CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx
《CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx》由会员分享,可在线阅读,更多相关《CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx(13页珍藏版)》请在冰点文库上搜索。
CentOS72+MariaDBTX30+MariaDBMaxScale部署
CentOS7.2+MariaDBTX3.0+MariaDBMaxScale部署
1.下载
MariaDBTX3.0
注意:
windows版本并不包含MariaDBMaxScale组件
2.安装
2.1安装MariaDB-server
解压后将包含以下两个
maxscale-2.2.15-1.rhel.7.x86_64.rpm
mariadb-10.3.10-rhel-7-x86_64-rpms.tar
继续将mariadb-10.3.10-rhel-7-x86_64-rpms.tar解压获取以下rpm包
然后viREADME其中描述了如何安装MariaDB-server
主要有两步:
A.运行mariadb-10.1.17-rhel-7-x86_64-rpms/setup_repository
B.执行yuminstall-yMariaDB-server
C.随后跟据提示初始化数据库
2.2安装MariaDBMaxScale
[root@bogon~]#rpm-e--nodepsopenssl-libs-1:
1.0.1e-42.el7.9.x86_64
[root@bogon~]#rpm-ivhopenssl-libs-1.0.2k-12.el7.x86_64.rpm
warning:
openssl-libs-1.0.2k-12.el7.x86_64.rpm:
HeaderV3RSA/SHA256Signature,keyIDf4a80eb5:
NOKEY
Preparing...#################################[100%]
Updating/installing...
1:
openssl-libs-1:
1.0.2k-12.el7#################################[100%]
[root@bogon~]#
安装过程会创建maxscale用户组及maxscale用户
*注:
maxscale-2.2.15-1.rhel.7.x86_64.rpm依赖
∙libcurl
∙libaio
∙OpenSSL
由于openssl版本问题,可能用到以下命令卸载旧版本安装新版本openssl
[root@bogon~]#rpm-e--nodepsopenssl-libs-1:
1.0.1e-42.el7.9.x86_64
[root@bogon~]#rpm-ivhopenssl-libs-1.0.2k-12.el7.x86_64.rpm
warning:
openssl-libs-1.0.2k-12.el7.x86_64.rpm:
HeaderV3RSA/SHA256Signature,keyIDf4a80eb5:
NOKEY
Preparing...#################################[100%]
Updating/installing...
1:
openssl-libs-1:
1.0.2k-12.el7#################################[100%]
[root@bogon~]#
安装以后,需要在数据库端创建一个'maxscale'用户用于maxscale连接数据库获取用户权限校验,授权如下
CREATEUSER'maxscale'@'%'IDENTIFIEDBY'schina';
GRANTSELECTONmysql.userTO'maxscale'@'%';
GRANTSELECTONmysql.dbTO'maxscale'@'%';
GRANTSELECTONmysql.tables_privTO'maxscale'@'%';
GRANTSELECTONmysql.roles_mappingTO'maxscale'@'%';
GRANTSHOWDATABASESON*.*TO'maxscale'@'%';
--MariaDBfrom10.2.2to10.2.10requiresextragrants
GRANTSELECTONmysql.*TO'maxscale'@'%';
注意:
如果限定了客户端访问数据库,则需要为maxscale添加同样权限
如数据库为192.168.1.2,客户端为192.168.1.3,maxscale为192.168.1.4
如果设定了
grant select on testdb.* to testuser@'192.168.1.3'
则需要添加
grant select on testdb.* to testuser@'192.168.1.4'
所以最好如果没有要求的话采用通配符配置,如
grant select on testdb.* to testuser@'%'
2.3配置MariaDBMaxScale
[root@bogon~]#vi/etc/f
#MaxScaledocumentation:
#
#Globalparameters
#
#Completelistofconfigurationoptions:
#
#添加以下部分
#参考网址
#
[MyMasking]
type=filter
module=masking
warn_type_mismatch=always
large_payload=abort
rules=/etc/maxscale.modules.d/masking_rules.json#脱敏贵则设置文件
【masking_rules.json内容如下
{
"rules":
[
{
"replace":
{
"column":
"ssn"
},
"with":
{
"value":
"012345-ABCD",
"fill":
"X"
}
}
]
}
】
[MyService]
type=service
filters=MyMasking
router=readconnroute
servers=server1
user=root--连接数据库的用户名
passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E
【注意密码使用maxpasswd工具生成,使用方法如下
[root@bogon~]#maxkeys/var/lib/maxscale/
[root@bogon~]#chown-Rmaxscale.maxscale/var/lib/maxscale/
[root@bogon~]#maxpasswd/var/lib/maxscale/【密码如schina】
AB0D5D2F7D963DCE6E6C6091C1DF366E
[root@bogon~]#】
[MyService-Listener]
type=listener
service=MyService
protocol=MariaDBClient
port=8806#代理端口,客户端连接此端口
[maxscale]
threads=auto
skip_permission_checks=true
#Serverdefinitions
#
#Settheaddressoftheservertothenetwork
#addressofaMariaDBserver.
#
[server1]
type=server
address=192.168.250.123#数据库IP及端口
port=3306
protocol=MariaDBBackend
#Monitorfortheservers
#
#ThiswillkeepMaxScaleawareofthestateoftheservers.
#MariaDBMonitordocumentation:
#
[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1
user=root
passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E
monitor_interval=2000
#Servicedefinitions
#
#ServiceDefinitionforaread-onlyserviceand
#aread/writesplittingservice.
#
#ReadConnRoutedocumentation:
#
[Read-Only-Service]
type=service
router=readconnroute
servers=server1
user=root
passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E
router_options=slave
#ReadWriteSplitdocumentation:
#
[Read-Write-Service]
type=service
router=readwritesplit
servers=server1
user=root
passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E
#ThisserviceenablestheuseoftheMaxAdmininterface
#MaxScaleadministrationguide:
#
[MaxAdmin-Service]
type=service
router=cli
#Listenerdefinitionsfortheservices
#
#Theselistenersrepresenttheportsthe
#serviceswilllistenon.
#
[Read-Only-Listener]
type=listener
service=Read-Only-Service
protocol=MariaDBClient
port=4008
[Read-Write-Listener]
type=listener
service=Read-Write-Service
protocol=MariaDBClient
port=4006
[MaxAdmin-Listener]
type=listener
service=MaxAdmin-Service
protocol=maxscaled
socket=default
备份配置文件
maxscale--export-config=/tmp/bined
文件生成在/tmp/bined
2.4启动MariaDBMaxScale
[root@bogon~]#maxscale--user=maxscale-d
Info:
MaxScalewillberunintheterminalprocess.
Configurationfile:
/etc/f
Logdirectory:
/var/log/maxscale
Datadirectory:
/var/lib/maxscale
Moduledirectory:
/usr/lib64/maxscale
Servicecache:
/var/cache/maxscale
2.5Maxadmin工具
参考网址:
[root@bogon~]#maxadmin
MaxScale>
MaxScale>help
Availablecommands:
add:
adduser-Addanadministrativeaccountforusingmaxadminoverthenetwork
addreadonly-user-Addaread-onlyaccountforusingmaxadminoverthenetwork
addserver-Addanewservertoaservice
remove:
removeuser-Removeaccountforusingmaxadminoverthenetwork
removeserver-Removeaserverfromaserviceoramonitor
create:
createserver-Createanewserver
createlistener-Createanewlistenerforaservice
createmonitor-Createanewmonitor
destroy:
destroyserver-Destroyaserver
destroylistener-Destroyalistener
destroymonitor-Destroyamonitor
alter:
alterserver-Alterserverparameters
。
。
。
。
。
。
。
MaxScale>listservers
2.6设置脱敏规则
参考网址
[root@bogon~]#vi/etc/maxscale.modules.d/masking_rules.json
{
"rules":
[
{
"replace":
{
"column":
"ssn"
},
"with":
{
"value":
"012345-ABCD",
"fill":
"X"
}
}
]
}
2.7验证脱敏结果
连接原数据库创建数据表并插入数据
Createtabletestmask(ciint,ssnvarchar(100));
Insertintotestmaskvalues(1,111111-aaaa);
Insertintotestmaskvalues(2,222222-bbbb);
Insertintotestmaskvalues(1,333333-cccc);
然后连接代理
查看数据为脱敏结果
3.可能遇到的错误列表
1.Accessforsecretsfile[/var/lib/maxscale/.secrets]failed.Error13,Permissiondenied.
解决方法:
[root@bogon~]#maxkeys/var/lib/maxscale/
[root@bogon~]#chown-Rmaxscale.maxscale/var/lib/maxscale/
[root@bogon~]#maxpasswd/var/lib/maxscale/【密码】
2.UnabletoloadusersforlistenerRead-Only-Listenerlisteningat[:
:
]:
4008.
解决方法:
检查/etc/f下的service下的user和passwd是否正确
3.MyService:
loginattemptforuser'root'@[:
:
fffff192.168.1.191]:
5373,authenticationfailed.Usernotfound
解决方法:
禁用IPV6
[root@localhostDesktop]#cat/etc/default/grub
在如下处添加
GRUB_CMDLINE_LINUX="ipv6.disable=1rd.lvm.lv=centos/rootrd.lvm.lv=centos/swaprhgbquiet"
[root@localhostDesktop]#grub2-mkconfig-o/boot/grub2/grub.cfg
然后重启操作系统
4.客户端无法通过代理端口连接数据库
关闭防火墙
[root@bogon~]#systemctlstopfirewalld
5.[MySQLAuth]Failureloadingusersdatafrombackend[192.168.250.123:
3306]forservice[Read-Write-Service].MySQLerror1045,Accessdeniedforuser'schina'@'192.168.250.123'(usingpassword:
YES)
解决方法:
确认’schina’@’192.168.250.123’是否权限足够
6.Failedtocreatedirectory'/var/run/maxscale':
13,Permissiondenied
重启系统以后启动maxscale时报错
经检查该目录可能会被删除,所以重建目录并授权即可
[root@bogon~]#mkdir-p/var/run/maxscale
[root@bogon~]#chown-Rmaxscale.maxscale/var/run/maxscale/
[root@bogon~]#