14 rows in set (0.01 sec)
上述命令中的set后的参数可以写在各自服务器中的my.cnf [mysqld] 下,以实现永久生效
取消加载插件 可使用命令;
mysql> UNINSTALL PLUGIN rpl_semi_sync_master;
四、基于ssl的主从复制
主从复制是数据在网络中是明文传输 所以设置主从服务基于ssl的复制就显得必要 这里有官方文档,也可使用下列相关配置
官方文档地址: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
以下配置需要在主从复制建立的基础上进行,所以只添加ssl的配置选项,其他选项可参照主从复制配置
首先分别为主从申请证书(证书申请相关步骤略过)
master(172.16.21.1):
CA证书:/etc/pki/CA/cacert.pem
私钥:/usr/local/mysql/ssl/master.key
服务器证书:/usr/local/mysql/ssl/master.crt
vim my.cnf
[mysqld]
ssl-ca=/etc/pki/CA/cacert.pem
ssl-cert=/usr/local/mysql/ssl/master.crt
ssl-key=/usr/local/mysql/ssl/master.key
#serivce mysqld restart
slave (172.16.21.2):
CA证书:/etc/pki/CA/cacert.pem
私钥:/usr/local/mysql/ssl/slave.key
服务器证书:/usr/local/mysql/ssl/slave.crt
vim my.cnf
ssl-ca=/etc/pki/CA/cacert.pem
ssl-cert=/usr/local/mysql/ssl/slave.crt
ssl-key=/usr/local/mysql/ssl/slave.key
service mysqld restart //因为要更改master的相关选项,所以重启mysql不需要立即启动slave,可以在配置文件中定义skip_slave_start=1来实现之
登录从服务器mysql 更改master的相关选项,以实现ssl功能
mysql> CHANGE MASTER TO
-> MASTER_HOST='172.16.21.1',
-> MASTER_USER='repl',
-> MASTER_PASSWORD='123456',
-> MASTER_SSL=1,
-> MASTER_SSL_CA = '/etc/pki/CA/cacert.pem',
-> MASTER_SSL_CAPATH = '/etc/pki/CA',
-> MASTER_SSL_CERT = '/usr/local/mysql/ssl/master.crt',
-> MASTER_SSL_KEY = '/usr/local/mysql/ssl/master.key';
mysql>start slave;
mysql>show slave status;
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/pki/CA/cacert.pem
Master_SSL_CA_Path: /etc/pki/CA
Master_SSL_Cert: /usr/local/mysql/ssl/slave.crt
Master_SSL_Cipher:
Master_SSL_Key: /usr/local/mysql/slave.key
至此基于ssl功能实现