CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx

CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx

《CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx》由会员分享，可在线阅读，更多相关《CentOS 72 +MariaDB TX 30+MariaDB MaxScale部署.docx（13页珍藏版）》请在冰豆网上搜索。

CentOS72+MariaDBTX30+MariaDBMaxScale部署

CentOS7.2+MariaDBTX3.0+MariaDBMaxScale部署

1.下载

MariaDBTX3.0

注意：

windows版本并不包含MariaDBMaxScale组件

2.安装

2.1安装MariaDB-server

解压后将包含以下两个

maxscale-2.2.15-1.rhel.7.x86_64.rpm

mariadb-10.3.10-rhel-7-x86_64-rpms.tar

继续将mariadb-10.3.10-rhel-7-x86_64-rpms.tar解压获取以下rpm包

然后viREADME其中描述了如何安装MariaDB-server

主要有两步：

A.运行mariadb-10.1.17-rhel-7-x86_64-rpms/setup_repository

B.执行yuminstall-yMariaDB-server

C.随后跟据提示初始化数据库

2.2安装MariaDBMaxScale

[root@bogon~]#rpm-e--nodepsopenssl-libs-1:

1.0.1e-42.el7.9.x86_64

[root@bogon~]#rpm-ivhopenssl-libs-1.0.2k-12.el7.x86_64.rpm

warning:

openssl-libs-1.0.2k-12.el7.x86_64.rpm:

HeaderV3RSA/SHA256Signature,keyIDf4a80eb5:

NOKEY

Preparing...#################################[100%]

Updating/installing...

1:

openssl-libs-1:

1.0.2k-12.el7#################################[100%]

[root@bogon~]#

安装过程会创建maxscale用户组及maxscale用户

*注：

maxscale-2.2.15-1.rhel.7.x86_64.rpm依赖

∙libcurl

∙libaio

∙OpenSSL

由于openssl版本问题，可能用到以下命令卸载旧版本安装新版本openssl

[root@bogon~]#rpm-e--nodepsopenssl-libs-1:

1.0.1e-42.el7.9.x86_64

[root@bogon~]#rpm-ivhopenssl-libs-1.0.2k-12.el7.x86_64.rpm

warning:

openssl-libs-1.0.2k-12.el7.x86_64.rpm:

HeaderV3RSA/SHA256Signature,keyIDf4a80eb5:

NOKEY

Preparing...#################################[100%]

Updating/installing...

1:

openssl-libs-1:

1.0.2k-12.el7#################################[100%]

[root@bogon~]#

安装以后，需要在数据库端创建一个'maxscale'用户用于maxscale连接数据库获取用户权限校验，授权如下

CREATEUSER'maxscale'@'%'IDENTIFIEDBY'schina';

GRANTSELECTONmysql.userTO'maxscale'@'%';

GRANTSELECTONmysql.dbTO'maxscale'@'%';

GRANTSELECTONmysql.tables_privTO'maxscale'@'%';

GRANTSELECTONmysql.roles_mappingTO'maxscale'@'%';

GRANTSHOWDATABASESON*.*TO'maxscale'@'%';

--MariaDBfrom10.2.2to10.2.10requiresextragrants

GRANTSELECTONmysql.*TO'maxscale'@'%';

注意：

如果限定了客户端访问数据库，则需要为maxscale添加同样权限

如数据库为192.168.1.2，客户端为192.168.1.3，maxscale为192.168.1.4

如果设定了

grant select on testdb.* to testuser@'192.168.1.3'

则需要添加

grant select on testdb.* to testuser@'192.168.1.4'

所以最好如果没有要求的话采用通配符配置，如

grant select on testdb.* to testuser@'%'

2.3配置MariaDBMaxScale

[root@bogon~]#vi/etc/f

#MaxScaledocumentation:

#

#Globalparameters

#

#Completelistofconfigurationoptions:

#

#添加以下部分

#参考网址

#

[MyMasking]

type=filter

module=masking

warn_type_mismatch=always

large_payload=abort

rules=/etc/maxscale.modules.d/masking_rules.json#脱敏贵则设置文件

【masking_rules.json内容如下

{

"rules":

[

{

"replace":

{

"column":

"ssn"

},

"with":

{

"value":

"012345-ABCD",

"fill":

"X"

}

}

]

}

】

[MyService]

type=service

filters=MyMasking

router=readconnroute

servers=server1

user=root--连接数据库的用户名

passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E

【注意密码使用maxpasswd工具生成，使用方法如下

[root@bogon~]#maxkeys/var/lib/maxscale/

[root@bogon~]#chown-Rmaxscale.maxscale/var/lib/maxscale/

[root@bogon~]#maxpasswd/var/lib/maxscale/【密码如schina】

AB0D5D2F7D963DCE6E6C6091C1DF366E

[root@bogon~]#】

[MyService-Listener]

type=listener

service=MyService

protocol=MariaDBClient

port=8806#代理端口，客户端连接此端口

[maxscale]

threads=auto

skip_permission_checks=true

#Serverdefinitions

#

#Settheaddressoftheservertothenetwork

#addressofaMariaDBserver.

#

[server1]

type=server

address=192.168.250.123#数据库IP及端口

port=3306

protocol=MariaDBBackend

#Monitorfortheservers

#

#ThiswillkeepMaxScaleawareofthestateoftheservers.

#MariaDBMonitordocumentation:

#

[MariaDB-Monitor]

type=monitor

module=mariadbmon

servers=server1

user=root

passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E

monitor_interval=2000

#Servicedefinitions

#

#ServiceDefinitionforaread-onlyserviceand

#aread/writesplittingservice.

#

#ReadConnRoutedocumentation:

#

[Read-Only-Service]

type=service

router=readconnroute

servers=server1

user=root

passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E

router_options=slave

#ReadWriteSplitdocumentation:

#

[Read-Write-Service]

type=service

router=readwritesplit

servers=server1

user=root

passwd=AB0D5D2F7D963DCE6E6C6091C1DF366E

#ThisserviceenablestheuseoftheMaxAdmininterface

#MaxScaleadministrationguide:

#

[MaxAdmin-Service]

type=service

router=cli

#Listenerdefinitionsfortheservices

#

#Theselistenersrepresenttheportsthe

#serviceswilllistenon.

#

[Read-Only-Listener]

type=listener

service=Read-Only-Service

protocol=MariaDBClient

port=4008

[Read-Write-Listener]

type=listener

service=Read-Write-Service

protocol=MariaDBClient

port=4006

[MaxAdmin-Listener]

type=listener

service=MaxAdmin-Service

protocol=maxscaled

socket=default

备份配置文件

maxscale--export-config=/tmp/bined

文件生成在/tmp/bined

2.4启动MariaDBMaxScale

[root@bogon~]#maxscale--user=maxscale-d

Info:

MaxScalewillberunintheterminalprocess.

Configurationfile:

/etc/f

Logdirectory:

/var/log/maxscale

Datadirectory:

/var/lib/maxscale

Moduledirectory:

/usr/lib64/maxscale

Servicecache:

/var/cache/maxscale

2.5Maxadmin工具

参考网址：

[root@bogon~]#maxadmin

MaxScale>

MaxScale>help

Availablecommands:

add:

adduser-Addanadministrativeaccountforusingmaxadminoverthenetwork

addreadonly-user-Addaread-onlyaccountforusingmaxadminoverthenetwork

addserver-Addanewservertoaservice

remove:

removeuser-Removeaccountforusingmaxadminoverthenetwork

removeserver-Removeaserverfromaserviceoramonitor

create:

createserver-Createanewserver

createlistener-Createanewlistenerforaservice

createmonitor-Createanewmonitor

destroy:

destroyserver-Destroyaserver

destroylistener-Destroyalistener

destroymonitor-Destroyamonitor

alter:

alterserver-Alterserverparameters

。

。

。

。

。

。

。

MaxScale>listservers

2.6设置脱敏规则

参考网址

[root@bogon~]#vi/etc/maxscale.modules.d/masking_rules.json

{

"rules":

[

{

"replace":

{

"column":

"ssn"

},

"with":

{

"value":

"012345-ABCD",

"fill":

"X"

}

}

]

}

2.7验证脱敏结果

连接原数据库创建数据表并插入数据

Createtabletestmask（ciint,ssnvarchar（100））;

Insertintotestmaskvalues（1,111111-aaaa）;

Insertintotestmaskvalues（2,222222-bbbb）;

Insertintotestmaskvalues（1,333333-cccc）;

然后连接代理

查看数据为脱敏结果

3.可能遇到的错误列表

1.Accessforsecretsfile[/var/lib/maxscale/.secrets]failed.Error13,Permissiondenied.

解决方法：

[root@bogon~]#maxkeys/var/lib/maxscale/

[root@bogon~]#chown-Rmaxscale.maxscale/var/lib/maxscale/

[root@bogon~]#maxpasswd/var/lib/maxscale/【密码】

2.UnabletoloadusersforlistenerRead-Only-Listenerlisteningat[:

:

]:

4008.

解决方法：

检查/etc/f下的service下的user和passwd是否正确

3.MyService:

loginattemptforuser'root'@[：

：

fffff192.168.1.191]:

5373,authenticationfailed.Usernotfound

解决方法：

禁用IPV6

[root@localhostDesktop]#cat/etc/default/grub

在如下处添加

GRUB_CMDLINE_LINUX="ipv6.disable=1rd.lvm.lv=centos/rootrd.lvm.lv=centos/swaprhgbquiet"

[root@localhostDesktop]#grub2-mkconfig-o/boot/grub2/grub.cfg

然后重启操作系统

4.客户端无法通过代理端口连接数据库

关闭防火墙

[root@bogon~]#systemctlstopfirewalld

5.[MySQLAuth]Failureloadingusersdatafrombackend[192.168.250.123:

3306]forservice[Read-Write-Service].MySQLerror1045,Accessdeniedforuser'schina'@'192.168.250.123'（usingpassword:

YES）

解决方法：

确认’schina’@’192.168.250.123’是否权限足够

6.Failedtocreatedirectory'/var/run/maxscale':

13,Permissiondenied

重启系统以后启动maxscale时报错

经检查该目录可能会被删除，所以重建目录并授权即可

[root@bogon~]#mkdir-p/var/run/maxscale

[root@bogon~]#chown-Rmaxscale.maxscale/var/run/maxscale/

[root@bogon~]#