首页 > 代码库 > MariaDBm 基于SSL的主从复制配置

MariaDBm 基于SSL的主从复制配置

MASTER服务器配置为CA
    touch /etc/pki/CA/index.txt
    echo 01 > /etc/pki/CA/serial
    cd /etc/pki/CA/ 
    (umask 066;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
    openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 730 -out /etc/pki/CA/cacert.pem
为MASTER生成私钥证书
    mkdir /usr/local/mysql/ssl  -pv
    cd /usr/local/mysql/ssl  
    (umask 077; openssl genrsa 1024 > mysql.key)
    openssl req -new -kdy mysql.key -out mysql.csr  
    openssl ca -in mysql.csr -out mysql.crt 
    cp /etc/pki/CA/cacert.pem /usr/local/mysql/ssl  
    cd /usr/local/mysql  
    chown -R mysql:mysql ssl/ 
SLAVE 生成私钥证书
    mkdir /usr/local/mysql/ssl  -pv
    cd /usr/local/mysql/ssl 
    (umask 077; openssl genrsa 1024 > mysql.key)
    openssl req -new -key mysql.key -out mysql.csr
    scp mysql.csr 172.16.19.22:/   
    openssl ca -in mysql.csr -out mysql.crt
    scp mysql.crt 172.16.19.21:/usr/local/mysql/ssl
    scp cacert.pem 172.16.19.21:/usr/local/mysql/ssl/
    chown -R mysql:mysql ./*  #修改秘钥文件
MASTER SSL配置:
    vim /etc/my.cnf
        ssl   
        ssl-ca=/usr/local/mysql/ssl/cacert.pem  
        ssl-cert=/usr/local/mysql/ssl/mysql.crt  
        ssl-key=/usr/local/mysql/ssl/mysql.key
        server_id=1
        innodb_file_per_table=ON
        log_bin=/webdata/log/log_bin_file
    systemctl restart mariadb
    MariaDB [(none)]> show global variables like ‘%ssl%‘;
    MariaDB [(none)]> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO ‘back‘@‘%‘ IDENTIFIED BY ‘centos‘;  #配置同步用户
SLAVE SSL配置:
    vim /etc/my.cnf 
        ssl
        ssl_ca    = /usr/local/mysql/ssl/cacrt.pem
        ssl_cert  = /usr/local/mysql/ssl/slave.crt
        ssl_key  = /usr/local/mysql/ssl/slave.key
        innodb_file_per_table=1
        skip_name_resolve=1
        server_id=2
        relay_log=/sqldata/logs/relay-log
    systemctl restart mariadb
    change master to master_host=‘172.16.19.22‘,master_user=‘back‘,master_password=‘centos‘,master_log_file=‘log_bin_file.000003‘,master_log_pos=245,master_ssl=1,master_ssl_ca=‘
/usr/local/mysql/ssl/cacert.pem‘,master_ssl_cert=‘/usr/local/mysql/ssl/mysql.crt‘,master_ssl_key=‘/usr/local/mysql/ssl/mysql.key‘;
    MariaDB [(none)]> start slave;


本文出自 “My Space” 博客,请务必保留此出处http://zhouhaihong.blog.51cto.com/11640429/1845599

MariaDBm 基于SSL的主从复制配置