Share a detailed introduction to MySql’s master-slave replication based on SSL secure connection

MySql Master-slave replication based on ssl secure connection

1. Equipment environment

centos7.2 Two

MySQL 5.7

MySQL 5.7 Main Features:

Native support for Systemd
Better performance: better optimization for multi-core CPUs, solid state drives, and locks
Better InnoDB storage engine
More robust replication function : Replication brings no data loss solution, and traditional financial customers can also choose to use MySQL database.

New sys library: This will be the most frequently accessed library by DBAs in the future
Better optimizer: The significance of optimizer code reconstruction will bring huge benefits in this version and subsequent versions Improvement, Oracle officials are solving the biggest problem before MySQL: native JSON type support (JavaScript Object Notation)

Note: JSON (JavaScript Object Notation) is a lightweight data exchange format. JSON uses a completely language-independent text format, but also uses conventions similar to the C language family (including C, C++, C#, Java, JavaScript, Perl, Python, etc.). These properties make JSON an ideal data exchange language. It is easy for humans to read and write, and it is also easy for machines to parse and generate (generally used to increase network transmission rates).

JSON syntax is a subset of JavaScript object representation syntax.

l Data is in key-value pairs

l Data is separated by commas

l Curly brackets save objects

l Square brackets save arrays

2. Implement master-slave replication based on SSL secure connection

1) Create an SSL/RSA file in the main mysql

Give server-key.pem permissions

##Log in to mysql and execute mysql>show variables like'%ssl%';

The operation on the main mysql is completed, and a replication account is generated: REQUIRE SSL

Enable binary logs on the main mysql and restart the mysql service

View the status of the main mysql

Note: Remember the file and position values ​​shown in the above figure, and configure the slave server to use

Firewall allows 3306/tcp communication

2) Then configure the content of the /etc/my.cnf file of slave mysql from above

Give the certificate generated by the master mysql to the slave server

View the certificate copied from mysql

Continue to configure SSL from: modify the /etc/my.cnf file and add the following content

Restart the mysqld service

View SSL Whether it is supported:

Before configuring master-slave replication, you can try using SSL to connect to the master server on slave mysql:

The SSL test connection is successful, and the SSL protocol for login is: Cipher in use is DHE-RSA-AES256-SHA

Finally start configuring the master-slave replica, log in to the slave mysql

change master to

Test:

The above synchronization was successful from the server.

Summary:

SSL (Secure Sockets Layer) and its successor Transport Layer Security (TLS) are a method that provides security and data integrity for network communications. a security protocol. Copying is transmitted in clear text by default, and data security can be greatly improved through SSL encryption.

The above is the detailed content of Share a detailed introduction to MySql’s master-slave replication based on SSL secure connection. For more information, please follow other related articles on the PHP Chinese website!