Hi Reindel, you client configuration shows no indication for SSL, i see it in my.cnf > only in the [mysqld] section and remember when you initrialize replication > you need to specify it there too > > i doubt there is anything to change the logging but since you *know* what > that user requires that should really not be the problem - said from > somebody using SSL for any mysql connection over TCP for years now > (replication, php-applications, cli-client...) >
Ok!! Thanks. But when I try to setup my client configuration to use SSL, mariadb server refuses to start. It times out: [root@db2:~] #systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2015-07-21 18:29:24 UTC; 13s ago Process: 19965 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 21973 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Jul 21 18:29:23 db2 systemd[1]: Starting LSB: start and stop MySQL... Jul 21 18:29:24 db2 mysql[21973]: Starting MySQL. ERROR! Jul 21 18:29:24 db2 systemd[1]: mysql.service: control process exited, code=exited status=1 Jul 21 18:29:24 db2 systemd[1]: Failed to start LSB: start and stop MySQL. Jul 21 18:29:24 db2 systemd[1]: Unit mysql.service entered failed state. Here's my my.cnf on the client side that is causing the time out error to occur: [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 old_passwords=1 ssl server-id=2 replicate-do-db=jfwiki [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid master-connect-retry=60 !includedir /etc/my.cnf.d [client] ssl-ca=/opt/mysql/ca-cert.pem ssl-cert=/opt/mysql/client-cert.pem ssl-key=/opt/mysql/client-key.pem Any idea why that's happening or how to correct it? Thanks, Tim On Tue, Jul 21, 2015 at 4:25 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > Am 21.07.2015 um 05:03 schrieb Tim Dunphy: > >> I see absolutely NO indication as to why the login for the 'slave2' user >> (that requires SSL) is failing >> >> So my questions are 1) how to I bump up the verbosity on the logs so I can >> get an indication as to why this is failing? 2) what is the best way to >> troubleshoot this? >> > > you client configuration shows no indication for SSL, i see it in my.cnf > only in the [mysqld] section and remember when you initrialize replication > you need to specify it there too > > i doubt there is anything to change the logging but since you *know* what > that user requires that should really not be the problem - said from > somebody using SSL for any mysql connection over TCP for years now > (replication, php-applications, cli-client...) > > CHANGE MASTER TO MASTER_HOST='masterip', MASTER_USER='user', > MASTER_PASSWORD='password', MASTER_PORT=3306, MASTER_CONNECT_RETRY=3600, > MASTER_SSL=1, MASTER_SSL_CA='/etc/mysqlssl/ca.crt', > MASTER_SSL_CERT='/etc/mysqlssl/client.pem', > MASTER_SSL_KEY='/etc/mysqlssl/client.pem'; START SLAVE; > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
