On-prem MySQL 8 Replicate to RDS
Scenario
- 版本資訊
- 地端 MySQL 8.0.37 on Ubuntu 24.04 (使用預設安裝方式)
- AWS RDS for MySQL 8.0.35
- 將地端的 MySQL 8 以原生 replication 功能,複寫至 AWS RDS 的 MySQL 8 slave 資料庫中
- 地端 MySQL 使用者,驗證方式預設採用
caching_sha2_password - 因 AWS RDS for MySQL 8 預設仍使用
mysql_native_password驗證,建立複寫會失敗 - 建立帳號需使用
mysql_native_password方式建立,或於建立後,將其調整為mysql_native_password驗證方式
- 地端 MySQL 使用者,驗證方式預設採用
- 本案例以 EC2 模擬地端 MySQL master 資料庫,複寫資料庫到 RDS 的 slave 資料庫中
- 確保 EC2 可連線到 RDS 主機
流程與說明
執行步驟
安裝設定地端 Master MySQL 8
安裝 Master MySQL 8
安裝 MySQL 8,預設 Ubuntu 24.04 repo 就有,可直接使用
1sudo apt update2sudo apt install mysql-server -y3sudo systemctl enable mysql4sudo systemctl start mysql5# (Optional) 設定密碼,正式環境一定要設定6sudo mysql_secure_installation設定 Master MySQL 8
設定 MySQL 8 設定檔成 Master,修改設定檔中相關設定值
- binlog_do_db 與 binlog_ignore_db 參數通常二選一
- binlog_do_db:要複寫的資料庫,沒指定預設為全部資料庫都複寫
- binlog_ignore_db:要忽略複寫的資料庫,沒指定預設為全部資料庫都不排除
- 多個資料庫記錄方法如下範例
1# 只有 lab1 與 lab2 資料庫要複寫,其他不會同步2binlog_do_db = lab13binlog_do_db = lab24
5# 只有 lab1 與 lab2 資料庫不要複寫,其他會同步6binlog_ignore_db = lab17binlog_ignore_db = lab2以下為完整設定範例,可依照需求自行調整
1# * Basic Settings2server-id = 1013auto-increment-increment = 24auto-increment-offset = 25# bind external address6bind-address = 0.0.0.07# log-bin enable8log_bin = /var/log/mysql/mysql-bin.log9expire_logs_days = 310max_binlog_size = 100M11binlog_format = mixed12# 以下請自行選用調整13binlog_do_db = dbo14# binlog_ignore_db = lab2設定完成後,重啟動 MySQL 服務
1sudo systemctl restart mysql可發現預設使用 caching_sha2_password 進行驗證
1show variables like 'default_authentication_plugin';2+-------------------------------+-----------------------+3| Variable_name | Value |4+-------------------------------+-----------------------+5| default_authentication_plugin | caching_sha2_password |6+-------------------------------+-----------------------+71 row in set (0.00 sec)建立 Master MySQL 8 複寫帳號
- 建立複寫專用帳號
%可替換成指定來源 ip 以增加安全性replicator可替換其他帳號replicatorpass可替換其他密碼- 使用
mysql_native_password驗證方式建立帳號
- 設定帳號複寫權限:
REPLICATION CLIENT與REPLICATION SLAVE
1CREATE USER 'replicator'@'%' IDENTIFIED WITH mysql_native_password BY 'replicatorpass';2GRANT REPLICATION CLIENT, REPLICATION SLAVE ON *.* TO 'replicator'@'%';3FLUSH PRIVILEGES;建立 Slave RDS for MySQL 8
使用 AWS GUI 介面進襲操作建立,並確定能使用 EC2 主機連線到 RDS 主機即可
資料搬遷
將 EC2 中資料庫匯出,如果沒有資料可使用 MySQL 官方範例資料庫,匯出前請進行以下操作
鎖定 Master MySQL 資料庫
1FLUSH TABLES WITH READ LOCK;2SET GLOBAL read_only = ON;確認 binlog 狀態資訊
將 File、Position 資訊記錄下來,供後續使用,同時確定 Binlog_Do_DB 是否正確
1SHOW MASTER STATUS\G;;2
3# 預期結果4*************************** 1. row ***************************5 File: mysql-bin.0000016 Position: 17237 Binlog_Do_DB: dbo8 Binlog_Ignore_DB:9Executed_Gtid_Set:101 row in set (0.00 sec)資料匯出匯入
- 將欲同步資料庫進行匯出,可使用官方提供之指令,或使用其他工具匯出均可
- 接著把匯出資料匯入到 RDS for MySQL 中,使用指令或其他第三方工具均可
解除鎖定 Master MySQL 資料庫
1SET GLOBAL read_only = OFF;2UNLOCK TABLES;設定 RDS replication
將前面 SHOW MASTER STATUS 取得之資訊填入 RDS for MySQL 的指令中
master_host為主機之 ip 或 domain name- 更多關於 RDS for MySQL 設定參數可參考此官方文件
1CALL mysql.rds_set_external_master ('master_host', 3306, 'replicator', 'replicatorpass', 'mysql-bin.000001', 1723, 0);2CALL mysql.rds_start_replication;3+-----------------------------------------------------+4| Message |5+-----------------------------------------------------+6| Replication started. Slave is now running normally. |7+-----------------------------------------------------+81 row in set (3.02 sec)確認 replication 狀態與疑難排解
確認同步成功狀態
連線到 Slave 資料庫(RDS for MySQL),輸入 SHOW SLAVE STATUS\G; 指令,可確認同步狀態
- 其中
Slave_IO_Running與Slave_SQL_Running狀態均要為Yes - 且
Last_Error與Last_IO_Error皆為空值 - 留意
Read_Master_Log_Pos、Exec_Master_Log_Pos與Relay_Log_Pos數值
1SHOW SLAVE STATUS\G;2*************************** 1. row ***************************3 Slave_IO_State: Waiting for master to send event4 Master_Host: 10.250.1.415 Master_User: replicator6 Master_Port: 33067 Connect_Retry: 608 Master_Log_File: mysql-bin.0000019 Read_Master_Log_Pos: 319910 Relay_Log_File: relaylog.00001711 Relay_Log_Pos: 32612 Relay_Master_Log_File: mysql-bin.00000113 Slave_IO_Running: Yes14 Slave_SQL_Running: Yes15 Replicate_Do_DB:16 Replicate_Ignore_DB:17 Replicate_Do_Table:18 Replicate_Ignore_Table: innodb_memcache.cache_policies,innodb_memcache.config_options,mysql.plugin,mysql.rds_configuration,mysql.rds_history,mysql.rds_monitor,mysql.rds_replication_status,mysql.rds_sysinfo,mysql.rds_upgrade_prechecks19 Replicate_Wild_Do_Table:20 Replicate_Wild_Ignore_Table:21 Last_Errno: 022 Last_Error:23 Skip_Counter: 024 Exec_Master_Log_Pos: 319925 Relay_Log_Space: 90126 Until_Condition: None27 Until_Log_File:28 Until_Log_Pos: 029 Master_SSL_Allowed: No30 Master_SSL_CA_File:31 Master_SSL_CA_Path:32 Master_SSL_Cert:33 Master_SSL_Cipher:34 Master_SSL_Key:35 Seconds_Behind_Master: 036Master_SSL_Verify_Server_Cert: No37 Last_IO_Errno: 038 Last_IO_Error:39 Last_SQL_Errno: 040 Last_SQL_Error:41 Replicate_Ignore_Server_Ids:42 Master_Server_Id: 10143 Master_UUID: fbba8d94-4e28-11ef-b9c6-06b99b39a34d44 Master_Info_File: mysql.slave_master_info45 SQL_Delay: 046 SQL_Remaining_Delay: NULL47 Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates48 Master_Retry_Count: 8640049 Master_Bind:50 Last_IO_Error_Timestamp:51 Last_SQL_Error_Timestamp:52 Master_SSL_Crl:53 Master_SSL_Crlpath:54 Retrieved_Gtid_Set:55 Executed_Gtid_Set:56 Auto_Position: 057 Replicate_Rewrite_DB:58 Channel_Name:59 Master_TLS_Version:60 Master_public_key_path:61 Get_master_public_key: 062 Network_Namespace:631 row in set, 1 warning (0.00 sec)- 測試新增一些資料,除了確認資料表同步外,可輸入
SHOW SLAVE STATUS\G;確認同步是否成功 - 可發現
Read_Master_Log_Pos、Exec_Master_Log_Pos與Relay_Log_Pos數值會隨之更新
1mysql> SHOW SLAVE STATUS\G;2*************************** 1. row ***************************3 Slave_IO_State: Waiting for master to send event4 Master_Host: 10.250.1.415 Master_User: replicator6 Master_Port: 33067 Connect_Retry: 608 Master_Log_File: mysql-bin.0000019 Read_Master_Log_Pos: 356710 Relay_Log_File: relaylog.00001711 Relay_Log_Pos: 69412 Relay_Master_Log_File: mysql-bin.00000113 Slave_IO_Running: Yes14 Slave_SQL_Running: Yes15 Replicate_Do_DB:16 Replicate_Ignore_DB:17 Replicate_Do_Table:18 Replicate_Ignore_Table: innodb_memcache.cache_policies,innodb_memcache.config_options,mysql.plugin,mysql.rds_configuration,mysql.rds_history,mysql.rds_monitor,mysql.rds_replication_status,mysql.rds_sysinfo,mysql.rds_upgrade_prechecks19 Replicate_Wild_Do_Table:20 Replicate_Wild_Ignore_Table:21 Last_Errno: 022 Last_Error:23 Skip_Counter: 024 Exec_Master_Log_Pos: 356725 Relay_Log_Space: 126926 Until_Condition: None27 Until_Log_File:28 Until_Log_Pos: 029 Master_SSL_Allowed: No30 Master_SSL_CA_File:31 Master_SSL_CA_Path:32 Master_SSL_Cert:33 Master_SSL_Cipher:34 Master_SSL_Key:35 Seconds_Behind_Master: 036Master_SSL_Verify_Server_Cert: No37 Last_IO_Errno: 038 Last_IO_Error:39 Last_SQL_Errno: 040 Last_SQL_Error:41 Replicate_Ignore_Server_Ids:42 Master_Server_Id: 10143 Master_UUID: fbba8d94-4e28-11ef-b9c6-06b99b39a34d44 Master_Info_File: mysql.slave_master_info45 SQL_Delay: 046 SQL_Remaining_Delay: NULL47 Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates48 Master_Retry_Count: 8640049 Master_Bind:50 Last_IO_Error_Timestamp:51 Last_SQL_Error_Timestamp:52 Master_SSL_Crl:53 Master_SSL_Crlpath:54 Retrieved_Gtid_Set:55 Executed_Gtid_Set:56 Auto_Position: 057 Replicate_Rewrite_DB:58 Channel_Name:59 Master_TLS_Version:60 Master_public_key_path:61 Get_master_public_key: 062 Network_Namespace:631 row in set, 1 warning (0.01 sec)疑難排解
Authentication requires secure connection
- 出現
Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.錯誤
1mysql> SHOW SLAVE STATUS\G;2*************************** 1. row ***************************3 Slave_IO_State: Connecting to master4 Master_Host: 10.250.1.415 Master_User: replicator6 Master_Port: 33067 Connect_Retry: 608 Master_Log_File: mysql-bin.0000019 Read_Master_Log_Pos: 172310 Relay_Log_File: relaylog.00000111 Relay_Log_Pos: 412 Relay_Master_Log_File: mysql-bin.00000113 Slave_IO_Running: Connecting14 Slave_SQL_Running: Yes15 Replicate_Do_DB:16 Replicate_Ignore_DB:17 Replicate_Do_Table:18 Replicate_Ignore_Table: innodb_memcache.cache_policies,innodb_memcache.config_options,mysql.plugin,mysql.rds_configuration,mysql.rds_history,mysql.rds_monitor,mysql.rds_replication_status,mysql.rds_sysinfo,mysql.rds_upgrade_prechecks19 Replicate_Wild_Do_Table:20 Replicate_Wild_Ignore_Table:21 Last_Errno: 022 Last_Error:23 Skip_Counter: 024 Exec_Master_Log_Pos: 172325 Relay_Log_Space: 198426 Until_Condition: None27 Until_Log_File:28 Until_Log_Pos: 029 Master_SSL_Allowed: No30 Master_SSL_CA_File:31 Master_SSL_CA_Path:32 Master_SSL_Cert:33 Master_SSL_Cipher:34 Master_SSL_Key:35 Seconds_Behind_Master: NULL36Master_SSL_Verify_Server_Cert: No37 Last_IO_Errno: 206138 Last_IO_Error: Error connecting to source '[email protected]:3306'. This was attempt 1/86400, with a delay of 60 seconds between attempts. Message: Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.39 Last_SQL_Errno: 040 Last_SQL_Error:41 Replicate_Ignore_Server_Ids:42 Master_Server_Id: 043 Master_UUID:44 Master_Info_File: mysql.slave_master_info45 SQL_Delay: 046 SQL_Remaining_Delay: NULL47 Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates48 Master_Retry_Count: 8640049 Master_Bind:50 Last_IO_Error_Timestamp: 240730 07:11:0951 Last_SQL_Error_Timestamp:52 Master_SSL_Crl:53 Master_SSL_Crlpath:54 Retrieved_Gtid_Set:55 Executed_Gtid_Set:56 Auto_Position: 057 Replicate_Rewrite_DB:58 Channel_Name:59 Master_TLS_Version:60 Master_public_key_path:61 Get_master_public_key: 062 Network_Namespace:631 row in set, 1 warning (0.00 sec)- 可以發現
replicator帳號使用caching_sha2_password驗證
1SELECT user, host, plugin FROM mysql.user;2+------------------+-----------+-----------------------+3| user | host | plugin |4+------------------+-----------+-----------------------+5| admin | % | caching_sha2_password |6| replicator | % | caching_sha2_password |7| debian-sys-maint | localhost | caching_sha2_password |8| mysql.infoschema | localhost | caching_sha2_password |9| mysql.session | localhost | caching_sha2_password |10| mysql.sys | localhost | caching_sha2_password |11| root | localhost | auth_socket |12+------------------+-----------+-----------------------+137 rows in set (0.00 sec)- 使用以下指令調整複寫用帳號驗證方式,接著確認生效狀態即可
1ALTER USER 'replicator'@'%' IDENTIFIED WITH mysql_native_password BY 'replicatorpass';2SELECT user, host, plugin FROM mysql.user;3+------------------+-----------+-----------------------+4| user | host | plugin |5+------------------+-----------+-----------------------+6| admin | % | caching_sha2_password |7| replicator | % | mysql_native_password |8| debian-sys-maint | localhost | caching_sha2_password |9| mysql.infoschema | localhost | caching_sha2_password |10| mysql.session | localhost | caching_sha2_password |11| mysql.sys | localhost | caching_sha2_password |12| root | localhost | auth_socket |13+------------------+-----------+-----------------------+147 rows in set (0.00 sec)參考資料
- Configuring RDS for MySQL binary logging
- Amazon RDS for MySQL 8.0のデフォルト認証プラグインはmysql_native_password
- Configuring binary log file position replication with an external source instance
- Replication between On-Premise MySQL and MySQL on AWS RDS
- How to Install MySQL on Ubuntu 24.04
- MySQL 8 create new user with password not working