Centos6.8配置MySQL以SSL加密方式主从复制
MySQL的主从复制默认情况走的是明文传输,这样不安全,可以通过配置使主从复制走SSL加密连接。
Master上的配置
1、生成密钥
mysql_ssl_rsa_setup --uid=mysql
2、将密钥全部拷贝到slave的/var/lib/mysql (mysql安装目录)
scp /var/lib/mysql/*.pem root@ip:/var/lib/mysql/
3、修改/etc/my.conf
character-set-server=utf8
lower_case_table_names=1
slow_query_log=1
long_query_time=10.000000
require_secure_transport=ON
server-id=1
log-bin=mysql-bin
log-bin-index=master-bin.index
innodb_flush_log_at_trx_commit=1
sync_binlog=1
expire_logs_days=10
max_binlog_size=1073741824
binlog-do-db=mytest
binlog_format=ROW
4、重启mysql
service mysqld restart
5、创建用户-授权复制
#创建一个用户(repl)密码(MyPWD123!@#')的用户,并且只允许(192.168.80)网段登录,并且必须SSL方式登录
CREATE USER 'repl'@'192.168.80.%' IDENTIFIED BY 'MyPWD123!@#' REQUIRE SSL;
#给(repl)用户授权,允许复制
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.80.%';
#刷新权限
FLUSH PRIVILEGES;
6、导出当前数据和日志文件位置
mysqldump -u root -p --databases mytest --master-data > dbdump.db
Slave上的配置
1、配置/etc/my.conf
character-set-server=utf8
lower_case_table_names=1
slow_query_log=1
long_query_time=10.000000
require_secure_transport=ON
server-id=2
relay-log=slave-relay-bin
relay-log-index=slave-relay-bin.index
expire_logs_days=10
max_relay_log_size=1073741824
relay_log_recovery=ON
relay_log_info_repository=TABLE
2、重启MySQL
service mysqld restart
3、手动创建数据库,完成后通过命令恢复备份数据
mysql -u root -p mytest < /home/mysqldata/dbdump.db
4、设置主从复制
CHANGE MASTER TO
MASTER_HOST='192.168.80.110',
MASTER_USER='repl',
MASTER_PASSWORD='MyPWD123!@#',
MASTER_LOG_FILE='mysql-bin.000001',
MASTER_SSL=1,
MASTER_SSL_CA='/var/lib/mysql/ca.pem',
MASTER_SSL_CERT='/var/lib/mysql/client-cert.pem',
MASTER_SSL_KEY='/var/lib/mysql/client-key.pem',
MASTER_LOG_POS=154;
MASTER_LOG_FILE='mysql-bin.000002', MASTER_LOG_POS=154 注意这里一定不能写错了,
这个内容可以在dbdump.db的开头找到,记录着master备份时当前二进制文件的位置,slave在恢复数据后就从这个点开始复制数据。
5、开启主从复制
mysql> START SLAVE;
6、查看同步状态
mysql> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.80.110
Master_User: repl
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 5218
Relay_Log_File: slave-relay-bin.000002
Relay_Log_Pos: 5384
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 5218
Relay_Log_Space: 5591
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /var/lib/mysql/ca.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /var/lib/mysql/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /var/lib/mysql/client-key.pem
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
Master_UUID: 0819a2ef-b543-11e8-b05c-000c291d9005
Master_Info_File: /var/lib/mysql/master.info
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
Master_Retry_Count: 86400
Master_Bind:
Last_IO_Error_Timestamp:
Last_SQL_Error_Timestamp:
Master_SSL_Crl:
Master_SSL_Crlpath:
Retrieved_Gtid_Set:
Executed_Gtid_Set:
Auto_Position: 0
Replicate_Rewrite_DB:
Channel_Name:
Master_TLS_Version:
1 row in set (0.00 sec)
Master_SSL_CA_File: /var/lib/mysql/ca.pem
Master_SSL_Cert: /var/lib/mysql/client-cert.pem
Master_SSL_Key: /var/lib/mysql/client-key.pem
可以看到配置已经生效。
参考: