1 安装说明
安装目录 | 安装用户 | Uid | Gid | 数据存放位置 |
/u01/app | mysql | 1300 | 1310 | /u01/app/mysql/data |
2 配置操作系统
2.1 在 hosts 文件加上本机解析
如果不设置 hosts 本机解析,偶然会出现一些诡异的问题,所以还是加上比较好
host_ip=$(ifconfig | grep inet | grep broadcast | awk '{print $2}' | awk -F: '{print $NF}' | head -1)
name=$(hostname)
sed -i "s/^127.0.0.1/127.0.0.1 ${name}/" /etc/hosts
echo "${host_ip} ${name}" >> /etc/hosts2.2 配置sysctl.conf
cat >> /etc/sysctl.conf <<EOF vm.swappiness = 30 fs.file-max = 6000000 EOF sysctl -p
2.3 配置/etc/pam.d/login
cat >> /etc/pam.d/login <<EOF session required pam_limits.so EOF
2.4 配置资源限制limits.conf
cat >> /etc/security/limits.conf <<EOF mysql soft nofile 655350 mysql soft nproc 655350 EOF
2.5 关闭 iptable
数据库一般不允许通外网,如果对防火墙不是很熟悉,可以关掉; 如果网络环境不够安全,可以开启
service iptables stop chkconfig iptables off
或
systemctl stop firewalld systemctl disable firewalld
2.6 关闭 selinux
selinux 可能会造成无法写入数据,如果对它不熟悉,建议关掉
查看 selinux 状态
getenforce
临时关闭
setenforce 0
永久关闭
打开 /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
sed -i 's/^[[:space:]]*SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config setenforce 0
2.7 关闭avhai-deamon
systemctl stop avahi-dnsconfd systemctl stop avahi-daemon systemctl disable avahi-dnsconfd systemctl disable avahi-daemon
2.8 系统关闭NUMA和huge page
2.8.1 查看内核层面是否关闭
dmesg | grep -i transparent_hugepage=never dmesg | grep -i numa=off
2.8.2 查看当前运行是否关闭
lscpu|grep NUMA cat /sys/kernel/mm/transparent_hugepage/enabled
2.8.3 查看是否有grubby命令
which grubby
如果没有,安装grubby
yum install -y grubby
2.8.4 更改内核参数(关闭透明大页和numa)
grubby --update-kernel=ALL --args="transparent_hugepage=never numa=off"
2.8.5 确认内核层面关闭
dmesg | grep -i transparent_hugepage=never dmesg | grep -i numa=off
2.8.6 重启系统
shutdown -r now
或
systemctl reboot
3 卸载mariadb
3.1 查询所安装的MariaDB组件
注意:
查询出来那些组件,就需要卸载那些组件。
[root@localhost]# rpm -qa | grep mariadb MariaDB-server-5.5.49-1.el7.x86_64 MariaDB-common-5.5.49-1.el7.x86_64 MariaDB-client-5.5.49-1.el7.x86_64 mariadb-libs-5.5.49-1.el7.x86_64
3.2 卸载mariadb数据库
rpm -e --nodeps packagename
注意:
--nodeps参数不检查依赖关系。
例如:
rpm -e --nodeps $(rpm -qa | grep mariadb)
或
[root@localhost]# rpm -e --nodeps MariaDB-server-5.5.49-1.el7.x86_64 [root@localhost]# rpm -e --nodeps MariaDB-common-5.5.49-1.el7.x86_64 [root@localhost]# rpm -e --nodeps MariaDB-client-5.5.49-1.el7.x86_64 [root@localhost]# rpm -e --nodeps mariadb-libs-5.5.49-1.el7.x86_64
3.3 删除etc目录下的my.cnf
[root@centos ~]# rm /etc/my.cnf
4 安装mysql
4.1 root用户安装依赖包libaio
yum install -y libaio
4.2 root用户创建用户mysql
groupadd -g 1300 mysql useradd -u 1310 -r -g mysql -s /bin/false mysql
4.3 root用户创建安装目录
mkdir -p /u01/app
4.4 上传安装包并解压
[root@centos ~]# tar xvf mysql-8.0.16-el7-x86_64.tar
4.5 root用户安装mysql(解压即安装)到/u01/app
[root@centos ~]# tar zxvf mysql-8.0.16-el7-x86_64.tar.gz -C /u01/app mysql-8.0.16-el7-x86_64/bin/ mysql-8.0.16-el7-x86_64/bin/myisam_ftdump mysql-8.0.16-el7-x86_64/bin/myisamchk mysql-8.0.16-el7-x86_64/bin/myisamlog mysql-8.0.16-el7-x86_64/bin/myisampack mysql-8.0.16-el7-x86_64/bin/mysql . . . mysql-8.0.16-el7-x86_64/lib/libmysqlharness.so mysql-8.0.16-el7-x86_64/lib/libmysqlharness.so.1 mysql-8.0.16-el7-x86_64/lib/libmysqlrouter.so mysql-8.0.16-el7-x86_64/lib/libmysqlrouter.so.1
4.6 更改目录名称
[root@centos ~]# mv /u01/app/mysql-8.0.16-el7-x86_64 /u01/app/mysql-8.0.16
4.7 创建软链接
[root@centos ~]$ ln -s /u01/app/mysql-8.0.16 /u01/app/mysql
4.8 创建并编辑/etc/my.cnf
注意:
l socket文件位置必须设置成相同。否则客户端连接会报错ERROR 2002 (HY000): Can't connect to local MySQL server through socket 'xx/mysql.sock' (2)
l 客户端先读取自己用户家目录下的my.cnf文件,在读取/etc/my.cnf。所以有些客户端配置信息可以写在家目录下的my.cnf文件,并为了安全将权限改为0600。
例如:
[mysql@centos ~]$ cat my.cnf [client] # 客户端使用的字符集默认为8比特编码的latin1字符集 # UTF8的别名为utf8mb3,在mysql8中utf8mb3字符集已被弃用 default-character-set=UTF8MB4 user=xx password=xx [mysql@centos ~]$ chmod 0600 ~/my.cnf
主配置
cat >> /etc/my.cnf <<EOF #客户端免密登录 [client] # 客户端使用的字符集默认为8比特编码的latin1字符集 # UTF8的别名为utf8mb3,在mysql8中utf8mb3字符集已被弃用 default-character-set=UTF8MB4 #user=xx #password=xx #登陆后提示符 prompt = (\\u@\\h) [\\d]>\\_ [mysql] # 设置mysql客户端默认字符集 default-character-set=UTF8MB4 #设置socket文件位置 socket=/tmp/mysql.sock #登陆后提示符 prompt = (\\u@\\h) [\\d]>\\_ [mysqld] # 服务端使用的字符集默认为8比特编码的latin1字符集 character-set-server=UTF8MB4 # 创建新表时将使用的默认存储引擎 default-storage-engine=INNODB #设置3306端口 port=3306 # 设置mysql的安装目录 basedir=/u01/app/mysql # 设置mysql数据库的数据的存放目录 datadir=/u01/app/mysql/data # 允许最大连接数 max_connections=200 #设置socket文件位置 socket=/tmp/mysql.sock # pid-file文件位置 pid-file =/u01/app/mysql/mysql.pid #load data目录 secure_file_priv = /u01/app/mysql/mysql-files # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd # 使用innodb引擎的每个表文件单独存储 innodb_file_per_table=1 # 日志文件位置 log-error=/u01/app/mysql/mysql.log [mysqld_safe] # 默认以mysql用户启动数据库 user=mysql # 日志文件位置 log-error=/u01/app/mysql/mysql.log # pid-file文件位置 pid-file=/u01/app/mysql/mysql.pid EOF
4.9 *验证配置(mysql 8.0.16才引入这个功能)
注意:
无输出即表示配置无错误。
mysqld --validate-config validate-config
4.10 Root用户对应目录
4.10.1 创建数据目录
mkdir -p /u01/app/mysql/data
4.10.2 Root用户初始化数据目录
mysql-files目录提供了一个方便的位置,可以将其用作secure_file_priv系统变量的值,该变量将导入和导出操作限制在特定的目录中。
Mysql用户创建目录
[root@centos ~]$ cd /u01/app/mysql [root@centos mysql]$ mkdir -p /u01/app/mysql/mysql-files
4.11 root用户更改权限
[root@centos ~]# chown -R mysql:mysql /u01/app/ [root@centos ~]# chmod -R 750 /u01/app/
4.12 设置root用户环境变量
[root@centos ~]$ vim ~/.bash_profile
添加以下条目:
export PATH=$PATH:/u01/app/mysql/bin
或
cat >> /root/.bash_profile <<EOF export PATH=\$PATH:/u01/app/mysql/bin EOF
4.13 使环境变量生效
[root@centos ~]$ source ~/.bash_profile
5 安装任务
5.1 初始化mysql
[root@centos ~]$ mysqld --defaults-file=/etc/my.cnf --initialize --user=mysql
注意输出的密码,例如:
[mysql@centos data]$ mysqld --initialize --user=mysql 2019-06-14T03:05:54.583988Z 0 [System] [MY-013169] [Server] /u01/app/mysql/bin/mysqld (mysqld 8.0.16) initializing of server in progress as process 3676 2019-06-14T03:05:58.879961Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: J7e9.eyFWgRq 2019-06-14T03:06:00.912139Z 0 [System] [MY-013170] [Server] /u01/app/mysql/bin/mysqld (mysqld 8.0.16) initializing of server has completed
5.2 查看mysql的root用户临时密码
[root@centos tmp]# grep 'temporary password' /u01/app/mysql/mysql.log 2019-07-13T08:35:46.078253Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: J7e9.eyFWgRq
5.3 开启ssl
mysql_ssl_rsa_setup
5.4 配置
5.4.1 拷贝mysql.server到/etc/init.d/目录下
cp /u01/app/mysql/support-files/mysql.server /etc/init.d/mysql.server
5.5 启动mysql
[mysql@centos ~]$ cd /u01/app/mysql/support-files/ [mysql@centos support-files]$ ls mysqld_multi.server mysql-log-rotate mysql.server [mysql@centos support-files]$ ./mysql.server start Starting MySQL.. SUCCESS!
或
[mysql@centos ~]$ mysqld_safe --defaults-file=/etc/my.cnf &
5.6 登录mysql并更改root用户密码
注意:
更改密码有2种方法:
l 登录mysql,使用ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
l 使用mysql_secure_installation
5.6.1 方法一
[root@centos ~]# mysql -uroot -p mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
5.6.2 方法二
[root@centos ~]# mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: 输入初始化生成的随机密码 The existing password for the user account root has expired. Please set a new password. New password: 输入新密码 Re-enter new password: 再次输入新密码 VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: y There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1 Using existing password for root. Estimated strength of the password: 100 Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done!
注意:
validate_password是默认安装的。validate_password实现的默认密码策略要求密码包含至少一个大写字母、一个小写字母、一个数字和一个特殊字符,并且总密码长度至少为8个字符。
6 关闭数据库
mysqladmin -uroot -p shutdown
7 查看数据库默认配置
[mysql@centos ~]$ mysqld --verbose --help
8 MySQL社区版Linux RPM包的MySQL安装布局
文件或资源 | 位置 |
安装目录base | /u01/app/mysql |
客户端程序和脚本 | $base/bin |
mysqld服务 | $base/sbin |
配置文件 | /etc/my.cnf |
数据目录 | $base/data |
错误日志文件 | $base/mysqld.log |
secure_file_priv的值 | $base/mysql-files |
System V初始化脚本 | $base/mysql.server |
Pid文件 | $base/mysqld.pid |
Socket | /tmp/mysql.sock |
Keyring目录 | /var/lib/mysql-keyring |
Unix man 文档 | $base/man |
包括(头)文件 | $base/include/mysql |
函数库 | $base/lib/mysql |
杂项支持文件(例如,错误消息和字符集文件) | $base/share/mysql |
网友留言: