如何在CentOS 7服务器上使用MariaDB配置Galera群集

介绍 (Introduction)

Clustering adds high availability to your database by distributing changes to different servers. In the event that one of the instances fails, others are quickly available to continue serving.

群集通过将更改分发到不同的服务器来增加数据库的高可用性。 万一其中一个实例发生故障，其他实例很快就可以继续使用。

Clusters come in two general configurations, active-passive and active-active. In active-passive clusters, all writes are done on a single active server and then copied to one or more passive servers that are poised to take over only in the event of an active server failure. Some active-passive clusters also allow SELECT operations on passive nodes. In an active-active cluster, every node is read-write and a change made to one is replicated to all.

群集有两种常规配置， 主动-被动和主动-主动 。 在主动-被动群集中，所有写操作均在一台主动服务器上完成，然后复制到一个或多个被动服务器上，这些服务器准备仅在主动服务器发生故障时接管。 一些主动-被动群集还允许在被动节点上执行SELECT操作。 在双活群集中，每个节点都是可读写的，并且对一个节点所做的更改将被复制到所有节点。

MariaDB is an open source relational database system that is fully compatible with the popular MySQL RDBMS system. You can read the official documentation for MariaDB at this page. Galera is a database clustering solution that enables you to set up multi-master clusters using synchronous replication. Galera automatically handles keeping the data on different nodes in sync while allowing you to send read and write queries to any of the nodes in the cluster. You can learn more about Galera at the official documentation page.

MariaDB是一个开放源代码关系数据库系统，与流行MySQL RDBMS系统完全兼容。 您可以在此页面上阅读MariaDB的官方文档。 Galera是一种数据库群集解决方案，使您可以使用同步复制来设置多主群集。 Galera自动处理使不同节点上的数据保持同步的过程，同时允许您向集群中的任何节点发送读写查询。 您可以在官方文档页面上了解有关Galera的更多信息。

In this guide, you will configure an active-active MariaDB Galera cluster. For demonstration purposes, you will configure and test three CentOS 7 Droplets that will act as nodes in the cluster. This is the smallest configurable cluster.

在本指南中，您将配置一个主动-主动MariaDB Galera集群。 出于演示目的，您将配置和测试将用作集群中节点的三个CentOS 7 Droplet。 这是最小的可配置群集。

先决条件 (Prerequisites)

To follow along, you will need a DigitalOcean account, in addition to the following:

要继续进行下去 ，除了以下内容之外，您还需要一个DigitalOcean帐户 ：

• • For setting up private networking on the three Droplets, follow our Private Networking Quickstart guide.

    要在三个Droplet上设置专用网络，请遵循我们的专用网络快速入门指南。

  • For assistance setting up a non-root user with sudo privileges, follow our Initial Server Setup with CentOS 7 tutorial. To set up a firewall, check out the Configuring a Basic Firewall step of Additional Recommended Steps for New CentOS 7 Servers.

    为了帮助设置具有sudo特权的非root用户，请遵循带有CentOS 7的初始服务器设置教程。 要设置防火墙，请查看“针对新CentOS 7服务器的其他建议步骤”的“ 配置基本防火墙”步骤。

  Three CentOS 7 Droplets with private networking enabled, each with a non-root user with sudo privileges and a firewall enabled.

  三个启用了专用网络的CentOS 7 Droplet，每个都具有一个具有sudo特权的非root用户，并且启用了防火墙。

While the steps in this tutorial have been written for and tested against DigitalOcean Droplets, many of them should also be applicable to non-DigitalOcean servers with private networking enabled.

尽管本教程中的步骤是针对DigitalOcean Droplet编写的，并已针对它们进行了测试，但其中许多步骤也应适用于启用了专用网络的非DigitalOcean服务器。

步骤1 —将MariaDB存储库添加到所有服务器 (Step 1 — Adding the MariaDB Repositories to All Servers)

In this step, you will add the relevant MariaDB package repositories to each of your three servers so that you will be able to install the right version of MariaDB used in this tutorial. Once the repositories are updated on all three servers, you will be ready to install MariaDB.

在此步骤中，您将相关的MariaDB软件包存储库添加到三个服务器中的每一个中，以便能够安装本教程中使用的正确版本的MariaDB。 一旦所有三台服务器上的存储库都更新，您就可以安装MariaDB了。

One thing to note about MariaDB is that it originated as a drop-in replacement for MySQL, so in many configuration files and startup scripts, you’ll see mysql rather than mariadb. In many cases, these are interchangeable. For consistency’s sake, we will use mariadb in this guide where either could work.

关于MariaDB的一件事要注意，它最初是MySQL的替代产品，因此在许多配置文件和启动脚本中，您将看到mysql而不是mariadb 。 在许多情况下，这些是可互换的。 为了保持一致性，我们将在本指南中使用mariadb ，无论哪种方法都可行。

In this tutorial, you will use MariaDB version 10.4. Since this version isn’t included in the default CentOS repositories, you’ll start by adding the external CentOS repository maintained by the MariaDB project to all three of your servers.

在本教程中，您将使用MariaDB 10.4版 。 由于此版本未包含在默认的CentOS存储库中，因此您首先需要将由MariaDB项目维护的外部CentOS存储库添加到所有三个服务器中。

Note: MariaDB is a well-respected provider, but not all external repositories are reliable. Be sure to install only from trusted sources.

注意： MariaDB是受人尊敬的提供者，但并非所有外部存储库都是可靠的。 确保仅从受信任的来源进行安装。

First, you’ll add the MariaDB repository key by creating a repository file with a text editor. This tutorial will use vi:

首先，您将通过使用文本编辑器创建存储库文件来添加MariaDB存储库密钥。 本教程将使用vi ：

• sudo vi /etc/yum.repos.d/mariadb.repo
  须藤vi /etc/yum.repos.d/mariadb.repo

Next, add the following contents to the file by pressing i to enter insert mode, then adding the following:

接下来，通过按i进入插入模式，然后添加以下内容，将以下内容添加到文件中：

/etc/yum.repos.d/mariadb.repo

/etc/yum.repos.d/mariadb.repo

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Press the esc key to return to normal mode, then type :wq to save and exit the file. If you would like to learn more about the text editor vi and its predecessor vim, take a look at our tutorial on Installing and Using the Vim Text Editor on a Cloud Server.

按esc键返回到正常模式，然后键入:wq保存并退出文件。 如果您想了解有关文本编辑器vi及其之前版本的vim ，请查看我们的有关在云服务器上安装和使用Vim文本编辑器的教程。

Once you have created the repository file, enable it with the following command:

创建存储库文件后，请使用以下命令启用它：

• sudo yum makecache --disablerepo='*' --enablerepo='mariadb'
  sudo yum makecache --disablerepo ='*'--enablerepo ='mariadb'

The makecache command caches the repository metadata so that the package manager can install MariaDB, with --disablerepo and --enablerepo targeting the command to the mariadb repo file that you just created.

makecache命令缓存存储库元数据，以便程序包管理器可以使用--disablerepo和--enablerepo将命令定位到刚创建的mariadb repo文件来安装MariaDB。

You will receive the following output:

您将收到以下输出：

   
   

    
    Output
   
   
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
mariadb                                                                                                                                                                              | 2.9 kB  00:00:00
(1/3): mariadb/primary_db                                                                                                                                                            |  43 kB  00:00:00
(2/3): mariadb/other_db                                                                                                                                                              | 8.3 kB  00:00:00
(3/3): mariadb/filelists_db                                                                                                                                                          | 238 kB  00:00:00
Metadata Cache Created

Once you have enabled the repository on your first server, repeat for your second and third servers.

在第一台服务器上启用存储库后，请对第二台和第三台服务器重复此操作。

Now that you have successfully added the package repository on all three of your servers, you’re ready to install MariaDB in the next section.

既然您已经成功将软件包存储库添加到了所有三台服务器上，那么就可以在下一部分中安装MariaDB了。

步骤2 —在所有服务器上安装MariaDB (Step 2 — Installing MariaDB on All Servers)

In this step, you will install the actual MariaDB packages on your three servers.

在此步骤中，您将在三个服务器上安装实际的MariaDB软件包。

Beginning with version 10.1, the MariaDB Server and MariaDB Galera Server packages are combined, so installing MariaDB-server will automatically install Galera and several dependencies:

从版本10.1开始，MariaDB Server和MariaDB Galera Server软件包组合在一起，因此安装MariaDB-server将自动安装Galera和一些依赖项：

• sudo yum install MariaDB-server MariaDB-client
  sudo yum安装MariaDB服务器MariaDB客户端

You will be asked to confirm whether you would like to proceed with the installation. Enter yes to continue with the installation. You will then be prompted to accept the GPG key that authenticates the MariaDB package. Enter yes again.

系统将要求您确认是否要继续安装。 输入yes继续安装。 然后，将提示您接受对MariaDB软件包进行身份验证的GPG密钥。 再次输入yes 。

When the installation is complete, start the mariadb service by running:

安装完成后，通过运行以下命令启动mariadb服务：

• sudo systemctl start mariadb
  sudo systemctl启动mariadb

Enable the mariadb service to be automatically started on boot by executing:

通过执行以下命令，使mariadb服务在启动时自动启动：

• sudo systemctl enable mariadb
  sudo systemctl启用mariadb

From MariaDB version 10.4 onwards, the root MariaDB user does not have a password by default. To set a password for the root user, start by logging into MariaDB:

从MariaDB 10.4版开始，默认情况下， root MariaDB用户没有密码。 要为root用户设置密码，请先登录MariaDB：

• sudo mysql -uroot
  须藤mysql -uroot

Once you’re inside the MariaDB shell, change the password by executing the following statement, replacing your_password with your desired password:

进入MariaDB shell之后，通过执行以下语句更改密码，将your_password替换为所需的密码：

• set password = password("your_password");

  设置密码=密码(“ your_password ”);

You will see the following output indicating that the password was set correctly:

您将看到以下输出，表明密码设置正确：

   
   

    
    Output
   
   
Query OK, 0 rows affected (0.001 sec)

Exit the MariaDB shell by running the following command:

通过运行以下命令退出MariaDB Shell：

• quit;
  退出;

If you would like to learn more about SQL or need a quick refresher, check out our MySQL tutorial.

如果您想了解有关SQL的更多信息或需要快速复习，请查看我们的MySQL教程 。

You now have all of the pieces necessary to begin configuring the cluster, but since you’ll be relying on rsync and policycoreutils-python in later steps to sync the servers and to control Security-Enhanced Linux (SELinux), make sure they’re installed before moving on:

现在，您具有开始配置集群所需的所有步骤，但是由于在以后的步骤policycoreutils-python依赖rsync和policycoreutils-python来同步服务器并控制安全性增强的Linux(SELinux)，因此请确保它们在继续之前安装：

• sudo yum install rsync policycoreutils-python
  须藤yum安装rsync policycoreutils-python

This will confirm that the newest versions of rsync and policycoreutils-python is already available or will prompt you to upgrade or install it.

这将确认rsync和policycoreutils-python的最新版本已可用，或提示您升级或安装它。

Once you have completed these steps, repeat them for your other two servers.

完成这些步骤后，请对其他两台服务器重复这些步骤。

Now that you have installed MariaDB successfully on each of the three servers, you can proceed to the configuration step in the next section.

既然您已经在三台服务器上成功安装了MariaDB，则可以继续下一节中的配置步骤。

步骤3 —配置第一个节点 (Step 3 — Configuring the First Node)

In this step you will configure your first Galera node. Each node in the cluster needs to have a nearly identical configuration. Because of this, you will do all of the configuration on your first machine, and then copy it to the other nodes.

在此步骤中，您将配置第一个Galera节点。 集群中的每个节点都需要具有几乎相同的配置。 因此，您将在第一台计算机上进行所有配置，然后将其复制到其他节点。

By default, MariaDB is configured to check the /etc/mysql/conf.d directory to get additional configuration settings from files ending in .cnf. Create a file in this directory with all of your cluster-specific directives:

默认情况下，MariaDB配置为检查/etc/mysql/conf.d目录，以从以.cnf结尾的文件中获取其他配置设置。 使用所有特定于集群的指令在此目录中创建文件：

• sudo vi /etc/my.cnf.d/galera.cnf
  须藤vi /etc/my.cnf.d/galera.cnf

Add the following configuration into the file. The configuration specifies different cluster options, details about the current server and the other servers in the cluster, and replication-related settings. Note that the IP addresses in the configuration are the private addresses of your respective servers; replace the highlighted lines with the appropriate IP addresses:

将以下配置添加到文件中。 该配置指定不同的集群选项，有关集群中当前服务器和其他服务器的详细信息以及与复制相关的设置。 请注意，配置中的IP地址是您各自服务器的专用地址。 用适当的IP地址替换突出显示的行：

/etc/my.cnf.d/galera.cnf

/etc/my.cnf.d/galera.cnf

[mysqld]
binlog_format=ROW
default-storage-engine=innodb
innodb_autoinc_lock_mode=2
bind-address=0.0.0.0

# Galera Provider Configuration
wsrep_on=ON
wsrep_provider=/usr/lib64/galera-4/libgalera_smm.so

# Galera Cluster Configuration
wsrep_cluster_name="test_cluster"
wsrep_cluster_address="gcomm://First_Node_IP,Second_Node_IP,Third_Node_IP"

# Galera Synchronization Configuration
wsrep_sst_method=rsync

# Galera Node Configuration
wsrep_node_address="This_Node_IP"
wsrep_node_name="This_Node_Name"

• The first section modifies or re-asserts MariaDB/MySQL settings that will allow the cluster to function correctly. For example, Galera won’t work with MyISAM or similar non-transactional storage engines, and mysqld must not be bound to the IP address for localhost.

  第一部分修改或重新声明MariaDB / MySQL设置，这些设置将允许集群正常运行。 例如，Galera不能与MyISAM或类似的非事务性存储引擎一起使用，并且mysqld不得绑定到localhost的IP地址。

• The “Galera Provider Configuration” section configures the MariaDB components that provide a WriteSet replication API. This means Galera in your case, since Galera is a wsrep (WriteSet Replication) provider. You specify the general parameters to configure the initial replication environment. This doesn’t require any customization, but you can learn more about Galera configuration options here.

  “ Galera Provider Configuration”部分配置了提供WriteSet复制API的MariaDB组件。 在您的情况下，这意味着Galera，因为Galera是wsrep (WriteSet复制)提供程序。 您可以指定常规参数来配置初始复制环境。 这不需要任何自定义，但是您可以在此处了解有关Galera配置选项的更多信息。

• The “Galera Cluster Configuration” section defines the cluster, identifying the cluster members by IP address or resolvable domain name and creating a name for the cluster to ensure that members join the correct group. You can change the wsrep_cluster_name to something more meaningful than test_cluster or leave it as-is, but you must update wsrep_cluster_address with the private IP addresses of your three servers.

  “ Galera群集配置”部分定义群集，通过IP地址或可解析的域名标识群集成员，并为群集创建名称以确保成员加入正确的组。 您可以将wsrep_cluster_name更改为比test_cluster更有意义的test_cluster或将其保留test_cluster ，但必须使用三个服务器的专用IP地址更新wsrep_cluster_address 。

• The “Galera Synchronization Configuration” section defines how the cluster will communicate and synchronize data between members. This is used only for the state transfer that happens when a node comes online. For your initial setup, you are using rsync, because it’s commonly available and does what you’ll need for now.

  “ Galera同步配置”部分定义了群集如何在成员之间通信和同步数据。 这仅用于节点联机时发生的状态转移。 对于您的初始设置，您正在使用rsync ，因为它通常可用，并且可以满足您目前的需求。

• The “Galera Node Configuration” section clarifies the IP address and the name of the current server. This is helpful when trying to diagnose problems in logs and for referencing each server in multiple ways. The wsrep_node_address must match the address of the machine you’re on, but you can choose any name you want in order to help you identify the node in log files.

  “ Galera节点配置”部分阐明了当前服务器的IP地址和名称。 在尝试诊断日志中的问题以及以多种方式引用每个服务器时，这很有用。 wsrep_node_address必须与您所在计算机的地址匹配，但是您可以选择所需的任何名称，以帮助您在日志文件中标识该节点。

When you are satisfied with your cluster configuration file, copy the contents into your clipboard and save and close the file.

对集群配置文件满意后，将内容复制到剪贴板中，然后保存并关闭文件。

Now that you have configured your first node successfully, you can move on to configuring the remaining nodes in the next section.

现在您已经成功配置了第一个节点，接下来可以继续配置其余节点。

步骤4 —配置其余节点 (Step 4 — Configuring the Remaining Nodes)

In this step, you will configure the remaining two nodes. On your second node, open the configuration file:

在此步骤中，您将配置其余两个节点。 在第二个节点上，打开配置文件：

• sudo vi /etc/mysql/my.cnf.d/galera.cnf
  须藤vi /etc/mysql/my.cnf.d/galera.cnf

Paste in the configuration you copied from the first node, then update the Galera Node Configuration to use the IP address or resolvable domain name for the specific node you’re setting up. Finally, update its name, which you can set to whatever helps you identify the node in your log files:

粘贴您从第一个节点复制的配置，然后更新Galera Node Configuration以将IP地址或可解析的域名用于您要设置的特定节点。 最后，更新其名称，您可以将其设置为可帮助您在日志文件中标识节点的任何名称：

/etc/mysql/my.cnf.d/galera.cnf

/etc/mysql/my.cnf.d/galera.cnf

. . .
# Galera Node Configuration
wsrep_node_address="This_Node_IP"
wsrep_node_name="This_Node_Name"
. . .

Save and exit the file.

保存并退出文件。

Once you have completed these steps, repeat them on the third node.

完成这些步骤后，请在第三个节点上重复这些步骤。

With Galera configured on all of your nodes, you’re almost ready to bring up the cluster. But before you do, make sure that the appropriate ports are open in your firewall and that a SELinux policy has been created for Galera.

在所有节点上都配置了Galera之后，您几乎可以准备启动集群了。 但是在执行此操作之前，请确保在防火墙中打开了适当的端口，并且已为Galera创建了SELinux策略。

步骤5 —在每台服务器上打开防火墙 (Step 5 — Opening the Firewall on Every Server)

In this step, you will configure your firewall so that the ports required for inter-node communication are open.

在此步骤中，您将配置防火墙，以便打开节点间通信所需的端口。

On every server, check the status of the firewall you set up in the Prerequisites section by running:

在每台服务器上，通过运行以下命令检查您在“先决条件”部分中设置的防火墙的状态：

• sudo firewall-cmd --list-all
  sudo firewall-cmd-列出所有

In this case, only SSH, DHCP, HTTP, and HTTPS traffic is allowed through:

在这种情况下，仅允许通过以下方式进行SSH，DHCP，HTTP和HTTPS通信：

   
   

    
    Output
   
   
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client http https
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

If you tried to start the cluster now, it would fail because the firewall would block the connections between the nodes. To solve this problem, add rules to allow MariaDB and Galera traffic through.

如果尝试立即启动群集，则它将失败，因为防火墙会阻止节点之间的连接。 要解决此问题，请添加规则以允许MariaDB和Galera通信通过。

Galera can make use of four ports:

Galera可以使用四个端口：

• 3306 For MariaDB client connections and State Snapshot Transfer that use the mysqldump method.

  3306对于使用mysqldump方法的MariaDB客户端连接和状态快照传输。

• 4567 For Galera Cluster replication traffic. Multicast replication uses both UDP transport and TCP on this port.

  4567对于Galera Cluster复制通信。 组播复制在此端口上同时使用UDP传输和TCP。

• 4568 For Incremental State Transfers, or IST, the process by which a missing state is received by other nodes in the cluster.

  4568对于“ 增量状态传输 ”或IST，集群中其他节点接收丢失状态的过程。

• 4444 For all other State Snapshot Transfers, or SST, the mechanism by which a joiner node gets its state and data from a donor node.

  4444对于所有其他状态快照传输或SST，联接器节点通过该机制从施主节点获取其状态和数据的机制。

In this example, you’ll open all four ports while you do your setup. Once you’ve confirmed that replication is working, you’d want to close any ports you’re not actually using and restrict traffic to just servers in the cluster.

在此示例中，您将在设置时打开所有四个端口。 确认复制正常后，您将要关闭所有未使用的端口，并将流量限制为仅在群集中的服务器。

Open the ports with the following commands:

使用以下命令打开端口：

• sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp
  须藤防火墙cmd-永久-区域=公共-添加端口= 3306 / tcp
• sudo firewall-cmd --permanent --zone=public --add-port=4567/tcp
  须藤防火墙cmd-永久-区域=公共-添加端口= 4567 / tcp
• sudo firewall-cmd --permanent --zone=public --add-port=4568/tcp
  须藤防火墙cmd-永久-区域=公共-添加端口= 4568 / tcp
• sudo firewall-cmd --permanent --zone=public --add-port=4444/tcp
  须藤防火墙cmd-永久-区域=公共-添加端口= 4444 / tcp
• sudo firewall-cmd --permanent --zone=public --add-port=4567/udp
  sudo Firewall-cmd-永久--zone = public --add-port = 4567 / udp

Using --zone=public and --add-port= here, firewall-cmd is opening up these ports to public traffic. --permanent ensures that these rules persist.

在这里使用--zone=public和--add-port= ， firewall-cmd将这些端口开放给公共流量。 --permanent确保这些规则持续存在。

Note: Depending on what else is running on your servers you might want to restrict access right away. To learn more about how to use FirewallD, see our tutorial How To Set Up a Firewall Using FirewallD on CentOS 7.

注意：根据服务器上其他正在运行的内容，您可能希望立即限制访问。 要了解有关如何使用FirewallD的更多信息，请参阅我们的教程如何在CentOS 7上使用FirewallD设置防火墙 。

Now, add each server to the public zone by executing the following commands, replacing the highlighted text with the respective private IP addresses of your nodes:

现在，通过执行以下命令，将每个服务器添加到public区域，将突出显示的文本替换为节点各自的私有IP地址：

• sudo firewall-cmd --permanent --zone=public --add-source=galera-node-1-ip/32

  sudo Firewall-cmd-永久--zone = public --add-source = galera-node-1-ip / 32

• sudo firewall-cmd --permanent --zone=public --add-source=galera-node-2-ip/32

  sudo Firewall-cmd-永久--zone = public --add-source = galera-node-2-ip / 32

• sudo firewall-cmd --permanent --zone=public --add-source=galera-node-3-ip/32

  sudo Firewall-cmd-永久--zone = public --add-source = galera-node-3-ip / 32

Reload the firewall to apply the changes:

重新加载防火墙以应用更改：

• sudo firewall-cmd --reload
  sudo firewall-cmd-重新加载

After you have configured your firewall on the first node, create the same firewall settings on the second and third node.

在第一个节点上配置防火墙之后，在第二个和第三个节点上创建相同的防火墙设置。

Now that you have configured the firewalls successfully, you’re ready to create a SELinux policy in the next step.

既然您已经成功配置了防火墙，那么您就可以在下一步中创建SELinux策略了。

第6步-创建SELinux策略 (Step 6 — Creating a SELinux Policy)

In this section, you will create a SELinux policy that will allow all the nodes in the cluster to be able to communicate with each other and perform cluster operations.

在本部分中，您将创建一个SELinux策略，该策略将允许集群中的所有节点能够相互通信并执行集群操作。

SELinux is a Linux kernel module that improves the security of operating systems with its support for access control and mandatory access control policies. It is enabled by default on CentOS 7 and restricts the MariaDB daemon from performing many activities.

SELinux是Linux内核模块，它通过支持访问控制和强制访问控制策略来提高操作系统的安全性。 默认情况下，它在CentOS 7上处于启用状态，并限制MariaDB守护程序执行许多活动。

In order to create the policy, you will perform various activities on the cluster with the SELinux mode set to permissive for MySQL. You will then create a policy from the logged events and finally set the SELinux mode to enforcing once the policy is installed successfully.

为了创建策略，您将在SELinux模式设置为MySQL允许的情况下在集群上执行各种活动。 然后，您将根据记录的事件创建策略，并在成功安装策略后最终将SELinux模式设置为强制。

First, allow access to the relevant ports by running the following commands on all three servers:

首先，通过在所有三台服务器上运行以下命令来允许访问相关端口：

• sudo semanage port -a -t mysqld_port_t -p tcp 4567
  sudo semanage端口-a -t mysqld_port_t -p tcp 4567
• sudo semanage port -a -t mysqld_port_t -p udp 4567
  sudo semanage端口-a -t mysqld_port_t -p udp 4567
• sudo semanage port -a -t mysqld_port_t -p tcp 4568
  sudo semanage端口-a -t mysqld_port_t -p tcp 4568
• sudo semanage port -a -t mysqld_port_t -p tcp 4444
  sudo semanage端口-a -t mysqld_port_t -p tcp 4444

Note: You may receive a ValueError when allowing access to some of these ports. This means that the SELinux status of that port has already been set, which in this case will not affect the process of this tutorial.

注意：允许访问其中某些端口时，您可能会收到ValueError 。 这意味着已经设置了该端口的SELinux状态，在这种情况下不会影响本教程的过程。

In these commands, you are using the SELinux management tool semanage with the -a flag to add specified ports and to ignore the database server.

在这些命令中，您正在使用SELinux管理工具semanage和-a标志来添加指定的端口并忽略数据库服务器。

Next, run the following command on all three servers, which sets the MySQL SELinux domain to permissive mode temporarily.

接下来，在所有三台服务器上运行以下命令，这会将MySQL SELinux域暂时设置为许可模式。

• sudo semanage permissive -a mysqld_t
  sudo semanage允许-a mysqld_t

This command can take a minute to complete and will not display any output.

此命令可能需要一分钟才能完成，并且不会显示任何输出。

Next, stop the database server on all the nodes so that you will be able to bootstrap the database cluster with shared SELinux policies. To do this, run the following command on all three nodes:

接下来，在所有节点上停止数据库服务器，以便您能够使用共享的SELinux策略来引导数据库集群。 为此，请在所有三个节点上运行以下命令：

• sudo systemctl stop mariadb
  sudo systemctl停止mariadb

Now, bootstrap the cluster to generate inter-node communication events that will be added to the SELinux policy. On the first node, bootstrap the cluster by executing:

现在，引导群集以生成节点间通信事件，该事件将添加到SELinux策略中。 在第一个节点上，执行以下命令来引导集群：

• sudo galera_new_cluster
  须藤galera_new_cluster

Create a database and table for the specific purpose of logging SST events by running the following on the first node:

通过在第一个节点上运行以下命令，创建用于记录SST事件的特定目的的数据库和表：

• mysql -u root -p -e 'CREATE DATABASE selinux;
  mysql -u root -p -e'创建数据库selinux;
• CREATE TABLE selinux.selinux_policy (id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id));
  创建表selinux.selinux_policy(id INT NOT NULL AUTO_INCREMENT，PRIMARY KEY(id));
• INSERT INTO selinux.selinux_policy VALUES ();'
  INSERT INTO selinux.selinux_policy VALUES();'

Now start the server on the second node:

现在在第二个节点上启动服务器：

• sudo systemctl start mariadb
  sudo systemctl启动mariadb

Then do the same on the third node:

然后在第三个节点上执行相同的操作：

• sudo systemctl start mariadb
  sudo systemctl启动mariadb

You will not see any output for the previous commands. To generate IST events, execute the following on all three servers:

您将看不到先前命令的任何输出。 要生成IST事件，请在所有三台服务器上执行以下操作：

• mysql -u root -p -e 'INSERT INTO selinux.selinux_policy VALUES ();'
  mysql -u root -p -e'插入到selinux.selinux_policy VALUES();'

Now create and enable the SELinux policy by executing the following commands on all three servers:

现在，通过在所有三台服务器上执行以下命令来创建并启用SELinux策略：

• sudo grep mysql /var/log/audit/audit.log | sudo audit2allow -M Galera
  须藤grep mysql /var/log/audit/audit.log | 须藤audit2allow -M Galera

This first command searches for generated events in the audit.log file and pipes them to a module named Galera.pp generated by the audit2allow tool. This will result in the following output:

第一条命令在audit.log文件中搜索生成的事件，并将它们通过管道传送到audit2allow工具生成的名为Galera.pp的模块。 这将导致以下输出：

   
   

    
    Output
   
   
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i Galera.pp

Next, follow the instructions in the output and use the following command to install the generated module:

接下来，按照输出中的说明进行操作，并使用以下命令安装生成的模块：

• sudo semodule -i Galera.pp
  须藤semodule -i Galera.pp

Now that the policy is active, disable permissive mode for the MariaDB server:

现在该策略已激活，请禁用MariaDB服务器的许可模式：

• sudo semanage permissive -d mysqld_t
  sudo semanage允许-d mysqld_t

Now that you have successfully created a SELinux policy and enabled it, you are ready to start the cluster in the next section.

既然您已经成功创建并启用了SELinux策略，那么就可以在下一部分中启动集群了。

步骤7 —启动集群 (Step 7 — Starting the Cluster)

In this step, you will start your MariaDB cluster. To begin, you need to stop the running MariaDB service so that you can bring your cluster online.

在此步骤中，您将启动MariaDB集群。 首先，您需要停止正在运行的MariaDB服务，以便可以使群集联机。

在所有三台服务器上停止MariaDB (Stop MariaDB on All Three Servers)

When stopping the MariaDB service, it is important to execute this action on your servers in a specific order. This shutdown sequence ensures that the first node will be able to safely bootstrap the cluster when it starts up.

停止MariaDB服务时，以特定顺序在服务器上执行此操作很重要。 此关闭顺序可确保第一个节点在启动时能够安全地引导群集。

First, run the following command on the third node:

首先，在第三个节点上运行以下命令：

• sudo systemctl stop mariadb
  sudo systemctl停止mariadb

Next, stop the service on the second node:

接下来，在第二个节点上停止服务：

• sudo systemctl stop mariadb
  sudo systemctl停止mariadb

Finally, stop the service on the first node:

最后，在第一个节点上停止服务：

• sudo systemctl stop mariadb
  sudo systemctl停止mariadb

systemctl doesn’t display the outcome of all service management commands, so to be sure you succeeded, use the following command on each of your servers:

systemctl不会显示所有服务管理命令的结果，因此为确保成功，请在每台服务器上使用以下命令：

• sudo systemctl status mariadb
  sudo systemctl状态mariadb

The last line will look something like the following:

最后一行如下所示：

   
   

    
    Output
   
   
. . . 
Apr 26 03:34:23 galera-node-01 systemd[1]: Stopped MariaDB 10.4.4 database server.

Once you’ve shut down mariadb on all of the servers, you’re ready to proceed.

一旦关闭了所有服务器上的mariadb ，就可以继续了。

调出第一个节点 (Bring Up the First Node)

To bring up the first node, you’ll need to use a special startup script. The way you’ve configured your cluster, each node that comes online tries to connect to at least one other node specified in its galera.cnf file to get its initial state. Without using the galera_new_cluster script that allows systemd to pass the --wsrep-new-cluster parameter, a normal systemctl start mariadb would fail because there are no nodes running for the first node to connect with.

要启动第一个节点，您将需要使用特殊的启动脚本。 按照配置群集的方式，每个联机节点都会尝试连接到其galera.cnf文件中指定的至少另一个节点，以获取其初始状态。 如果不使用允许systemd传递--wsrep-new-cluster参数的galera_new_cluster脚本，则正常的systemctl start mariadb将失败，因为第一个节点没有正在运行的节点可与之连接。

• sudo galera_new_cluster
  须藤galera_new_cluster

This command will not display any output on successful execution. When this script succeeds, the node is registered as part of the cluster, and you can see it with the following command:

成功执行后，此命令将不显示任何输出。 成功执行此脚本后，该节点将注册为集群的一部分，您可以使用以下命令查看它：

• mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"
  mysql -u root -p -e“显示状态类似'wsrep_cluster_size'”

You will see the following output indicating that there is one node in the cluster:

您将看到以下输出，指示集群中有一个节点：

   
   

    
    Output
   
   
+--------------------+-------+
| Variable_name      | Value |
+--------------------+-------+
| wsrep_cluster_size | 1     |
+--------------------+-------+

On the remaining nodes, you can start mariadb normally. They will search for any member of the cluster list that is online, so when they find one, they will join the cluster.

在其余节点上，您可以正常启动mariadb 。 他们将搜索群集列表中任何在线的成员，因此当他们找到一个成员时，他们将加入群集。

调出第二个节点 (Bring Up the Second Node)

Now you can bring up the second node. Start mariadb:

现在可以启动第二个节点。 启动mariadb ：

• sudo systemctl start mariadb
  sudo systemctl启动mariadb

No output will be displayed on successful execution. You will see your cluster size increase as each node comes online:

成功执行后将不显示任何输出。 随着每个节点联机，您将看到群集大小增加：

• mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"
  mysql -u root -p -e“显示状态类似'wsrep_cluster_size'”

You will see the following output indicating that the second node has joined the cluster and that there are two nodes in total.

您将看到以下输出，指示第二个节点已加入集群，并且总共有两个节点。

   
   

    
    Output
   
   
+--------------------+-------+
| Variable_name      | Value |
+--------------------+-------+
| wsrep_cluster_size | 2     |
+--------------------+-------+

调高第三个节点 (Bring Up the Third Node)

It’s now time to bring up the third node. Start mariadb:

现在是时候提出第三个节点。 启动mariadb ：

• sudo systemctl start mariadb
  sudo systemctl启动mariadb

Run the following command to find the cluster size:

运行以下命令以查找集群大小：

• mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"
  mysql -u root -p -e“显示状态类似'wsrep_cluster_size'”

You will see the following output, which indicates that the third node has joined the cluster and that the total number of nodes in the cluster is three.

您将看到以下输出，该输出指示第三个节点已加入集群，并且集群中的节点总数为三个。

   
   

    
    Output
   
   
+--------------------+-------+
| Variable_name      | Value |
+--------------------+-------+
| wsrep_cluster_size | 3     |
+--------------------+-------+

At this point, the entire cluster is online and communicating successfully. Next, you can ensure the working setup by testing replication in the next section.

此时，整个群集都已联机并成功通信。 接下来，您可以通过在下一部分中测试复制来确保工作设置。

步骤8 —测试复制 (Step 8 — Testing Replication)

You’ve gone through the steps up to this point so that your cluster can perform replication from any node to any other node, known as active-active replication. Follow the following steps to test and see if the replication is working as expected.

至此，您已经完成了所有步骤，以便您的集群可以执行从任何节点到任何其他节点的复制，这称为主动-主动复制。 请按照以下步骤进行测试，以查看复制是否按预期工作。

写入第一个节点 (Write to the First Node)

You’ll start by making database changes on your first node. The following commands will create a database called playground and a table inside of this database called equipment.

您将从在第一个节点上进行数据库更改开始。 以下命令将创建一个名为“ playground的数据库，并在该数据库内部创建一个名为equipment的表。

• mysql -u root -p -e 'CREATE DATABASE playground;
  mysql -u root -p -e'创建数据库游乐场;
• CREATE TABLE playground.equipment ( id INT NOT NULL AUTO_INCREMENT, type VARCHAR(50), quant INT, color VARCHAR(25), PRIMARY KEY(id));
  创建表park.equipment(id INT NOT NULL AUTO_INCREMENT，类型VARCHAR(50)，quant INT，颜色VARCHAR(25)，PRIMARY KEY(id));
• INSERT INTO playground.equipment (type, quant, color) VALUES ("slide", 2, "blue");'
  将INSERT插入park.equipment(类型，数量，颜色)值(“ slide”，2，“ blue”)；'

In the previous command, the CREATE DATABASE statement creates a database named playground. The CREATE statement creates a table named equipment inside the playground database having an auto-incrementing identifier column called id and other columns. The type column, quant column, and color column are defined to store the type, quantity, and color of the equipment respectively. The INSERT statement inserts an entry of type slide, quantity 2, and color blue.

在上一个命令中， CREATE DATABASE语句创建一个名为playground的数据库。 CREATE语句在playground数据库内创建一个名为equipment的表，该表具有一个称为id的自动递增标识符列和其他列。 的type栏， quant列和color柱被定义为分别存储类型，数量，和设备的颜色。 INSERT语句插入slide类型，数量2和blue的条目。

You now have one value in your table.

现在，表中有一个值。

在第二个节点上读写 (Read and Write on the Second Node)

Next, look at the second node to verify that replication is working:

接下来，查看第二个节点以验证复制是否有效：

• mysql -u root -p -e 'SELECT * FROM playground.equipment;'
  mysql -u root -p -e'选择*来自游乐场。设备;'

If replication is working, the data you entered on the first node will be visible here on the second:

如果复制正常，则您在第一个节点上输入的数据将在第二个节点上可见：

   
   

    
    Output
   
   
+----+-------+-------+-------+
| id | type  | quant | color |
+----+-------+-------+-------+
|  1 | slide |     2 | blue  |
+----+-------+-------+-------+

From this same node, you can write data to the cluster:

从同一节点，您可以将数据写入集群：

• mysql -u root -p -e 'INSERT INTO playground.equipment (type, quant, color) VALUES ("swing", 10, "yellow");'
  mysql -u root -p -e'在操场上插入设备。(类型，数量，颜色)值(“ swing”，10，“ yellow”)；'

在第三个节点上读写 (Read and Write on the Third Node)

From the third node, you can read all of this data by querying the table again:

从第三个节点，您可以通过再次查询表来读取所有这些数据：

• mysql -u root -p -e 'SELECT * FROM playground.equipment;'
  mysql -u root -p -e'选择*来自游乐场。设备;'

You will see the following output showing the two rows:

您将看到以下输出，显示两行：

   
   

    
    Output
   
   
   +----+-------+-------+--------+
   | id | type  | quant | color  |
   +----+-------+-------+--------+
   |  1 | slide |     2 | blue   |
   |  2 | swing |    10 | yellow |
   +----+-------+-------+--------+

Again, you can add another value from this node:

同样，您可以从该节点添加另一个值：

• mysql -u root -p -e 'INSERT INTO playground.equipment (type, quant, color) VALUES ("seesaw", 3, "green");'
  mysql -u root -p -e'在操场上插入设备(类型，数量，颜色)值(“跷跷板”，3，“绿色”)；'

在第一个节点上阅读 (Read on the First Node)

Back on the first node, you can verify that your data is available everywhere:

回到第一个节点，您可以验证数据在任何地方都可用：

• mysql -u root -p -e 'SELECT * FROM playground.equipment;'
  mysql -u root -p -e'选择*来自游乐场。设备;'

You will see the following output, which indicates that the rows are available on the first node.

您将看到以下输出，指示行在第一个节点上可用。

   
   

    
    Output
   
   
   +----+--------+-------+--------+
   | id | type   | quant | color  |
   +----+--------+-------+--------+
   |  1 | slide  |     2 | blue   |
   |  2 | swing  |    10 | yellow |
   |  3 | seesaw |     3 | green  |
   +----+--------+-------+--------+

You’ve verified successfully that you can write to all of the nodes and that replication is being performed properly.

您已经成功验证可以写入所有节点并且复制正在正确执行。

结论 (Conclusion)

At this point, you have a working three-node Galera test cluster configured. If you plan on using a Galera cluster in a production situation, it’s recommended that you begin with no fewer than five nodes.

至此，您已经配置了一个有效的三节点Galera测试集群。 如果计划在生产环境中使用Galera群集，则建议您至少从五个节点开始。

Before production use, you may want to take a look at some of the other state snapshot transfer (SST) agents like XtraBackup, which allows you to set up new nodes very quickly and without large interruptions to your active nodes. This does not affect the actual replication, but is a concern when nodes are being initialized.

在生产环境投入使用之前，您可能需要看一下其他一些状态快照传输(SST)代理，例如XtraBackup ，它使您可以非常快速地建立新节点，而不会对活动节点造成大的干扰。 这不会影响实际的复制，但是在初始化节点时会引起关注。

If you would like to continue learning about SQL databases, take a look at our How To Manage an SQL Database article.

如果您想继续学习SQL数据库，请参阅我们的如何管理SQL数据库文章。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-configure-a-galera-cluster-with-mariadb-on-centos-7-servers