How to setup a Galera MariaDB Cluster
Remove any existing packages:
yum remove maria*
Update:
yum update
Add the official repo for MariaDB by creating the file /etc/yum.repos.d/MariaDB.repo
[mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.1/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
Now install MariaDB:
yum install -y MariaDB-server MariaDB-client MariaDB-compat galera socat jemalloc
Setup MariaDB:
systemctl start mariadb mysql_secure_installation systemctl stop mariadb
To generate the CA certificate:
openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
To generate the server certificate, remove passphrase, and sign it:
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial -1 -out server-cert.pem
(Optional) To generate the client certificate, remove passphrase, and sign it:
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
Edit the file: /etc/my.cnf.d/server.cnf
[sst] encrypt=4 ssl-ca=/etc/pki/ca.pem ssl-cert=/etc/pki/server-cert.pem ssl-key=/etc/pki/server-key.pem [galera] wsrep_on=ON wsrep_provider=/usr/lib64/galera/libgalera_smm.so wsrep_cluster_address='gcomm://a.a.a.a,b.b.b.b,c.c.c.c' wsrep_cluster_name='cluster.name' wsrep_node_address='10.0.0.11' wsrep_node_name='node1' wsrep_sst_method=rsync wsrep_sst_receive_address='x.x.x.x' wsrep_provider_options='socket.ssl_key=/etc/pki/server-key.pem;socket.ssl_cert=/etc/pki/server-cert.pem;socket.ssl_ca=/etc/pki/ca.pem;evs.inactive_timeout=PT45S;evs.install_timeout=PT45S;evs.keepalive_period=PT3S;evs.max_install_timeouts=8;evs.send_window=512;evs.suspect_timeout=PT30S;evs.user_send_window=256;' binlog_format=row default_storage_engine=InnoDB innodb_autoinc_lock_mode=2
In the file above the line “wsrep_sst_receive_address=’x.x.x.x'” is required if any of the nodes are behind a NAT router on private IP addresses, where x.x.x.x is the public IP address of the router. Without this SST donors will try to send snapshot data to the nodes private IP address which will invariably fail.
The “wsrep_provider_options” are tailored to for nodes that talk to each other over a WAN (i.e. the internet). If your nodes are all on the same LAN then you can leave this option out completely – it adjusts some timeout default values to better cope with varying connectivity quality across a WAN.
Start the primary node:
galera_new_cluster
Start the other nodes:
systemctl start mariadb
Login to any of the nodes and check status:
show status like 'wsrep%';