mysql主从复制+访问ip限制（docker方式部署mysql）

此主从复制模式是双主单从模式

安装环境

docker版本是18.06.3ce，mysql版本是5.7

1.mysql安装

docker run -d \
-v /home/kygl/docker/mysql/conf:/etc/mysql/conf.d:Z \
-v /home/kygl/docker/mysql/data:/var/lib/mysql:z \
-v /home/kygl/docker/mysql/logs:/log:z \
-p 3306:3306 \
--name mysql \
-e MYSQL_ROOT_PASSWORD=MYSQLPTRkygl@37 \
10.27.213.66:5000/mysql:latest

docker run -d \
-v /home/kygl/docker/mysql/conf:/etc/mysql/conf.d:Z \
-v /home/kygl/docker/mysql/data:/var/lib/mysql:z \
-v /home/kygl/docker/mysql/logs:/log:z \
-p 3306:3306 \
--name mysql \
-e MYSQL_ROOT_PASSWORD=MYSQLPTRkygl@38 \
10.27.213.66:5000/mysql:latest

docker run -d \
-v /home/kygl/docker/mysql/conf:/etc/mysql/conf.d:Z \
-v /home/kygl/docker/mysql/data:/var/lib/mysql:z \
-v /home/kygl/docker/mysql/logs:/log:z \
-p 3306:3306 \
--name mysql \
-e MYSQL_ROOT_PASSWORD=MYSQLPTRkygl@39 \
10.27.213.66:5000/mysql:latest

2.配置my.cnf文件

37
[mysql]
default-character-set = utf8
[mysqld]
#设置server-id 必须唯一
server-id=37
read_only=1
character_set_server = utf8
lower_case_table_names = 1

gtid-mode=on
enforce-gtid-consistency=true

#避免relay.info更新不及时，SLAVE 重启后导致的主从复制出错，，在从服务器上实现事故安全功能，增加配置：
master_info_repository=TABLE
relay_log_info_repository=TABLE

[mysql.server]
default-character-set = utf8
[mysqld_safe]
default-character-set = utf8
[client]
default-character-set=utf8

38


[mysql]
default-character-set = utf8
[mysqld]

log-bin=mysql-bin #开启二进制日志
server-id=38 #设置server-id
gtid-mode=on
enforce-gtid-consistency=true

#步进值auto_imcrement。一般有n台主MySQL就填n
auto_increment_increment=2        

#起始值。一般填第n台主MySQL。此时为第一台主MySQL
auto_increment_offset=1     

# 不同步那些数据库
binlog-ignore-db = mysql,information_schema 

# 只同步那些数据库,除此之外,其他不同步
#binlog-do-db = test_mysql 

#要同步的数据库，默认所有库
#replicate-do-db=aa   

character_set_server = utf8
lower_case_table_names = 1
[mysql.server]
default-character-set = utf8
[mysqld_safe]
default-character-set = utf8
[client]
default-character-set=utf8


39. 

[mysql]
default-character-set = utf8
[mysqld]

log-bin=mysql-bin #开启二进制日志
server-id=39 #设置server-id
gtid-mode=on
enforce-gtid-consistency=true

#步进值auto_imcrement。一般有n台主MySQL就填n
auto_increment_increment=2        

#起始值。一般填第n台主MySQL。此时为第一台主MySQL
auto_increment_offset=2      

# 不同步那些数据库
binlog-ignore-db = mysql,information_schema 

# 只同步那些数据库,除此之外,其他不同步
#binlog-do-db = test_mysql 

#要同步的数据库，默认所有库
#replicate-do-db=aa   

character_set_server = utf8
lower_case_table_names = 1
[mysql.server]
default-character-set = utf8
[mysqld_safe]
default-character-set = utf8
[client]
default-character-set=utf8

3.修改docker的iptables链路,限制部分服务器访问

#让11.11.141.0网段的服务器以及本机ip可以连接3306端口，而且还需要让docker访问数据库，否则docker部署的数据库之间通信就会被拦截
iptables -I DOCKER-USER -s 11.11.141.0/24,10.122.163.82,172.17.0.1/24 -p tcp -m multiport  --dport 3306 -j ACCEPT
#查看规则链，发现第三条是一个return规则，我们所有的设置都需要在这条链以上才生效
iptables -L DOCKER-USER --line-numbers
#所以拒绝连接的链在倒数第二条位置
iptables -I DOCKER-USER  4 -p tcp  -m multiport --dport 3306 -j REJECT
#如果操作错误，可以使用如下命令删除这个链，num是链的编号
sudo iptables -D DOCKER-USER num
-A 添加到最后一条规则   
-I num  添加到 指定数字处，原此处的规则序列加1   
-D 删除
-L 列表展示

注意，此处必须配置docker虚拟ip网段，否则集群会无法通信

4.主服务器创建同步账号

38


用户: kyglmaster
密码: PTRkygl@master
创建用户:
    CREATE USER 'kyglmaster'@'%' IDENTIFIED BY 'PTRkygl@master';
分配权限:
    GRANT REPLICATION SLAVE ON *.* TO 'kyglmaster'@'%';
刷新权限:
    flush privileges;   #刷新权限



39

用户: kyglmaster
密码: PTRkygl@master
创建用户:
    CREATE USER 'kyglmaster'@'%' IDENTIFIED BY 'PTRkygl@master';
分配权限:
    GRANT REPLICATION SLAVE ON *.* TO 'kyglmaster'@'%';
刷新权限:
    flush privileges;   #刷新权限

5.配置主主连接

主从复制前锁表：flush table with read lock;

38
mysql> show master status;
+------------------+----------+--------------+--------------------------+-------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB         | Executed_Gtid_Set |
+------------------+----------+--------------+--------------------------+-------------------+
| mysql-bin.000001 |      774 |              | mysql,information_schema |                   |
+------------------+----------+--------------+--------------------------+-------------------+
1 row in set (0.00 sec)



CHANGE MASTER TO MASTER_HOST='11.11.141.39',MASTER_PORT=3306,MASTER_USER='kyglmaster',MASTER_PASSWORD='PTRkygl@master',MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=774;

start slave;

39

mysql> show master status;
+------------------+----------+--------------+--------------------------+-------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB         | Executed_Gtid_Set |
+------------------+----------+--------------+--------------------------+-------------------+
| mysql-bin.000001 |      774 |              | mysql,information_schema |                   |
+------------------+----------+--------------+--------------------------+-------------------+
1 row in set (0.00 sec)



CHANGE MASTER TO MASTER_HOST='11.11.141.38',MASTER_PORT=3306,MASTER_USER='kyglmaster',MASTER_PASSWORD='PTRkygl@master',MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=774;



start slave;

注意，此处38服务器作为39服务器的slave，需要39服务器的master配置信息。

查看slave状态

show slave status\G;
.........
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
.........
        Seconds_Behind_Master: 0

这三行内容如果这样，说明复制正常

6.配置从服务器

37上

CHANGE MASTER TO MASTER_HOST='11.11.141.38',MASTER_USER='kyglmaster', MASTER_PASSWORD='PTRkygl@master',MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=774 FOR CHANNEL 'master38';

CHANGE MASTER TO MASTER_HOST='11.11.141.39',MASTER_USER='kyglmaster', MASTER_PASSWORD='PTRkygl@master',MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=774 FOR CHANNEL 'master39';

查看状态：
show slave status\G;

7.最后开表：

unlock tables;

部分操作主从复制的命令如下

主从复制前锁表：flush table with read lock;


stop slave;关闭slave
start  slave;开启slave

reset  slave all;重置所有slave（清除多个slave信息）
reset slave; 重置slave


show slave status\G;查看slave状态
show master status\G;查看master状态


最后开表：unlock tables;