my.cnf.d/
2、Master端的配置(A机器)
- vim /etc/my.cnf.d/server.cnf
- 在主从配置的基础上添加如下设置
- ssl
- ssl-ca=/etc/my.cnf.d/ssl/cacert.pem
- ssl-cert=/etc/my.cnf.d/ssl/master.crt
- ssl-key=/etc/my.cnf.d/ssl/master.key
- 重启服务
- systemctl restart mariadb
登录maraidb进行配置用户权限
- MariaDB [(none)]> grant replication slave on *.* to repluser@'172.18.30.2' identified by '123123' require ssl;
- MariaDB [(none)]> flush privileges;
3、Slave端的配置(B机器)
- vim /etc/my.cnf.d/server.cnf
- 在主从配置的基础上添加如下选项
- ssl
- 重启服务
- systemctl restart mariadb
登录mariadb进行配置
- [root@localhost backup]# mysql
MariaDB [(none)]> stop slave;MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST=’172.18.30.1’, MASTER_USER=’repluser’, MASTER_PASSWORD=’123123’, MASTER_SSL=1, MASTER_SSL_CA = ‘/etc/my.cnf.d/ssl/cacert.pem’, MASTER_SSL_CERT = ‘/etc/my.cnf.d/ssl/slave.crt’, MASTER_SSL_KEY = ‘/etc/my.cnf.d/ssl/slave.key’;
MariaDB [(none)]> start slave;