- client配置
将server端生成的ca-cert.pem,client-req.pem,client-key.pem,client-cert.pem拷贝到client端/usr/local/tmp/ssl/目录(以和服务端区别)
修改客户端集群层配置文件gbase_8a_gcluster.cnf,在[client]里添加ssl信息,以路径/usr/local/tmp/ssl/为例,如下加粗字所示
$ vi /opt/gcluster/config/gbase_8a_gcluster.cnf [client] port=5258 socket=/tmp/gcluster_5258.sock connect_timeout=43200 default-character-set=gbk ssl-ca=/usr/local/tmp/ssl/ca-cert.pem ssl-cert=/usr/local/tmp/ssl/client-cert.pem ssl-key=/usr/local/tmp/ssl/client-key.pem [gbased] basedir = /opt/gcluster/server datadir = /opt/gcluster/userdata/gcluster socket=/tmp/gcluster_5258.sock pid-file = /opt/gcluster/log/gcluster/gclusterd.pid default-character-set=gbk log-error port=5258 core-file |
(14)通过client端远程访问server,比如用ssluser用户登陆192.168.134.131的server:
[gbase@localhost config]$ gccli -h192.168.134.131 -ussluser -p Enter password: GBase client 8.6.1.1 build 65111. Copyright (c) 2004-2016, GBase. All Rights Reserved. gbase> |
运行status命令,ssl部分显示有“Cipher in use”,表示ssl加密连接成功:
gbase> status; gccli Ver 14.14 Distrib 8.6.1.1, for unknown-linux-gnu (x86_64) using readline 6.0 Connection id: 13 Current database: information_schema Current user: ssluser@192.168.134.132 SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 8.6.1.1-65304 Protocol version: 10 Connection: 192.168.134.131 via TCP/IP Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 TCP port: 5258 Uptime: Elapsed: 25:24:49.00 Threads: 4 Questions: 40 Slow queries: 2 Opens: 17 Flush tables: 1 Open tables: 10 Queries per second avg: 0.0 |
以上,如果client端没有进行上述配置,则仍然会按默认方式连接server,也就是说加密访问和非加密访问,对集群而言,不是互斥的,可以理解为2个选项。