Galera Cluster: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
(Created page with "Not a real page now... === Show wsrep_provider_options === <source lang=bash> $ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub...") |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Category:MariaDB]] | |||
[[Category:MySQL]] | |||
=Setup the Cluster= | |||
==Setup certificates for the cluster comunication== | |||
Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point. | |||
<source lang=bash> | |||
# openssl genrsa 2048 -out ca-key.pem | |||
# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem | |||
</source> | |||
Create a certificate for each server: | |||
<source lang=bash> | |||
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-1-key.pem -out maria-1-req.pem | |||
# openssl x509 -req -days 365000 -set_serial 01 -in maria-1-req.pem -out maria-1-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | |||
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-2-key.pem -out maria-2-req.pem | |||
# openssl x509 -req -days 365000 -set_serial 02 -in maria-2-req.pem -out maria-2-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | |||
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-3-key.pem -out maria-3-req.pem | |||
# openssl x509 -req -days 365000 -set_serial 03 -in maria-3-req.pem -out maria-3-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | |||
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-4-key.pem -out maria-4-req.pem | |||
# openssl x509 -req -days 365000 -set_serial 04 -in maria-4-req.pem -out maria-4-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | |||
</source> | |||
=== Show wsrep_provider_options === | === Show wsrep_provider_options === | ||
Revision as of 11:57, 12 November 2021
Setup the Cluster
Setup certificates for the cluster comunication
Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point.
# openssl genrsa 2048 -out ca-key.pem
# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
Create a certificate for each server:
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-1-key.pem -out maria-1-req.pem
# openssl x509 -req -days 365000 -set_serial 01 -in maria-1-req.pem -out maria-1-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-2-key.pem -out maria-2-req.pem
# openssl x509 -req -days 365000 -set_serial 02 -in maria-2-req.pem -out maria-2-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-3-key.pem -out maria-3-req.pem
# openssl x509 -req -days 365000 -set_serial 03 -in maria-3-req.pem -out maria-3-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-4-key.pem -out maria-4-req.pem
# openssl x509 -req -days 365000 -set_serial 04 -in maria-4-req.pem -out maria-4-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Show wsrep_provider_options
$ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }'
