MySQL互爲主從模型實現基於SSL複製

一、MySQL複製

1、MySQL複製過程描述

MySQL主服務器上每一次發生的有可能產生修改或者產生修改的操作都會在主服務器上基於語句或基於行寫入二進制日誌，從服務器會在此期間啓用一個IO線程不斷的向主服務器發送請求，主服務器的二進制日誌一但有更新，則會啓用binlog dump線程，把數據發送給對方，從服務器接收到數據後則會將二進制日誌的內容同步至本地的中繼日誌保存，而後啓用SQL線程，將日誌中的操作語句寫入本地從服務器數據庫；

2、mysql複製的同步和異步

同步：客戶端向主服務器執行一條修改操作時，主服務器將操作記錄至二進制日誌，然後通知從服務器，從服務器接收到主服務器發送的二進制日誌內容於是將這些操作寫入中繼日誌，主服務器在從服務器的日誌寫入成功後，於是將執行結果返回給客戶端；

異步：客戶端向主服務器執行一條修改操作時，主服務器將操作記錄至二進制日誌，日誌寫好後於是將執行結果返回給客戶端，中間全程不與從服務器通信；

二、MySQL互爲主從模型實現基於SSL複製配置

主機A

        hostname：mysql1.wumoumou.com

        IP：172.16.36.1

       MySQL: Server version: 5.5.33

主機B

       hostname：mysql2.wumoumou.com

       IP：172.16.36.2

       MySQL: Server version: 5.5.33

1、爲mysql建立安全的SSL加密

1)、在主服務器生成CA證書。進入目錄/etc/pki/CA，在該目錄創建CA的自簽證書。

[root@mysql1 CA]# (umask 077; openssl genrsa 2048 > private/cakey.pem)
[root@mysql1 CA]# openssl req -new -x509 -key private/cakey.pem -days 3655 -out cacert.pem

2)、主機A上創建證書，並開啓ssl功能

[root@mysql1 mysqldata]# mkdir ssl
[root@mysql1 mysqldata]# ls
binlog  data  ssl
[root@mysql1 mysqldata]# chown mysql.mysql ssl
[root@mysql1 mysqldata]# cd ssl
[root@mysql1 ssl]# (umask 077; openssl genrsa 1024 > master.key)
[root@mysql1 ssl]# openssl req -new -key master.key -out master.csr
[root@mysql1 ssl]# openssl ca -in master.csr -out master.crt
[root@mysql1 ssl]# chown mysql.mysql *
[root@mysql1 ssl]# ls
master.crt  master.csr  master.key
[root@mysql1 ssl]# vim /etc/my.cnf
[mysqld]
ssl
ssl-ca=/etc/pki/CA/cacert.pem
ssl-cert=/mysqldata/ssl/master.crt
ssl-key=/mysqldata/ssl/master.key
[root@mysql1 ssl]# service mysqld restart
[root@mysql1 ssl]# mysql -uroot -hlocalhost -p
mysql> show variables like '%ssl%';
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| have_openssl  | YES                       |
| have_ssl      | YES                       |
| ssl_ca        |/etc/pki/CA/cacert.pem    |
| ssl_capath    ||
| ssl_cert      |/mysqldata/ssl/master.crt |
| ssl_cipher    ||
| ssl_key       |/mysqldata/ssl/master.key |
+---------------+---------------------------+
7 rows in set (0.01 sec)

3)、在主機B上創建證書

[root@mysql2 mysqldata]# mkdir ssl
[root@mysql2 mysqldata]# chown mysql.mysql ssl
[root@mysql2 mysqldata]# cd ssl
[root@mysql2 ssl]# (umask 077;openssl genrsa 1024 > slave.key)
[root@mysql2 ssl]# openssl req -new -key slave.key -out slave.csr
[root@mysql2 ssl]# scp slave.csr mysql1.wumoumou.com:/tmp

主機A籤曙主機B的證書

[root@mysql1 ssl]# openssl ca -in /tmp/slave.csr -out /tmp/slave.crt
[root@mysql1 ssl]# scp /tmp/slave.crt mysql2.wumoumou.com:/mysqldata/ssl/
[root@mysql1 ssl]# scp /etc/pki/CA/cacert.pem mysql2.wumoumou.com:/mysqldata/ssl/

回到主機B，***權限

[root@mysql2 ssl]# chown mysql.mysql *
[root@mysql2 ssl]# ls
cacert.pem  slave.crt  slave.csr  slave.key

4)、修改主機B中mysql配置文件，開啓ssl功能

[root@mysql2 ssl]# vim /etc/my.cnf
[mysqld]
ssl
ssl-ca=/mysqldata/ssl/cacert.pem
ssl-cert=/mysqldata/ssl/slave.crt
ssl-key=/mysqldata/ssl/slave.key
[root@mysql2 ssl]# service mysqld restart
[root@mysql2 ssl]# mysql -uroot -hlocalhost -p
mysql> show variables like '%ssl%';
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| have_openssl  | YES                       |
| have_ssl      | YES                       |
| ssl_ca        |/mysqldata/ssl/cacert.pem |
| ssl_capath    ||
| ssl_cert      |/mysqldata/ssl/slave.crt  |
| ssl_cipher    ||
| ssl_key       |/mysqldata/ssl/slave.key  |
+---------------+---------------------------+
7 rows in set (0.00 sec)

2、配置兩主機複製

1)、在兩臺服務器上各自建立一個具有複製權限的用戶

mysql> grant replication slave,replication client on *.* to 'repluser'@'172.16.%.%' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

2)、修改配置文件

主機A/etc/my.cnf：

datadir=/mysqldata/data
innodb_file_per_table=ON
log-bin=/mysqldata/binlog/master-bin
binlog_format=mixed
server-id    =100
relay-log    =/mysqldata/relaylog/relay-bin
auto-increment-offset=1# 起始值
auto-increment-increment=2# 步長
skip_slave_start                            # 跳過slave自動啓動，不讓從服務器的IO和SQL兩線程自動啓動；

[root@mysql1 mysqldata]# mkdir relaylog && chown mysql.mysql relaylog;

主機B/etc/my.cnf：

datadir=/mysqldata/data
innodb_file_per_table=ON
log-bin=/mysqldata/binlog/master-bin
binlog_format=mixed
server-id    =200
relay-log    =/mysqldata/relaylog/relay-bin
auto-increment-offset=2
auto-increment-increment=2
skip_slave_start

[root@mysql2 mysqldata]# mkdir relaylog && chown mysql.mysql relaylog;

3)、記錄雙方二進制日誌位置

主機A：

mysql> show master status\G
***************************1. row ***************************
File: master-bin.000005
Position:107
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.00 sec)

主機B：

mysql> show master status\G
***************************1. row ***************************
File: master-bin.000004
Position:107
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.03 sec)

4)、各服務器接下來指定對另一臺服務器爲自己的主服務器即可

主機A：

mysql> change master to master_host='172.16.36.2',master_user='repluser',master_password='redhat',master_log_file='master-bin.000004',master_log_pos=107,master_ssl=1,master_ssl_ca='/etc/pki/CA/cacert.pem',master_ssl_cert='/mysqldata/ssl/master.crt',master_ssl_key='/mysqldata/ssl/master.key';
Query OK, 0 rows affected (0.04 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status\G
***************************1. row ***************************
  Slave_IO_State: Waiting for master to send event
 Master_Host:172.16.36.2
 Master_User: repluser
 Master_Port:3306
Connect_Retry:60
 Master_Log_File: master-bin.000004
 Read_Master_Log_Pos:107
  Relay_Log_File: mysql1-relay-bin.000002
Relay_Log_Pos:254
Relay_Master_Log_File: master-bin.000004
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
 Replicate_Do_DB:
 Replicate_Ignore_DB:
  Replicate_Do_Table:
  Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
  Last_Errno:0
  Last_Error:
Skip_Counter:0
 Exec_Master_Log_Pos:107
 Relay_Log_Space:411
 Until_Condition: None
  Until_Log_File:
Until_Log_Pos:0
  Master_SSL_Allowed: Yes
  Master_SSL_CA_File:/etc/pki/CA/cacert.pem
  Master_SSL_CA_Path:
 Master_SSL_Cert:/mysqldata/ssl/master.crt
Master_SSL_Cipher:
  Master_SSL_Key:/mysqldata/ssl/master.key
Seconds_Behind_Master:0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno:0
Last_IO_Error:
  Last_SQL_Errno:0
  Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
Master_Server_Id:1
1 row in set (0.00 sec)

主機B：

mysql> change master to master_host='172.16.36.1',master_user='repluser',master_password='redhat',master_log_file='master-bin.000005',master_log_pos=107,master_ssl=1,master_ssl_ca='/mysqldata/ssl/cacert.pem',master_ssl_cert='/mysqldata/ssl/slave.crt',master_ssl_key='/mysqldata/ssl/slave.key';
Query OK, 0 rows affected (0.01 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status\G
***************************1. row ***************************
  Slave_IO_State: Waiting for master to send event
 Master_Host:172.16.36.1
 Master_User: repluser
 Master_Port:3306
Connect_Retry:60
 Master_Log_File: master-bin.000005
 Read_Master_Log_Pos:107
  Relay_Log_File: mysql2-relay-bin.000002
Relay_Log_Pos:254
Relay_Master_Log_File: master-bin.000005
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
 Replicate_Do_DB:
 Replicate_Ignore_DB:
  Replicate_Do_Table:
  Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
  Last_Errno:0
  Last_Error:
Skip_Counter:0
 Exec_Master_Log_Pos:107
 Relay_Log_Space:411
 Until_Condition: None
  Until_Log_File:
Until_Log_Pos:0
  Master_SSL_Allowed: Yes
  Master_SSL_CA_File:/mysqldata/ssl/cacert.pem
  Master_SSL_CA_Path:
 Master_SSL_Cert:/mysqldata/ssl/slave.crt
Master_SSL_Cipher:
  Master_SSL_Key:/mysqldata/ssl/slave.key
Seconds_Behind_Master:0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno:0
Last_IO_Error:
  Last_SQL_Errno:0
  Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
Master_Server_Id:100
1 row in set (0.00 sec)

5)、測試複製效果

主機A：

mysql> create database db1;
Query OK, 1 row affected (0.00 sec)

mysql> use db1;
Database changed

mysql> create table t1(id int(10) PRIMARY KEY AUTO_INCREMENT,name char(20));
Query OK, 0 rows affected (0.02 sec)

mysql> insert into t1 (name) value ('tom');
Query OK, 1 row affected (0.01 sec)

mysql> insert into t1 (name) value ('jery');
Query OK, 1 row affected (0.00 sec)

mysql> select * from t1;
+----+------+
| id | name |
+----+------+
|1| tom  |
|3| jery |
+----+------+
2 rows in set (0.00 sec)

主機B：

mysql> use db1;
Database changed

mysql> show tables;
+---------------+
| Tables_in_db1 |
+---------------+
| t1            |
+---------------+
1 row in set (0.00 sec)

mysql> select * from t1;
+----+------+
| id | name |
+----+------+
|1| tom  |
|3| jery |
+----+------+
2 rows in set (0.00 sec)

mysql> insert t1(name) value('Jason Bourne');
Query OK, 1 row affected (0.01 sec)

mysql> insert t1(name) value('James Bond');
Query OK, 1 row affected (0.02 sec)

mysql> select * from t1;
+----+--------------+
| id | name         |
+----+--------------+
|1| tom          |
|3| jery         |
|4| Jason Bourne |
|6| James Bond   |
+----+--------------+
4 rows in set (0.00 sec)

因爲使用了參數auto-increment-offset和auto-increment-increment配置兩主機，因此數據庫db1中t1表的id字段，奇數的歸主機A插入，偶數的歸主機B插入；

全文完！