mardi 25 août 2015

How to enable ssl mysql replication from RDS(master) to onsite database(slave)

I'm stuck on securing my replication from amazon RDS towards an onsite mysql slave. The replication works but it stops working when I enable ssl:

mysql> show slave status\G
*************************** 1. row ***************************
               Slave_IO_State: Connecting to master
                  Master_Host: xxxxxxxxxx.eu-west-1.rds.amazonaws.com
                  Master_User: replication
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin-changelog.007011
          Read_Master_Log_Pos: 13376
               Relay_Log_File: mysqld-relay-bin.000001
                Relay_Log_Pos: 4
        Relay_Master_Log_File: mysql-bin-changelog.007011
             Slave_IO_Running: Connecting
            Slave_SQL_Running: Yes
              Replicate_Do_DB: xxxxxxxxxxxxxx
          Replicate_Ignore_DB:
           Replicate_Do_Table:
       Replicate_Ignore_Table:
      Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
                   Last_Errno: 0
                   Last_Error:
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 13376
              Relay_Log_Space: 120
              Until_Condition: None
               Until_Log_File:
                Until_Log_Pos: 0
           Master_SSL_Allowed: Yes
           Master_SSL_CA_File: /root/certs/rds-combined-ca-bundle.pem
           Master_SSL_CA_Path:
              Master_SSL_Cert:
            Master_SSL_Cipher: AES256-SHA
               Master_SSL_Key:
        Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: Yes
                Last_IO_Errno: 2026
                Last_IO_Error: error connecting to master 'replication@XXXXXXXXXXXXXXXXX.rds.amazonaws.com:3306' - retry-time: 60  retries: 1
               Last_SQL_Errno: 0
               Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
             Master_Server_Id: 281884152
                  Master_UUID: 83d90eda-382e-11e5-bbe0-0a282ae67ab1
             Master_Info_File: /var/lib/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for the slave I/O thread to update it
           Master_Retry_Count: 86400
                  Master_Bind:
      Last_IO_Error_Timestamp: 150825 17:04:05
     Last_SQL_Error_Timestamp:
               Master_SSL_Crl:
           Master_SSL_Crlpath:
           Retrieved_Gtid_Set:
            Executed_Gtid_Set:
                Auto_Position: 0
1 row in set (0.00 sec)

Connecting to with the mysql server using the same machine/cert works:

mysql@MySQLBackup:~/certs# mysql -u replication -p -hxxxxxxx.eu-west-1.rds.amazonaws.com --ssl-ca /root/certs/rds-combined-ca-bundle.pem --ssl-verify-server-cert
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 601
Server version: 5.6.23-log MySQL Community Server (GPL)

Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> exit

Can anyone provide some pointers here?

Thx in advance!

,Regards




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)