基于SSL的mysql主从复制【背景】MySQL的协议是明文的,当复制一些重要数据时。有时需要用到SSL功能,以保证数据的安全性。【准备】准备前期准备一.主从时间一致
[root@node3 support-files]# crontab -e ####主节点 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null [root@node1 CA ]# crontab -e ####从节 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null三.
[root@node1 CA ]#(umask 077;openssl genrsa -out private/cakey.pem 1024) Generating RSA private key, 1024 bit long modulus ...................++++++ ................++++++ e is 65537 (0x10001)[root@node1 CA ]#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg,your name or your server's hostname) []:cacert Email Address []:admin.stu11.com [root@node1 CA ]# touch index.txt [root@node1 CA ]# echo 01 > serial[root@node1 CA ]# cd /etc/mysql/ssl/ [root@node1 ssl ]# (umask 077;openssl genrsa -out master.key 1024) Generating RSA private key, 1024 bit long modulus ...................................++++++ .............................++++++ e is 65537 (0x10001)[root@node1ssl ]# openssl req -new -key master.key -out master.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:master.crt Email Address[]:admin@stu11.com Please enter thefollowing 'extra' attributes to be sent with your certificate request A challenge password[]: An optional company name []:[root@node1 ssl ]#openssl ca -in master.csr -out master.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jan 25 07:12:12 2015 GMT Not After : Jan 25 07:12:12 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = master.crt emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 93:50:74:97:39:91:86:5A:1F:C6:2F:6A:87:FB:77:04:7B:70:33:5C X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:12:12 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 ssl ]# ls master.crt master.csr master.key [root@node1 ssl ]# chown -R mysql:mysql * [root@node1 ssl ]#ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:12 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:12 master.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:11 master.csr -rw------- 1 mysql mysql 887 Jan 25 15:09 master.key[root@node3 ssl]# (umask 077;openssl genrsa -out slave.key 1024) Generating RSA private key, 1024 bit long modulus ..........................++++++ .........................++++++ e is 65537 (0x10001)[root@node3 ssl]# openssl req -new -key slave.key -out slave.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:slave.cert Email Address []:admin@stu11.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:[root@node3 ssl]# scp slave.csr 172.16.249.141:/etc/pki/CA/ [root@node1 CA ]# openssl ca -in slave.csr -out slave.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Jan 25 07:21:11 2015 GMT Not After : Jan 25 07:21:11 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = slave.cert emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F8:06:AD:F0:1D:8A:78:62:ED:A7:FF:BB:7A:F6:79:14:D4:FB:26:39 X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:21:11 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 CA ]# scp slave.crt 172.16.11.3:/etc/mysql/ssl/ [root@node1 CA ]# scp cacert.pem 172.16.11.3:/etc/mysql/ssl/ [root@node3 ssl]# chown -R mysql:mysql * [root@node3 ssl]# ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:22 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:21 slave.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:19 slave.csr -rw------- 1 mysql mysql 887 Jan 25 15:14 slave.key
How to use MySQL functions for data processing and calculationApr 29, 2025 pm 04:21 PMMySQL functions can be used for data processing and calculation. 1. Basic usage includes string processing, date calculation and mathematical operations. 2. Advanced usage involves combining multiple functions to implement complex operations. 3. Performance optimization requires avoiding the use of functions in the WHERE clause and using GROUPBY and temporary tables.
An efficient way to batch insert data in MySQLApr 29, 2025 pm 04:18 PMEfficient methods for batch inserting data in MySQL include: 1. Using INSERTINTO...VALUES syntax, 2. Using LOADDATAINFILE command, 3. Using transaction processing, 4. Adjust batch size, 5. Disable indexing, 6. Using INSERTIGNORE or INSERT...ONDUPLICATEKEYUPDATE, these methods can significantly improve database operation efficiency.
Steps to add and delete fields to MySQL tablesApr 29, 2025 pm 04:15 PMIn MySQL, add fields using ALTERTABLEtable_nameADDCOLUMNnew_columnVARCHAR(255)AFTERexisting_column, delete fields using ALTERTABLEtable_nameDROPCOLUMNcolumn_to_drop. When adding fields, you need to specify a location to optimize query performance and data structure; before deleting fields, you need to confirm that the operation is irreversible; modifying table structure using online DDL, backup data, test environment, and low-load time periods is performance optimization and best practice.
How to analyze the execution plan of MySQL queryApr 29, 2025 pm 04:12 PMUse the EXPLAIN command to analyze the execution plan of MySQL queries. 1. The EXPLAIN command displays the execution plan of the query to help find performance bottlenecks. 2. The execution plan includes fields such as id, select_type, table, type, possible_keys, key, key_len, ref, rows and Extra. 3. According to the execution plan, you can optimize queries by adding indexes, avoiding full table scans, optimizing JOIN operations, and using overlay indexes.
How to use MySQL subquery to improve query efficiencyApr 29, 2025 pm 04:09 PMSubqueries can improve the efficiency of MySQL query. 1) Subquery simplifies complex query logic, such as filtering data and calculating aggregated values. 2) MySQL optimizer may convert subqueries to JOIN operations to improve performance. 3) Using EXISTS instead of IN can avoid multiple rows returning errors. 4) Optimization strategies include avoiding related subqueries, using EXISTS, index optimization, and avoiding subquery nesting.
How to configure the character set and collation rules of MySQLApr 29, 2025 pm 04:06 PMMethods for configuring character sets and collations in MySQL include: 1. Setting the character sets and collations at the server level: SETNAMES'utf8'; SETCHARACTERSETutf8; SETCOLLATION_CONNECTION='utf8_general_ci'; 2. Create a database that uses specific character sets and collations: CREATEDATABASEexample_dbCHARACTERSETutf8COLLATEutf8_general_ci; 3. Specify character sets and collations when creating a table: CREATETABLEexample_table(idINT
How to uninstall MySQL and clean residual filesApr 29, 2025 pm 04:03 PMTo safely and thoroughly uninstall MySQL and clean all residual files, follow the following steps: 1. Stop MySQL service; 2. Uninstall MySQL packages; 3. Clean configuration files and data directories; 4. Verify that the uninstallation is thorough.
How to rename a database in MySQLApr 29, 2025 pm 04:00 PMRenaming a database in MySQL requires indirect methods. The steps are as follows: 1. Create a new database; 2. Use mysqldump to export the old database; 3. Import the data into the new database; 4. Delete the old database.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Dreamweaver Mac version
Visual web development tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
