CentOS7 部署 galera cluster mysql 5.7

環境

cpu	mem	hostname	public ip	cluster ip	CentOS	MySQL
雙核	2GB	mysql_1	10.0.0.231	10.10.10.1	7.5	5.7
雙核	2GB	mysql_2	10.0.0.232	10.10.10.2	7.5	5.7
雙核	2GB	mysql_3	10.0.0.233	10.10.10.3	7.5	5.7

創建 galera yum 源文件

cat > /etc/yum.repos.d/galera.repo <<-END
[galera]
name = Galera
baseurl = http://releases.galeracluster.com/galera-3/centos/7/x86_64/
gpgkey = http://releases.galeracluster.com/GPG-KEY-galeracluster.com
gpgcheck = 1
#
[mysql-wsrep]
name = MySQL-wsrep
baseurl = http://releases.galeracluster.com/mysql-wsrep-5.7/centos/7/x86_64/
gpgkey = http://releases.galeracluster.com/GPG-KEY-galeracluster.com
gpgcheck = 1
END

安裝

yum install galera-3 mysql-wsrep-5.7 rsync

修改 /etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
binlog_format=ROW
bind-address=0.0.0.0
default_storage_engine=innodb
innodb_autoinc_lock_mode=2
innodb_flush_log_at_trx_commit=0
innodb_buffer_pool_size=1024M #物理內存一半
wsrep_provider=/usr/lib64/galera-3/libgalera_smm.so
wsrep_provider_options="gcache.size=300M; gcache.page_size=300M"
wsrep_cluster_name="mysql_galera_cluster" #集羣名字
wsrep_cluster_address="gcomm://10.10.10.1,10.10.10.2,10.10.10.3"
wsrep_sst_method=rsync
wsrep_node_name=mysql_1 #當前節點名字
wsrep_node_address="10.10.10.1" #當前節點 cluster ip
#
[mysql_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
#
!includedir /etc/my.cnf.d/

隨機選擇一個節點，使用專用腳本 mysqld_bootstrap 初始化集羣

/usr/bin/mysqld_bootstrap
#該命令會啓動本機的 mysqld 服務
systemctl status mysqld

查找密碼，修改初始密碼

grep -i password /var/log/messages
#記錄輸出的密碼
mysqladmin -uroot -p password 'P@sswo2d'
#根據提示輸入上一步輸出的密碼

在其他節點上啓動 mysqld 服務

systemctl start mysqld

查看集羣節點數量

show status like 'wsrep_cluster_size';

ssl 加密同步數據(不推薦，存在性能損失)

• 生成證書

  mkdir /etc/my.cnf.d/ssl && cd /etc/my.cnf.d/ssl
  openssl genrsa 2048 > ca-key.pem
  openssl req -new -x509 -nodes -days 365000 \
        -key ca-key.pem -out ca-cert.pem #按提示輸入信息
  openssl req -newkey rsa:2048 -days 365000 \
        -nodes -keyout server-key.pem -out server-req.pem #按提示輸入信息，與上一步信息不同
  openssl rsa -in server-key.pem -out server-key.pem
  openssl x509 -req -in server-req.pem -days 365000 \
        -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 \
        -out server-cert.pem
  

• 修改配置文件 my.cnf

  #在 wsrep_provider_options 中添加如下選項，選項間用分號";"間隔
  socket.ssl_key=/etc/my.cnf.d/ssl/server-key.pem; socket.ssl_cert=/etc/my.cnf.d/ssl/server-cert.pem; socket.ssl_ca=/etc/my.cnf.d/ssl/ca-cert.pem; socket.checksum=2; socket.ssl_cipher=AES128-SHA
  

• 重新啓動集羣

ssl 加密客戶端(不推薦，存在性能損失)

• MySQL 5.7 server 自帶 ssl 加密，客戶端連接時，指定參數 --ssl-mode=required 即可