溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
本篇文章給大家主要講的是關于什么是mysql基于ssl的主從復制的內容,感興趣的話就一起來看看這篇文章吧,相信看完什么是mysql基于ssl的主從復制對大家多少有點參考價值吧。
當mysql/mariadb跨越互聯網進行復制時別人可以竊取到mysql/mariadb的復制信息, 這些信息是明文的, 因此存在不安全性, 這里通過ssl對復制的信息進行加密
1. 創建證書中心
在主云服務器上創建證書中心
cd /etc/pki/CA 生成私鑰 (umask 077;openssl genrsa -out private/cakey.pem 2048) 生成自簽名證書 openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 7300 創建證書編號 mkdir certs crl newcerts touch index.txt echo 00 > serial
2. 為主云服務器創建證書
云服務器的名稱必須固定, 在申請證書時要輸入云服務器名稱, 這書和云服務器名稱對應;
創建私鑰 mkdir /usr/lcoal/mysql/ssl cd /usr/local/mysql/ssl (umask 077;openssl genrsa -out /etc/mysql/ssl/master.key 2048) 生成證書申請 openssl req -new -key master.key -out master.csr 在證書云服務器上對master的證書進行簽發 openssl ca -in master.csr -out master.crt -days 365
3. 創建從云服務器證書
(umask 077;openssl genrsa -out /etc/mysql/ssl/slave.key 2048) openssl req -new -key slave.key -out slave.csr 將從云服務器的證書申請文件復制到證書云服務器上進行簽發 openssl ca -in slave.csr -out slave.crt -days 365
4. ×××權限和mysql配置文件
將證書的公鑰cacert.pem復制到主從云服務器的目錄下 cd /etc/mysql/ssl cp /etc/pki/CA/cacert.pem ./ chown -R mysql.mysql master.crt master.key cacert.pem chmod 600 master.crt master.key cacert.pem vim /etc/my.cnf log-bin=master-log server-id=1 skip_name_resolve = ON innodb_file_per_table = ON ssl ssl_ca = /etc/mysql/ssl/cacert.pem ssl_cert = /etc/mysql/ssl/master.crt ssl_key = /etc/mysql/ssl/master.key 修改從云服務器配置 cd /etc/mysql/ssl cp /etc/pki/CA/cacert.pem ./ chown -R mysql.mysql slave.crt slave.key cacert.pem chmod 600 slave.crt slave.key cacert.pem vim /etc/my.cnf relay-log=relay-log server-id=2 skip_name_resolve = ON innodb_file_per_table = ON ssl ssl_ca = /etc/mysql/ssl/cacert.pem ssl_cert = /etc/mysql/ssl/slave.crt ssl_key = /etc/mysql/ssl/slave.key
5. 在主服務上創建復制用戶
MariaDB [(none)]> GTANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO 'repluser'@'10.1.52.%' IDENTIFIED BY 'replpass' REQUIRE SSL; MariaDB [(none)]> FLUSH PRIVILEGES; 查看主云服務器當前二進制位置 MariaDB [(none)]> SHOW MASTER STATUS; +-------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +-------------------+----------+--------------+------------------+ | master-log.000005 | 7918 | | | +-------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)
6. 在從云服務器上開始復制
MariaDB [(none)]> CHANGE MASTER TO -> MASTER_HOST='10.1.52.11', -> MASTER_USER='repluser', -> MASTER_PASSWORD='replpass', -> MASTER_LOG_FILE='master-log.000001', -> MASTER_LOG_POS=495, -> MASTER_SSL=1, -> MASTER_SSL_CA='/etc/mysql/ssl/cacert.pem', -> MASTER_SSL_CERT='/etc/mysql/ssl/slave.crt', -> MASTER_SSL_KEY='/etc/mysql/ssl/slave.key'; MariaDB [(none)]> START SLAVE;
7. 查看從云服務器的狀態
MariaDB [(none)]> SHOW SLAVE STATUS\G *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 10.1.52.11 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: master-log.000005 Read_Master_Log_Pos: 7918 Relay_Log_File: relay-log.000002 Relay_Log_Pos: 7940 Relay_Master_Log_File: master-log.000005 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 7918 Relay_Log_Space: 8228 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes Master_SSL_CA_File: /etc/mysql/ssl/cacert.pem Master_SSL_CA_Path: Master_SSL_Cert: /etc/mysql/ssl/slave.crt Master_SSL_Cipher: Master_SSL_Key: /etc/mysql/ssl/slave.key Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec)
以上關于什么是mysql基于ssl的主從復制詳細內容,對大家有幫助嗎?如果想要了解更多相關,可以繼續關注我們的行業資訊板塊。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
