Comments on How To Set Up MySQL Database Replication With SSL Encryption On Debian Lenny

How To Set Up MySQL Database Replication With SSL Encryption On Debian Lenny This tutorial describes how to set up database replication in MySQL using an SSL connection for encryption (to make it impossible for hackers to sniff out passwords and data transferred between the master and slave). MySQL replication allows you to have an exact copy of a database from a master server on another server (slave), and all updates to the database on the master server are immediately replicated to the database on the slave server so that both databases are in sync. This is not a backup policy because an accidentally issued DELETE command will also be carried out on the slave; but replication can help protect against hardware failures though.

4 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: TripHunter
Reply  

Thanks for this. Extremely useful post and just what i needed for a travel customer of mine

By:
Reply  

Falko, as usual, this is an excellent How To!  Thank you.

I discovered that there are some tweaks that are necessary for Drupal.  I am running Drupal 6 multisite on ISPConfig2 on Debian Lenny (I used your ISPConfig/Drupal5 How To to setup the original environment in Drupal5 and have since upgraded to D6 ).

The tweaks mainly involve ignoring some temporary tables that will render your Drupal replication out of sync very quickly.

A list of the key tweaks (some required) are here:  http://widwad.com/lCz

Thanks again for the awesome instructions and hopefully this additional info helps someone; I was pulling my hair out wondering what was wrong!

By: Andy Beverley
Reply  

Are the permissions really correct in the directory listing above? Surely the private keys should be only readable by mysql?

By: razvan
Reply  

Thank you for your tutorial.

It was great and useful, but for Ubuntu 12.10 has two problems that did not allow me to activate  the SSL for master.

1. The generated keys for server and client are missing RSA and from header. This generates a  "SSL error: Unable to get private key from '/etc/mysql/server-key.pem' " in "/var/log/mysql/error.log".

So instead of

  -----BEGIN PRIVATE KEY-----
shoud be
 -----BEGIN RSA PRIVATE KEY-----

 and instead of

  -----END PRIVATE KEY-----
should be
 -----END RSA PRIVATE KEY-----

See:      MySQL :: Re: MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem'

 2. The generated files should be placed in /etc/mysql/
At least this was the solution that worked for me.

All the best.