Step 4 — Master Replication over SSL
Check following attributes on both master and replication servers.
sudo nano /etc/mysql/my.cnfOn Master server
[mysqld]
server-id = 1
replicate-same-server-id = 0
auto-increment-increment = 2
auto-increment-offset = 1
relay-log = /var/lib/mysql/relay-bin
relay-log-index = /var/lib/mysql/relay-bin.index
relay-log-info-file = /var/lib/mysql/relay-log.info
log-error = /var/lib/mysql/mysql.err
master-info-file = /var/lib/mysql/mysql-master.info
log-bin = /var/lib/mysql/binOn Replication Server
[mysqld]
server-id = 2
replicate-same-server-id = 0
auto-increment-increment = 2
auto-increment-offset = 1
relay-log = /var/lib/mysql/relay-bin
relay-log-index = /var/lib/mysql/relay-bin.index
relay-log-info-file = /var/lib/mysql/relay-log.info
log-error = /var/lib/mysql/mysql.err
master-info-file = /var/lib/mysql/mysql-master.info
log-bin = /var/lib/mysql/binRestart MySQL on both servers
systemctl restart mysqlOn Master server create a directory to save certificates
sudo chmod -R 777 /var/lib/
mkdir /var/lib/mysql-certs
cd /var/lib/mysql-certs/CA cert
openssl genrsa 2048 > MySQLCAKey.pemGenerating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
........................................................................+++++
e is 65537 (0x010001)
openssl req -new -x509 -nodes -days 3600 -key MySQLCAKey.pem -out MySQLCA-Cert.pemYou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:MySQL Replication CA
Email Address []:
No Comments