Galera Cluster
From Lolly's Wiki
Setup the Cluster
Setup certificates for the cluster comunication
Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point.
# openssl genrsa 2048 -out ca-key.pem
# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
Create a certificate for each server:
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-1-key.pem -out maria-1-req.pem
# openssl x509 -req -days 365000 -set_serial 01 -in maria-1-req.pem -out maria-1-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-2-key.pem -out maria-2-req.pem
# openssl x509 -req -days 365000 -set_serial 02 -in maria-2-req.pem -out maria-2-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-3-key.pem -out maria-3-req.pem
# openssl x509 -req -days 365000 -set_serial 03 -in maria-3-req.pem -out maria-3-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout maria-4-key.pem -out maria-4-req.pem
# openssl x509 -req -days 365000 -set_serial 04 -in maria-4-req.pem -out maria-4-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Show wsrep_provider_options
$ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }'
