MySQL互为主从模型实现基于SSL复制

一、MySQL复制

1、MySQL复制过程描述

MySQL主服务器上每一次发生的有可能产生修改或者产生修改的操作都会在主服务器上基于语句或基于行写入二进制日志,从服务器会在此期间启用一个IO线程不断的向主服务器发送请求,主服务器的二进制日志一但有更新,则会启用binlog dump线程,把数据发送给对方,从服务器接收到数据后则会将二进制日志的内容同步至本地的中继日志保存,而后启用SQL线程,将日志中的操作语句写入本地从服务器数据库;

2、mysql复制的同步和异步

同步:客户端向主服务器执行一条修改操作时,主服务器将操作记录至二进制日志,然后通知从服务器,从服务器接收到主服务器发送的二进制日志内容于是将这些操作写入中继日志,主服务器在从服务器的日志写入成功后,于是将执行结果返回给客户端;

异步:客户端向主服务器执行一条修改操作时,主服务器将操作记录至二进制日志,日志写好后于是将执行结果返回给客户端,中间全程不与从服务器通信;

二、MySQL互为主从模型实现基于SSL复制配置

主机A

hostname:mysql1.wumoumou.com

IP:172.16.36.1

MySQL: Server version: 5.5.33

主机B

hostname:mysql2.wumoumou.com

IP:172.16.36.2

MySQL: Server version: 5.5.33

1、为mysql建立安全的SSL加密

1)、在主服务器生成CA证书。进入目录/etc/pki/CA,在该目录创建CA的自签证书。

[[email protected] CA]# (umask 077; openssl genrsa 2048 > private/cakey.pem)
[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -days 3655 -out cacert.pem

2)、主机A上创建证书,并开启ssl功能

[[email protected] mysqldata]# mkdir ssl
[[email protected] mysqldata]# ls
binlog  data  ssl
[[email protected] mysqldata]# chown mysql.mysql ssl
[[email protected] mysqldata]# cd ssl
[[email protected] ssl]# (umask 077; openssl genrsa 1024 > master.key)
[[email protected] ssl]# openssl req -new -key master.key -out master.csr
[[email protected] ssl]# openssl ca -in master.csr -out master.crt
[[email protected] ssl]# chown mysql.mysql *
[[email protected] ssl]# ls
master.crt  master.csr  master.key
[[email protected] ssl]# vim /etc/my.cnf
[mysqld]
ssl
ssl-ca=/etc/pki/CA/cacert.pem
ssl-cert=/mysqldata/ssl/master.crt
ssl-key=/mysqldata/ssl/master.key
[[email protected] ssl]# service mysqld restart
[[email protected] ssl]# mysql -uroot -hlocalhost -p
mysql> show variables like ‘%ssl%‘;
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| have_openssl  | YES                       |
| have_ssl      | YES                       |
| ssl_ca        |/etc/pki/CA/cacert.pem    |
| ssl_capath    ||
| ssl_cert      |/mysqldata/ssl/master.crt |
| ssl_cipher    ||
| ssl_key       |/mysqldata/ssl/master.key |
+---------------+---------------------------+
7 rows in set (0.01 sec)

3)、在主机B上创建证书

[[email protected] mysqldata]# mkdir ssl
[[email protected] mysqldata]# chown mysql.mysql ssl
[[email protected] mysqldata]# cd ssl
[[email protected] ssl]# (umask 077;openssl genrsa 1024 > slave.key)
[[email protected] ssl]# openssl req -new -key slave.key -out slave.csr
[[email protected] ssl]# scp slave.csr mysql1.wumoumou.com:/tmp

主机A签曙主机B的证书

[[email protected] ssl]# openssl ca -in /tmp/slave.csr -out /tmp/slave.crt
[[email protected] ssl]# scp /tmp/slave.crt mysql2.wumoumou.com:/mysqldata/ssl/
[[email protected] ssl]# scp /etc/pki/CA/cacert.pem mysql2.wumoumou.com:/mysqldata/ssl/

回到主机B,***权限

[[email protected] ssl]# chown mysql.mysql *
[[email protected] ssl]# ls
cacert.pem  slave.crt  slave.csr  slave.key

4)、修改主机B中mysql配置文件,开启ssl功能

[[email protected] ssl]# vim /etc/my.cnf
[mysqld]
ssl
ssl-ca=/mysqldata/ssl/cacert.pem
ssl-cert=/mysqldata/ssl/slave.crt
ssl-key=/mysqldata/ssl/slave.key
[[email protected] ssl]# service mysqld restart
[[email protected] ssl]# mysql -uroot -hlocalhost -p
mysql> show variables like ‘%ssl%‘;
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| have_openssl  | YES                       |
| have_ssl      | YES                       |
| ssl_ca        |/mysqldata/ssl/cacert.pem |
| ssl_capath    ||
| ssl_cert      |/mysqldata/ssl/slave.crt  |
| ssl_cipher    ||
| ssl_key       |/mysqldata/ssl/slave.key  |
+---------------+---------------------------+
7 rows in set (0.00 sec)

2、配置两主机复制

1)、在两台服务器上各自建立一个具有复制权限的用户

mysql> grant replication slave,replication client on *.* to ‘repluser‘@‘172.16.%.%‘ identified by ‘redhat‘;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

2)、修改配置文件

主机A/etc/my.cnf:

datadir=/mysqldata/data
innodb_file_per_table=ON
log-bin=/mysqldata/binlog/master-bin
binlog_format=mixed
server-id    =100
relay-log    =/mysqldata/relaylog/relay-bin
auto-increment-offset=1# 起始值
auto-increment-increment=2# 步长
skip_slave_start                            # 跳过slave自动启动,不让从服务器的IO和SQL两线程自动启动;

[[email protected] mysqldata]# mkdir relaylog && chown mysql.mysql relaylog;

主机B/etc/my.cnf:

datadir=/mysqldata/data
innodb_file_per_table=ON
log-bin=/mysqldata/binlog/master-bin
binlog_format=mixed
server-id    =200
relay-log    =/mysqldata/relaylog/relay-bin
auto-increment-offset=2
auto-increment-increment=2
skip_slave_start

[[email protected] mysqldata]# mkdir relaylog && chown mysql.mysql relaylog;

3)、记录双方二进制日志位置

主机A:

mysql> show master status\G
***************************1. row ***************************
File: master-bin.000005
Position:107
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.00 sec)

主机B:

mysql> show master status\G
***************************1. row ***************************
File: master-bin.000004
Position:107
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.03 sec)

4)、各服务器接下来指定对另一台服务器为自己的主服务器即可

主机A:

mysql> change master to master_host=‘172.16.36.2‘,master_user=‘repluser‘,master_password=‘redhat‘,master_log_file=‘master-bin.000004‘,master_log_pos=107,master_ssl=1,master_ssl_ca=‘/etc/pki/CA/cacert.pem‘,master_ssl_cert=‘/mysqldata/ssl/master.crt‘,master_ssl_key=‘/mysqldata/ssl/master.key‘;
Query OK, 0 rows affected (0.04 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status\G
***************************1. row ***************************
  Slave_IO_State: Waiting for master to send event
 Master_Host:172.16.36.2
 Master_User: repluser
 Master_Port:3306
Connect_Retry:60
 Master_Log_File: master-bin.000004
 Read_Master_Log_Pos:107
  Relay_Log_File: mysql1-relay-bin.000002
Relay_Log_Pos:254
Relay_Master_Log_File: master-bin.000004
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
 Replicate_Do_DB:
 Replicate_Ignore_DB:
  Replicate_Do_Table:
  Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
  Last_Errno:0
  Last_Error:
Skip_Counter:0
 Exec_Master_Log_Pos:107
 Relay_Log_Space:411
 Until_Condition: None
  Until_Log_File:
Until_Log_Pos:0
  Master_SSL_Allowed: Yes
  Master_SSL_CA_File:/etc/pki/CA/cacert.pem
  Master_SSL_CA_Path:
 Master_SSL_Cert:/mysqldata/ssl/master.crt
Master_SSL_Cipher:
  Master_SSL_Key:/mysqldata/ssl/master.key
Seconds_Behind_Master:0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno:0
Last_IO_Error:
  Last_SQL_Errno:0
  Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
Master_Server_Id:1
1 row in set (0.00 sec)

主机B:

mysql> change master to master_host=‘172.16.36.1‘,master_user=‘repluser‘,master_password=‘redhat‘,master_log_file=‘master-bin.000005‘,master_log_pos=107,master_ssl=1,master_ssl_ca=‘/mysqldata/ssl/cacert.pem‘,master_ssl_cert=‘/mysqldata/ssl/slave.crt‘,master_ssl_key=‘/mysqldata/ssl/slave.key‘;
Query OK, 0 rows affected (0.01 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status\G
***************************1. row ***************************
  Slave_IO_State: Waiting for master to send event
 Master_Host:172.16.36.1
 Master_User: repluser
 Master_Port:3306
Connect_Retry:60
 Master_Log_File: master-bin.000005
 Read_Master_Log_Pos:107
  Relay_Log_File: mysql2-relay-bin.000002
Relay_Log_Pos:254
Relay_Master_Log_File: master-bin.000005
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
 Replicate_Do_DB:
 Replicate_Ignore_DB:
  Replicate_Do_Table:
  Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
  Last_Errno:0
  Last_Error:
Skip_Counter:0
 Exec_Master_Log_Pos:107
 Relay_Log_Space:411
 Until_Condition: None
  Until_Log_File:
Until_Log_Pos:0
  Master_SSL_Allowed: Yes
  Master_SSL_CA_File:/mysqldata/ssl/cacert.pem
  Master_SSL_CA_Path:
 Master_SSL_Cert:/mysqldata/ssl/slave.crt
Master_SSL_Cipher:
  Master_SSL_Key:/mysqldata/ssl/slave.key
Seconds_Behind_Master:0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno:0
Last_IO_Error:
  Last_SQL_Errno:0
  Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
Master_Server_Id:100
1 row in set (0.00 sec)

5)、测试复制效果

主机A:

mysql> create database db1;
Query OK, 1 row affected (0.00 sec)

mysql> use db1;
Database changed

mysql> create table t1(id int(10) PRIMARY KEY AUTO_INCREMENT,name char(20));
Query OK, 0 rows affected (0.02 sec)

mysql> insert into t1 (name) value (‘tom‘);
Query OK, 1 row affected (0.01 sec)

mysql> insert into t1 (name) value (‘jery‘);
Query OK, 1 row affected (0.00 sec)

mysql> select * from t1;
+----+------+
| id | name |
+----+------+
|1| tom  |
|3| jery |
+----+------+
2 rows in set (0.00 sec)

主机B:

mysql> use db1;
Database changed

mysql> show tables;
+---------------+
| Tables_in_db1 |
+---------------+
| t1            |
+---------------+
1 row in set (0.00 sec)

mysql> select * from t1;
+----+------+
| id | name |
+----+------+
|1| tom  |
|3| jery |
+----+------+
2 rows in set (0.00 sec)

mysql> insert t1(name) value(‘Jason Bourne‘);
Query OK, 1 row affected (0.01 sec)

mysql> insert t1(name) value(‘James Bond‘);
Query OK, 1 row affected (0.02 sec)

mysql> select * from t1;
+----+--------------+
| id | name         |
+----+--------------+
|1| tom          |
|3| jery         |
|4| Jason Bourne |
|6| James Bond   |
+----+--------------+
4 rows in set (0.00 sec)

因为使用了参数auto-increment-offset和auto-increment-increment配置两主机,因此数据库db1中t1表的id字段,奇数的归主机A插入,偶数的归主机B插入;

全文完!

MySQL互为主从模型实现基于SSL复制,布布扣,bubuko.com

时间: 2024-10-13 00:23:34

MySQL互为主从模型实现基于SSL复制的相关文章

Mysql互为主从问题

我搭建的是mysql 互为主从 复制 两台机器的mysql环境完全相同 第一部分测试: B为master  A为slave的同步测试 在B上创建表lian,并插入数据mysql> create table lian (a int,b char(10)); mysql> insert into lian (a,b)values(22,'hahah'); mysql> show tables;+------+| Tables_in_test |+------+| lian          

Mysql互为主从+keepalived实现高可用性(1)

1)规则: 1) db-51    192.168.4.51  Mysql 5.7 2) db-52 192.168.4.52 Mysql 5.7 vip: 192.168.4.50 2)创建Mysql互为主从: 1.在192.168.4.51 (db-51)安装Mysql,创建同步复制用户(用于192.168.4.52(db-52)主机同步数据) 1 [[email protected]51 ~]#tar -xf mysql-5.7.17.tar -C mysql 2 [[email prot

Keepalived+Mysql互为主从高可用安装配置

Keepalived+Mysql互为主从高可用安装配置环境介绍:keepalived_vip=192.168.1.210    (写虚拟ip)mysql_master01      eth0:192.168.1.211  eth1:172.20.27.211 (1核1G)mysql_master02      eth0:192.168.1.212  eth1:172.20.27.212 (1核1G) 1.安装mysql数据库(所有节点安装)  //此处省略安装mysql服务2.编辑my.cnf配

Mysql互为主从

Mysql互为主从环境:系统环境:centos6.5_x64Mysql-A:172.18.49.10Mysql-B:172.18.49.2Mysql安装已经完成.两台mysql上时间同步: ntpdate pool.ntp.org 在A上操作: vi /etc/my.cnf 添加:log-bin=mysql-bin //开启二进制日志server-id=1 //mysql的idrelay_log=relaylogs service mysqld restart 登录mysql,新建同步用户: m

KeepAlived+MySQL互为主从

解决Master单点问题,两台mysql互为主备,双向replication.当一master挂了,则将slave切换为master,继续工作.好,给定两台机器 主机A:192.168.1.201 主机B:192.168.1.202 一.互为主从 1.配置 主机A上,vim /etc/my.cnf,添加: [mysqld] log-bin=mysql-bin server-id=1 #服务id要和B不同 binlog_do_db=db1 master-host = 192.168.1.202 #

Mysql互为主从架构配置

MySQL主主复制结构区别于主从复制结构.在主主复制结构中,两台服务器的任 何一台上面的数据库存发生了改变都会同步到另一台服务器上,这样两台服务器 互为主从,并且都能向外提供服务. 这就比使用主从复制具有更好的性能. 接下来我将使用两个同样的服务器来实现这个效果: server1_mysql:192.168.1.108 server2_mysql: 192.168.1.110 拓扑结构:server1_mysql-------server2_mysql 1.创建用户并授权server1:mysq

Linux下 Mysql 互为主从

系统环境:CentOS 6.5 master1:192.168.100.204 master2:192.168.100.205 mysql版本:mysql-5.6.19 注:mysql的5.5以下的版本和5.5以上的版本配置方法不一样 以下两个节点安装 1:防火墙打开相应端口 #  /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT #  /etc/rc.d/init.d/iptables save 2:安装相关依赖包 #  yum -y

MySQL互为主从+Keepalived高可用数据库集群

1.剧情回顾 在之前的博客上,我做了一个MySQL主从配置的实验,链接在这:http://blog.51cto.com/superpcm/2094958 .在这里我决定把这两个数据库做成互为主从,然后在这两个互为主从的数据库上配置keepalived,实现高可用,怎么配置可以参考我前文高可用的实验博客,http://blog.51cto.com/superpcm/2095395 . 最后实现的的拓扑图如下: 2.配置MySQL 互为主从复制 之前可能没有说明,实验默认都是开放所有端口给同一网段的

mysql互为主从(双主)配置

环境: ubuntu18.04.2 mysql5.7.21 #创建mysql属组 groupadd mysql useradd -g mysql mysql #查看属组 tail /etc/passwd #创建mysql常用文件夹 在/usr/locle mkdir mysql mkdir boost mkdir -p /data/mysql #附属组 chown -R mysql:mysql /data/mysql chown -R mysql:mysql mysql #解压boost tar