Shulou(Shulou.com)06/01 Report--

This article mainly explains "mysql how to achieve ssl master-slave secure connection", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "mysql how to achieve ssl master-slave secure connection" bar!

Implement master-slave replication based on SSL\ RSA secure connection

Test environment:

Mainframe

IP

Server-id

Master

192.168.159.128

one

Slave

192.168.159.129

two

Change the directory to bin

Create a ssl file in the master server

Ssl creation command:

Mysql_ssl_rsa_setup-user=mysql-basedir=/usr/local/mysql-datadir=/usr/local/mysql/data

Check whether the ssl file is generated in the data directory

View error log: mysqld.err

Add permission to get the private key

After modification, the permission restarts the service. If you view the error log, there will be no error message.

Check whether the database supports ssl secure connection. The following two yes items are OK. If it is not yes, there is a problem.

Create an authorized user

Authorization command: grant replication slave on *. * to 'rep'@'192.168.159.%' identified by' 123' require ssl

Open the binary log and restart the mysql service

View the status of the primary mysql

Configure the firewall to allow the mysql service 3306 port number to pass through

Configure the mysql file / etc/my.cnf on the slave server. Note that the server_id must be unique and cannot conflict with other mysql hosts

Issue a certificate to the slave server at the master server

The content in the figure is as follows:

Scp ca.pem client-cert.pem client-key.pem root@192.168.159.129:/usr/local/mysql/data/

View to add read permissions to the certificate from the server

Modify the / etc/my.cnf file to add parameters later

Restart the mysql service

Systemctl restart mysqld

Check to see if the mysql server supports ssl. If not yes, check the error log and troubleshoot

Use the authorized user to log in to the master server from the slave server to test whether it is successful

The image above has been logged in to the main server login format:

Mysql-- ssl-ca=ca.pem-- ssl-cert=client-cert.pem-- ssl-cert=client-cert.pem-- ssl-key=client-key.pem-urep-p123-h 192.168.159.128

Note: to log out of the database you just logged in with rep when you configure it, the error message is as follows:

Configure the master and slave server replicate, configure in the slave server

The command is as follows:

Change master to

Master_host='192.168.159.128'

Master_user='rep'

Master_password='123'

Master_log_file='mysql_bin.000002'

Master_log_pos=154

Master_ssl=1

Master_ssl_ca='/usr/local/mysql/data/ca.pem'

Master_ssl_cert='/usr/local/mysql/data/client-cert.pem'

Master_ssl_key='/usr/local/mysql/data/client-key.pem'

Enable slave server to check whether the status of slave server is yes

Test whether to create databases, tables, insert data on the master server and whether the slave server is synchronized

Check whether the slave server is synchronized

At this point, if you look in the data directory, you will have the file specified in the / etc/my.cnf parameter.

Thank you for your reading, the above is the content of "mysql how to achieve ssl master-slave secure connection". After the study of this article, I believe you have a deeper understanding of how mysql realizes ssl master-slave secure connection, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.