Score:0

MySQL 8 replication via non-ssl connecion

us flag

I'm trying to setup tiny master-slave environment with percona-server-server.x86_64-8.0.27-18.1.el8.

A plan is to use non-ssl connections between the nodes as the servers will communicate in the LAN only. But following error is received on slaves:

error connecting to master '[email protected]:3306' - retry-time: 60 retries: 3 message: SSL connection error: SSL is required but the server doesn't support it

Latest mysql.cnf on both nodes:

[mysqld]

port = 3306
bind-address = 0.0.0.0
datadir = /var/lib/mysql
socket = /var/run/mysql/mysql.sock
pid-file = /var/run/mysql/mysql.pid
tmpdir = /var/tmp/mysql
# User is ignored when systemd is used (fedora >= 15).
user = mysql
# adding this to allow replication w/o ssl
default_authentication_plugin = mysql_native_password
# disable ssl
ssl = 0

##
# Logging configuration.
##
log-error = /var/log/mysql/mysqld.err

##
# Replication
##
server-id = 1
report_host = hv3-db1
gtid_mode = on
enforce-gtid-consistency = on
sync_binlog         = 1
log_bin             = /var/lib/mysql/mysql-bin
log_bin_index       = /var/lib/mysql/mysql-bin.index
binlog_expire_logs_seconds    = 864000
max_binlog_size     = 100M
log_replica_updates   = 1

##
# Memory settings.
##
key_buffer_size = 256M
max_allowed_packet = 128M
table_open_cache = 256
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
max_connections = 151
tmp_table_size = 64M
max_heap_table_size = 64M
join_buffer_size = 3M

##
# Other settings.
##
wait_timeout = 1800
# Disabling symbolic-links is recommended to prevent assorted security risks
skip-symbolic-links = 1
net_read_timeout = 120
skip-name-resolve
back_log = 100
max_connect_errors = 10000
open-files-limit = 20000
interactive_timeout = 3600
connect_timeout = 120
explicit_defaults_for_timestamp = True

##
# InnoDB settings
##
innodb_buffer_pool_size = 50G
innodb_log_buffer_size = 1M
innodb_flush_method = O_DIRECT
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 2
innodb_lock_wait_timeout = 600
innodb_adaptive_hash_index = off
innodb_fill_factor = 50
innodb_log_file_size = 2G
# Move logs on separate directory/partition
innodb_undo_directory = /var/tmp/mysql
innodb_log_group_home_dir = /var/tmp/mysql

Replica is started with following command:

CHANGE REPLICATION SOURCE TO  SOURCE_HOST = '192.168.3.100', SOURCE_PORT = 3306, SOURCE_USER = 'replica', SOURCE_PASSWORD = 'xxx', SOURCE_AUTO_POSITION = 1, SOURCE_SSL=0;

Have you an idea how to fix the issue?

drookie avatar
za flag
I’d say - from what I see - the replica in fact was not started with ssl requirement switched off.
varas avatar
us flag
I understand that also, but question still exists - how to do it?
varas avatar
us flag
I've also added ```require_secure_transport=OFF``` to the config, but it does not help.
Score:0
us flag
mysql_ssl_rsa_setup --uid=mysql

Solved an issue, it seems ssl certificates should exists for mysql 8 even if you do not use them in replication.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.