[ale] MySQL sync
cfowler
cfowler at outpostsentinel.com
Tue Feb 25 10:35:20 EST 2003
Typo error fixed. I've got it enabled and I'll test to see if
replication works.
On Thu, 2003-02-20 at 08:30, Chuck Huber wrote:
> On Wed, Feb 19, 2003 at 04:24:22PM -0500, cfowler wrote:
> > I've got 2 MySQL engines on seperate networks. Is it possible to sync
> > certain databases for backup purposes?
>
> Yes it is possible with 3.x and I'm doing it right now.
> You need to setup replication as a master slave. I use stunnel
> to create an encrypted link between the master and slave. The slave
> network is protected by a firewall, and I use iptables to forward the
> port to the slave host's stunnel port. MySql.com has some good docs
> on this. But in a nutshell, here's how to do it:
>
> The "master" database is defined to be the source of information.
> The "slave" is defined to be the recipient - the one that tries to
> keep up with the master.
>
> MASTER SETUP:
> For the purposes of this discussion, the master will listen for
> connections on TCP port 1234. In /etc/my.cnf make sure the [mysqld] section
> contains the following parameters:
>
> [mysqld]
> port=1234
> ...
> log-bin
> server-id=1
>
> Add a user of your choice that has read and FILE access to all the databases
> you wish to backup. For this purposes of this discussion, we'll call it
> "repluser".
>
> After you set these parameters, you'll need to bounce the mysql server.
>
> We'll need to setup a stunnel to listen. In /etc/rc.d/init.d/mysql
> setup a stunnel listener. For the purposes of this discussion, we'll use 1235:
>
> #!/bin/sh
> #
> # Establish a secure tunnel for mysql. This will listen
> # on port 1235 for SSL connections, then forward them to
> # port 1234. The firewall has been setup to allow only
> # the slave machine to hit port 1235 and it forwards the
> # connection request to this machine.
> #
> case "$1" in
> 'start')
> # Start the SSL tunnel
> /usr/sbin/stunnel -s mysql -d 1235 -r localhost:1234
> ;;
> 'stop')
> # Stop the SSL tunnel
> kill $(cat /var/run/stunnel.localhost.1234.pid)
> ;;
> esac
>
> #
> # Change to user mysql and execute the startup script
> #
> su - mysql -c "./rc $*"
>
> FIREWALL SETUP
> Since the slave will be initiating contact with the master, we'll need
> to forward the connection request at the firewall to this master machine.
> We'll want to forward the encrypted link since stunnel is already running
> on the master. Substitute in the IP address of the master.
>
> ${IPTABLES} -t nat -A PREROUTING -p tcp --dport 1235 -j DNAT --to-destination 192.168.?.?:1235
>
> SLAVE SETUP
> Setup stunnel. In /etc/rc.d/init.d/mysql, add:
> ...
> case "$1" in
> 'start')
> # -c = SSL Client mode. Remote end is server
> # -s = suid after connecting
> # -d = daemon listen address/port
> # -r = remote list
> /usr/sbin/stunnel -c \
> -s mysql \
> -d 1235 \
> -r remotehost.domain.com:1235
> ;;
> 'stop')
> kill $(cat /var/run/stunnel.remotehost.domain.com.1235.pid)
> ;;
> esac
> su - mysql -c "~mysql/mysql.server $*"
>
> Setup mysql. In ~mysql/.my.cnf (or /etc/my.cnf), add the following parameters:
>
> [mysqld]
> port=1234
> ...
> master-host=127.0.0.1
> master-port=1235
> master-user=repluser
> master-password=replpassword
> replicate-do-db=dbtorepl
> service-id=3
>
> Set the master-user and master-password appropriate for your system. Also set
> replicate-do-db to the database you wish to replicate.
> NOTE: Don't use "localhost". That has special meaning to mysqld and will cause
> it to use unix sockets to connect to /tmp/mysql (a pipe). It must be 127.0.0.1.
>
> Make sure ~mysql/data/master.info looks like:
> sched-bin.003
> 1
> 127.0.0.1
> repluser
> replpassword
> 1235
> 60
>
> There are mysql commands you can use to adjust these parameters, but this will
> give you a good start.
>
> Bounce the slave server and use tcpdump to look for connections going to
> 127.0.0.1:1235, and watch the mysql logs for errors.
>
> Enjoy,
> - Chuck
>
> --
> "The purpose of encryption is to protect good people
> from bad people, not to protect bad people from the government."
> Scott McNealy, CEO Sun Microsystems
> "The best way for government to control people is to remain in
> a constant threat of war." ---Karl Marx
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety." -- Benjamin Franklin
--
"The Law of Leaky Abstractions"
There is a time where abstractions lead to the inablity to
fix problems that leak through the abstraction.
http://www.joelonsoftware.com/articles/LeakyAbstractions.html
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list