Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd July 2010, 21:34
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 57
Thanks: 6
Thanked 2 Times in 2 Posts
Default mysql ssl data replication problem certificate issue?

Using:
http://www.howtoforge.com/how-to-set...-on-centos-5.4


mysql> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State: Connecting to master
Master_Host: mercury.investmenttool.com
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 98
Relay_Log_File: mysqld-relay-bin.000001
Relay_Log_Pos: 98
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: No
Slave_SQL_Running: Yes
Replicate_Do_DB: transferdb
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 98
Relay_Log_Space: 98
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: NULL
1 row in set (0.00 sec)


100722 7:37:57 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

Read thte notes in the thread itself and decided to verify the certificate:

[root@basestar newcerts]# openssl verify -CAfile ca-cert.pem client-cert.pem
client-cert.pem: /C=US/ST=Illinois/L=Chicago/O=ISN Corporation/CN=basestar.investmenttool.com/emailAddress=hpuxconsulting@yahoo.com
error 20 at 0 depth lookup:unable to get local issuer certificate

Master is the main server, I'd just like data replication to a hot site.

the hot site is at a fixed ip address, and everything is wonderful. So I think.

SEP
__________________
isn aka SEP from ITRC forums

Last edited by isn; 22nd July 2010 at 22:25.
Reply With Quote
Sponsored Links
  #2  
Old 23rd July 2010, 00:12
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 57
Thanks: 6
Thanked 2 Times in 2 Posts
Default

Certificate issue is taken care of.

100722 15:57:59 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

I have tried the following:

telnet mercury.investmenttool.com 3306

This works. Proves there is no firewall problem.

I tried logging on as this user from the command prompt
mysql -u slave_user@mercury.investmenttool.com -p

Gave the correct password

Access denied.

Server is not logging the problem.
__________________
isn aka SEP from ITRC forums
Reply With Quote
  #3  
Old 23rd July 2010, 14:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Can you check the Host column of the mysql.user table in the slave_user row? What does it read?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 23rd July 2010, 16:24
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 57
Thanks: 6
Thanked 2 Times in 2 Posts
Default

Sure I will check it.

I found a firewall issue yesteday. Port 3306 on the firewall between the two servers was not forwarded to the slave.

That might gum things up a bit.

Fixed it and plan a retry.

SEP
__________________
isn aka SEP from ITRC forums
Reply With Quote
  #5  
Old 29th July 2010, 15:52
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 57
Thanks: 6
Thanked 2 Times in 2 Posts
Default Still does not work, even with the port forwarded.

I confirmed that port forwarding on port 3601 does work.

Yet the original error persists.

Advice?
__________________
isn aka SEP from ITRC forums
Reply With Quote
  #6  
Old 30th July 2010, 16:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Quote:
Originally Posted by isn View Post
I confirmed that port forwarding on port 3601 does work.
The port is 3306, not 3601.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
mysql, openssl, replication, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Issues securing Webmail with SSL Certificate Robeast Installation/Configuration 10 31st January 2008 02:05
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 18:59
mysql clustering problem : cannot create table in database prince.fer Server Operation 2 16th April 2007 18:03
Problem installing ISPConfig, then with MySQL... ctroyp Installation/Configuration 7 26th September 2005 17:37
MySQL issue during install of ISPConfig ricbax Installation/Configuration 4 16th September 2005 10:41


All times are GMT +2. The time now is 08:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.