List:General Discussion« Previous MessageNext Message »
From:Paul Nowosielski Date:November 10 2010 11:23pm
Subject:MySQL replication SSL
View as plain text  
Dear All,

I'm trying to get SSL connections 
for all mysql slave and masters.

I have one box that will not use SSL for some reason.
When I start this slave it can not connect because 
it's not using SSL.




show slave status\G
*************************** 1. row ***************************
             Slave_IO_State: Connecting to master
                Master_Host: myhost
                Master_User: rep_user
                Master_Port: 3306
              Connect_Retry: 60
            Master_Log_File: mysql-bin.000095
        Read_Master_Log_Pos: 1095
             Relay_Log_File: slave-relay.000004
              Relay_Log_Pos: 98
      Relay_Master_Log_File: mysql-bin.000095
           Slave_IO_Running: No
          Slave_SQL_Running: Yes
            Replicate_Do_DB: crm
        Replicate_Ignore_DB: 
         Replicate_Do_Table: 
     Replicate_Ignore_Table: 
    Replicate_Wild_Do_Table: 
Replicate_Wild_Ignore_Table: 
                 Last_Errno: 0
                 Last_Error: 
               Skip_Counter: 0
        Exec_Master_Log_Pos: 1095
            Relay_Log_Space: 98
            Until_Condition: None
             Until_Log_File: 
              Until_Log_Pos: 0
         Master_SSL_Allowed: No <---
         Master_SSL_CA_File: 
         Master_SSL_CA_Path: 
            Master_SSL_Cert: 
          Master_SSL_Cipher: 
             Master_SSL_Key: 
      Seconds_Behind_Master: NULL



Here is a portion of my.cnf.

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
max_connections=500
max_connect_errors = 0

# replication
server-id = 1
replicate-same-server-id = 0
auto-increment-increment =3
auto-increment-offset =1

master-host = myHost
master-user = rep_user
master-password = rep_passwd
master-connect-retry = 60
replicate-do-db = crm

log-bin= /var/log/mysql/mysql-bin.log
binlog-do-db = crm

relay-log = /var/lib/mysql/slave-relay.log
relay-log-index = /var/lib/mysql/slave-relay-log.index

expire_logs_days = 10
max_binlog_size = 500M
# end replication


# SSL for replication
ssl
ssl-key=/etc/mysql/ssl/server-key.pem
ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-capath=/etc/mysql/ssl/
ssl-cipher=DHE-RSA-AES256-SHA





[client]
ssl
port = 3306
socket = /var/lib/mysql/mysql.sock
ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-key=/etc/mysql/ssl/client-key.pem
ssl-cert=/etc/mysql/ssl/client-cert.pem
ssl-cipher=DHE-RSA-AES256-SHA


Anyone see any issues with this?

Thank you,

Paul



Thread
MySQL replication SSLPaul Nowosielski11 Nov