MASTER服务器配置为CA touch /etc/pki/CA/index.txt echo 01 > /etc/pki/CA/serial cd /etc/pki/CA/ (umask 066;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 730 -out /etc/pki/CA/cacert.pem 为MASTER生成私钥证书 mkdir /usr/local/mysql/ssl -pv cd /usr/local/mysql/ssl (umask 077; openssl genrsa 1024 > mysql.key) openssl req -new -kdy mysql.key -out mysql.csr openssl ca -in mysql.csr -out mysql.crt cp /etc/pki/CA/cacert.pem /usr/local/mysql/ssl cd /usr/local/mysql chown -R mysql:mysql ssl/ SLAVE 生成私钥证书 mkdir /usr/local/mysql/ssl -pv cd /usr/local/mysql/ssl (umask 077; openssl genrsa 1024 > mysql.key) openssl req -new -key mysql.key -out mysql.csr scp mysql.csr 172.16.19.22:/ openssl ca -in mysql.csr -out mysql.crt scp mysql.crt 172.16.19.21:/usr/local/mysql/ssl scp cacert.pem 172.16.19.21:/usr/local/mysql/ssl/ chown -R mysql:mysql ./* #修改秘钥文件
MASTER SSL配置: vim /etc/my.cnf ssl ssl-ca=/usr/local/mysql/ssl/cacert.pem ssl-cert=/usr/local/mysql/ssl/mysql.crt ssl-key=/usr/local/mysql/ssl/mysql.key server_id=1 innodb_file_per_table=ON log_bin=/webdata/log/log_bin_file systemctl restart mariadb MariaDB [(none)]> show global variables like ‘%ssl%‘; MariaDB [(none)]> GRANT REPLICATION SLAVE,REPLICATION CLIENT ON *.* TO ‘back‘@‘%‘ IDENTIFIED BY ‘centos‘; #配置同步用户 SLAVE SSL配置: vim /etc/my.cnf ssl ssl_ca = /usr/local/mysql/ssl/cacrt.pem ssl_cert = /usr/local/mysql/ssl/slave.crt ssl_key = /usr/local/mysql/ssl/slave.key innodb_file_per_table=1 skip_name_resolve=1 server_id=2 relay_log=/sqldata/logs/relay-log systemctl restart mariadb change master to master_host=‘172.16.19.22‘,master_user=‘back‘,master_password=‘centos‘,master_log_file=‘log_bin_file.000003‘,master_log_pos=245,master_ssl=1,master_ssl_ca=‘ /usr/local/mysql/ssl/cacert.pem‘,master_ssl_cert=‘/usr/local/mysql/ssl/mysql.crt‘,master_ssl_key=‘/usr/local/mysql/ssl/mysql.key‘; MariaDB [(none)]> start slave;
时间: 2024-08-19 18:21:07