Tag Archives: Replication

Secure MySQL Replication over SSL

MySQL is a popular open-source relational-database management system. One of its core features is replication, and in this article I will be showing how to configure a master and slave MySQL instance, and then configure replication from master to slave over SSL. Encryption will help protect the replication from snooping. This type of replication has many uses, for example: disaster-recovery scenarios whereby the slave can be switched to a master role in the case of a master outage, for performance where all reads can take place on the slave with writes and updates occurring on the master, and so on. Replication can be configured without encryption, but encrypting with SSL is preferred as part of a defence-in-depth strategy - it’s an extra layer of security.

This article already presumes a good working knowledge of MySQL. The master server is centosa with IP address 10.1.1.150, and is running a minimal installation of CentOS 6.4 x86_64. The slave, centosb, is running the same OS and has IP address 10.1.1.151. MySQL will be installed from the latest current stable RPMs available at dev.mysql.com, rather than using the upstream versions. The latest stable version available at the time of writing is 5.6.14.

This article will cover the configuration of an SSL-encrypted replicated environment from scratch - it does not cover the migration of an existing replicated configuration to an SSL-encrypted replicated configuration, or the migration of any existing data to a new slave.

Continue reading

OpenDJ: Installation and Multi-Master Replication Configuration

OpenDJ is a fork of the OpenDS directory server, with OpenDS originally being developed by Sun. Sun went its own way with JDS, and OpenDS was developed for a while by the community. ForgeRock came along and forked the stale project off (the last OpenDS release was back in 2010) and have been actively developing and since then have been releasing builds as OpenDJ. OpenDJ forms part of the complete ForgeRock open-identity stack, fully supported, and is a very viable alternative to the Sun/Oracle IDM stack. OpenDS, and therefore OpenDJ, are pure Java implementations.

In this article, I will install and configure OpenDJ on two nodes running Oracle Enterprise Linux 5.7 x86_64. OpenDJ will be configured with multi-master replication between both nodes. The same procedure should work on any RHEL 5.x or 6.x derivative. Node names are foo-0001prjenv and foo-0002prjenv.

You should obtain the latest versions of all software for your platform.

Continue reading

OpenLDAP Multi-Master Replication

This article will cover the installation of two OpenLDAP instances on different nodes. OpenLDAP will be configured to provide multi-master replication. Writes should still be sent to a single server, but both can be used for directory reads. In the event of failure of the write node, a load balancer or similar solution could fail writes over to the other node. OpenLDAP multi-master replication to me doesn’t seem like true multi-master replication, rather an active-active read LDAP database with hot standby of a write database. In this author’s opinion, (Oracle) Sun JDS and Forgerock OpenDJ offer far superior replication abilities.

This article will not cover OpenLDAP basics which you can already find within the administration guide available from OpenLDAP. Review the documentation available there before proceeding with this tutorial.

Continue reading