patternsqlMinor
Configuring MySQL slave to use SSL
Viewed 0 times
slavemysqlsslconfiguringuse
Problem
I am trying to set up a MySQL slave to use replication via SSL.
The my.cnf file contains the following:
Starting the slave fails with SLAVE STATUS showing
When I manually set up the slave as follows:
Everything works. Any idea what parameter I need to enter into my.cnf in order to force the slave to use SSL? The obvious choice - "master-ssl=1" did not work.
The my.cnf file contains the following:
server-id = 1012
master-host = host
master-port = port
master-user = user
master-password = password
ssl-ca=/etc/mysqld/ssl/ca-cert.pem
ssl-cert=/etc/mysqld/ssl/client-cert.pem
ssl-key=/etc/mysqld/ssl/client-key.pemStarting the slave fails with SLAVE STATUS showing
Master_SSL_Allowed: NoWhen I manually set up the slave as follows:
CHANGE MASTER TO
MASTER_HOST='host',
MASTER_USER='user',
MASTER_PASSWORD='secret',
MASTER_SSL=1;
START SLAVE;Everything works. Any idea what parameter I need to enter into my.cnf in order to force the slave to use SSL? The obvious choice - "master-ssl=1" did not work.
Solution
Older versions of MySQL allow declaring the CHANGE MASTER TO parameters in my.cnf. Newer version may not. In fact, according to the MySQL Documentation concerning setting replication options in my.cnf:
Before MySQL 5.1.17, these options are silently ignored if given
unless there is no master.info file. If that file exists, the MySQL
server has already previously been configured for replication, so the
information in the file is used instead. Because the server gives an
existing master.info file precedence over the startup options just
described, you might elect not to use startup options for these values
at all, and instead to specify the replication parameters associated
with them by using the CHANGE MASTER TO statement. See Section
12.5.2.1, “CHANGE MASTER TO Syntax”.
Beginning with MySQL 5.1.17, these options are deprecated and have no
effect when mysqld is started. If they are used, an appropriate
warning is written to the error log. Instead, you must use CHANGE
MASTER TO to set the values corresponding to the deprecated options.
These options are removed in MySQL 5.5.
Naturally, running CHANGE MASTER TO generates a master.info file, which includes master_ssl. No harm, no foul. Relying on my.cnf for older versions of mysql results in option being ignored when no master.info exists. They are no longer valid.
Before MySQL 5.1.17, these options are silently ignored if given
unless there is no master.info file. If that file exists, the MySQL
server has already previously been configured for replication, so the
information in the file is used instead. Because the server gives an
existing master.info file precedence over the startup options just
described, you might elect not to use startup options for these values
at all, and instead to specify the replication parameters associated
with them by using the CHANGE MASTER TO statement. See Section
12.5.2.1, “CHANGE MASTER TO Syntax”.
Beginning with MySQL 5.1.17, these options are deprecated and have no
effect when mysqld is started. If they are used, an appropriate
warning is written to the error log. Instead, you must use CHANGE
MASTER TO to set the values corresponding to the deprecated options.
These options are removed in MySQL 5.5.
Naturally, running CHANGE MASTER TO generates a master.info file, which includes master_ssl. No harm, no foul. Relying on my.cnf for older versions of mysql results in option being ignored when no master.info exists. They are no longer valid.
Context
StackExchange Database Administrators Q#7583, answer score: 2
Revisions (0)
No revisions yet.