Galera Cluster: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
m (Text replacement - "<source" to "<syntaxhighlight") |
m (Text replacement - "</source" to "</syntaxhighlight") |
||
| Line 22: | Line 22: | ||
deb [arch=amd64] http://downloads.mariadb.com/Tools/ubuntu $(lsb_release -cs) main | deb [arch=amd64] http://downloads.mariadb.com/Tools/ubuntu $(lsb_release -cs) main | ||
EOF | EOF | ||
</ | </syntaxhighlight> | ||
* Install the packages | * Install the packages | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
# apt update | # apt update | ||
# apt install mariadb-server mariadb-backup galera-4 | # apt install mariadb-server mariadb-backup galera-4 | ||
</ | </syntaxhighlight> | ||
==Setup certificates for the cluster comunication== | ==Setup certificates for the cluster comunication== | ||
| Line 35: | Line 35: | ||
$ subject='/C=DE/ST=Hamburg/L=Hamburg/O=Organisation/OU=Databases/CN=Galera Cluster' | $ subject='/C=DE/ST=Hamburg/L=Hamburg/O=Organisation/OU=Databases/CN=Galera Cluster' | ||
$ openssl req -new -x509 -nodes -days 365000 -newkey rsa:4096 -sha256 -keyout ca-key.pem -out ca-cert.pem -batch -subj "${subject}" | $ openssl req -new -x509 -nodes -days 365000 -newkey rsa:4096 -sha256 -keyout ca-key.pem -out ca-cert.pem -batch -subj "${subject}" | ||
</ | </syntaxhighlight> | ||
===Create a certificate for each cluster node=== | ===Create a certificate for each cluster node=== | ||
| Line 47: | Line 47: | ||
openssl x509 -req -days 365000 -set_serial $(printf "%02d" "${node}") -in ${servername}-req.pem -out ${servername}-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | openssl x509 -req -days 365000 -set_serial $(printf "%02d" "${node}") -in ${servername}-req.pem -out ${servername}-cert.pem -CA ca-cert.pem -CAkey ca-key.pem | ||
done | done | ||
</ | </syntaxhighlight> | ||
===Copy keys and certificates to the nodes=== | ===Copy keys and certificates to the nodes=== | ||
| Line 54: | Line 54: | ||
$ sudo mkdir --mode=0700 /etc/mysql/priv # put in here: maria-${node}.server.de-key.pem | $ sudo mkdir --mode=0700 /etc/mysql/priv # put in here: maria-${node}.server.de-key.pem | ||
$ sudo mkdir --mode=0750 /etc/mysql/cert # put in here: maria-${node}.server.de-cert.pem , ca-cert.pem | $ sudo mkdir --mode=0750 /etc/mysql/cert # put in here: maria-${node}.server.de-cert.pem , ca-cert.pem | ||
</ | </syntaxhighlight> | ||
== Configure the MariaDB Galera Cluster == | == Configure the MariaDB Galera Cluster == | ||
| Line 68: | Line 68: | ||
MariaDB [(none)]> flush privileges; | MariaDB [(none)]> flush privileges; | ||
MariaDB [(none)]> | MariaDB [(none)]> | ||
</ | </syntaxhighlight> | ||
=== Galera settings === | === Galera settings === | ||
| Line 91: | Line 91: | ||
binlog_format = ROW | binlog_format = ROW | ||
innodb_autoinc_lock_mode = 2 | innodb_autoinc_lock_mode = 2 | ||
</ | </syntaxhighlight> | ||
| Line 98: | Line 98: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
$ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }' | $ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }' | ||
</ | </syntaxhighlight> | ||
Revision as of 05:50, 26 November 2021
Setup the Cluster
Install the packages
On each node do as root:
- Add sources
# cat > /etc/apt/sources.list.d/mariadb.list << EOF
# MariaDB Server
# To use a different major version of the server, or to pin to a specific minor version, change URI below.
deb [arch=amd64] http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu $(lsb_release -cs) main
deb [arch=amd64] http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu $(lsb_release -cs) main/debug
# MariaDB MaxScale
# To use the latest stable release of MaxScale, use "latest" as the version
# To use the latest beta (or stable if no current beta) release of MaxScale, use "beta" as the version
deb [arch=amd64] https://dlm.mariadb.com/repo/maxscale/latest/apt $(lsb_release -cs) main
# MariaDB Tools
deb [arch=amd64] http://downloads.mariadb.com/Tools/ubuntu $(lsb_release -cs) main
EOF
- Install the packages
# apt update
# apt install mariadb-server mariadb-backup galera-4
Setup certificates for the cluster comunication
Make a CA certificate
Make a CA certificate with a very long lifetime as you dont want to make normal certificate updates at this point.
$ subject='/C=DE/ST=Hamburg/L=Hamburg/O=Organisation/OU=Databases/CN=Galera Cluster'
$ openssl req -new -x509 -nodes -days 365000 -newkey rsa:4096 -sha256 -keyout ca-key.pem -out ca-cert.pem -batch -subj "${subject}"
Create a certificate for each cluster node
$ for node in {1..4}
do
emailAddress="dbadmin@server.de"
servername="maria-${node}.server.de"
subject="/C=DE/ST=Hamburg/L=Hamburg/O=Organisation/OU=Databases/CN=${servername}/emailAddress=${emailAddress}"
openssl req -newkey rsa:4096 -nodes -keyout ${servername}-key.pem -out ${servername}-req.pem -batch -subj "${subject}"
openssl x509 -req -days 365000 -set_serial $(printf "%02d" "${node}") -in ${servername}-req.pem -out ${servername}-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
done
Copy keys and certificates to the nodes
Copy the specific keys and certs to each node:
$ sudo mkdir --mode=0700 /etc/mysql/priv # put in here: maria-${node}.server.de-key.pem
$ sudo mkdir --mode=0750 /etc/mysql/cert # put in here: maria-${node}.server.de-cert.pem , ca-cert.pem
Configure the MariaDB Galera Cluster
Create a mariabackup user on each node
# mariadb
MariaDB [(none)]> grant reload, process, lock tables, replication client on *.* to 'mariabackup'@'localhost' identified by 'the_very_secret_mariabackup_password';
MariaDB [(none)]> grant reload, process, lock tables, binlog monitor on *.* to 'mariabackup'@'maria-1.server.de' identified by 'the_very_secret_mariabackup_password';
MariaDB [(none)]> grant reload, process, lock tables, binlog monitor on *.* to 'mariabackup'@'maria-2.server.de' identified by 'the_very_secret_mariabackup_password';
MariaDB [(none)]> grant reload, process, lock tables, binlog monitor on *.* to 'mariabackup'@'maria-3.server.de' identified by 'the_very_secret_mariabackup_password';
MariaDB [(none)]> grant reload, process, lock tables, binlog monitor on *.* to 'mariabackup'@'maria-4.server.de' identified by 'the_very_secret_mariabackup_password';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]>
Galera settings
/etc/mysql/mariadb.conf.d/zz-galera.cnf
[galera]
# Cluster Configuration
wsrep_provider = /usr/lib/galera/libgalera_smm.so
# gcomm://{ comma seperated list of all cluster node IPs }
wsrep_cluster_address = gcomm://10.33.6.1,10.33.6.2,10.33.6.3,10.33.6.4
wsrep_cluster_name = MariaDB Galera Cluster
wsrep_on = ON
# Snapshot state transfer (SST): copy entire database, when new node joins
wsrep_sst_method = mariabackup
# set the the_very_secret_mariabackup_password to your real mariabackup password
wsrep_sst_auth = mariabackup:the_very_secret_mariabackup_password
[mariadb]
binlog_format = ROW
innodb_autoinc_lock_mode = 2
Get knowledge about your Cluster
Show wsrep_provider_options
$ mariadb -NBABe 'show variables like "wsrep_provider_options"' | awk '{gsub(/$/,":\n",$1); gsub(/(;|$)/,";\n"); printf $0; }'
