Cugar15
commented
6 years ago Think, I figured it out - the mysql manual is not really explicit here - but it seems to work. This is for mysql 5.5 - other versions may be different.
Originally, I was thinking that the CHANGE MASTER TO command is requiring the MASTER_SSL=1 keyword and needs to be supported by mha.
mysql> CHANGE MASTER TO
-> MASTER_HOST='master_hostname',
-> MASTER_USER='replicate',
-> MASTER_PASSWORD='password',
-> MASTER_SSL=1;The mysql ref manual is not really explicit how to avoid this keyword. For the certs, the manual is clear that they can be added into the my.conf to avoid the respective keywords.
However, it seem to work the following way:
Master setup in my.conf:
[mysqld]
ssl=1
ssl-ca=cacert.pem
ssl-cert=node1-cert.pem
ssl-key=node1-key.pem
[client]
ssl=1
ssl-ca=cacert.pem
ssl-cert=node1-cert.pem
ssl-key=node1-key.pemSlave setup in my.conf:
[mysqld]
ssl=1
ssl-ca=cacert.pem
ssl-cert=node2-cert.pem
ssl-key=node2-key.pem
[client]
ssl=1
ssl-ca=cacert.pem
ssl-cert=node2-cert.pem
ssl-key=node2-key.pemThe ssl=1 in the client section will avoid the MASTER_SSL=1 keyword. Pls note, that the cacert.pem needs to be either identical - or contain all cacerts concatenated.
So, no need for special support for mha needed. Switching master and salve using mha works with this setup as well. Hope above helps somebody.
Thanks
I'm running a mysql master/slave setup using SSL encryption.
How can this type of connection been retained using mha when i.e switching master and slave?
There seem to be no parameters in the config files to support this.
Any help/pointers which can be provided?
Thanks a ton in advance.