一、環境
[root@rhel:~]#cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 (Maipo) [root@rhel:~]#uname -r 3.10.0-514.el7.x86_64 [root@rhel:~]#getenforce Disabled
二、官方源
獲取官方源:
[root@rhel:/opt]#wget http://repo.mysql.com/mysql57-community-release-el7-9.noarch.rpm --2018-03-15 15:25:41-- http://repo.mysql.com/mysql57-community-release-el7-9.noarch.rpm Resolving repo.mysql.com (repo.mysql.com)... 23.55.208.125 Connecting to repo.mysql.com (repo.mysql.com)|23.55.208.125|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 9224 (9.0K) [application/x-redhat-package-manager] Saving to: ‘mysql57-community-release-el7-9.noarch.rpm’ 100%[================================>] 9,224 1.80KB/s in 5.0s 2018-03-15 15:25:47 (1.80 KB/s) - ‘mysql57-community-release-el7-9.noarch.rpm’ saved [9224/9224]
安裝:
[root@rhel:/opt]#rpm -ivh mysql57-community-release-el7-9.noarch.rpm warning: mysql57-community-release-el7-9.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY Preparing... ################################# [100%] Updating / installing... 1:mysql57-community-release-el7-9 ################################# [100%]
安裝之後, /etc/yum.repos.d/目錄下會產生兩個檔案:mysql-community-source.repo、mysql-community.repo。
三、建立組和使用者
[root@rhel:~]#groupadd mysql [root@rhel:~]#useradd -r -g mysql -p root mysql [root@rhel:~]#usermod -s /sbin/nologin mysql
四、安裝MySQL
由於RHEL7.3中預設安裝了Mariadb,安裝MySQL時會報錯,所以先解除安裝Mariadb。
[root@rhel:~]#rpm -qa|grep mariadb mariadb-libs-5.5.52-1.el7.x86_64 mariadb-5.5.52-1.el7.x86_64 mariadb-server-5.5.52-1.el7.x86_64
解除安裝:
[root@rhel:~]#rpm -e mariadb-libs-5.5.52-1.el7.x86_64 error: Failed dependencies: libmysqlclient.so.18()(64bit) is needed by (installed) perl-DBD-MySQL-4.023-5.el7.x86_64 libmysqlclient.so.18()(64bit) is needed by (installed) qt-mysql-1:4.8.5-13.el7.x86_64 libmysqlclient.so.18()(64bit) is needed by (installed) postfix-2:2.10.1-6.el7.x86_64 libmysqlclient.so.18()(64bit) is needed by (installed) zabbix-server-mysql-4.0.0-1.1alpha4.el7.x86_64 libmysqlclient.so.18(libmysqlclient_18)(64bit) is needed by (installed) perl-DBD-MySQL-4.023-5.el7.x86_64 libmysqlclient.so.18(libmysqlclient_18)(64bit) is needed by (installed) qt-mysql-1:4.8.5-13.el7.x86_64 libmysqlclient.so.18(libmysqlclient_18)(64bit) is needed by (installed) postfix-2:2.10.1-6.el7.x86_64 libmysqlclient.so.18(libmysqlclient_18)(64bit) is needed by (installed) zabbix-server-mysql-4.0.0-1.1alpha4.el7.x86_64 mariadb-libs(x86-64) = 1:5.5.52-1.el7 is needed by (installed) mariadb-1:5.5.52-1.el7.x86_64 mariadb-libs(x86-64) = 1:5.5.52-1.el7 is needed by (installed) mariadb-server-1:5.5.52-1.el7.x86_64
使用–nodeps強制解除安裝:
[root@rhel:~]#rpm -e --nodeps mariadb-libs-5.5.52-1.el7.x86_64 [root@rhel:~]#rpm -e --nodeps mariadb-5.5.52-1.el7.x86_64 [root@rhel:~]#rpm -e --nodeps mariadb-server-5.5.52-1.el7.x86_64
安裝MySQL:
[root@rhel:~]#yum install mysql-server Loaded plugins: aliases, changelog, langpacks, ovl, product-id, search- : disabled-repos, subscription-manager, tmprepo, verify, : versionlock This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. file:///mnt/cdrom/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn`t open file /mnt/cdrom/repodata/repomd.xml" Trying other mirror. mysql-connectors-community | 2.5 kB 00:00 mysql-tools-community | 2.5 kB 00:00 mysql57-community | 2.5 kB 00:00 zabbix | 2.9 kB 00:00 zabbix-non-supported | 951 B 00:00 Resolving Dependencies --> Running transaction check ---> Package mysql-community-server.x86_64 0:5.7.21-1.el7 will be installed --> Processing Dependency: mysql-community-common(x86-64) = 5.7.21-1.el7 for package: mysql-community-server-5.7.21-1.el7.x86_64 --> Processing Dependency: mysql-community-client(x86-64) >= 5.7.9 for package: mysql-community-server-5.7.21-1.el7.x86_64 --> Running transaction check ---> Package mysql-community-client.x86_64 0:5.7.21-1.el7 will be installed --> Processing Dependency: mysql-community-libs(x86-64) >= 5.7.9 for package: mysql-community-client-5.7.21-1.el7.x86_64 ---> Package mysql-community-common.x86_64 0:5.7.21-1.el7 will be installed --> Running transaction check ---> Package mysql-community-libs.x86_64 0:5.7.21-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================== Package Arch Version Repository Size ========================================================================== Installing: mysql-community-server x86_64 5.7.21-1.el7 mysql57-community 164 M Installing for dependencies: mysql-community-client x86_64 5.7.21-1.el7 mysql57-community 24 M mysql-community-common x86_64 5.7.21-1.el7 mysql57-community 272 k mysql-community-libs x86_64 5.7.21-1.el7 mysql57-community 2.1 M Transaction Summary ========================================================================== Install 1 Package (+3 Dependent packages) Total size: 190 M Total download size: 188 M Installed size: 858 M Is this ok [y/d/N]: y Downloading packages: No Presto metadata available for mysql57-community warning: /var/cache/yum/x86_64/7Server/mysql57-community/packages/mysql-community-client-5.7.21-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY Public key for mysql-community-client-5.7.21-1.el7.x86_64.rpm is not installed (1/2): mysql-community-client-5.7.21-1.el7.x86_64.rp | 24 MB 00:05 (2/2): mysql-community-server-5.7.21-1.el7.x86_64.rp | 164 MB 02:02 -------------------------------------------------------------------------- Total 1.5 MB/s | 188 MB 02:02 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql Importing GPG key 0x5072E1F5: Userid : "MySQL Release Engineering <mysql-build@oss.oracle.com>" Fingerprint: a4a9 4068 76fc bd3c 4567 70c8 8c71 8d3b 5072 e1f5 Package : mysql57-community-release-el7-9.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. ** Found 10 pre-existing rpmdb problem(s), `yum check` output follows: PackageKit-1.0.7-6.el7.x86_64 has missing requires of PackageKit-backend akonadi-mysql-1.9.2-4.el7.x86_64 has missing requires of mariadb-server perl-DBD-MySQL-4.023-5.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit) perl-DBD-MySQL-4.023-5.el7.x86_64 has missing requires of libmysqlclient.so.18(libmysqlclient_18)(64bit) 2:postfix-2.10.1-6.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit) 2:postfix-2.10.1-6.el7.x86_64 has missing requires of libmysqlclient.so.18(libmysqlclient_18)(64bit) 1:qt-mysql-4.8.5-13.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit) 1:qt-mysql-4.8.5-13.el7.x86_64 has missing requires of libmysqlclient.so.18(libmysqlclient_18)(64bit) zabbix-server-mysql-4.0.0-1.1alpha4.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit) zabbix-server-mysql-4.0.0-1.1alpha4.el7.x86_64 has missing requires of libmysqlclient.so.18(libmysqlclient_18)(64bit) Installing : mysql-community-common-5.7.21-1.el7.x86_64 1/4 Installing : mysql-community-libs-5.7.21-1.el7.x86_64 2/4 Installing : mysql-community-client-5.7.21-1.el7.x86_64 3/4 Installing : mysql-community-server-5.7.21-1.el7.x86_64 4/4 Verifying : mysql-community-server-5.7.21-1.el7.x86_64 1/4 Verifying : mysql-community-common-5.7.21-1.el7.x86_64 2/4 Verifying : mysql-community-libs-5.7.21-1.el7.x86_64 3/4 Verifying : mysql-community-client-5.7.21-1.el7.x86_64 4/4 Installed: mysql-community-server.x86_64 0:5.7.21-1.el7 Dependency Installed: mysql-community-client.x86_64 0:5.7.21-1.el7 mysql-community-common.x86_64 0:5.7.21-1.el7 mysql-community-libs.x86_64 0:5.7.21-1.el7 Complete!
五、初始化mysql
使用mysqld –initialize初始化mysql
–initialize :初始化時,會生成一個root使用者和一個隨機的密碼,並且密碼設定為過期,需要立即修改密碼。確保資料庫目錄與檔案的所有者為mysql賬戶,以便在執行mysqld服務時對這些目錄和檔案有讀取與寫入許可權。以root身份執行mysqld服務,需指定–user=mysql選項。
注意:本例沒有指定user選項,所以後面啟動mysql時出現報錯,需要修改相關檔案系統許可權才可以正常啟動,使用下面的命令初始化會避免這一問題(未驗證,待定):
#mysqld --initialize --user=mysql
–initialize-insecure :另外,可以使用該配置初始化,但這種方式會生成一個root使用者,並且密碼是空(第一次登入密碼空即可),同樣需要立即修改密碼。可以使用mysql -u root –skip-password直接登入mysql。
本例採用第一種:
[root@rhel:~]#mysqld --initialize
初始化後,會生成一個root使用者(mysql的使用者,非系統的root使用者)和一個隨機密碼。
[root@rhel:~]#which mysqld /usr/sbin/mysqld [root@rhel:~]#grep `temporary password` /var/log/mysqld.log 2018-03-16T01:10:40.569111Z 1 [Note] A temporary password is generated for root@localhost: _iBhf7suG,go
六、啟動mysql,檢視mysql的狀態並設定開機啟動
[root@rhel:~]#systemctl start mysqld Redirecting to /bin/systemctl start mysqld.service Job for mysqld.service failed because the control process exited with error code. See "systemctl status mysqld.service" and "journalctl -xe" for details.
無法啟動,需要修改/var/lib/mysql的許可權(由於初始化時沒有指定使用者–user=mysql,未驗證,待定)
[root@rhel:~]#chown mysql:mysql -R /var/lib/mysql
再次啟動,成功
[root@rhel:~]#systemctl start mysqld Redirecting to /bin/systemctl start mysqld.service
檢視mysql狀態
[root@rhel:~]#systemctl status mysqld Redirecting to /bin/systemctl status mysqld.service ● mysqld.service - MySQL Server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor Active: active (running) since Fri 2018-03-16 09:37:07 CST; 1h 21min ago Docs: man:mysqld(8) http://dev.mysql.com/doc/refman/en/using-systemd.html Process: 16216 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run Process: 16194 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, sta Main PID: 16219 (mysqld) CGroup: /system.slice/mysqld.service └─16219 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/ Mar 16 09:37:05 rhel systemd[1]: Starting MySQL Server... Mar 16 09:37:07 rhel systemd[1]: Started MySQL Server.
設定開機啟動
[root@rhel:~]#systemctl enable mysqld
其實質是,增加由/usr/lib/systemd/system/到/etc/systemd/system/multi-user.target.wants/下的軟連結
七、修改mysql的root密碼
首先,修改mysql的root使用者密碼,因為安全配置嚮導裡需要輸入密碼,而隨機生成的密碼比較複雜,所以設定新密碼方便輸入。
共有兩種修改方式:
第一種,使用mysqladmin修改密碼
1.如果 mysql的root使用者現在沒有密碼,你希望的密碼修改為123456,那麼命令是:
# mysqladmin -u root password 123456
2.如果mysql的root現在有密碼(123456),那麼修改密碼為abcdef的命令是:
# mysqladmin -u root -p password abcdef
注意,命令回車後會提示舊密碼,輸入舊密碼123456之後命令完成,密碼修改成功。
[root@rhel:~]#mysqladmin -u root -p password abcdef Enter password: mysqladmin: [Warning] Using a password on the command line interface can be insecure. Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
第二種,若是忘記密碼,可以通過以下方式重置mysql的root使用者密碼
編輯/etc/my.cnf檔案,skip–grant–tables)
root@rhel:~]#vi /etc/my.cnf
[mysqld]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
skip-grant-tables
[root@rhel:~]#systemctl restart mysqld
然後登入,修改密碼欄位,重新整理許可權
[root@rhel:~]#mysql -uroot -p Enter password: ###密碼為空,直接回車即可 Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 2 Server version: 5.7.21 MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type `help;` or `h` for help. Type `c` to clear the current input statement.
mysql> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A mysql> update user set authentication_string=password(`123456`) where user=`root`; mysql> flush privileges;
退出,然後編輯/etc/my.cnf檔案,
root@rhel:~]#vi /etc/my.cnf [mysqld] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid skip-grant-tables #######刪除此行
儲存退出,重啟mysql服務
[root@rhel:~]#systemctl restart mysqld
登入mysql,若提示需要再次修改密碼,則根據提示修改,若無此提示直接連至資料庫。
[root@rhel:~]#mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 2 Server version: 5.7.21 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type `help;` or `h` for help. Type `c` to clear the current input statement. mysql>
八、MySQL安全配置嚮導mysql_secure_installation
[root@rhel:~]#mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: The `validate_password` plugin is installed on the server. The subsequent steps will run with the existing configuration of the plugin. Using existing password for root. Estimated strength of the password: 25 Change the password for root ? ((Press y|Y for Yes, any other key for No) : n ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y ######是否移除匿名使用者 Success. Normally, root should only be allowed to connect from `localhost`. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n ##############是否禁止mysql的root使用者遠端登入,測試環境,所以允許 ... skipping. By default, MySQL comes with a database named `test` that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : n ########是否移除test資料庫,測試環境,保留 ... skipping. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y #######是否重新載入許可權表 Success. All done!
至此,安裝完成。