Galera Cluster: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
(Created page with "Not a real page now... === Show wsrep_provider_options === <source lang=bash> $ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub...")
 
No edit summary
Line 1: Line 1:
Not a real page now...
[[Category:MariaDB]]
[[Category:MySQL]]
 
=Setup the Cluster=
==Setup certificates for the cluster comunication==
Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point.
<source lang=bash>
# openssl genrsa 2048                              -out ca-key.pem
# openssl req -new -x509 -nodes -days 365000      -key ca-key.pem -out ca-cert.pem
</source>
 
Create a certificate for each server:
<source lang=bash>
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-1-key.pem -out maria-1-req.pem
# openssl x509 -req -days 365000 -set_serial 01        -in maria-1-req.pem -out maria-1-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
 
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-2-key.pem -out maria-2-req.pem
# openssl x509 -req -days 365000 -set_serial 02        -in maria-2-req.pem -out maria-2-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
 
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-3-key.pem -out maria-3-req.pem
# openssl x509 -req -days 365000 -set_serial 03        -in maria-3-req.pem -out maria-3-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
 
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-4-key.pem -out maria-4-req.pem
# openssl x509 -req -days 365000 -set_serial 04        -in maria-4-req.pem -out maria-4-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
</source>


=== Show wsrep_provider_options ===
=== Show wsrep_provider_options ===

Revision as of 11:57, 12 November 2021


Setup the Cluster

Setup certificates for the cluster comunication

Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point.

# openssl genrsa 2048                              -out ca-key.pem
# openssl req -new -x509 -nodes -days 365000       -key ca-key.pem -out ca-cert.pem

Create a certificate for each server:

# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-1-key.pem -out maria-1-req.pem
# openssl x509 -req -days 365000 -set_serial 01        -in maria-1-req.pem -out maria-1-cert.pem -CA ca-cert.pem -CAkey ca-key.pem

# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-2-key.pem -out maria-2-req.pem
# openssl x509 -req -days 365000 -set_serial 02        -in maria-2-req.pem -out maria-2-cert.pem -CA ca-cert.pem -CAkey ca-key.pem

# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-3-key.pem -out maria-3-req.pem
# openssl x509 -req -days 365000 -set_serial 03        -in maria-3-req.pem -out maria-3-cert.pem -CA ca-cert.pem -CAkey ca-key.pem

# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-4-key.pem -out maria-4-req.pem
# openssl x509 -req -days 365000 -set_serial 04        -in maria-4-req.pem -out maria-4-cert.pem -CA ca-cert.pem -CAkey ca-key.pem

Show wsrep_provider_options

$ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }'