復制概述
MySQL的內建的復制功能是構建大型,高性能應用程序的基礎。將MySQL的的數據分布到多個系統上去,這種分布的機制,是通過將MySQL的的某一臺主機的數據復制到其它主機(從站)上,并重新執行一遍來實現的。復制過程中一個服務器充當主服務器,而一個或多個其它服務器充當從服務器。主服務器將更新寫入二進制日志文件,并維護文件的一個索引以跟蹤日志循環。這些日志可以記錄發送到從服務器的更新。當一個從服務器連接主服務器時,它通知主服務器從服務器在日志中讀取的最后一次成功更新的位置。從服務器接收從那時起發生的任何更新,然后封鎖并等待主服務器通知新的更新。
請注意當你進行復制時,所有對復制中的表的更新必須在主服務器上進行。否則,你必須要小心,以避免用戶對主服務器上的表進行的更新與對從服務器上的表所進行的 新之間的沖突。
以下實驗環境在centos7.3下完成,數據庫為MariaDB的5.5
時間同步。
一:主從復制架構
主從復制可以一主一從,也可以是一主多從
架構角色
主服務器mysql-master:172.16.252.192
從服務器mysql-slave:172.16.252.190
主數據庫和從數據庫需提前安裝好mariadb數據庫
[root@mysql-master ~]# yum -y install mariadb-server
[root@mysql-master ~]# iptables -F
1、主服務器配置
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf //編輯mysql配置文件
[mysqld]
server-id = 1 //設置服務器ID
log_bin = master-log //開啟二進制日志
innodb_file_per_table = ON //使用每表單獨空間
skip_name_resolve = ON //跳過名稱解析
[root@centos7 ~]#systemctl start mariadb.service
2、從服務器配置
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf //編輯mysql配置文件
[mysqld]
server-id = 2 //從服務器的ID
relay-log = relay-log //開啟從節點的中繼日志文件
skip_name_resolve = ON //跳過名稱解析
innodb_file_per_table = ON //使用每表單獨空間
read-only = 1 //開啟只讀模式
[root@centos7 ~]#systemctl start mariadb.service
3、在主節點創建有復制權限的用戶賬號
MariaDB [(none)]> show master status; 查看二進制日志節點位置
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 245 | | |
+-------------------+----------+--------------+------------------+
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.252 .%' IDENTIFIED BY 'replpass'; //創建擁有復制用戶賬號 (最小權限法則)
MariaDB [(none)]> flush privileges; //刷新
MariaDB [(none)]> show master status;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 424 | | |
+-------------------+----------+--------------+------------------+
從服務器如果不創建用戶,就從主節點創建用戶后的424位置開始復制。
4、開啟從服務器復制線程:
MariaDB [(none)]> show slave status;
Empty set (0.00 sec) //沒有配置為空,
MariaDB [(none)]> show processlist; //從服務器還沒有啟動復制線程
+----+------+-----------+------+---------+------+-------+------------------+----------+
| Id | User | Host | db | Command | Time | State | Info | Progress |
+----+------+-----------+------+---------+------+-------+------------------+----------+
| 2 | root | localhost | NULL | Query | 0 | NULL | show processlist | 0.000 |
+----+------+-----------+------+---------+------+-------+------------------+----------+
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.16.252.192', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=424;
//使用有復制權限的用戶賬號連接至主服務器,并啟動復制線程
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State:
Master_Host: 172.16.252.192 //主服務器IP
Master_User: repluser //授權的用戶
Master_Port: 3306 //主服務器端口
Connect_Retry: 60 //重試時間
Master_Log_File: master-log.000003 //從哪個二進制的文件開啟讀取
Read_Master_Log_Pos: 424 //讀取二進制的開始位置
Relay_Log_File: relay-log.000001 //讀取的中繼日志文件
Relay_Log_Pos: 4 //讀取的中繼日志位置
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: No // I/O Thread啟動情況 現在是沒有開啟
Slave_SQL_Running: No //SQL Thread啟動情況 現在是沒有開啟
Replicate_Do_DB:
......
MariaDB [(none)]> start slave; //啟動兩線程
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.252.192
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-log.000003
Read_Master_Log_Pos: 499
Relay_Log_File: relay-log.000002 //這里中繼做了初始化
Relay_Log_Pos: 605
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: Yes //已開啟
Slave_SQL_Running: Yes //已開啟
Replicate_Do_DB:
MariaDB [(none)]> show processlist;
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
| Id | User | Host | db | Command | Time | State | Info | Progress |
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
| 2 | root | localhost | NULL | Query | 0 | NULL | show processlist | 0.000 |
| 3 | system user | | NULL | Connect | 20 | Waiting for master to send event | NULL | 0.000 |
| 4 | system user | | NULL | Connect | 791 | Slave has read all relay log; waiting for the slave I/O thread to update it | NULL | 0.000 |
+----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+----------+
//可以看到啟動了兩個線程,一個時等待主服務器發送的時間,一個是讀取中繼日志做同步
[root@cnetos7 ~]#ll /var/lib/mysql/master.info
//這個文件保存了主服務器的鏈接信息,包括賬號密碼等,下次重啟服務會自動通過此文件連接主服務器
[root@cnetos7 ~]#ll /var/lib/mysql/relay-log.info
//此文件保存從服務器使用的中繼日志、POS和主服務器使用的二進制日志、POS,服務器啟動也會讀取此文件
5、測試:
主服務器:
MariaDB [(none)]> create database testdb;
從服務器:
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| testdb |
+--------------------+
二:實現雙主復制
雙主復制容易產生數據不一致,請慎用
1、在兩臺服務器上設置
server 1
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
server-id = 1
log_bin = master-log
relay_log = relay-log
innodb_file_per_table = ON
skip_name_resolve = ON
auto_increment_offset = 1 //1開始,
auto_increment_increment = 2 //自動增長2
server 2
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
server-id = 2
log_bin = master-log
relay_log = relay-log
innodb_file_per_table = ON
skip_name_resolve = ON
auto_increment_offset = 2 //2開始,
auto_increment_increment = 2 //自動增長2
要實現雙主復制,這時每臺主機上都要開啟二進制日志、中繼日志以及每臺主機的唯一的server-id
2、開啟服務器復制線程
server1
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.252.%' IDENTIFIED BY 'replpass';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> SHOW MASTER STATUS;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 509 | | |
+-------------------+----------+--------------+------------------+
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.16.252.192', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=509;
MariaDB [(none)]> start slave;
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.252.192
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-log.000003
Read_Master_Log_Pos: 509
Relay_Log_File: relay-log.000002
Relay_Log_Pos: 530
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
server2
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.252.%' IDENTIFIED BY 'replpass';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> SHOW MASTER STATUS;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 509 | | |
+-------------------+----------+--------------+------------------+
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.16.252.192', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=509;
MariaDB [(none)]> start slave;
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.252.192
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-log.000003
Read_Master_Log_Pos: 509
Relay_Log_File: relay-log.000002
Relay_Log_Pos: 530
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
3、測試
server1
MariaDB [(none)]> create database mydb;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use mydb;
Database changed
MariaDB [mydb]> create table tb1(id int unsigned auto_increment primary key,name varchar(200));
Query OK, 0 rows affected (0.01 sec)
MariaDB [mydb]> insert into tb1 (name) values ('xiaoming'),('xiaohua'),('xiaogang');
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings: 0
MariaDB [mydb]> select * from tb1;
+----+----------+
| id | name |
+----+----------+
| 1 | xiaoming |
| 3 | xiaohua |
| 5 | xiaogang |
+----+----------+
server2
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mydb |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use mydb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mydb]> insert into tb1 (name) values ('xiaodong'),('xiaoli'),('xiaoghong');
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings: 0
MariaDB [mydb]> select * from tb1;
+----+-----------+
| id | name |
+----+-----------+
| 1 | xiaoming |
| 3 | xiaohua |
| 5 | xiaogang |
| 6 | xiaodong |
| 8 | xiaoli |
| 10 | xiaoghong |
+----+-----------+
server1
MariaDB [mydb]> select * from tb1;
+----+----------+
| id | name |
+----+----------+
| 1 | xiaoming |
| 3 | xiaohua |
| 5 | xiaogang |
+----+----------+
3 rows in set (0.01 sec)
MariaDB [mydb]> select * from tb1;
+----+-----------+
| id | name |
+----+-----------+
| 1 | xiaoming |
| 3 | xiaohua |
| 5 | xiaogang |
| 6 | xiaodong |
| 8 | xiaoli |
| 10 | xiaoghong |
+----+-----------+
6 rows in set (0.00 sec)
三,半同步復制的實現
基于插件實現,亦支持多種插件:在/ usr / lib64下/ MySQL的/插件/
[root@cnetos7 mysql]#rpm -ql mariadb-server
......
/usr/lib64/mysql/plugin/auth_0x0100.so
/usr/lib64/mysql/plugin/auth_pam.so
/usr/lib64/mysql/plugin/auth_socket.so
/usr/lib64/mysql/plugin/auth_test_plugin.so
/usr/lib64/mysql/plugin/daemon_example.ini
/usr/lib64/mysql/plugin/dialog_examples.so
/usr/lib64/mysql/plugin/ha_innodb.so
/usr/lib64/mysql/plugin/ha_sphinx.so
/usr/lib64/mysql/plugin/handlersocket.so
/usr/lib64/mysql/plugin/libdaemon_example.so
/usr/lib64/mysql/plugin/mypluglib.so
/usr/lib64/mysql/plugin/qa_auth_client.so
/usr/lib64/mysql/plugin/qa_auth_interface.so
/usr/lib64/mysql/plugin/qa_auth_server.so
/usr/lib64/mysql/plugin/query_cache_info.so
/usr/lib64/mysql/plugin/semisync_master.so //半同步復制使用插件
/usr/lib64/mysql/plugin/semisync_slave.so //半同步復制使用插件
/usr/lib64/mysql/plugin/server_audit.so
/usr/lib64/mysql/plugin/sphinx.so
/usr/lib64/mysql/plugin/sql_errlog.so
......
主服務器:
1.編輯配置文件
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
[mysqld]
server-id = 1
log_bin = master-log
innodb_file_per_table = ON
skip_name_resolve = ON
[root@centos7 ~]#systemctl start mariadb
2.創建復制用戶
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.252.%' IDENTIFIED BY 'replpass';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> SHOW MASTER STATUS;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 499 | | |
+-------------------+----------+--------------+------------------+
3.安裝半同步復制主節點插件
MariaDB [(none)]> INSTALL PLUGIN rpl_semi_sync_master SONAME 'semisync_master.so'; //安裝插件
MariaDB [(none)]> SHOW PLUGINS; //查看是否完成
+--------------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+--------------------------------+----------+--------------------+--------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
......
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| rpl_semi_sync_master | ACTIVE | REPLICATION | semisync_master.so | GPL |
+--------------------------------+----------+--------------------+--------------------+---------+
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%'; //查看半同步復制相關信息
+------------------------------------+-------+
| Variable_name | Value |
+------------------------------------+-------+
| rpl_semi_sync_master_enabled | OFF | //半同步復制的主節點(ON|OFF)
| rpl_semi_sync_master_timeout | 10000 | //等待從節點的超時時間,10s
| rpl_semi_sync_master_trace_level | 32 | //跟蹤級別
| rpl_semi_sync_master_wait_no_slave | ON | //在沒有從節點的時候是否等待
+------------------------------------+-------+
MariaDB [(none)]> SET GLOBAL rpl_semi_sync_master_enabled = ON; //開啟半同步復制為主節點
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%';
+------------------------------------+-------+
| Variable_name | Value |
+------------------------------------+-------+
| rpl_semi_sync_master_enabled | ON |
| rpl_semi_sync_master_timeout | 10000 |
| rpl_semi_sync_master_trace_level | 32 |
| rpl_semi_sync_master_wait_no_slave | ON |
+------------------------------------+-------+
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 0 | //有多少個半同步節點
| Rpl_semi_sync_master_net_avg_wait_time | 0 | //平均等待時間 (非事物型)
| Rpl_semi_sync_master_net_wait_time | 0 | //等待時間多長(非事物型)
| Rpl_semi_sync_master_net_waits | 0 | //等待發生多少次(非事物型)
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 | /平均等待時間 (事物型)
| Rpl_semi_sync_master_tx_wait_time | 0 | //等待時間多長(事物型)
| Rpl_semi_sync_master_tx_waits | 0 | //等待發生多少次(事物型)
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
等從服務器開啟半同步復制作為從節點,在查詢一次
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 1 | //這里顯示為1
| Rpl_semi_sync_master_net_avg_wait_time | 0 |
| Rpl_semi_sync_master_net_wait_time | 0 |
| Rpl_semi_sync_master_net_waits | 0 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 |
| Rpl_semi_sync_master_tx_wait_time | 0 |
| Rpl_semi_sync_master_tx_waits | 0 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
從服務器:
1.編輯配置文件
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
[mysqld]
server-id = 2
relay_log = relay-log
innodb_file_per_table = ON
skip_name_resolve = ON
[root@centos7 ~]#systemctl start mariadb
2、安裝半同步復制從節點插件
MariaDB [(none)]> INSTALL PLUGIN rpl_semi_sync_slave SONAME 'semisync_slave.so'; //安裝插件
MariaDB [(none)]> SHOW PLUGINS; //查看是否完成
+--------------------------------+----------+--------------------+-------------------+---------+
| Name | Status | Type | Library | License |
+--------------------------------+----------+--------------------+-------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
......
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| rpl_semi_sync_slave | ACTIVE | REPLICATION | semisync_slave.so | GPL |
+--------------------------------+----------+--------------------+-------------------+---------+
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%'; //查看半同步復制相關信息
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| rpl_semi_sync_slave_enabled | OFF |
| rpl_semi_sync_slave_trace_level | 32 |
+---------------------------------+-------+
MariaDB [(none)]> SET GLOBAL rpl_semi_sync_slave_enabled = ON; /開啟半同步復制為從節點
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%semi%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| rpl_semi_sync_slave_enabled | ON |
| rpl_semi_sync_slave_trace_level | 32 |
+---------------------------------+-------+
3.連接主節點
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.16.252.192', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=499; //連接主節點
MariaDB [(none)]> start slave; //開啟從節點
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.252.192
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-log.000003
Read_Master_Log_Pos: 499
Relay_Log_File: relay-log.000002
Relay_Log_Pos: 530
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
測試:
MariaDB [(none)]> create database medb;
MariaDB [(none)]> use medb;
MariaDB [medb]> create table tb1(id int unsigned auto_increment primary key,name varchar(200));
MariaDB [medb]> insert into tb1 (name) values ('hong'),('yan'),('L');
MariaDB [medb]> select * from tb1;
+----+------+
| id | name |
+----+------+
| 1 | hong |
| 2 | yan |
| 3 | L |
+----+------+
MariaDB [medb]> SHOW GLOBAL STATUS LIKE '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 1 |
| Rpl_semi_sync_master_net_avg_wait_time | 724 |
| Rpl_semi_sync_master_net_wait_time | 2174 |
| Rpl_semi_sync_master_net_waits | 3 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 1169 |
| Rpl_semi_sync_master_tx_wait_time | 2339 |
| Rpl_semi_sync_master_tx_waits | 2 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 3 |
+--------------------------------------------+-------+
四、實現基于SSL的復制
主服務器:
1.配置CA
[root@centos7 ~]#cd /etc/pki/CA
[root@centos7 CA]#touch index.txt //生成證書索引數據庫文件(默認沒有)
[root@centos7 CA]#echo 01 > serial //指定第一個頒發證書的序列號(默認也沒有 這里01兩位采用的是十六進制)
2.生成自簽證書
[root@centos7 CA]#(umask 077;openssl genrsa -out private/cakey.pem 2048)
[root@centos7 CA]#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
3.生成用于MySQL的的SSL文件及修改權限權限
[root@centos7 CA]#mkdir /var/lib/mysql/ssl
[root@centos7 CA]#cd /var/lib/mysql/ssl
[root@centos7 ssl]#(umask 077;openssl genrsa -out master.key 2048)
[root@centos7 ssl]#openssl req -new -key master.key -out master.csr
[root@centos7 ssl]#openssl ca -in master.csr -out master.crt -days 365
[root@centos7 ssl]#cp /etc/pki/CA/cacert.pem /var/lib/mysql/ssl/
[root@centos7 ssl]#ll
total 20
-rw-r--r-- 1 root root 1257 Sep 14 16:10 cacert.pem
-rw-r--r-- 1 root root 4353 Sep 14 16:09 master.crt
-rw-r--r-- 1 root root 972 Sep 14 16:06 master.csr
-rw------- 1 root root 1675 Sep 14 16:05 master.key
[root@centos7 ssl]#chown -R mysql.mysql /var/lib/mysql/ssl/*
[root@centos7 ssl]#ll
total 20
-rw-r--r-- 1 mysql mysql 1257 Sep 14 16:10 cacert.pem
-rw-r--r-- 1 mysql mysql 4353 Sep 14 16:09 master.crt
-rw-r--r-- 1 mysql mysql 972 Sep 14 16:06 master.csr
-rw------- 1 mysql mysql 1675 Sep 14 16:05 master.key
從服務器:
1.生成私鑰
[root@cnetos7 mysql]#mkdir /var/lib/mysql/ssl
[root@cnetos7 mysql]#cd /var/lib/mysql/ssl
[root@cnetos7 ssl]#(umask 077;openssl genrsa -out slave.key 2048)
[root@cnetos7 ssl]#openssl req -new -key slave.key -out slave.csr
[root@cnetos7 ssl]#scp slave.csr 172.16.252.192:/etc/pki/CA/csr //傳給主服務器
2.主服務器上的CA頒發證書
[root@centos7 ssl]#cd /etc/pki/CA/csr
[root@centos7 csr]#openssl ca -in slave.csr -out ../certs/slave.crt -days 365
[root@centos7 csr]#scp ../certs/slave.crt 172.16.252.190:/var/lib/mysql/ssl
[root@centos7 csr]#scp /etc/pki/CA/cacert.pem 172.16.252.190:/var/lib/mysql/ssl
3.改權限權限
[root@cnetos7 ssl]#ll
總用量 20
-rw-r--r--. 1 root root 1257 9月 14 16:27 cacert.pem
-rw-r--r--. 1 root root 4394 9月 14 16:26 slave.crt
-rw-r--r--. 1 root root 997 9月 14 16:24 slave.csr
-rw-------. 1 root root 1675 9月 14 16:15 slave.key
[root@cnetos7 ssl]#chown -R mysql.mysql /var/lib/mysql/ssl/*
[root@cnetos7 ssl]#ll
總用量 20
-rw-r--r--. 1 mysql mysql 1257 9月 14 16:27 cacert.pem
-rw-r--r--. 1 mysql mysql 4394 9月 14 16:26 slave.crt
-rw-r--r--. 1 mysql mysql 997 9月 14 16:24 slave.csr
-rw-------. 1 mysql mysql 1675 9月 14 16:15 slave.key
主服務器的MySQL配置
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
[mysqld]
server-id = 1
log_bin = master-log
innodb_file_per_table = ON
skip_name_resolve = ON
ssl
ssl-ca = /var/lib/mysql/ssl/cacert.pem
ssl-cert = /var/lib/mysql/ssl/master.crt
ssl-key = /var/lib/mysql/ssl/master.key
[root@centos7 ~]#systemctl start mariadb
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%ssl%'; //驗證主節點配置文件是否成功
+---------------+-------------------------------+
| Variable_name | Value |
+---------------+-------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /var/lib/mysql/ssl/cacert.pem |
| ssl_capath | |
| ssl_cert | /var/lib/mysql/ssl/master.crt |
| ssl_cipher | |
| ssl_key | /var/lib/mysql/ssl/master.key |
+---------------+-------------------------------+
出現以上信息表示成功
從服務器的MySQL配置
[root@centos7 ~]#vim /etc/my.cnf.d/server.cnf
[mysqld]
server-id = 2
relay_log = relay-log
innodb_file_per_table = ON
skip_name_resolve = ON
ssl
ssl-ca = /var/lib/mysql/ssl/cacert.pem
ssl-cert = /var/lib/mysql/ssl/slave.crt
ssl-key = /var/lib/mysql/ssl/slave.key
[root@centos7 ~]#systemctl start mariadb
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE '%ssl%'; //驗證從節點配置文件是否成功
+---------------+-------------------------------+
| Variable_name | Value |
+---------------+-------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /var/lib/mysql/ssl/cacert.pem |
| ssl_capath | |
| ssl_cert | /var/lib/mysql/ssl/slave.crt |
| ssl_cipher | |
| ssl_key | /var/lib/mysql/ssl/slave.key |
+---------------+-------------------------------+
出現以上信息表示成功,
創建復制用戶
MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.252.%' IDENTIFIED BY 'replpass';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> SHOW MASTER STATUS;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-log.000003 | 499 | | |
+-------------------+----------+--------------+------------------+
從節點連接主節點
MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='172.16.252.192', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=499,MASTER_SSL=1,MASTER_SSL_CA='/var/lib/mysql/ssl/cacert.pem',MASTER_SSL_CERT='/var/lib/mysql/ssl/slave.crt',MASTER_SSL_KEY='/var/lib/mysql/ssl/slave.key';
//可(MariaDB [(none)]> help change master to)查看連接配置幫助
MariaDB [(none)]> start slave;
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.252.192
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-log.000003
Read_Master_Log_Pos: 499
Relay_Log_File: relay-log.000002
Relay_Log_Pos: 530
Relay_Master_Log_File: master-log.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 499
Relay_Log_Space: 818
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes //連接成功
Master_SSL_CA_File: /var/lib/mysql/ssl/cacert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /var/lib/mysql/ssl/slave.crt
Master_SSL_Cipher:
Master_SSL_Key: /var/lib/mysql/ssl/slave.key
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
1 row in set (0.00 sec)
驗證是否使用了SSL加密
[root@cnetos7 ssl]#mysql --ssl (可mysql --help查看連接幫助)
MariaDB [(none)]> status;
--------------
mysql Ver 15.1 Distrib 5.5.52-MariaDB, for Linux (x86_64) using readline 5.1
Connection id: 8
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-GCM-SHA384 //可以看到是于SSL加密
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 5.5.52-MariaDB MariaDB Server
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /var/lib/mysql/mysql.sock
Uptime: 20 min 21 sec
Threads: 2 Questions: 24 Slow queries: 0 Opens: 4 Flush tables: 2 Open tables: 30 Queries per second avg: 0.019
--------------
