Shulou(Shulou.com)06/03 Report--

This article is mainly about what is the master-slave replication of mysql based on ssl. If you are interested, let's take a look at this article. I believe it is of some reference value to everyone after reading what is the master-slave replication of mysql based on ssl.

When mysql/mariadb replicates across the Internet, others can steal the replication information of mysql/mariadb. The information is plaintext, so it is insecure. Here, the copied information is encrypted through ssl.

1. Create a certificate authority

Create a certificate authority on the primary cloud server

Cd / etc/pki/CA generate private key (umask 077 OpenSSL genrsa-out private/cakey.pem 2048) generate self-signed certificate openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem-days 7300 create certificate number mkdir certs crl newcertstouch index.txtecho 00 > serial

two。 Create a certificate for the primary CVM

The name of the CVM must be fixed. Enter the CVM name when applying for the certificate. This book corresponds to the CVM name.

Create private key mkdir / usr/lcoal/mysql/sslcd / usr/local/mysql/ssl (umask 077 / OpenSSL genrsa-out / etc/mysql/ssl/master.key 2048) generate a certificate request openssl req-new-key master.key-out master.csr issue the certificate of master on the certificate cloud server openssl ca-in master.csr-out master.crt-days

3. Create a slave CVM certificate

(umask 07710 OpenSSL genrsa-out / etc/mysql/ssl/slave.key 2048) openssl req-new-key slave.key-out slave.csr will copy the certificate application file from the CVM to the certificate CVM to issue openssl ca-in slave.csr-out slave.crt-days

4. × × permissions and mysql configuration files

Copy the public key cacert.pem of the certificate to the directory of the master-slave CVM cd / etc/mysql/sslcp / etc/pki/CA/cacert.pem. / chown-R mysql.mysql master.crt master.key cacert.pemchmod 600master.crt master.key cacert.pemvim / etc/my.cnflog-bin=master-logserver-id=1skip_name_resolve = ONinnodb_file_per_table = ONsslssl_ca = / etc/mysql/ssl/cacert.pemssl_cert = / etc/mysql/ssl/master. Crtssl_key = / etc/mysql/ssl/master.key modify configuration from CVM cd / etc/mysql/sslcp / etc/pki/CA/cacert.pem. / chown-R mysql.mysql slave.crt slave.key cacert.pemchmod 600slave.crt slave.key cacert.pemvim / etc/my.cnfrelay-log=relay-logserver-id=2skip_name_resolve = ONinnodb_file_per_table = ONsslssl_ca = / etc/mysql/ssl/cacert.pemssl_cert = / etc/mysql/ssl / slave.crtssl_key = / etc/mysql/ssl/slave.key

5. Create a replication user on the primary service

MariaDB [(none)] > GTANT REPLICATION SLAVE,REPLICATION CLIENT ON *. * TO 'repluser'@'10.1.52.%' IDENTIFIED BY' replpass' REQUIRE SSL;MariaDB [(none)] > FLUSH PRIVILEGES; View the current binary location of the primary CVM MariaDB [(none)] > SHOW MASTER STATUS +-+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +- -+ | master-log.000005 | 7918 | +- -+ 1 row in set (0.00 sec)

6. Start replication from the CVM

MariaDB [(none)] > CHANGE MASTER TO-> MASTER_HOST='10.1.52.11',-> MASTER_USER='repluser',-> MASTER_PASSWORD='replpass',-> MASTER_LOG_FILE='master-log.000001',-> MASTER_LOG_POS=495,-> MASTER_SSL=1,-> MASTER_SSL_CA='/etc/mysql/ssl/cacert.pem',-> MASTER_SSL_CERT='/etc/mysql/ssl/slave.crt' -> MASTER_SSL_KEY='/etc/mysql/ssl/slave.key' MariaDB [(none)] > START SLAVE

7. View the status of slave CVM

MariaDB [(none)] > SHOW SLAVE STATUS\ gateway * 1. Row * * Slave_IO_State: Waiting for master to send event Master_Host: 10.1.52.11 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: master-log.000005 Read_Master_Log_Pos: 7918 Relay_Log_File: relay-log.000002 Relay_Log_Pos: 7940 Relay_Master_Log_File: master-log.000005 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log _ Pos: 7918 Relay_Log_Space: 8228 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes Master_SSL_CA_File: / etc/mysql/ssl/cacert.pem Master_SSL_CA_Path: Master_SSL_Cert: / Etc/mysql/ssl/slave.crt Master_SSL_Cipher: Master_SSL_Key: / etc/mysql/ssl/slave.key Seconds_Behind_Master: 0Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate _ Ignore_Server_Ids: Master_Server_Id: 11 row in set (0.00 sec)

The above about what is mysql ssl-based master-slave replication details, is it helpful for you? If you want to know more about it, you can continue to follow our industry information section.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.