Hi, i’m unable to install pxc-84-lts on Rocky Linux 9.x (9.7) via repositories.
If i have to download and install the rpm availables, which would you suggest for 8.4.4 version considering that on board there is gcc 2.34 ?
Thanks
@Frak You can install the compatible RHEL9 rpms from below urls.
- List item
- List item
Moreover, you can also get the RPMS as per your architecture using below url directly.
Better to test with these and let us know if face any problems!
1 Like
Hi, i’ve succesfully installed pxc 8.4 on a 3 nodes Rocky Linux cluster
After having bootstrapped the first node, when i try to add the second one it doesn’t start with ssl related errors
*gcomm: connecting to group ‘db-clu-premium’, peer ‘10.1.40.250:,10.1.40.251:,10.1.40.252:’
Failed to establish connection: Connection refused
Failed to establish connection: invalid padding: certificate signature failure
(7aaea705-afad, ‘ssl://0.0.0.0:4567’) Found matching local endpoint for a connection, blacklisting address ssl://10.1.40.251:4567
EVS version upgrade 0 → 1
…..
I’ve created the certificates on the first node and copied them on /etc on the other nodes as stated in documentation
I’ve verified that the files have the same permissions
in the /my.cnf i’ve also added
wsrep_provider_options=“socket.ssl_key=server-key.pem;socket.ssl_cert=server-cert.pem;socket.ssl_ca=ca.pem”
ssl-key=server-key.pem
ssl-ca=ca.pem
ssl-cert=server-cert.pem
Can you suggest me what should i look for?
Do you have another set of certs sitting in your data directory?
yes, you’re right!
I immagine they are the ones generated by the mysql initial installation, they are different that those in /etc and owned by the mysql user
What should i do? Is it safe it if i delete them? (since in the installation manual they say that they have to be ouside the mysql datadir)
Try making the below changes to your my.cnf
Example:
wsrep_provider_options="socket.ssl_key=/etc/server-key.pem;socket.ssl_cert=/etc/server-cert.pem;socket.ssl_ca=/etc/ca.pem"
ssl-key=/etc/server-key.pem
ssl-ca=/etc/ca.pem
ssl-cert=/etc/server-cert.pem
Hi, first of all thanks for your reply
It doesn’t work, and the error is the same
PS the documentation on the percona website for pxc 8.4 doesn’t say anything about the /etc/ca.pem file and how to generate it
Before we dig deeper into the certs. Can you verify a couple network related items.
- Do the PXC Node have a local firewall running that could be blocking ports?
- Run this command on Node1 to verify the galera ports are listen.
ss -lntp | egrep ':4567|:4568|:4444'
Here you are
$ ss -lntp | egrep ‘:4567|:4568|:4444’
LISTEN 0 4096 0.0.0.0:4567 0.0.0.0:* users:((“mysqld”,pid=150372,fd=10))
PS in the meanwhile i’ve disabled the ssl options,
added pxc-encrypt-cluster-traffic=OFF
and joined the other 2 nodes to the cluster