I wrote a post about the setup of the 5.7 version. In this post I don’t want to repeat myself, so I just highlight the differences/new things under the setup of 8.0, so it’s strongly recommended to read that post first.
Note: If you read the previous post, keep in mind the
The only difference here is that we have to use
pxc-80 instead of
pxc-57. Also the package name is
percona-xtradb-cluster so without version number. So use this for
I’m not a big expert in systemd files and at this point I didn’t feel that this post will change that, so I just want to tell you the important differences. If you do a
systemctl cat mysql you can see that this file is much bigger than the 5.7 was.
ExecStartPre=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION"ExecStartPre=/bin/sh -c "VAR=`bash /usr/bin/mysql-systemd galera-recovery`; [ $? -eq 0 ] && systemctl set-environm># Start main service
The main point here is that the 5.7 used the
mysqld_safe --basedir=/usr. At this point there is the mysql-systemd shell script where the
galera-recovery calls the
wsrep_recover_position shell function which returns the flag which the systemctl sets. After the mysqld starts with this flag.
There was the
wsrep_sst_auth in 5.7, it’s removed from 8.0 so it would say this is insecure now. Anyone who has access to the network can connect to the cluster. I checked it and Percona also knows that it’s insecure so they have a post about how we can make it secure. At this point I want to say that it’s not something what I want to setup. So it will be insecure for now, but there is encryption option over the SST.
For the encryption we need an SSL key and certificate files. These are not somethings which are easy to generate properly, so there is a guide how to create them. It’s important to set the values properly because otherwise it won’t pass the
Note: If you create the ssl certificates you have the change the owner of them.
chown -R mysql:mysql /opt/ssl
Once we have the certificate and key files we can set them under the
/etc/my.cnf. This is the mysql config file location, so we can notice that it’s changed since the 5.7, because it’s not as separated.
# Spoiler: I know this config isn't good, we will fix it later.wsrep_provider_options=”socket.ssl_key=/opt/ssl/server-key.pem;socket.ssl_cert=/opt/ssl/server-cert.pem;socket.ssl_ca=/opt/ssl/ca.pem”[sst]
The only one config that I want to talk about is the sst.encrypt, because it’s not obvious. Fortunately they provide documentation for that value as well.
encrypt=4for SST encryption with SSL files generated by MySQL.
You mean generated by MySQL? Hm… Ok…
rm -rf /opt/ssl. So the new config will be:
Configure the first node and bootstrap
I just set the
pxc-cluster-2, because it’s our second cluster and I guess it can conflict once we want to setup a cluster-to-cluster replication. Also change the
wsrep_node_name to something else which won’t conflict with the 5.7 setup.
systemctl start firstname.lastname@example.org
systemctl status mysql@bootstrap
email@example.com - Percona XtraDB Cluster with config /etc/sysconfig/mysql.bootstrap
Loaded: loaded (/usr/lib/systemd/system/mysql@.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2020-11-09 22:47:52 UTC; 12s ago
Configure and start the second node
Do the same
wsrep_node_name as we did with the first node, everything else is the same as we did in the 5.7. Start it.
systemctl start mysql
Job for mysql.service failed because the control process exited with error code.
See "systemctl status mysql.service" and "journalctl -xe" for details.
Hm, that’s not something what we should see here. I guess it’s because the SSL encryption. “handshake with remote endpoint ssl://X.X.X.13:4567 failed: asio.ssl:67567754: ‘invalid padding”
Finalise the setup
After a massive suffering I finally have a working cluster. The problem was in the SSL encryption, because the “generated by MySQL” what I have mentioned previously means that you generate it… So let me show you the setup of the first cluster again.
# SST method
# ---- until this point everything is them same as previously# ---- from here it will be the same on both node
So I regenerate the SSL keys and certificates after I have removed them previously and placed them under the
/opt/ssl so I could add them. I set up the
[client] section with the corresponding keys and the
[mysqld] section as well. The
[sst] uses these keys, but here we don’t have to specify the path, since they use the already specified keys from the
[mysqld], we only have to add the identifier for them. Also the same in the
After that I copied these keys to the second node. Here I used
python2 -m SimpleHTTPServer since I had a private internal network and get them with
wget on the second node. Then I copied over the configuration to the
Finally I did
systemctl restart mysql@bootstrap on the first node, and
systemctl start mysql on the second node. Then I stopped the bootstrap on the first node with
systemctl stop mysql@bootstrap and started in normal mode
systemctl start mysql. It’s recommended to wait until the bootstrap stops properly. You can check with
ps aux | grep mysql with the state of the stop.
After the start you can check the cluster state:
mysql -pmysql> show status like 'wsrep%';
| wsrep_cluster_size | 2
At this point we have a working cluster with 8.0 and 5.7, but they don’t know each other. Yet.