새소식

MySQL & Maria

[Maria] Maxscale GUI 설치

  • -
반응형

MariaDB MaxScale은 MariaDB 서버의 고가용성, 확장성 및 보안을 확장하는 동시에 기본 데이터베이스 인프라에서 분리하여 애플리케이션 개발을 단순화하는 데이터베이스 프록시입니다.

read / write 분산이 필요한 아키텍처에서 MaxScale을 사용하면 효율적으로 분산 구조를 구성할 수 있습니다.

 

 

■ 서버 

hostname IP Version
master 192.168.100.23 10.2
slave 192.168.100.20 10.2
maxsclae 192.168.100.21 2.5

 

■ Maxsclae 설치

- Maxscale 2.5 Version 설치

[root@maxscale ~]# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-maxscale-version="2.5"

# [info] Checking for script prerequisites.
# [info] MariaDB Server version 10.7 is valid
# [info] Repository file successfully written to /etc/yum.repos.d/mariadb.repo
# [info] Adding trusted package signing keys...
/etc/pki/rpm-gpg ~
~
# [info] Successfully added trusted package signing keys
# [info] Cleaning package cache...
Loaded plugins: fastestmirror, langpacks
Cleaning repos: base docker-ce-stable extras mariadb-main mariadb-maxscale mariadb-tools updates
Cleaning up everything
Cleaning up list of fastest mirrors
-

[root@maxscale ~]# yum -y install maxscale
Loaded plugins: fastestmirror, langpacks
base                                                                                                          | 3.6 kB  00:00:00     
docker-ce-stable                                                                                              | 3.5 kB  00:00:00     
extras                                                                                                        | 2.9 kB  00:00:00     
mariadb-main                                                                                                  | 3.4 kB  00:00:00     
mariadb-maxscale                                                                                              | 2.5 kB  00:00:00     
mariadb-tools                                                                                                 | 2.9 kB  00:00:00     
updates                                                                                                       | 2.9 kB  00:00:00     
(1/10): base/7/x86_64/group_gz                                                                                | 153 kB  00:00:00     
(2/10): extras/7/x86_64/primary_db                                                                            | 246 kB  00:00:00     
(3/10): docker-ce-stable/7/x86_64/primary_db                                                                  |  73 kB  00:00:00     
(4/10): docker-ce-stable/7/x86_64/updateinfo                                                                  |   55 B  00:00:00     
(5/10): mariadb-tools/primary_db                                                                              |  17 kB  00:00:00     
(6/10): mariadb-main/primary_db                                                                               |  55 kB  00:00:00     
(7/10): updates/7/x86_64/primary_db                                                                           |  14 MB  00:00:00     
(8/10): mariadb-main/updateinfo                                                                               | 4.9 kB  00:00:01     
(9/10): base/7/x86_64/primary_db                                                                              | 6.1 MB  00:00:01     
(10/10): mariadb-maxscale/primary_db                                                                          | 7.3 kB  00:00:01     
Determining fastest mirrors
* base: mirror.navercorp.com
* extras: mirror.navercorp.com
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package maxscale.x86_64 0:2.5.19-1.rhel.7 will be installed
--> Finished Dependency Resolution


Dependencies Resolved


=====================================================================================================================================
Package                     Arch                      Version                             Repository                           Size
=====================================================================================================================================
Installing:
maxscale                    x86_64                    2.5.19-1.rhel.7                     mariadb-maxscale                     43 M


Transaction Summary
=====================================================================================================================================
Install  1 Package


Total download size: 43 M
Installed size: 170 M
Downloading packages:
maxscale-2.5.19-1.rhel.7.x86_64.rpm                                                                           |  43 MB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : maxscale-2.5.19-1.rhel.7.x86_64                                                                                   1/1
Created symlink from /etc/systemd/system/multi-user.target.wants/maxscale.service to /usr/lib/systemd/system/maxscale.service.
  Verifying  : maxscale-2.5.19-1.rhel.7.x86_64                                                                                   1/1


Installed:
  maxscale.x86_64 0:2.5.19-1.rhel.7                                                                                                  


Complete!

 

■ DB에 Maxscale User 생성

- Maxscale이 DB에 접속하기 위한 User 생성

CREATE USER 'maxscale'@'%' IDENTIFIED BY '1';
GRANT SHOW DATABASES, BINLOG ADMIN, READ ONLY ADMIN, RELOAD,REPLICATION MASTER ADMIN, REPLICATION SLAVE ADMIN,REPLICATION SLAVE, SLAVE MONITOR ON *.* TO 'maxscale'@'%';

 

■ Maxscale.cnf

- Maxscale GUI를 하기 위해서는 https 접속이 가능하여야 한다.

- SSL 관련 Key 가 저장되어 있는 위치

admin_ssl_key=/etc/certs/server-key.pem, admin_ssl_cert=/etc/certs/server-cert.pem,
admin_ssl_ca_cert=/etc/certs/ca-cert.pem

[root@maxscale certs]# cat /etc/maxscale.cnf
[maxscale]
threads=auto
admin_host            = 0.0.0.0
admin_port            = 8989
admin_ssl_key=/etc/certs/server-key.pem
admin_ssl_cert=/etc/certs/server-cert.pem
admin_ssl_ca_cert=/etc/certs/ca-cert.pem


[server1]
type=server
address=192.168.100.20
port=3306
protocol=MariaDBBackend


[server2]
type=server
address=192.168.100.23
port=3306
protocol=MariaDBBackedn



[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1,server2
user=maxscale
password=1
monitor_interval=2000
auto_failover=true


[Splitter-Service]
type=service
router=readwritesplit
servers=server1,server2
user=maxscale
password=1


[Splitter-Listener]
type=listener
service=Splitter-Service
protocol=MariaDBClient
port=3306

 

■ 인증서 생성

- https 접속을 위해 openssl로 자체 인증서 생성

[root@maxscale certs]# openssl genrsa 2048 > ca-key.pem
Generating RSA private key, 2048 bit long modulus
...........................................................+++
................................................................................+++
e is 65537 (0x10001)


[root@maxscale certs]# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:  
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:              
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ca.example.com
Email Address []:



[root@maxscale certs]# openssl req -newkey rsa:2048 -nodes -days 365000  -keyout server-key.pem -out server-req.pem
Generating a 2048 bit RSA private key
..+++
.............................................................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:maxscale1.example.comserver124.labs.mydomain.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


[root@maxscale certs]# openssl x509 -req -days 365000 -set_serial 01 -in server-req.pem -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Signature ok
subject=/C=KR/L=Seoul/O=Default Company Ltd/CN=maxscale1.example.comserver124.labs.mydomain.com
Getting CA Private Key



[root@maxscale certs]# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout client-key.pem -out client-req.pem
Generating a 2048 bit RSA private key
.............................................+++
....................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Seoul      
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:client.examplemariadb.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


[root@maxscale certs]# openssl x509 -req -days 365000 -set_serial 01 -in client-req.pem -out client-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Signature ok
subject=/C=KR/L=Seoul/O=Default Company Ltd/CN=client.examplemariadb.com
Getting CA Private Key


[root@maxscale certs]# openssl verify -CAfile ca-cert.pem ca-cert.pem server-cert.pem
ca-cert.pem: OK
server-cert.pem: OK

[root@maxscale certs]# openssl verify -CAfile ca-cert.pem ca-cert.pem client-cert.pem
ca-cert.pem: OK
client-cert.pem: OK

[root@maxscale certs]# chmod +r server-key.pem
[root@maxscale certs]# systemctl restart maxscale.service

 

■ Maxscale Admin 유저 생성 & 서비스 확인

- /etc/hosts에 인증서를 만들지 server-cert.pem Key의 CN 값인 maxscale1.example.comserver124.labs.mydomain.com 값을 추가
- maxctrl를 사용하여 Admin type의 user생성 ( yun / lee )

- maxctrl를 사용하여 maxscale에 등록된 서버 조회 

[root@jung certs]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1  maxscale1.example.comserver124.labs.mydomain.com


[root@jung certs]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem create user "yun" "lee" --type=admin
OK

[root@jung certs]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem list servers
┌─────────┬────────────────┬──────┬─────────────┬─────────────────┬───────┐
│ Server  │ Address        │ Port │ Connections │ State           │ GTID  │
├─────────┼────────────────┼──────┼─────────────┼─────────────────┼───────┤
│ server1 │ 192.168.100.20 │ 3306 │ 0           │ Slave, Running  │ 0-1-8 │
├─────────┼────────────────┼──────┼─────────────┼─────────────────┼───────┤
│ server2 │ 192.168.100.23 │ 3306 │ 0           │ Master, Running │ 0-1-8 │
└─────────┴────────────────┴──────┴─────────────┴─────────────────┴───────┘

 

■ Maxscale GUI

- https://[maxscale server ip]:8989

반응형
Contents

포스팅 주소를 복사했습니다

이 글이 도움이 되었다면 공감 부탁드립니다.