[Maria] Maxscale GUI 설치
- -
MariaDB MaxScale은 MariaDB 서버의 고가용성, 확장성 및 보안을 확장하는 동시에 기본 데이터베이스 인프라에서 분리하여 애플리케이션 개발을 단순화하는 데이터베이스 프록시입니다.
read / write 분산이 필요한 아키텍처에서 MaxScale을 사용하면 효율적으로 분산 구조를 구성할 수 있습니다.
■ 서버
hostname | IP | Version |
master | 192.168.100.23 | 10.2 |
slave | 192.168.100.20 | 10.2 |
maxsclae | 192.168.100.21 | 2.5 |
■ Maxsclae 설치
- Maxscale 2.5 Version 설치
[root@maxscale ~]# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-maxscale-version="2.5"
# [info] Checking for script prerequisites.
# [info] MariaDB Server version 10.7 is valid
# [info] Repository file successfully written to /etc/yum.repos.d/mariadb.repo
# [info] Adding trusted package signing keys...
/etc/pki/rpm-gpg ~
~
# [info] Successfully added trusted package signing keys
# [info] Cleaning package cache...
Loaded plugins: fastestmirror, langpacks
Cleaning repos: base docker-ce-stable extras mariadb-main mariadb-maxscale mariadb-tools updates
Cleaning up everything
Cleaning up list of fastest mirrors
-
[root@maxscale ~]# yum -y install maxscale
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
mariadb-main | 3.4 kB 00:00:00
mariadb-maxscale | 2.5 kB 00:00:00
mariadb-tools | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/10): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/10): extras/7/x86_64/primary_db | 246 kB 00:00:00
(3/10): docker-ce-stable/7/x86_64/primary_db | 73 kB 00:00:00
(4/10): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00:00
(5/10): mariadb-tools/primary_db | 17 kB 00:00:00
(6/10): mariadb-main/primary_db | 55 kB 00:00:00
(7/10): updates/7/x86_64/primary_db | 14 MB 00:00:00
(8/10): mariadb-main/updateinfo | 4.9 kB 00:00:01
(9/10): base/7/x86_64/primary_db | 6.1 MB 00:00:01
(10/10): mariadb-maxscale/primary_db | 7.3 kB 00:00:01
Determining fastest mirrors
* base: mirror.navercorp.com
* extras: mirror.navercorp.com
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package maxscale.x86_64 0:2.5.19-1.rhel.7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================
Installing:
maxscale x86_64 2.5.19-1.rhel.7 mariadb-maxscale 43 M
Transaction Summary
=====================================================================================================================================
Install 1 Package
Total download size: 43 M
Installed size: 170 M
Downloading packages:
maxscale-2.5.19-1.rhel.7.x86_64.rpm | 43 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : maxscale-2.5.19-1.rhel.7.x86_64 1/1
Created symlink from /etc/systemd/system/multi-user.target.wants/maxscale.service to /usr/lib/systemd/system/maxscale.service.
Verifying : maxscale-2.5.19-1.rhel.7.x86_64 1/1
Installed:
maxscale.x86_64 0:2.5.19-1.rhel.7
Complete!
■ DB에 Maxscale User 생성
- Maxscale이 DB에 접속하기 위한 User 생성
CREATE USER 'maxscale'@'%' IDENTIFIED BY '1';
GRANT SHOW DATABASES, BINLOG ADMIN, READ ONLY ADMIN, RELOAD,REPLICATION MASTER ADMIN, REPLICATION SLAVE ADMIN,REPLICATION SLAVE, SLAVE MONITOR ON *.* TO 'maxscale'@'%';
■ Maxscale.cnf
- Maxscale GUI를 하기 위해서는 https 접속이 가능하여야 한다.
- SSL 관련 Key 가 저장되어 있는 위치
admin_ssl_key=/etc/certs/server-key.pem, admin_ssl_cert=/etc/certs/server-cert.pem,
admin_ssl_ca_cert=/etc/certs/ca-cert.pem
[root@maxscale certs]# cat /etc/maxscale.cnf
[maxscale]
threads=auto
admin_host = 0.0.0.0
admin_port = 8989
admin_ssl_key=/etc/certs/server-key.pem
admin_ssl_cert=/etc/certs/server-cert.pem
admin_ssl_ca_cert=/etc/certs/ca-cert.pem
[server1]
type=server
address=192.168.100.20
port=3306
protocol=MariaDBBackend
[server2]
type=server
address=192.168.100.23
port=3306
protocol=MariaDBBackedn
[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1,server2
user=maxscale
password=1
monitor_interval=2000
auto_failover=true
[Splitter-Service]
type=service
router=readwritesplit
servers=server1,server2
user=maxscale
password=1
[Splitter-Listener]
type=listener
service=Splitter-Service
protocol=MariaDBClient
port=3306
■ 인증서 생성
- https 접속을 위해 openssl로 자체 인증서 생성
[root@maxscale certs]# openssl genrsa 2048 > ca-key.pem
Generating RSA private key, 2048 bit long modulus
...........................................................+++
................................................................................+++
e is 65537 (0x10001)
[root@maxscale certs]# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ca.example.com
Email Address []:
[root@maxscale certs]# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout server-key.pem -out server-req.pem
Generating a 2048 bit RSA private key
..+++
.............................................................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:maxscale1.example.comserver124.labs.mydomain.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@maxscale certs]# openssl x509 -req -days 365000 -set_serial 01 -in server-req.pem -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Signature ok
subject=/C=KR/L=Seoul/O=Default Company Ltd/CN=maxscale1.example.comserver124.labs.mydomain.com
Getting CA Private Key
[root@maxscale certs]# openssl req -newkey rsa:2048 -nodes -days 365000 -keyout client-key.pem -out client-req.pem
Generating a 2048 bit RSA private key
.............................................+++
....................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:client.examplemariadb.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@maxscale certs]# openssl x509 -req -days 365000 -set_serial 01 -in client-req.pem -out client-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Signature ok
subject=/C=KR/L=Seoul/O=Default Company Ltd/CN=client.examplemariadb.com
Getting CA Private Key
[root@maxscale certs]# openssl verify -CAfile ca-cert.pem ca-cert.pem server-cert.pem
ca-cert.pem: OK
server-cert.pem: OK
[root@maxscale certs]# openssl verify -CAfile ca-cert.pem ca-cert.pem client-cert.pem
ca-cert.pem: OK
client-cert.pem: OK
[root@maxscale certs]# chmod +r server-key.pem
[root@maxscale certs]# systemctl restart maxscale.service
■ Maxscale Admin 유저 생성 & 서비스 확인
- /etc/hosts에 인증서를 만들지 server-cert.pem Key의 CN 값인 maxscale1.example.comserver124.labs.mydomain.com 값을 추가
- maxctrl를 사용하여 Admin type의 user생성 ( yun / lee )
- maxctrl를 사용하여 maxscale에 등록된 서버 조회
[root@jung certs]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 maxscale1.example.comserver124.labs.mydomain.com
[root@jung certs]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem create user "yun" "lee" --type=admin
OK
[root@jung certs]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem list servers
┌─────────┬────────────────┬──────┬─────────────┬─────────────────┬───────┐
│ Server │ Address │ Port │ Connections │ State │ GTID │
├─────────┼────────────────┼──────┼─────────────┼─────────────────┼───────┤
│ server1 │ 192.168.100.20 │ 3306 │ 0 │ Slave, Running │ 0-1-8 │
├─────────┼────────────────┼──────┼─────────────┼─────────────────┼───────┤
│ server2 │ 192.168.100.23 │ 3306 │ 0 │ Master, Running │ 0-1-8 │
└─────────┴────────────────┴──────┴─────────────┴─────────────────┴───────┘
■ Maxscale GUI
- https://[maxscale server ip]:8989
'MySQL & Maria' 카테고리의 다른 글
[ Maria ] DDL시 Replication Delay 발생 (0) | 2022.04.26 |
---|---|
[ MySQL ] Online DDL - Varchar (0) | 2022.04.12 |
[ MySQL & Maria ] Innodb_buffer_pool 사용량 조회 (0) | 2022.03.21 |
MRTE ( MySQL Real Traffic Emulator ) (0) | 2022.01.21 |
[MySQL] MySQL 5 vs 8 ( Auto_increment ) (2) | 2021.12.23 |
소중한 공감 감사합니다