One of the things I’ve been tasked with implementing is support for serving Category 1 data from our MySQL servers.Â Historically, this has been shied away from because of the complexity associated with managing the SSL certificates for all of the potential clients.Â This came up again after I took over.Â There are customers inside the university that want it, but don’t necessarily have the resources to implement MySQL themselves (in a safe and secure manner).Â No biggie.Â The support for it is certainly in the code and we can certainly do it given enough time to implement and test.
As part of the testing, I began using MySQL Sandbox to do the rapid deployment of my test areas.Â This is a sweet piece of software and certainly makes deployment of test environments easy and rapid.Â I ended up with a master->slave setup in a few minutes deployed out of my home directory.Â Easy.Â Next step was to get the certificates made.Â Because this is only a test environment, I made some self-signed ones; no need to purchase any out of the pool that UT has access to if I’m just going to throw them away.
Using the info at https://kb.mysql.com/view.php?id=6566 (MySQL support contract required), I got the master and slave configured pretty quickly.Â But, one problem.Â As soon as I issued the change master command, my replication (that WAS working) began failing.Â And here’s the frustrating part:Â there’s no real way to see why the connection is failing.Â There’s nothing in the logs.Â There’s nothing in the warnings.Â It just sits there continually trying to connect to the master.
After staring at it for a few hours trying different options, I ended up opening a ticket with MySQL about it and sent up all my config information.Â I got the results back this morning.Â A typo.Â A simple typo in defining the path to one of my certificate files.Â Gah.Â I can’t believe I missed that, but that’s what I get for not taking a break and coming back with a fresh look.Â Glad it was simple though.
Now we’re one step closer to getting MySQL to meet the minimum requirements for storing category 1 data.Â Next step:Â get the client (e.g. php on the webserver) working!
Once I get everything working, I’ll probably put up a full how-to.