close
프로필 배경
프로필 로고

JH 개인 블로그

DataBase/MySQL & MariaDB · 2022. 7. 30. fullscreen 넓게보기

[MariaDB - Maxscale GUI 구성]

MaxScale은 MariaDB 에서 지원하는 DB Proxy 입니다.

HA proxy 와 동일하나 DB read/ write 쿼리를 지정한 DB 서버로  나눠주는 기능이 있는 등 DB에 더 특화되어있습니다.
read / write 분산이 필요한 아키텍처에서 MaxScale 을 사용하면 효율적으로 분산 구조를 구성할 수 있습니다.

 

이번 포스팅에서는 Maxscale을 GUI로 구축하여 웹에서 통제 해보았습니다.

 

 

테스트 환경
Hostname
IP
server1   
192.168.100.23
server2   
192.168.100.20
maxscale
49.50.163.26(public IP)  , 192.168.100.21

 

 

 필수 패키지 설치 

[root@jeong ~]# yum -y install libcurl libaio openssl gnutls libatomic

 

 

 maxscale 설치 

[root@jeong ~]# wget https://downloads.mariadb.com/MaxScale/2.5.0/centos/7/x86_64/maxscale-2.5.0.centos.7.tar.gz
--2022-03-21 15:40:35--  https://downloads.mariadb.com/MaxScale/2.5.0/centos/7/x86_64/maxscale-2.5.0.centos.7.tar.gz
Resolving downloads.mariadb.com (downloads.mariadb.com)... 104.18.135.24, 104.17.191.14, 2606:4700::6811:bf0e, ...
Connecting to downloads.mariadb.com (downloads.mariadb.com)|104.18.135.24|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 60848706 (58M) [application/octet-stream]
Saving to: ‘maxscale-2.5.0.centos.7.tar.gz’

100%[===================================================>] 60,848,706   183MB/s   in 0.3s   

2022-03-21 15:40:36 (183 MB/s) - ‘maxscale-2.5.0.centos.7.tar.gz’ saved [60848706/60848706]



[root@jeong ~]# tar -zxvf maxscale-2.5.0.centos.7.tar.gz
maxscale-2.5.0.centos.7/share/
maxscale-2.5.0.centos.7/share/maxscale/
maxscale-2.5.0.centos.7/share/maxscale/Changelog.txt
maxscale-2.5.0.centos.7/share/maxscale/ReleaseNotes.txt
maxscale-2.5.0.centos.7/share/maxscale/UpgradingToMaxScale12.txt
maxscale-2.5.0.centos.7/share/maxscale/maxscale.cnf.template
...생략


[root@jeong ~]# mv maxscale-2.5.0.centos.7 /maxscale

 

 

config 수정 

[root@jeong etc]# cp /maxscale/etc/maxscale.cnf.template  maxscale.cnf

[root@jeong etc]# vi /maxscale/etc/maxscale.cnf
# MaxScale documentation:
# https://mariadb.com/kb/en/mariadb-maxscale-24/

# Global parameters
#
# Complete list of configuration options:
# https://mariadb.com/kb/en/mariadb-maxscale-24-mariadb-maxscale-configuration-guide/

[maxscale]
threads=auto
admin_host            = 0.0.0.0
admin_port            = 8989
admin_ssl_key=/etc/certs/server-key.pem
admin_ssl_cert=/etc/certs/server-cert.pem
admin_ssl_ca_cert=/etc/certs/ca-cert.pem


# Server definitions
#
# Set the address of the server to the network
# address of a MariaDB server.
#


[server1]
type=server
address=192.168.100.23
port=3306
protocol=MariaDBBackend

[server2]
type=server
address=192.168.100.20
port=3306
protocol=MariaDBBackend


[Galera-Monitor]
type=monitor
module=galeramon
servers=server1, server2
user=maxscale
password=1
monitor_interval=2000ms

[Splitter-Service]
type=service
router=readwritesplit
servers=server1,server2
user=maxscale
password=1

[Splitter-Listener]
type=listener
service=Splitter-Service
protocol=MariaDBClient
port=3306

# Monitor for the servers
#
# This will keep MaxScale aware of the state of the servers.
# MariaDB Monitor documentation:
# https://mariadb.com/kb/en/mariadb-maxscale-24-mariadb-monitor/


# Service definitions
#
# Service Definition for a read-only service and
# a read/write splitting service.
#

# ReadConnRoute documentation:

 

 

maxscale 기동

[root@jeong etc]# groupadd maxscale
[root@jeong etc]# useradd -g maxscale maxscale
[root@jeong etc]# chown -R maxscale.maxscale /maxscale

[root@jeong etc]# /maxscale/bin/maxscale --basedir=/maxscale --user=maxscale

 

 

maxscale Rest API 사용을 위한 자체 서명 인증서(SSC)생성 

## 인증자의  인증서와  키  생성  :
mkdir /etc/certs 
cd /etc/certs/


[root@jeong certs]# openssl genrsa 2048 > ca-key.pem
Generating RSA private key, 2048 bit long modulus
..............................................................................................................................................+++
..................................+++
e is 65537 (0x10001)


[root@jeong certs]# openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ca.localhost
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:korea
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:ca
State or Province Name (full name) []:localhost
Locality Name (eg, city) [Default City]:seoul
Organization Name (eg, company) [Default Company Ltd]:goodus
Organizational Unit Name (eg, section) []:kim
Common Name (eg, your name or your server's hostname) []:maxscale
Email Address []:gkdlwpdwl@gmail.com



## MaxScale 인증서  생성:
[root@jeong certs]# openssl req -newkey rsa:2048 -nodes -days 365000    -keyout server-key.pem    -out server-req.pem
Generating a 2048 bit RSA private key
.........+++
.......................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:korea
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:ko
State or Province Name (full name) []:korea
Locality Name (eg, city) [Default City]:seoul
Organization Name (eg, company) [Default Company Ltd]:goodus
Organizational Unit Name (eg, section) []:kim
Common Name (eg, your name or your server's hostname) []:maxscale
Email Address []:goosdus@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:goodus
An optional company name []:goodus


[root@jeong certs]# CN=localhost


[root@jeong certs]# openssl x509 -req -days 365000 -set_serial 01 -in server-req.pem -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
Signature ok
subject=/C=ko/ST=korea/L=seoul/O=goodus/OU=kim/CN=maxscale/emailAddress=goosdus@gmail.com
Getting CA Private Key


## 클라이언트  인증서  생성:
[root@jeong certs]# openssl req -newkey rsa:2048 -nodes -days 365000    -keyout client-key.pem    -out client-req.pem
Generating a 2048 bit RSA private key
........+++
..................................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ko
State or Province Name (full name) []:korea
Locality Name (eg, city) [Default City]:seoul
Organization Name (eg, company) [Default Company Ltd]:goodusd
Organizational Unit Name (eg, section) []:kim
Common Name (eg, your name or your server's hostname) []:maxscale
Email Address []:goodus@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:goodus
An optional company name []:goodus


[root@jeong certs]# CN=client.localhost

openssl x509 -req -days 365000 -set_serial 01   -in client-req.pem    -out client-cert.pem    -CA ca-cert.pem    - CAkey ca-key.pem



## 생성된  인증서  검증:
[root@jeong certs]# openssl verify -CAfile ca-cert.pem    ca-cert.pem    server-cert.pem
ca-cert.pem: OK
server-cert.pem: OK


openssl verify -CAfile ca-cert.pem  ca-cert.pem  client-cert.pem


## 새  인증서  적용  및  사용:
chmod +r server-key.pem 
systemctl restart maxscale

 

 

Maxscale GUI 관리자 생성 

MaxGUI에 접근하기 위한 사용자 계정을 만듭니다.
[root@jeong ~]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem create user "maxscale_rest_admin" "PASSWORD" --type=admin


[root@jeong ~]# maxctrl --secure --hosts=maxscale1.example.comserver124.labs.mydomain.com:8989 --tls-key=/etc/certs/client-key.pem --tls-cert=/etc/certs/client-cert.pem --tls-ca-cert=/etc/certs/ca-cert.pem list servers
┌─────────┬────────────────┬──────┬─────────────┬─────────┬──────┐
│ Server  │ Address        │ Port │ Connections │ State   │ GTID │
├─────────┼────────────────┼──────┼─────────────┼─────────┼──────┤
│ server1 │ 192.168.100.23 │ 3306 │ 0           │ Running │      │
├─────────┼────────────────┼──────┼─────────────┼─────────┼──────┤
│ server2 │ 192.168.100.20 │ 3306 │ 0           │ Running │      │
└─────────┴────────────────┴──────┴─────────────┴─────────┴──────┘

 

 

 https://(도메인or ip):8989

admin user 생성할때 만든 id, pw 입력

 

 

 parameter 설정

 

server1 설정

 

 server2 설정

 

status가 Running상태 확인

 

 

 

참고

 

https://yunhyeonglee.tistory.com/57

 

[Maria] Maxscale GUI 설치

MariaDB MaxScale은 MariaDB 서버의 고가용성, 확장성 및 보안을 확장하는 동시에 기본 데이터베이스 인프라에서 분리하여 애플리케이션 개발을 단순화하는 데이터베이스 프록시입니다. read / write 분

yunhyeonglee.tistory.com

저작자표시

'DataBase > MySQL & MariaDB' 카테고리의 다른 글

[MySQL - 4node MHA 구축 & failover테스트] part 2.  (0) 2022.07.30
[MySQL - 4node MHA 구축] part 1.  (0) 2022.07.30
[MariaDB - Galera Cluster & ProxySQL read/write split]  (0) 2022.07.30
[MySQL - NCP & OCI 이기종 플랫폼] part 2. 무중단 이관  (0) 2022.07.30
[MySQL - NCP & OCI 이기종 플랫폼] part 1. Replication  (0) 2022.07.30
DataBase/MySQL & MariaDB 관련 글
더 보기

티스토리툴바