MySQL Secure Replication over SSL on Debian Sarge
Building MySQL with OpenSSL
All versions of MySQL currently shipped with Debian Sarge lack support OpenSSL due to licensing issues. In order to enable support for SSL connections it is necessary recompile MySQL from source.
Update your /etc/apt/sources.list file to include the appropriate deb-src lines so that it is similar to this:
deb http://mirrors.kernel.org/debian/ sarge main contrib non-free
deb-src http://mirrors.kernel.org/debian/ sarge main contrib non-free
deb http://security.debian.org/ sarge/updates main contrib non-free
Grab the required development packages from the Debian mirrors:
apt-get update
apt-get build-dep mysql-server-4.1
apt-get install libssl-dev
Download the source into a build directory:
mkdir ~/mysqlbuild
cd ~/mysqlbuild
apt-get source mysql-server-4.1
Amend the default Debian build options:
vi ~/mysqlbuild/debian/rules
change --without-ssl to --with-openssl
Optionally update the changelog:
vi ~/mysqlbuild/debian/changelog
mysql-dfsg (4.1) unstable; urgency=low
* Compiled in SSL support
-- Terry Burton Fri, 24 June 2005 11:09:43 -0000
Build the new MySQL binary packages:
cd ~/mysqlbuild
./debian/rules binary
In order to satisfy all of the MySQL dependancies it is best to install the official Debian MySQL packages and replace them:
apt-get install mysql-common-4.1 mysql-server-4.1
cd ~/mysqlbuild
dpkg -i *.deb
Configuring SSL-based replication
Follow the process described in usr/share/doc/mysql-server/SSL-MINI-HOWTO.txt.gz to genterate certificates and key, and make amendments to your /etc/my.cnf file.
Also make the configuration file changes to both the server and the client as explained in http://dev.mysql.com/doc/mysql/en/replication-howto.html.
Both hosts:
invoke-rc.d mysql restart
Server:
mysql> grant replication slave, super, reload, select on *.* to 'replicator'@'%' identied by 'password' require SSL;
Test the setup from an SSL enabled client:
mysql --ssl-ca=/dev/null -h server -u replicator -p
Client:
mysql> change master to
master_host='hostname',
master_user='replicator',
master_password='password',
master_ssl=1,
master_ca='/dev/null';
mysql> load data from master;
mysql> start slave;
All versions of MySQL currently shipped with Debian Sarge lack support OpenSSL due to licensing issues. In order to enable support for SSL connections it is necessary recompile MySQL from source.
Update your /etc/apt/sources.list file to include the appropriate deb-src lines so that it is similar to this:
deb http://mirrors.kernel.org/debian/ sarge main contrib non-free
deb-src http://mirrors.kernel.org/debian/ sarge main contrib non-free
deb http://security.debian.org/ sarge/updates main contrib non-free
Grab the required development packages from the Debian mirrors:
apt-get update
apt-get build-dep mysql-server-4.1
apt-get install libssl-dev
Download the source into a build directory:
mkdir ~/mysqlbuild
cd ~/mysqlbuild
apt-get source mysql-server-4.1
Amend the default Debian build options:
vi ~/mysqlbuild/debian/rules
change --without-ssl to --with-openssl
Optionally update the changelog:
vi ~/mysqlbuild/debian/changelog
mysql-dfsg (4.1) unstable; urgency=low
* Compiled in SSL support
-- Terry Burton Fri, 24 June 2005 11:09:43 -0000
Build the new MySQL binary packages:
cd ~/mysqlbuild
./debian/rules binary
In order to satisfy all of the MySQL dependancies it is best to install the official Debian MySQL packages and replace them:
apt-get install mysql-common-4.1 mysql-server-4.1
cd ~/mysqlbuild
dpkg -i *.deb
Configuring SSL-based replication
Follow the process described in usr/share/doc/mysql-server/SSL-MINI-HOWTO.txt.gz to genterate certificates and key, and make amendments to your /etc/my.cnf file.
Also make the configuration file changes to both the server and the client as explained in http://dev.mysql.com/doc/mysql/en/replication-howto.html.
Both hosts:
invoke-rc.d mysql restart
Server:
mysql> grant replication slave, super, reload, select on *.* to 'replicator'@'%' identied by 'password' require SSL;
Test the setup from an SSL enabled client:
mysql --ssl-ca=/dev/null -h server -u replicator -p
Client:
mysql> change master to
master_host='hostname',
master_user='replicator',
master_password='password',
master_ssl=1,
master_ca='/dev/null';
mysql> load data from master;
mysql> start slave;
posted by Terry Burton at 10:24 AM
0 Comments:
Post a Comment
<< Home