MySQL主从复制.半同步.基于ssL加密复制
MySQL复制的好处
1. 负载均衡
2. 数据的分布
3. 备份的操作
4. 高可用和容错
MySQL复制的原理
1.将master服务器改变的数据记录到二进制日志(binary log)中
2.slave服务器将master服务器上的二进制日志通过i/o线程获取到自己的中继日志中(relay-log)
3.slave服务器通过sql线程读取中继日志,然后将改变的数据写入到自己的数据库中
上述图片为二进制简单的复制过程简介
配置注意事项和前提条件
1. master服务器必须开启二进制日志
2. master和slave的server-id不能相同
3. 同一个master的多个slave,server也不能相同
4. Binlog_format最好相同 ,否则会导致数据不一致
5. 在slave服务器上配置log-slave-updates=1时,也需要开启二进制日志
6. Read_only选项开启,可以阻止没有权限的线程修改数据
----------------------------------------------------------------------------------------------------------------------------------
软件版本
系统版本 : Centos 6.4_2.6.32-358.el6.x86_64 Myql版本: mysql-5.5.33-linux2.6-x86_64.tar.gz 环境介绍 : master服务器:node3 192.168.17.15 Slave服务器: node4 192.168.17.32
安装准备
1.修改主机名
2.配置主机名解析,修改hosts文件
3.同步俩台服务器时间 ,让时间保持一致
安装MySQL
1.Master和slave的mysql安装配置一样
[root@node3 ~]# useradd -r -u 306 mysql [root@node3 ~]# mkdir -p /mydata/data [root@node3 ~]# tar xfmysql-5.5.33-linux2.6-x86_64.tar.gz -C /usr/local/ [root@node3 ~]# cd /usr/local/ [root@node3 local]# ln -svmysql-5.5.33-linux2.6-x86_64/ mysql `mysql' ->`mysql-5.5.33-linux2.6-x86_64/' [root@node3 local]# cd mysql [root@node3 mysql]# chown -R root.mysql . [root@node3 mysql]# cpsupport-files/mysql.server /etc/init.d/mysqld cp: overwrite `/etc/init.d/mysqld'? y [root@node3 mysql]# chmod +x /etc/init.d/mysqld [root@node3 mysql]# chkconfig --add mysqld [root@node3 mysql]# chkconfig mysqld on [root@node3 mysql]# cpsupport-files/my-large.cnf /etc/my.cnf cp: overwrite `/etc/my.cnf'? y [root@node3 mysql]# vim /etc/my.cnf datadir = /mydata/data innodb_file_per_table = 1 [root@node3 mysql]# echo"PATH=/usr/local/mysql/bin:$PATH" >> /etc/profile [root@node3mysql]# . /etc/profile [root@node3mysql]# ln -s /usr/local/mysql/include/ /usr/include/mysql [root@node3 mysql]# echo "/usr/local/mysql/lib">> /etc/ld.so.conf [root@node3 mysql]# ldconfig [root@node3 mysql]# chown -R mysql.mysql/mydata/data [root@node3 mysql]#./scripts/mysql_install_db --user=mysql --datadir=/mydata/data Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have tocopy support-files/mysql.server to the rightplace for your system PLEASE REMEMBER TO SET A PASSWORD FOR THEMySQL root USER ! To do so, start the server, then issue thefollowing commands: ./bin/mysqladmin -u root password'new-password' ./bin/mysqladmin -u root -h node3 password'new-password' Alternatively you can run: ./bin/mysql_secure_installation which will also give you the option ofremoving the test databases and anonymous user created by default. This is strongly recommended for productionservers. See the manual for more instructions. You can start the MySQL daemon with: cd . ; ./bin/mysqld_safe & You can test the MySQL daemon withmysql-test-run.pl cd ./mysql-test ; perl mysql-test-run.pl Please report any problems with the./bin/mysqlbug script! [root@node3 mysql]# service mysqld start Starting MySQL... SUCCESS!
主从复制配置
在master服务器上建立用于slave服务器复制数据的账户(最小权限)
[root@node3 mysql]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.5.33-log MySQL CommunityServer (GPL) Copyright (c) 2000, 2013, Oracle and/or itsaffiliates. All rights reserved. Oracle is a registered trademark of OracleCorporation and/or its affiliates. Other names may be trademarksof their respective owners. Type 'help;' or '\h' for help. Type '\c' toclear the current input statement. mysql> grant replication client,replication slave on *.* to 'bds'@'192.168.%.%' identified by 'budongshu'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> show grants for 'bds'@'192.168.%.%' ; +----------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for [email protected].%.% | +----------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT REPLICATION SLAVE, REPLICATIONCLIENT ON *.* TO 'bds'@'192.168.%.%' IDENTIFIED BY PASSWORD'*55DE68D71BDCF62EA7C0476394AF10F053178281' | +----------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)
2. 在Slave服务器上使用授权用户连接测试
[root@node4 ~]# mysql -ubds -pbudongshu -h192.168.17.15 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.5.33-log MySQL CommunityServer (GPL) Copyright (c) 2000, 2013, Oracle and/or itsaffiliates. All rights reserved. Oracle is a registered trademark of OracleCorporation and/or its affiliates. Other names may be trademarksof their respective owners. Type 'help;' or '\h' for help. Type '\c' toclear the current input statement. mysql>
3. 修改slave服务器的配置文件
skip_slave_start = 1 read_only = 1 relay_log = relay_log relay_log_index = relay_log.index server-id = 21 #log-bin=mysql-bin #log-bin=mysql-bin [root@node4 ~]# service mysqld restart
4.修改mater服务器的配置文件
log-bin=mysql-bin log_bin_index = msyql_bin.index binlog_format=mixed server-id = 1
5.查看master服务器的二进制日志和二进制日志事件位置
mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB |Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000003 | 355 | | | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)
6.开始在slave服务器同步master服务器的数据
mysql> help change master to MASTER_BIND = 'interface_name' |MASTER_HOST = 'host_name' |MASTER_USER = 'user_name' |MASTER_PASSWORD = 'password' |MASTER_PORT = port_num |MASTER_CONNECT_RETRY = interval |MASTER_HEARTBEAT_PERIOD = interval |MASTER_LOG_FILE = 'master_log_name' |MASTER_LOG_POS = master_log_pos mysql> change master tomaster_host='192.168.17.15',master_user='bds',master_password='budongshu',master_port=3306,master_log_file='mysql-bin.000003',master_log_pos=355; Query OK, 0 rows affected (0.01 sec)
7.启动slave服务器的复制线程并查看状态
mysql> start slave; Query OK, 0 rows affected (0.00 sec) mysql> show slave status\G *************************** 1. row*************************** Slave_IO_State: Waiting formaster to send event Master_Host: 192.168.17.15 Master_User: bds Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000003 Read_Master_Log_Pos: 355 Relay_Log_File: relay_log.000002 Relay_Log_Pos: 253 Relay_Master_Log_File: mysql-bin.000003 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 355 Relay_Log_Space: 403 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec)
mysql> show processlist; +----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+ | Id | User | Host | db | Command | Time | State |Info | +----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+ | 2| root | localhost | NULL |Query | 0 | NULL | show processlist | | 3| system user | | NULL |Connect | 54 | Waiting for master tosend event | NULL | | 4| system user | | NULL |Connect | 53 | Slave has read all relaylog; waiting for the slave I/O thread to update it | NULL | +----+-------------+-----------+------+---------+------+-----------------------------------------------------------------------------+------------------+ 3 rows in set (0.00 sec)
9.在master服务器创建数据库,然后在从服务器上验证是否存在
mysql> create database bds; Query OK, 1 row affected (0.00 sec) [root@node4 ~]# mysql -e 'show databases'; +--------------------+ | Database | +--------------------+ | information_schema | | bds | | mysql | | performance_schema | | test | +--------------------+ [root@node4 ~]# mysql -e 'show databases'; +--------------------+ | Database | +--------------------+ | information_schema | | bds | | mysql | | performance_schema | | test | +--------------------+
10.查看俩台服务器的二进制日志事件位置和是否一致
[root@node3 ~]# mysql -e 'show masterstatus'; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB |Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000003 | 436 | | | +------------------+----------+--------------+------------------+ [root@node4 ~]# mysql -e 'show slave status\G' | grep "Read" Read_Master_Log_Pos: 436
半同步复制
半同步复制表示master服务器只需要接收到其中一台的slave服务器的返回信息,就会commit,否则需要等待直到超过
设定的时间,然后降级切换成异步再提交,这样做的目的可以使主从数据的数据延迟缩小,可以在损失很小的性能前提下提高
数据的安全性。
1. 半同步的开启比较简单,只需要在master和slave服务器上都安装上本同步插件并启动即可。
2. 插件在mysql的安装目录中 : /usr/local/mysql/lib/plugin/ (二进制形式安装mysql的位置)
[root@node3 ~]# ll/usr/local/mysql/lib/plugin/ | grep "semi" -rwxr-xr-x. 1 root mysql 170178 Jul 15 2013 semisync_master.so -rwxr-xr-x. 1 root mysql 88895 Jul 15 2013 semisync_slave.so
3.在俩台服务器上分别安装插件
mysql> install pluginrpl_semi_sync_master soname 'semisync_master.so'; mysql> set globalrpl_semi_sync_master_enabled = 1 ; mysql> set globalrpl_semi_sync_master_timeout = 1000 ; mysql> install plugin rpl_semi_sync_slave soname 'semisync_slave.so'; mysql> set globalrpl_semi_sync_slave_enabled = 1; mysql> stop slave io_thread;start slaveio_thread;
3.查看半同步状态
mysql> show global status like'rpl_semi%'; +--------------------------------------------+-------+ | Variable_name | Value | +--------------------------------------------+-------+ | Rpl_semi_sync_master_clients | 1 | |Rpl_semi_sync_master_net_avg_wait_time | 0 | | Rpl_semi_sync_master_net_wait_time | 0 | | Rpl_semi_sync_master_net_waits | 0 | | Rpl_semi_sync_master_no_times | 0 | | Rpl_semi_sync_master_no_tx | 0 | | Rpl_semi_sync_master_status | ON | |Rpl_semi_sync_master_timefunc_failures | 0 | |Rpl_semi_sync_master_tx_avg_wait_time | 0 | | Rpl_semi_sync_master_tx_wait_time | 0 | | Rpl_semi_sync_master_tx_waits | 0 | |Rpl_semi_sync_master_wait_pos_backtraverse | 0 | | Rpl_semi_sync_master_wait_sessions | 0 | | Rpl_semi_sync_master_yes_tx | 0 | +--------------------------------------------+-------+ mysql> show global variables like'%rpl%'; +------------------------------------+-------+ | Variable_name | Value | +------------------------------------+-------+ | rpl_recovery_rank | 0 | | rpl_semi_sync_master_enabled | ON | | rpl_semi_sync_master_timeout | 1000 | | rpl_semi_sync_master_trace_level | 32 | | rpl_semi_sync_master_wait_no_slave |ON | +------------------------------------+-------+ mysql> show global status like'rpl_semi%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Rpl_semi_sync_slave_status | ON | +----------------------------+-------+ mysql> show global variables like'%rpl%'; +---------------------------------+-------+ | Variable_name | Value | +---------------------------------+-------+ | rpl_recovery_rank | 0 | | rpl_semi_sync_slave_enabled | ON | | rpl_semi_sync_slave_trace_level | 32 | +---------------------------------+-------+
查看slave线程是否启动
[root@node4 ~]# mysql -e 'show slavestatus\G' | grep "Running" Slave_IO_Running: Yes Slave_SQL_Running: Yes
5.在master服务器上将前面创建的’bds’数据库删除,然后验证slave服务器同步状态。
mysql> drop database bds; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | +--------------------+ mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | +--------------------+
6.以上配置不会永久生效,如果想永久生效,需要写在配置文件中重启服务即可。
基于ssl的加密复制
因为mysql在传输数据的时候是明文传输的 ,再生产环境中非常的不安全 ,尤其是在跨网络环境中,
为了解决这个问题,需要进行加密传输,所以用基于ssl的加密传输数据。
1. 将master服务器自己做成CA服务器
[root@node3 CA]# cd /etc/pki/CA/ [root@node3 CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048 ) root@node3 CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem -days 365 You are about to be asked to enterinformation that will be incorporated into your certificate request. What you are about to enter is what iscalled a Distinguished Name or a DN. There are quite a few fields but you canleave some blank For some fields there will be a defaultvalue, If you enter '.', the field will be leftblank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:bj Locality Name (eg, city) [DefaultCity]:beijing Organization Name (eg, company) [DefaultCompany Ltd]:bds Organizational Unit Name (eg, section)[]:tech Common Name (eg, your name or your server'shostname) []:node3 Email Address []:[email protected] [root@node3 CA]# touch index.txt [root@node3 CA]# echo 01 > serial
2.为master 创建证书申请并由CA服务器签发证书
[root@node3 CA]# mkdir /usr/local/mysql/ssl/ -pv [root@node3 CA]# cd /usr/local/mysql/ssl/ [root@node3 ssl]# (umask 077; opensslgenrsa -out master.key 2048) [root@node3 ssl]# openssl req -new -keymaster.key -out master.csr -days 365 You are about to be asked to enterinformation that will be incorporated into your certificate request. What you are about to enter is what iscalled a Distinguished Name or a DN. There are quite a few fields but you canleave some blank For some fields there will be a defaultvalue, If you enter '.', the field will be leftblank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:bj Locality Name (eg, city) [DefaultCity]:beijing Organization Name (eg, company) [DefaultCompany Ltd]:bds Organizational Unit Name (eg, section)[]:tech Common Name (eg, your name or your server'shostname) []:node3 Email Address []:[email protected] Please enter the following 'extra'attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@node3 ssl]# openssl ca -in master.csr-out master.crt -days 365 Using configuration from/etc/pki/tls/openssl.cnf Check that the request matches thesignature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Dec 3 04:40:39 2014GMT Not After : Dec 3 04:40:39 2015GMT Subject: countryName = cn stateOrProvinceName = bj organizationName = bds organizationalUnitName = tech commonName = node3 emailAddress [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BF:D7:B2:93:F5:67:00:58:1B:3B:B1:2D:93:E1:9F:2B:4B:15:52:0E X509v3 Authority Key Identifier: keyid:70:41:30:49:6D:7E:3F:9A:73:B2:25:15:B8:D1:6F:24:3F:3C:54:39 Certificate is to be certified untilDec 3 04:40:39 2015 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit?[y/n]y Write out database with 1 new entries Data Base Updated
3.为slave服务器创建证书申请
mkdir /usr/local/mysql/ssl [root@node4 ~]# cd /usr/local/mysql/ssl/ [root@node4 ssl]# (umask 077;openssl genrsa -out slave.key2048) [root@node4 ssl]# openssl req -new -keyslave.key -out slave.csr -days 365 You are about to be asked to enterinformation that will be incorporated into your certificate request. What you are about to enter is what iscalled a Distinguished Name or a DN. There are quite a few fields but you canleave some blank For some fields there will be a defaultvalue, If you enter '.', the field will be leftblank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:bj Locality Name (eg, city) [DefaultCity]:beijing Organization Name (eg, company) [DefaultCompany Ltd]:bds Organizational Unit Name (eg, section)[]:tech Common Name (eg, your name or your server'shostname) []:node4 Email Address []:[email protected] Please enter the following 'extra'attributes to be sent with your certificate request A challenge password []: An optional company name []:
为服务器签署证书
[root@node4 ssl]# scp slave.csrnode3:/root/ [root@node3 ~]# openssl ca -in/root/slave.csr -out /root/slave.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches thesignature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Dec 3 05:35:16 2014GMT Not After : Dec 3 05:35:16 2015GMT Subject: countryName = cn stateOrProvinceName = bj organizationName = bds organizationalUnitName = tech commonName = node4 emailAddress [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BF:8A:0A:65:FC:92:75:64:CB:44:0D:DC:ED:FE:E5:E9:3E:85:5F:92 X509v3 Authority Key Identifier: keyid:70:41:30:49:6D:7E:3F:9A:73:B2:25:15:B8:D1:6F:24:3F:3C:54:39 Certificate is to be certified untilDec 3 05:35:16 2015 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified,commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node3 ~]# scp slave.crt node4:/usr/local/mysql/ssl/ [root@node3 ~]# scp /etc/pki/CA/cacert.pem node4:/usr/local/mysql/ssl/ [root@node3 ~]# cp/etc/pki/CA/cacert.pem /usr/local/mysql/ssl/
修改master与slave服务器证书属主属组为mysql用户
[root@node3 ~]# chown -R mysql.mysql/usr/local/mysql/ssl/ [root@node4 ssl]# chown -R mysql.mysql /usr/local/mysql/ssl/
修改配置文件开启ssl加密功能
[root@node3 ~]# vi /etc/my.cnf ssl ssl_ca = /usr/local/mysql/ssl/cacert.pem ssl_cert = /usr/local/mysql/ssl/master.crt ssl_key = /usr/local/mysql/ssl/master.key [root@node4 ssl]# vi /etc/my.cnf [root@node3 ~]# service mysqld restart ssl ssl_ca = /usr/local/mysql/ssl/cacert.pem ssl_cert = /usr/local/mysql/ssl/slave.crt ssl_key = /usr/local/mysql/ssl/slave.key [root@node4 ssl]# service mysqld restart
在master服务器查看ssl加密是否开启,然后创建授权一个基于密钥认证的用户
[root@node3 ~]# mysql mysql> show variables like "%ssl%" ; +---------------+---------------------------------+ | Variable_name | Value | +---------------+---------------------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /usr/local/mysql/ssl/cacert.pem | | ssl_capath | | | ssl_cert | /usr/local/mysql/ssl/master.crt | | ssl_cipher | | | ssl_key | /usr/local/mysql/ssl/master.key | +---------------+---------------------------------+ mysql> grant replicationclient,replication slave on *.* to 'bds'@'192.168.%.%' identified by'budognshu' require ssl; mysql> flush privileges;
8 . 查看master服务器二进制日志文件位置和事件位置用于slave服务器连接从此位置开始复制
mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB |Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000004 | 367 | | | +------------------+----------+--------------+------------------+
9. 测试使用加密用户指定密钥连接master服务器
[root@node4 ~]# mysql -ubds -pbudongshu -h192.168.17.15 --ssl-ca=/usr/local/mysql/ssl/cacert.pem --ssl-cert=/usr/local/mysql/ssl/slave.crt--ssl-key=/usr/local/mysql/ssl/slave.key Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.5.33-log MySQL CommunityServer (GPL) Copyright (c) 2000, 2013, Oracle and/or itsaffiliates. All rights reserved. Oracle is a registered trademark of OracleCorporation and/or its affiliates. Other names may be trademarksof their respective owners. Type 'help;' or '\h' for help. Type '\c' toclear the current input statement. mysql>
10. 查看slave服务器是否开启ssl 加密 并连接master服务器
[root@node4 ~]# mysql mysql> show variables like"%ssl%"; +---------------+---------------------------------+ | Variable_name | Value | +---------------+---------------------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /usr/local/mysql/ssl/cacert.pem | | ssl_capath | | | ssl_cert | /usr/local/mysql/ssl/slave.crt | | ssl_cipher | | | ssl_key | /usr/local/mysql/ssl/slave.key | +---------------+---------------------------------+ mysql> change master tomaster_host='192.168.17.15',master_user='bds',master_password='budongshu', -> master_log_file='mysql-bin.000004', -> master_log_pos=367, -> master_ssl=1, -> master_ssl_ca='/usr/local/mysql/ssl/cacert.pem', -> master_ssl_cert='/usr/local/mysql/ssl/slave.crt', -> master_ssl_key='/usr/local/mysql/ssl/slave.key';
11 .查看slave服务器状态
mysql> start slave; Query OK, 0 rows affected (0.00 sec) mysql> show slave status\G *************************** 1. row*************************** Slave_IO_State: Waiting formaster to send event Master_Host: 192.168.17.15 Master_User: bds Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000004 Read_Master_Log_Pos: 367 Relay_Log_File: relay_log.000002 Relay_Log_Pos: 253 Relay_Master_Log_File: mysql-bin.000004 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 367 Relay_Log_Space: 403 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes Master_SSL_CA_File: /usr/local/mysql/ssl/cacert.pem Master_SSL_CA_Path: Master_SSL_Cert:/usr/local/mysql/ssl/slave.crt Master_SSL_Cipher: Master_SSL_Key:/usr/local/mysql/ssl/slave.key Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1
12 .验证基于ssl复制
Master mysql> create database bds; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | bds | | mysql | | performance_schema | | test | +--------------------+ Slave mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | bds | | mysql | | performance_schema | | test | +--------------------+