MariaDB配置手册

1) 安装MariaDB v10.3
[root@srv1 ~]# yum install yum-plugin-priorities centos-release-scl-rh centos-release-scl -y

[root@srv1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv1 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv1 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv1 ~]# yum --enablerepo=centos-sclo-rh install rh-mariadb103-mariadb-server  -y

2) 加载MariaDB v10.3的shell环境
[root@srv1 ~]# scl enable rh-mariadb103 bash
[root@srv1 ~]# mysql -V
mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using  EditLine wrapper

[root@srv1 ~]# vim /etc/profile.d/mariadb103.sh
#! /bin/bash

source /opt/rh/rh-mariadb103/enable
export X_SCLS="`scl enable rh-mariadb103 'echo $X_SCLS'`"

[root@srv1 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 于[mysqld]最尾部追加如下内容:
character-set-server=utf8

# 如需往后做Galera Cluster请在此进行快照

[root@srv1 ~]# systemctl enable --now rh-mariadb103-mariadb

3) 初始化MariaDB v10.3
[root@srv1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):      # 回车
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y     # 设置root密码
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y     # 移除anonymous账户
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y     # 禁用root远程登录
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y     # 移除test数据库
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y     # 重新加载privilege
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

4) 测试MariaDB连接
[root@srv1 ~]# mysql -u root -p
Enter password:     # 输入MariaDB的管理员密码
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host      | password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| root | 127.0.0.1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| root | ::1       | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> exit
Bye
[root@srv1 ~]#

5) 防火墙规则设定
[root@srv1 ~]# firewall-cmd --add-service=mysql --permanent
success
[root@srv1 ~]# firewall-cmd --reload
success

1) 安装MariaBackup
[root@srv1 ~]# yum --enablerepo=centos-sclo-rh install rh-mariadb103-mariadb-backup -y

2) 备份MariaDB
[root@srv1 ~]# mkdir /mnt/db_backup
[root@srv1 ~]# mariabackup --backup --target-dir /mnt/db_backup -u root -p 123456
[00] 2021-05-18 14:49:49 Connecting to MySQL server host: localhost, user: root, password: set, port: not set, socket: not set
[00] 2021-05-18 14:49:49 Using server version 10.3.27-MariaDB
mariabackup based on MariaDB server 10.3.27-MariaDB Linux (x86_64)
[00] 2021-05-18 14:49:49 uses posix_fadvise().
[00] 2021-05-18 14:49:49 cd to /var/opt/rh/rh-mariadb103/lib/mysql/
[00] 2021-05-18 14:49:49 open files limit requested 0, set to 1024
[00] 2021-05-18 14:49:49 mariabackup: using the following InnoDB configuration:
[00] 2021-05-18 14:49:49 innodb_data_home_dir = 
[00] 2021-05-18 14:49:49 innodb_data_file_path = ibdata1:12M:autoextend
[00] 2021-05-18 14:49:49 innodb_log_group_home_dir = ./
[00] 2021-05-18 14:49:49 InnoDB: Using Linux native AIO
2021-05-18 14:49:49 0 [Note] InnoDB: Number of pools: 1
[00] 2021-05-18 14:49:49 mariabackup: Generating a list of tablespaces
2021-05-18 14:49:49 0 [Warning] InnoDB: Allocated tablespace ID 2 for mysql/innodb_index_stats, old maximum was 0
[00] 2021-05-18 14:49:49 >> log scanned up to (1625628)
[01] 2021-05-18 14:49:49 Copying ibdata1 to /mnt/db_backup/ibdata1
[01] 2021-05-18 14:49:49         ...done
......
......
......
......
......
......
[00] 2021-05-18 14:49:51 Redo log (from LSN 1625619 to 1625628) was copied.
[00] 2021-05-18 14:49:51 completed OK!

[root@srv1 ~]# ll /mnt/db_backup/
total 12336
-rw-r----- 1 root root    16384 May 18 14:49 aria_log.00000001
-rw-r----- 1 root root       52 May 18 14:49 aria_log_control
-rw-r----- 1 root root      324 May 18 14:49 backup-my.cnf
-rw-r----- 1 root root      972 May 18 14:49 ib_buffer_pool
-rw-r----- 1 root root 12582912 May 18 14:49 ibdata1
-rw-r----- 1 root root     2560 May 18 14:49 ib_logfile0
drwx------ 2 root root     4096 May 18 14:49 mysql
drwx------ 2 root root     4096 May 18 14:49 performance_schema
-rw-r----- 1 root root       77 May 18 14:49 xtrabackup_checkpoints
-rw-r----- 1 root root      438 May 18 14:49 xtrabackup_info

[root@srv1 ~]# cd /mnt
[root@srv1 mnt]# tar cfz db_backup.tgz db_backup
[root@srv1 ~]# cd

3) 恢复MariaDB
(1) 停止MariaDB并移除现有数据
[root@srv1 ~]# systemctl stop rh-mariadb103-mariadb
[root@srv1 ~]# rm -rf /var/opt/rh/rh-mariadb103/lib/mysql/*

(2) 将备份文件复制到本地设备
[root@srv1 ~]# tar xfz  db_backup.tgz -C /mnt

(3) 恢复数据库前的准备
[root@srv1 ~]# mariabackup --prepare --target-dir /mnt/db_backup
mariabackup based on MariaDB server 10.3.27-MariaDB Linux (x86_64)
[00] 2021-05-18 14:51:55 cd to /mnt/db_backup/
[00] 2021-05-18 14:51:55 This target seems to be not prepared yet.
[00] 2021-05-18 14:51:55 mariabackup: using the following InnoDB configuration for recovery:
[00] 2021-05-18 14:51:55 innodb_data_home_dir = .
[00] 2021-05-18 14:51:55 innodb_data_file_path = ibdata1:12M:autoextend
[00] 2021-05-18 14:51:55 innodb_log_group_home_dir = .
[00] 2021-05-18 14:51:55 InnoDB: Using Linux native AIO
[00] 2021-05-18 14:51:55 Starting InnoDB instance for recovery.
[00] 2021-05-18 14:51:55 mariabackup: Using 104857600 bytes for buffer pool (set by --use-memory parameter)
2021-05-18 14:51:55 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2021-05-18 14:51:55 0 [Note] InnoDB: Uses event mutexes
2021-05-18 14:51:55 0 [Note] InnoDB: Compressed tables use zlib 1.2.7
2021-05-18 14:51:55 0 [Note] InnoDB: Number of pools: 1
2021-05-18 14:51:55 0 [Note] InnoDB: Using SSE2 crc32 instructions
2021-05-18 14:51:55 0 [Note] InnoDB: Initializing buffer pool, total size = 100M, instances = 1, chunk size = 100M
2021-05-18 14:51:55 0 [Note] InnoDB: Completed initialization of buffer pool
2021-05-18 14:51:55 0 [Note] InnoDB: page_cleaner coordinator priority: -20
2021-05-18 14:51:55 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=1625619
[00] 2021-05-18 14:51:55 Last binlog file , position 0
[00] 2021-05-18 14:51:56 completed OK!    # 出现Completed OK则下一步

(4) 恢复数据库
[root@srv1 ~]# mariabackup --copy-back --target-dir /mnt/db_backup
mariabackup based on MariaDB server 10.3.27-MariaDB Linux (x86_64)[01] 2021-05-18 14:52:19 Copying ibdata1 to /var/opt/rh/rh-mariadb103/lib/mysql/ibdata1
[01] 2021-05-18 14:52:19         ...done
[01] 2021-05-18 14:52:19 Copying ./ib_buffer_pool to /var/opt/rh/rh-mariadb103/lib/mysql/ib_buffer_pool
[01] 2021-05-18 14:52:19         ...done
[01] 2021-05-18 14:52:19 Copying ./xtrabackup_info to /var/opt/rh/rh-mariadb103/lib/mysql/xtrabackup_info
[01] 2021-05-18 14:52:19         ...done
[01] 2021-05-18 14:52:19 Copying ./mysql/plugin.MYI to /var/opt/rh/rh-mariadb103/lib/mysql/mysql/plugin.MYI
[01] 2021-05-18 14:52:19         ...done
[01] 2021-05-18 14:52:19 Copying ./mysql/innodb_index_stats.ibd to /var/opt/rh/rh-mariadb103/lib/mysql/mysql/innodb_in
dex_stats.ibd
......
......
......
......
......
......
[01] 2021-05-18 14:52:19 Copying ./aria_log_control to /var/opt/rh/rh-mariadb103/lib/mysql/aria_log_control
[01] 2021-05-18 14:52:19         ...done
[00] 2021-05-18 14:52:19 completed OK!

[root@srv1 ~]# chown -R mysql. /var/opt/rh/rh-mariadb103/lib/mysql
[root@srv1 ~]# systemctl start rh-mariadb103-mariadb

1) 安装Apache与php
[root@srv1 ~]# yum  install httpd -y

[root@srv1 ~]# yum install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm -y
[root@srv1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo
[root@srv1 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo
[root@srv1 ~]# yum --enablerepo=remi-safe,epel install php72 php72-php php72-php-pear php72-php-mbstring -y

[root@srv1 ~]# scl enable php72 bash # 加载php环境
[root@srv1 ~]# php -v
PHP 7.2.29 (cli) (built: Mar 17 2020 11:58:47) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

[root@srv1 ~]# cat >> /etc/profile.d/php72.sh << EOF
#! /bin/bash

source /opt/remi/php72/enable
export X_SCLS="`scl enable php72 'echo $X_SCLS'`"
EOF

[root@srv1 ~]# source /etc/profile.d/php72.sh

# 如果存在以前的php配置，请执行以下操作
[root@srv1 ~]# mv /etc/httpd/conf.modules.d/10-php.conf /etc/httpd/conf.modules.d/10-php.conf.bak

[root@srv1 ~]# systemctl enable --now httpd

[root@srv1 ~]# echo '<?php phpinfo(); ?>' > /var/www/html/info.php
[root@srv1 ~]# curl http://localhost/info.php | grep 'PHP Version' | tail -1 | sed -e 's/<[^>]*>//g'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 68643    0 68643    0     0  3032k      0 --:--:-- --:--:-- --:--:-- 3192k
PHP Version 7.2.29

2) 安装phpMyAdmin
[root@srv1 ~]# yum --enablerepo=remi,epel install php72-php-mysql php72-php-mcrypt  -y
[root@srv1 ~]# yum --enablerepo=epel install phpMyAdmin -y

[root@srv1 ~]# vim /etc/httpd/conf.d/phpMyAdmin.conf
修改17行,34行
Require ip 192.168.10.0/24

[root@srv1 ~]# systemctl restart httpd

3) 登录phpMyAdmin
1) 开启浏览器==>输入http://[你的服务器IP地址或FQDN]/phpmyadmin

2) 如下图:


3) 输入数据库的root账户及密码登录后，进入界面

1) 生成SSL证书
[root@srv1 ~]# cd /etc/pki/tls/certs
[root@node1 certs]# make mariadb.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > mariadb.key
Generating RSA private key, 2048 bit long modulus
.........................................................................................+++
..................+++
e is 65537 (0x10001)
Enter pass phrase:                  # 输入口令
Verifying - Enter pass phrase:      # 输入口令

[root@node1 certs]# openssl rsa -in mariadb.key -out mariadb.key
Enter pass phrase for mariadb.key:   # 将私钥的保护口令移除

writing RSA key

[root@node1 certs]# make mariadb.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key mariadb.key -out mariadb.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:1000cc.net
Organizational Unit Name (eg, section) []:tech
Common Name (eg, your name or your server's hostname) []:node1.1000cc.net
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@node1 certs]# openssl x509 -in mariadb.csr -out mariadb.crt -req -signkey mariadb.key -days 3650
Signature ok
subject=/C=CN/ST=BeiJing/L=BeiJing/O=1000cc.net/OU=tech/CN=node1.1000cc.net
Getting Private key

2) 配置MariaDB
[root@node1 ]# cp /etc/pki/tls/certs/mariadb.key /etc/pki/tls/certs/mariadb.crt /etc/pki/tls/certs/ca-bundle.crt /etc/opt/rh/rh-mariadb103/pki/
[root@srv1 ~]# chown mysql. /etc/opt/rh/rh-mariadb103/pki/*

[root@srv1 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 于[mysqld]区段最后追加如下内容
ssl-ca=/etc/opt/rh/rh-mariadb103/pki/ca-bundle.crt
ssl-cert=/etc/opt/rh/rh-mariadb103/pki/mariadb.crt
ssl-key=/etc/opt/rh/rh-mariadb103/pki/mariadb.key

[root@srv1 ~]# systemctl restart rh-mariadb103-mariadb

3) 验证
(1) 验证SSL状态
[root@srv1 ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show variables like '%ssl%'; 
+---------------------+---------------------------------------------+
| Variable_name       | Value                                       |
+---------------------+---------------------------------------------+
| have_openssl        | YES                                         |
| have_ssl            | YES                                         |
| ssl_ca              | /etc/opt/rh/rh-mariadb103/pki/ca-bundle.crt |
| ssl_capath          |                                             |
| ssl_cert            | /etc/opt/rh/rh-mariadb103/pki/mariadb.crt   |
| ssl_cipher          |                                             |
| ssl_crl             |                                             |
| ssl_crlpath         |                                             |
| ssl_key             | /etc/opt/rh/rh-mariadb103/pki/mariadb.key   |
| version_ssl_library | OpenSSL 1.0.2k-fips  26 Jan 2017            |
+---------------------+---------------------------------------------+
10 rows in set (0.002 sec)

MariaDB [(none)]> exit

(2) 使用SSL登录
[root@srv1 ~]# mysql -u root -p --ssl
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show status like 'ssl_cipher';
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| Ssl_cipher    | DHE-RSA-AES256-GCM-SHA384 |
+---------------+---------------------------+
1 row in set (0.01 sec)

# 如果没有使用ssl
[root@srv1 ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.22-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show status like 'ssl_cipher';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Ssl_cipher    |       |
+---------------+-------+
1 row in set (0.01 sec)

4) 指定账户强制使用SSL
[root@srv1 ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

(1) 对新建账户强制使用SSL
MariaDB [(none)]> create user snow identified by 'password' require ssl; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> select user,host,ssl_type from mysql.user;
+--------+-----------+----------+
| user   | host      | ssl_type |
+--------+-----------+----------+
| root   | localhost |          |
| root   | 127.0.0.1 |          |
| root   | ::1       |          |
| thomas | %         |          |
| snow   | %         | ANY      |
+--------+-----------+----------+
5 rows in set (0.00 sec)

(2) 对现有账户强制使用SSL
MariaDB [(none)]> grant usage on *.* to 'thomas'@'%' require ssl; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> select user,host,ssl_type from mysql.user;
+--------+-----------+----------+
| user   | host      | ssl_type |
+--------+-----------+----------+
| root   | localhost |          |
| root   | 127.0.0.1 |          |
| root   | ::1       |          |
| thomas | %         | ANY      |
| snow   | %         | ANY      |
+--------+-----------+----------+
5 rows in set (0.00 sec)

(3) 取消现有账户使用SSL
MariaDB [(none)]> grant usage on *.* to 'thomas'@'%' require none;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> select user,host,ssl_type from mysql.user;
+--------+-----------+----------+
| user   | host      | ssl_type |
+--------+-----------+----------+
| root   | localhost |          |
| root   | 127.0.0.1 |          |
| root   | ::1       |          |
| thomas | %         |          |
| snow   | %         | ANY      |
+--------+-----------+----------+
5 rows in set (0.00 sec)

# 以下指令也可以取消SSL使用
MariaDB [(none)]> ALTER USER 'thomas'@'%' REQUIRE NONE;
Query OK, 0 rows affected (0.00 sec)

1) 配置Master环境
[root@srv1 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 于[server]区段添加如下内容
log-bin=mysql-bin
server-id=100

[root@srv1 ~]# systemctl restart rh-mariadb103-mariadb

[root@srv1 ~]# mysql -u root -p
Enter password:
......
......
# 创建一个账户,密码为password
MariaDB [(none)]> grant replication slave on *.* to replica@'%' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

2) 为Slave节点安装并配置MariDB

3) 配置Slave节点主从复制环境
[root@srv2 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 在[server]区段追加如下内容
log-bin=mysql-bin
# 定义Slave的ID,需要比Mater低
server-id=101
# 定义Slave节点为只读
read_only=1
# 定义Master节点
report-host=srv1.1000y.cloud

[root@node2 ~]# systemctl restart rh-mariadb103-mariadb

4) Dump Master节点数据库
[root@srv1 ~]# mysql -u root -p
Enter password:
......
......
MariaDB [(none)]> flush tables with read lock;    # 锁定所有的表
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> show master status;    # 确认当前数据库状态
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      640 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> exit

[root@srv1 ~]# mysqldump -u root -p --all-databases --lock-all-tables --events > mariadb_dump.sql
Enter password:    # 数据库root账户的密码

[root@srv1 ~]# mysql -u root -p
Enter password:

......
......
MariaDB [(none)]> unlock tables;  # 解锁
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[root@srv1 ~]# scp mariadb_dump.sql root@srv2.1000y.cloud:~
mariadb_dump.sql                             100%  467KB  48.3MB/s   00:00

5) 配置Slave节点
(1) 导入Master数据库
[root@srv2 ~]# mysql -u root -p < ~/mariadb_dump.sql
Enter password:

(2) 配置Slave数据库
[root@srv2 ~]# mysql -u root -p
Enter password: 
......
......
配置Master相关信息及同步信心
MariaDB [(none)]> change master to master_host='192.168.1.11', master_user='replica', master_password='password', master_log_file='mysql-bin.000001', master_log_pos=640;
Query OK, 0 rows affected (0.974 sec)

# 启动slave
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.01 sec)

# 查看状态
MariaDB [(none)]> show slave status\G
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.10.11
                  Master_User: replica
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000001
          Read_Master_Log_Pos: 640
               Relay_Log_File: mariadb-relay-bin.000002
                Relay_Log_Pos: 555
        Relay_Master_Log_File: mysql-bin.000001
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
              Replicate_Do_DB: 
          Replicate_Ignore_DB: 
           Replicate_Do_Table: 
       Replicate_Ignore_Table: 
      Replicate_Wild_Do_Table: 
  Replicate_Wild_Ignore_Table: 
                   Last_Errno: 0
                   Last_Error: 
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 640
              Relay_Log_Space: 866
              Until_Condition: None
               Until_Log_File: 
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File: 
           Master_SSL_CA_Path: 
              Master_SSL_Cert: 
            Master_SSL_Cipher: 
               Master_SSL_Key: 
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
  Replicate_Ignore_Server_Ids: 
             Master_Server_Id: 100
               Master_SSL_Crl: 
           Master_SSL_Crlpath: 
                   Using_Gtid: No
                  Gtid_IO_Pos: 
      Replicate_Do_Domain_Ids: 
  Replicate_Ignore_Domain_Ids: 
                Parallel_Mode: conservative
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for the slave I/O thread to update it
1 row in set (0.00 sec)

1) 推荐采用新的环境并在所有节点上安装并配置完成MariaDB,服务亦启动完毕
(1) 在srv1上安装MariaDB v10.3
[root@srv1 ~]# yum install yum-plugin-priorities centos-release-scl-rh centos-release-scl -y

[root@srv1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv1 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv1 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv1 ~]# yum --enablerepo=centos-sclo-rh install rh-mariadb103-mariadb-server  -y

[root@srv1 ~]# scl enable rh-mariadb103 bash
[root@srv1 ~]# mysql -V
mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using  EditLine wrapper

[root@srv1 ~]# vim /etc/profile.d/mariadb103.sh
#! /bin/bash

source /opt/rh/rh-mariadb103/enable
export X_SCLS="`scl enable rh-mariadb103 'echo $X_SCLS'`"

[root@srv1 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 于[mysqld]最尾部追加如下内容:
character-set-server=utf8

(2) 在srv2上安装MariaDB v10.3
[root@srv2 ~]# yum install yum-plugin-priorities centos-release-scl-rh centos-release-scl -y

[root@srv2 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv2 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv2 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@srv2 ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

[root@srv2 ~]# yum --enablerepo=centos-sclo-rh install rh-mariadb103-mariadb-server -y

[root@srv2 ~]# scl enable rh-mariadb103 bash
[root@srv2 ~]# mysql -V
mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using  EditLine wrapper

[root@srv2 ~]# vim /etc/profile.d/mariadb103.sh
#! /bin/bash

source /opt/rh/rh-mariadb103/enable
export X_SCLS="`scl enable rh-mariadb103 'echo $X_SCLS'`"

[root@srv2 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/mariadb-server.cnf
# 于[mysqld]最尾部追加如下内容:
character-set-server=utf8

2) 在所有节点上安装Galera软件包
[root@srv1 ~]# pssh -h host-list.txt -i 'yum --enablerepo=centos-sclo-rh install rh-mariadb103-mariadb-server-galera -y'

[root@srv1 ~]# pssh -h host-list.txt -i 'firewall-cmd --add-service=mysql --permanent'
[root@srv1 ~]# pssh -h host-list.txt -i 'firewall-cmd --add-port={3306/tcp,4567/tcp,4568/tcp,4444/tcp} --permanent'
[root@srv1 ~]# pssh -h host-list.txt -i 'firewall-cmd --reload'

3) 确认open files的数量
[root@srv1 ~]# ulimit -a | grep "^open files"
open files                      (-n) 1024

[root@srv1 ~]# ulimit -n 65535

[root@srv2 ~]# ulimit -a | grep "^open files"
open files                      (-n) 65535

4) 配置Galera第一个节点相关信息---[srv1举例]
[root@srv1 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/galera.cnf
......
......
# 修改43行，定义集群组名称
wsrep_cluster_name="Galera_Cluster" 

# 取消46行注释，定义集群组成员
wsrep_cluster_address="gcomm://"

# 取消49行注释，定义本地IP
wsrep_node_name="192.168.1.11"

......
......

4) 启动Galera集群
[root@srv1 ~]# galera_new_cluster
[root@srv1 ~]# systemctl enable rh-mariadb103-mariadb

[root@srv1 ~]# netstat -lnatp | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1557/mysqld

[root@srv1 ~]# mysql_secure_installation     # 初始化DB

5) 配置其他Galera集群
[root@srv2 ~]# vim /etc/opt/rh/rh-mariadb103/my.cnf.d/galera.cnf
......
......
# 修改43行，定义集群组名称
wsrep_cluster_name="Galera_Cluster" 

# 取消46行注释，定义集群组成员
wsrep_cluster_address="gcomm://192.168.1.11,192.168.1.12"

# 取消49行注释，定义本地IP
wsrep_node_name="192.168.1.12"

......
......

[root@srv2 ~]# systemctl enable --now rh-mariadb103-mariadb

[root@srv2 ~]# netstat -lnatp | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1561/mysqld

6) 验证Galera集群
[root@srv2 ~]# mysql -u root -p
Enter password: 
......
......
MariaDB [(none)]> show status like 'wsrep_%';
+-------------------------------+--------------------------------------------------+
| Variable_name                 | Value                                            |
+-------------------------------+--------------------------------------------------+
| wsrep_applier_thread_count    | 1                                                |
| wsrep_apply_oooe              | 0.000000                                         |
| wsrep_apply_oool              | 0.000000                                         |
| wsrep_apply_window            | 0.000000                                         |
| wsrep_causal_reads            | 0                                                |
| wsrep_cert_deps_distance      | 0.000000                                         |
| wsrep_cert_index_size         | 0                                                |
| wsrep_cert_interval           | 0.000000                                         |
| wsrep_cluster_conf_id         | 2                                                |
| wsrep_cluster_size            | 2                                                |
| wsrep_cluster_state_uuid      | 8427b7f7-b7ab-11eb-b49e-52925c3520c4             |
| wsrep_cluster_status          | Primary                                          |
| wsrep_cluster_weight          | 2                                                |
| wsrep_commit_oooe             | 0.000000                                         |
| wsrep_commit_oool             | 0.000000                                         |
| wsrep_commit_window           | 0.000000                                         |
| wsrep_connected               | ON                                               |
| wsrep_desync_count            | 0                                                |
| wsrep_evs_delayed             |                                                  |
| wsrep_evs_evict_list          |                                                  |
| wsrep_evs_repl_latency        | 0.000736871/0.000901706/0.00119734/0.000160809/5 |
| wsrep_evs_state               | OPERATIONAL                                      |
| wsrep_flow_control_active     | false                                            |
| wsrep_flow_control_paused     | 0.000000                                         |
| wsrep_flow_control_paused_ns  | 0                                                |
| wsrep_flow_control_recv       | 0                                                |
| wsrep_flow_control_requested  | false                                            |
| wsrep_flow_control_sent       | 0                                                |
| wsrep_gcomm_uuid              | e46410f8-b7ab-11eb-a606-725c961b5f1d             |
| wsrep_gmcast_segment          | 0                                                |
| wsrep_incoming_addresses      | 192.168.1.11:3306,192.168.1.12:3306              |
| wsrep_last_committed          | 3                                                |
| wsrep_local_bf_aborts         | 0                                                |
| wsrep_local_cached_downto     | 18446744073709551615                             |
| wsrep_local_cert_failures     | 0                                                |
| wsrep_local_commits           | 0                                                |
| wsrep_local_index             | 1                                                |
| wsrep_local_recv_queue        | 0                                                |
| wsrep_local_recv_queue_avg    | 0.000000                                         |
| wsrep_local_recv_queue_max    | 1                                                |
| wsrep_local_recv_queue_min    | 0                                                |
| wsrep_local_replays           | 0                                                |
| wsrep_local_send_queue        | 0                                                |
| wsrep_local_send_queue_avg    | 0.333333                                         |
| wsrep_local_send_queue_max    | 2                                                |
| wsrep_local_send_queue_min    | 0                                                |
| wsrep_local_state             | 4                                                |
| wsrep_local_state_comment     | Synced                                           |
| wsrep_local_state_uuid        | 8427b7f7-b7ab-11eb-b49e-52925c3520c4             |
| wsrep_open_connections        | 0                                                |
| wsrep_open_transactions       | 0                                                |
| wsrep_protocol_version        | 9                                                |
| wsrep_provider_name           | Galera                                           |
| wsrep_provider_vendor         | Codership Oy <info@codership.com>                |
| wsrep_provider_version        | 3.31(rXXXX)                                      |
| wsrep_ready                   | ON                                               |
| wsrep_received                | 3                                                |
| wsrep_received_bytes          | 232                                              |
| wsrep_repl_data_bytes         | 0                                                |
| wsrep_repl_keys               | 0                                                |
| wsrep_repl_keys_bytes         | 0                                                |
| wsrep_repl_other_bytes        | 0                                                |
| wsrep_replicated              | 0                                                |
| wsrep_replicated_bytes        | 0                                                |
| wsrep_rollbacker_thread_count | 1                                                |
| wsrep_thread_count            | 2                                                |
+-------------------------------+--------------------------------------------------+
66 rows in set (0.003 sec)