HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   mysql ssl data replication problem certificate issue? (http://www.howtoforge.com/forums/showthread.php?t=47499)

isn 22nd July 2010 21:34

mysql ssl data replication problem certificate issue?
 
Using:
http://www.howtoforge.com/how-to-set...-on-centos-5.4


mysql> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State: Connecting to master
Master_Host: mercury.investmenttool.com
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 98
Relay_Log_File: mysqld-relay-bin.000001
Relay_Log_Pos: 98
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: No
Slave_SQL_Running: Yes
Replicate_Do_DB: transferdb
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 98
Relay_Log_Space: 98
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: NULL
1 row in set (0.00 sec)


100722 7:37:57 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

Read thte notes in the thread itself and decided to verify the certificate:

[root@basestar newcerts]# openssl verify -CAfile ca-cert.pem client-cert.pem
client-cert.pem: /C=US/ST=Illinois/L=Chicago/O=ISN Corporation/CN=basestar.investmenttool.com/emailAddress=hpuxconsulting@yahoo.com
error 20 at 0 depth lookup:unable to get local issuer certificate

Master is the main server, I'd just like data replication to a hot site.

the hot site is at a fixed ip address, and everything is wonderful. So I think.

SEP

isn 23rd July 2010 00:12

Certificate issue is taken care of.

100722 15:57:59 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

I have tried the following:

telnet mercury.investmenttool.com 3306

This works. Proves there is no firewall problem.

I tried logging on as this user from the command prompt
mysql -u slave_user@mercury.investmenttool.com -p

Gave the correct password

Access denied.

Server is not logging the problem.

falko 23rd July 2010 14:54

Can you check the Host column of the mysql.user table in the slave_user row? What does it read?

isn 23rd July 2010 16:24

Sure I will check it.

I found a firewall issue yesteday. Port 3306 on the firewall between the two servers was not forwarded to the slave.

That might gum things up a bit.

Fixed it and plan a retry.

SEP

isn 29th July 2010 15:52

Still does not work, even with the port forwarded.
 
I confirmed that port forwarding on port 3601 does work.

Yet the original error persists.

Advice?

falko 30th July 2010 16:38

Quote:

Originally Posted by isn (Post 235084)
I confirmed that port forwarding on port 3601 does work.

The port is 3306, not 3601.


All times are GMT +2. The time now is 15:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.