mysql ssl data replication problem certificate issue?

Discussion in 'Server Operation' started by isn, Jul 22, 2010.

  1. isn

    isn New Member

    Using:
    http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4


    mysql> SHOW SLAVE STATUS \G
    *************************** 1. row ***************************
    Slave_IO_State: Connecting to master
    Master_Host: mercury.investmenttool.com
    Master_User: slave_user
    Master_Port: 3306
    Connect_Retry: 60
    Master_Log_File: mysql-bin.000006
    Read_Master_Log_Pos: 98
    Relay_Log_File: mysqld-relay-bin.000001
    Relay_Log_Pos: 98
    Relay_Master_Log_File: mysql-bin.000006
    Slave_IO_Running: No
    Slave_SQL_Running: Yes
    Replicate_Do_DB: transferdb
    Replicate_Ignore_DB:
    Replicate_Do_Table:
    Replicate_Ignore_Table:
    Replicate_Wild_Do_Table:
    Replicate_Wild_Ignore_Table:
    Last_Errno: 0
    Last_Error:
    Skip_Counter: 0
    Exec_Master_Log_Pos: 98
    Relay_Log_Space: 98
    Until_Condition: None
    Until_Log_File:
    Until_Log_Pos: 0
    Master_SSL_Allowed: Yes
    Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
    Master_SSL_CA_Path:
    Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
    Master_SSL_Cipher:
    Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
    Seconds_Behind_Master: NULL
    1 row in set (0.00 sec)


    100722 7:37:57 [ERROR] Slave I/O thread: error connecting to master '[email protected]:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

    Read thte notes in the thread itself and decided to verify the certificate:

    [root@basestar newcerts]# openssl verify -CAfile ca-cert.pem client-cert.pem
    client-cert.pem: /C=US/ST=Illinois/L=Chicago/O=ISN Corporation/CN=basestar.investmenttool.com/emailAddress=[email protected]
    error 20 at 0 depth lookup:unable to get local issuer certificate

    Master is the main server, I'd just like data replication to a hot site.

    the hot site is at a fixed ip address, and everything is wonderful. So I think.

    SEP
     
    Last edited: Jul 22, 2010
  2. isn

    isn New Member

    Certificate issue is taken care of.

    100722 15:57:59 [ERROR] Slave I/O thread: error connecting to master '[email protected]:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

    I have tried the following:

    telnet mercury.investmenttool.com 3306

    This works. Proves there is no firewall problem.

    I tried logging on as this user from the command prompt
    mysql -u [email protected] -p

    Gave the correct password

    Access denied.

    Server is not logging the problem.
     
  3. falko

    falko Super Moderator ISPConfig Developer

    Can you check the Host column of the mysql.user table in the slave_user row? What does it read?
     
  4. isn

    isn New Member

    Sure I will check it.

    I found a firewall issue yesteday. Port 3306 on the firewall between the two servers was not forwarded to the slave.

    That might gum things up a bit.

    Fixed it and plan a retry.

    SEP
     
  5. isn

    isn New Member

    Still does not work, even with the port forwarded.

    I confirmed that port forwarding on port 3601 does work.

    Yet the original error persists.

    Advice?
     
  6. falko

    falko Super Moderator ISPConfig Developer

    The port is 3306, not 3601.
     

Share This Page