mysql - 如何启用从RDS(主)到现场数据库(从)的ssl mysql复制

Question

我一直致力于保护从亚马逊 RDS 到现场 mysql 从站的复制。复制工作正常，但当我启用 ssl 时它停止工作:

mysql> show slave status\G
*************************** 1. row ***************************
               Slave_IO_State: Connecting to master
                  Master_Host: xxxxxxxxxx.eu-west-1.rds.amazonaws.com
                  Master_User: replication
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin-changelog.007011
          Read_Master_Log_Pos: 13376
               Relay_Log_File: mysqld-relay-bin.000001
                Relay_Log_Pos: 4
        Relay_Master_Log_File: mysql-bin-changelog.007011
             Slave_IO_Running: Connecting
            Slave_SQL_Running: Yes
              Replicate_Do_DB: xxxxxxxxxxxxxx
          Replicate_Ignore_DB:
           Replicate_Do_Table:
       Replicate_Ignore_Table:
      Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
                   Last_Errno: 0
                   Last_Error:
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 13376
              Relay_Log_Space: 120
              Until_Condition: None
               Until_Log_File:
                Until_Log_Pos: 0
           Master_SSL_Allowed: Yes
           Master_SSL_CA_File: /root/certs/rds-combined-ca-bundle.pem
           Master_SSL_CA_Path:
              Master_SSL_Cert:
            Master_SSL_Cipher: AES256-SHA
               Master_SSL_Key:
        Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: Yes
                Last_IO_Errno: 2026
                Last_IO_Error: error connecting to master 'replication@XXXXXXXXXXXXXXXXX.rds.amazonaws.com:3306' - retry-time: 60  retries: 1
               Last_SQL_Errno: 0
               Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
             Master_Server_Id: 281884152
                  Master_UUID: 83d90eda-382e-11e5-bbe0-0a282ae67ab1
             Master_Info_File: /var/lib/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for the slave I/O thread to update it
           Master_Retry_Count: 86400
                  Master_Bind:
      Last_IO_Error_Timestamp: 150825 17:04:05
     Last_SQL_Error_Timestamp:
               Master_SSL_Crl:
           Master_SSL_Crlpath:
           Retrieved_Gtid_Set:
            Executed_Gtid_Set:
                Auto_Position: 0
1 row in set (0.00 sec)

使用同一台机器/证书连接到 mysql 服务器:

mysql@MySQLBackup:~/certs# mysql -u replication -p -hxxxxxxx.eu-west-1.rds.amazonaws.com --ssl-ca /root/certs/rds-combined-ca-bundle.pem --ssl-verify-server-cert
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 601
Server version: 5.6.23-log MySQL Community Server (GPL)

Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> exit

有人可以在这里提供一些指导吗？

提前致谢!

，问候

Answer 1

在 mysql 进程上运行 strace 后，我看到了错误。 Mysql 没有权限读取该文件.. sorr