mysql主從複製實現SSL加密和半同步複製

MySQL支持單向、異步複製，複製過程當中一個服務器充當主服務器，而一個或多個其它服務器充當從服務器。這與同步複製能夠進行對比，同步複製是MySQL的一個特徵。主服務器將更新寫入二進制日誌文件，並維護文件的一個索引以跟蹤日誌循環。這些日誌能夠記錄發送到從服務器的更新。當一個從服務器鏈接主服務器時，它通知主服務器從服務器在日誌中讀取的最後一次成功更新的位置。從服務器接收從那時起發生的任何更新，而後並等待主服務器通知新的更新。

------------------------------------------------------------------------------------------------------

實驗環境在redhat6.4 ▎ 安裝包使用的mysql-5.5.33版本的。

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1.下載完mysq安裝包到主服務器上

mysql-5.5.33-linux2.6-x86_64.tar.gz

2.複製安裝包到從服務器上

1	[root@yulong ~] # scp mysql-5.5.33-linux2.6-x86_64.tar.gz root@172.16.8.11:/root

3.解壓包到指定路徑下

1	tar xf mysql- 5.5 . 33 -linux2. 6 -x86_64.tar.gz -C /usr/local

4.新建一個mysql用戶和mysql的數據庫目錄,修改建立的目錄屬主和屬組爲mysql

1 2 3 4 5

[root@yulong local]# useradd -r -u 306 mysql [root@yulong local]# mkdir -pv /mydata/data [root@yulong local]# chown -R mysql:mysql /mydata/data/ [root@yulong local]# ls -ld /mydata/data/ drwxr-xr-x 2 mysql mysql 4096 Aug 26 11 : 52 /mydata/data/

5.建立一個軟鏈接爲mysql,並把mysql裏面的文件屬主改成root屬組爲mysql

1 2 3 4

[root@yulong local]# ln -sv mysql- 5.5 . 33 -linux2. 6 -x86_64 mysql `mysql ' -> `mysql-5.5.33-linux2.6-x86_64' [root@yulong local]# cd /usr/local/mysql [root@yulong mysql]# chown -R root:mysql *

6.初始化數據庫一些準備

1 2 3 4 5 6 7 8 9

[root@yulong ]# cd /usr/local/mysql [root@yulong mysql]# cp support-files/my-large.cnf /etc/my.cnf [root@yulong mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld [root@yulong mysql]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@yulong mysql]# . /etc/profile.d/mysql.sh cp主配置文件 cpmysq.server腳本到啓動路徑下 輸出環境變量 重讀下環境變量配置文件

7.初始化mysql數據庫

1 2 3 4 5 6 7 8

[root@yulong mysql]# vim /etc/my.cnf datadir=/mydata/data innodb_file_per_table = 1 [root@yulong mysql]# scripts/mysql_install_db --user=mysql --datadir=/mydata/data/ Installing MySQL system tables... OK Filling help tables... OK

8.啓動mysql服務

1 2 3

[root@yulong mysql]# service mysqld start [root@yulong mysql]# netstat -tnlp tcp 0 0 0.0 . 0.0 : 3306 0.0 . 0.0 :* LISTEN 3018 /mysqld

9.下面配置主服務的一些參數，使從服務器能夠同步數據

1 2 3 4 5 6 7 8 9 10 11

[root@yulong mysql]# mysql mysql> grant replication slave,replication client on *.* to tom@ '172.16.%.%' identified by 'redhat' ; mysql> flush privileges; Query OK, 0 rows affected ( 0.00 sec) mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin. 000003 | 351 | | | +------------------+----------+--------------+------------------+ 1 row in set ( 0.00 sec)

10.從服務器上配置步驟和1-8的步驟同樣這裏就再也不次配置了

11.編輯從服務器上主配置文件

1 2 3 4

[root@localhost mysql]# vim /etc/my.cnf server-id = 20 relay-log = /mydata/data/relay-bin 添加上面這兩項

12.啓動複製線程

1	mysql> CHANGE MASTER TO MASTER_HOST= '172.16.8.10' , MASTER_USER= 'tom' , MASTER_PASSWORD= 'redhat'

13.在主服務器上添加一個數據，看看主從是否是同樣的

1 2 3 4 5 6 7 8 9 10 11 12 13 14

mysql> create database qq; mysql> create database taobao; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | qq | | taobao | | test | +--------------------+ 6 rows in set ( 0.01 sec)

14.在從服務器上查看

1 2 3 4 5 6 7 8 9 10 11 12 13

mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | qq | | taobao | | test | +--------------------+ 6 rows in set ( 0.00 sec) 從上面的對比看出數據是同樣的

二.下面來實現增量複製

1.先把從服務器數據庫停掉

1 2	[root@localhost data]# service mysqld stop Shutting down MySQL.... [ OK ]

2.刪除數據庫目錄中的數據和從新初始化

1 2	[root@localhost ~]# rm -rf /mydata/data/ [root@localhost mysql]# scripts/mysql_install_db --user=mysql --datadir=/mydata/data/

3.在主數據庫中添加一些數據在備份下數據庫

1 2 3 4 5 6 7 8 9 10 11 12

mysql> create table zhongqiu ( id int ,name var char); Query OK, 0 rows affected ( 0.38 sec) mysql> insert into zhongqiu values ( 1 ,q),( 2 ,n),( 3 ,j); mysql> select * from zhongqiu; +------+------+ | id | name | +------+------+ | 1 | q | | 2 | n | | 3 | j | | 1 | l | [root@yulong data]# mysqldump -uroot --all-databases --lock-all-tables --events --master-data= 2 > /tmp/all.sql

4.把備份的數據導入到從服務器上

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

[root@yulong data]# scp /tmp/all.sql root@ 172.16 . 8.11 :/root/ [root@localhost ~]# mysql < all.sql mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | qq | | taobao | | test | +--------------------+ scp到從服務器上 導入數據

5.而後從導入數據以後開始複製主服務上的數據

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[root@localhost ~]# head - 30 all.sql 找到數據最後記錄的位置大概就是下面這段 -- CHANGE MASTER TO MASTER_LOG_FILE= 'mysql-bin.000003' , MASTER_LOG_POS= 1034 ; mysql> CHANGE MASTER TO MASTER_HOST= '172.16.8.10' , MASTER_USER= 'tom' , MASTER_PASSWORD= 'redhat' , MASTER_PORT= 3306 , MASTER_LOG_FILE= 'mysql-bin.000003' , MASTER_LOG_POS= 1034 ; Query OK, 0 rows affected ( 0.16 sec) mysql> start slave; Query OK, 0 rows affected ( 0.03 sec) mysql> show slave status\G *************************** 1 . row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 172.16 . 8.10 Master_User: tom Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin. 000003 Read_Master_Log_Pos: 1034 Relay_Log_File: ralay-bin. 000002 Relay_Log_Pos: 253 Relay_Master_Log_File: mysql-bin. 000003 Slave_IO_Running: Yes Slave_SQL_Running: Yes

6.在主服務器上添加數據看看從服務器是否同步

1 2 3 4 5 6 7 8 9 10 11 12 13 14

mysql> create database nihao; 主的：mysql> show databases; 從的：mysql> show databases; +--------------------+ +--------------------+ | Database | | Database | +--------------------+ +--------------------+ | information_schema | | information_schema | | mysql | | mysql | | nihao | | nihao | | performance_schema | | performance_schema | | qq | | qq | | taobao | | taobao | | test | | test | +--------------------+ +--------------------+ 7 rows in set ( 0.03 sec) 7 rows in set ( 0.03 sec)

三.實現半同步

1.在主服務器上安裝master模塊

1 2 3 4

mysql> install plugin rpl_semi_sync_master soname 'semisync_master.so' ; Query OK, 0 rows affected ( 0.06 sec) mysql> SET GLOBAL rpl_semi_sync_master_enabled = 1 ; mysql> SET GLOBAL rpl_semi_sync_master_timeout = 1000 ;

2.在從服務器安裝添加Slave模塊

1 2 3

mysql> INSTALL PLUGIN rpl_semi_sync_slave SONAME 'semisync_slave.so' ; mysql> SET GLOBAL rpl_semi_sync_slave_enabled = 1 ; mysql> STOP SLAVE IO_THREAD; START SLAVE IO_THREAD;

3.查看主服務器上的semi_sync是否開啓，注意clients 變爲1，證實主從半同步複製鏈接成功:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

mysql> SHOW GLOBAL STATUS LIKE 'rpl_semi%' ; mysql> SHOW GLOBAL STATUS LIKE '%rpl_semi%' ; +--------------------------------------------+-------+ | Variable_name | Value | +--------------------------------------------+-------+ | Rpl_semi_sync_master_clients | 1 | | Rpl_semi_sync_master_net_avg_wait_time | 863 | | Rpl_semi_sync_master_net_wait_time | 863 | | Rpl_semi_sync_master_net_waits | 1 | | Rpl_semi_sync_master_no_times | 0 | | Rpl_semi_sync_master_no_tx | 0 | | Rpl_semi_sync_master_status | ON | | Rpl_semi_sync_master_timefunc_failures | 0 | | Rpl_semi_sync_master_tx_avg_wait_time | 0 | | Rpl_semi_sync_master_tx_wait_time | 0 | | Rpl_semi_sync_master_tx_waits | 0 | | Rpl_semi_sync_master_wait_pos_backtraverse | 0 | | Rpl_semi_sync_master_wait_sessions | 0 | | Rpl_semi_sync_master_yes_tx | 1 | +--------------------------------------------+-------+ 14 rows in set ( 0.02 sec) 正常滴

爲mysql創建安全的SSL加密

1.在主服務器上爲CA生成一個私鑰

1 2 3 4

[root@yulong CA]# (umask 077 ;openssl genrsa -out private /cakye.pem 2048 ) Generating RSA private key, 2048 bit long modulus ..........................................................................+++ ..............................+++

2.在主服務器上生成自簽證書

1 2 3 4 5 6 7

[root@yulong CA]# openssl req - new -x509 -key private /cakye.pem -out cacert.pem -days 365 Country Name ( 2 letter code) [XX]:CN State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]:beijing Organization Name (eg, company) [Default Company Ltd]:beijing Organizational Unit Name (eg, section) []:beijing Common Name (eg, your name or your server's hostname) []: 172.16 . 8.10

3.主服務器上申請證書

1 2 3 4 5

[root@yulong data]# mkdir ssl [root@yulong data]# chown mysql.mysql ssl [root@yulong data]# (umask 077 ; openssl genrsa -out /usr/local/mysql/ssl/master.key 2048 ) [root@yulong data]# openssl req - new -key /usr/local/mysql/ssl/master.key -out /usr/local/mysql/ssl/master.csr [root@yulong data]# openssl ca - in /usr/local/mysql/ssl/master.csr -out /usr/local/mysql/ssl/master.crt -days 365

4.編輯主服務器上的配置文件支持SSL功能

1 2 3 4 5

[root@yulong data]# vim /etc/my.cnf ssl ssl-ca=/etc/pki/CA/cacert.pem ssl-cert=/usr/local/mysql/ssl/master.crt ssl-key=/usr/local/mysql/ssl/master.key

5.在從服務器上生成一個簽署證書

1 2 3 4

[root@yulong data]# mkdir ssl [root@yulong data]# chown mysql.mysql ssl [root@yulong data]# (umask 077 ; openssl genrsa -out /usr/local/mysql/ssl/mysql.key 2048 ) [root@yulong data]# openssl req - new -key /usr/local/mysql/ssl/master.key -out /usr/local/mysql/ssl/mysql.csr

6.把簽署證書發送到主服務器上,在主服務器上籤署證書後在發給從服務器

1 2 3 4

[root@localhost ssl]# scp mysql.csr root@ 172.16 . 8.10 :/etc/pki/CA [root@yulong CA]# openssl ca - in mysql.csr -out mysql.crt -days 365 [root@yulong CA]# scp cacert.pem mysql.crt root@ 172.16 . 8.11 :/usr/local/mysql/ssl [root@yulong ssl]## chown -R mysql.mysql * 把放祕鑰的文件中的屬主和屬組調整爲mysql

7.配置my.cnf文件在開啓SSL重啓服務

1 2	[root@yulong data]# echo 'ssl' > /etc/cnf [root@yulong data]#service mysqld restart

8主上建立ssl連接的用戶

1	mysql> grant replication client,replication slave on *.* to openssl@ 172.16 . 8.11 identified by 'redhat' ;

9.從服務器上經過ssl連接主服務器

1

mysql > change master to master_host= '172.16.8.10' , master_user= 'openssl' , master_password= 'redhat' , master_log_file= 'mysql-bin.000007' ,master_port= 3306 ,master_log_pos= 430 , master_ssl= 1 , master_ssl_ca= '/usr/local/mysql/ssl/cacert.pem' , master_ssl_cert= '/usr/local/mysql/ssl/mysql.crt' , master_ssl_key= '/usr/local/mysql/ssl/mysql.key' ;

10.查看slave的狀態

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

mysql> show slave status\G *************************** 1 . row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 172.16 . 8.10 Master_User: openssl Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin. 000007 Read_Master_Log_Pos: 430 Relay_Log_File: ralay-bin. 000002 Relay_Log_Pos: 253 Relay_Master_Log_File: mysql-bin. 000007 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 430 Relay_Log_Space: 403 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes Master_SSL_CA_File: /usr/local/mysql/ssl/cacert.pem Master_SSL_CA_Path: Master_SSL_Cert: /usr/local/mysql/ssl/mysql.crt Master_SSL_Cipher: Master_SSL_Key: /usr/local/mysql/ssl/mysql.key Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set ( 0.00 sec)

11.經過命令看下連接狀態

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[root@localhost ssl]# mysql --ssl-ca=/usr/local/mysql/ssl/cacert.pem --ssl-cert=/usr/local/mysql/ssl/mysql.crt --ssl-key=/usr/local/mysql/ssl/mysql.key -uopenssl -h172. 16.8 . 10 -predhat mysql> \s -------------- mysql Ver 14.14 Distrib 5.5 . 33 , for linux2. 6 (x86_64) using readline 5.1 Connection id: 15 Current database: Current user: openssl@ 172.16 . 8.11 SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 5.5 . 33 -log MySQL Community Server (GPL) Protocol version: 10 Connection: 172.16 . 8.10 via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 9 min 47 sec