mysql ssl data replication problem certificate issue?

Discussion in 'Server Operation' started by isn, Jul 22, 2010.

  1. isn

    isn New Member

    Using:
    http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4


    mysql> SHOW SLAVE STATUS \G
    *************************** 1. row ***************************
    Slave_IO_State: Connecting to master
    Master_Host: mercury.investmenttool.com
    Master_User: slave_user
    Master_Port: 3306
    Connect_Retry: 60
    Master_Log_File: mysql-bin.000006
    Read_Master_Log_Pos: 98
    Relay_Log_File: mysqld-relay-bin.000001
    Relay_Log_Pos: 98
    Relay_Master_Log_File: mysql-bin.000006
    Slave_IO_Running: No
    Slave_SQL_Running: Yes
    Replicate_Do_DB: transferdb
    Replicate_Ignore_DB:
    Replicate_Do_Table:
    Replicate_Ignore_Table:
    Replicate_Wild_Do_Table:
    Replicate_Wild_Ignore_Table:
    Last_Errno: 0
    Last_Error:
    Skip_Counter: 0
    Exec_Master_Log_Pos: 98
    Relay_Log_Space: 98
    Until_Condition: None
    Until_Log_File:
    Until_Log_Pos: 0
    Master_SSL_Allowed: Yes
    Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
    Master_SSL_CA_Path:
    Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
    Master_SSL_Cipher:
    Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
    Seconds_Behind_Master: NULL
    1 row in set (0.00 sec)


    100722 7:37:57 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

    Read thte notes in the thread itself and decided to verify the certificate:

    [root@basestar newcerts]# openssl verify -CAfile ca-cert.pem client-cert.pem
    client-cert.pem: /C=US/ST=Illinois/L=Chicago/O=ISN Corporation/CN=basestar.investmenttool.com/emailAddress=hpuxconsulting@yahoo.com
    error 20 at 0 depth lookup:unable to get local issuer certificate

    Master is the main server, I'd just like data replication to a hot site.

    the hot site is at a fixed ip address, and everything is wonderful. So I think.

    SEP
     
    Last edited: Jul 22, 2010
  2. isn

    isn New Member

    Certificate issue is taken care of.

    100722 15:57:59 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

    I have tried the following:

    telnet mercury.investmenttool.com 3306

    This works. Proves there is no firewall problem.

    I tried logging on as this user from the command prompt
    mysql -u slave_user@mercury.investmenttool.com -p

    Gave the correct password

    Access denied.

    Server is not logging the problem.
     
  3. falko

    falko Super Moderator

    Can you check the Host column of the mysql.user table in the slave_user row? What does it read?
     
  4. isn

    isn New Member

    Sure I will check it.

    I found a firewall issue yesteday. Port 3306 on the firewall between the two servers was not forwarded to the slave.

    That might gum things up a bit.

    Fixed it and plan a retry.

    SEP
     
  5. isn

    isn New Member

    Still does not work, even with the port forwarded.

    I confirmed that port forwarding on port 3601 does work.

    Yet the original error persists.

    Advice?
     
  6. falko

    falko Super Moderator

    The port is 3306, not 3601.
     

Share This Page