# rpm -i mysql-community-server-5.7.8-0.3.rc.el5.x86_64.rpm mysql-community-common-5.7.8-0.3.rc.el5.x86_64.rpm mysql-community-client-5.7.8-0.3.rc.el5.x86_64.rpm mysql-5.7.8-0.3.rc.el5.x86_64.rpm mysql-community-libs-5.7.8-0.3.rc.el5.x86_64.rpm mysql-community-libs-compat-5.7.8-0.3.rc.el5.x86_64.rpm .. # less /var/log/mysqld.log 2015-07-15T07:44:47.363530Z 0 [Warning] InnoDB: New log files created, LSN=45790 2015-07-15T07:44:47.504281Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2015-07-15T07:44:47.582258Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5dd4d949-2ac5-11e5-8a55-0242ac11000a. 2015-07-15T07:44:47.586384Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2015-07-15T07:44:47.586799Z 0 [Warning] Failed to setup SSL 2015-07-15T07:44:47.586825Z 0 [Warning] SSL error: SSL context is not usable without certificate and private key 2015-07-15T07:44:47.587546Z 1 [Warning] A temporary password is generated for root@localhost: 0J:ra.dZgrmF 150715 16:44:52 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 2015-07-15T07:44:52.939037Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2015-07-15T07:44:52.940030Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.8-rc) starting as process 413 ... .. 2015-07-15T07:44:53.156280Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them. 2015-07-15T07:44:53.156620Z 0 [Warning] CA certificate ca.pem is self signed. 2015-07-15T07:44:53.156875Z 0 [Note] Server hostname (bind-address): '*'; port: 3306 2015-07-15T07:44:53.156942Z 0 [Note] IPv6 is available. 2015-07-15T07:44:53.156952Z 0 [Note] - '::' resolves to '::'; 2015-07-15T07:44:53.156957Z 0 [Note] Server socket created on IP: '::'. 2015-07-15T07:44:53.158530Z 0 [Note] InnoDB: Buffer pool(s) load completed at 150715 16:44:53 2015-07-15T07:44:53.173689Z 0 [Note] Event Scheduler: Loaded 0 events 2015-07-15T07:44:53.174035Z 0 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.7.8-rc' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL)
* "[Warning] Failed to setup SSL"と言いながら
* "[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them." と言って
* "[Warning] CA certificate ca.pem is self signed." とまとめる。
というのは、1つ目の"Failed to setup SSL"はmysqld --initializeのタイミングで呼ばれているので、この時点ではSSL証明書がなくてmysqld起動時のSSL有効化に失敗する。
/etc/init.d/mysqldの中では、 mysqld --initialize => mysql_ssl_rsa_setup => mysqld_safe の順番で呼んでいるので、
2つ目の"Found ca.pem"はmysqld_safeから起動されたmysqldが、その前に走っていたmysql_ssl_rsa_setupで作成されたSSL証明書を拾ってSSLを有効化にして起動している。
3つ目は読んで字のごとく。
5.7.5以降 mysqldの--ssl がデフォルトで有効になっているので、クライアント側でca.pemを使ってSSL接続するようにしさえすればそれだけでOK。
0 件のコメント :
コメントを投稿