- 下载mysql5.7安装包并安装
[root@node1 ~]# wget http://10.0.0.61:8080/mysql-5.7.24-linux-glibc2.12-x86_64.tar.gz
[root@node1 ~]# mkdir /usr/local/mysql
[root@node1 ~]# tar zxvf mysql-5.7.24-linux-glibc2.12-x86_64.tar.gz -C /usr/local/mysql
[root@node1 ~]# ll /usr/local/mysql/
total 36
drwxr-xr-x 2 root root 4096 Nov 2 18:46 bin
-rw-r--r-- 1 7161 31415 17987 Oct 4 13:48 COPYING
drwxr-xr-x 2 root root 55 Nov 2 18:47 docs
drwxr-xr-x 3 root root 4096 Nov 2 18:44 include
drwxr-xr-x 5 root root 230 Nov 2 18:47 lib
drwxr-xr-x 4 root root 30 Nov 2 18:45 man
-rw-r--r-- 1 7161 31415 2478 Oct 4 13:48 README
drwxr-xr-x 28 root root 4096 Nov 2 18:47 share
drwxr-xr-x 2 root root 90 Nov 2 18:47 support-files- 创建数据库运行用户
[root@node1 ~]# groupadd mysql
[root@node1 ~]# useradd -g mysql -s /sbin/nologin mysql
[root@node1 ~]# id mysql
uid=1001(mysql) gid=1001(mysql) groups=1001(mysql)- 配置PATH
[root@node1 lib]# echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile.d/mysql.sh
[root@node1 lib]# . /etc/profile
[root@node1 lib]# echo "/usr/local/mysql/lib/" >> /etc/ld.so.conf
[root@node1 lib]# ldconfig
[root@node1 lib]# ln -s /usr/local/mysql/bin/my* /usr/bin/- 数据库目录规划
| 文件类型 | 实例3306 | 软链 |
|---|---|---|
| 数据datadir | /usr/local/mysql/data | /data/mysql/data |
| 参数文件my.cnf | /usr/local/mysql/etc/my.cnf | |
| 错误日志log-error | /usr/local/mysql/log/mysql_error.log | |
| 二进制日志log-bin | /usr/local/mysql/binlogs/mysql-bin | /data/mysql/binlogs/mysql-bin |
| 慢查询日志slow_query_log_file | /usr/local/mysql/log/mysql_slow_query.log | |
| 套接字socket文件 | /usr/local/mysql/run/mysql.sock | |
| pid文件 | /usr/local/mysql/run/mysql.pid |
备注:考虑到数据和二进制日志比较大,需要软链
[root@node1 ~]# ll /usr/local/mysql/
total 36
drwxr-xr-x 2 root root 4096 Nov 2 18:46 bin
lrwxrwxrwx 1 mysql mysql 19 Nov 2 19:08 binlogs -> /data/mysql/binlogs
-rw-r--r-- 1 7161 31415 17987 Oct 4 13:48 COPYING
lrwxrwxrwx 1 mysql mysql 16 Nov 2 19:08 data -> /data/mysql/data
drwxr-xr-x 2 root root 55 Nov 2 18:47 docs
lrwxrwxrwx 1 mysql mysql 15 Nov 2 19:08 etc -> /data/mysql/etc
drwxr-xr-x 3 root root 4096 Nov 2 18:44 include
drwxr-xr-x 5 root root 230 Nov 2 18:47 lib
lrwxrwxrwx 1 mysql mysql 15 Nov 2 19:08 log -> /data/mysql/log
drwxr-xr-x 4 root root 30 Nov 2 18:45 man
-rw-r--r-- 1 7161 31415 2478 Oct 4 13:48 README
lrwxrwxrwx 1 mysql mysql 15 Nov 2 19:08 run -> /data/mysql/run
drwxr-xr-x 28 root root 4096 Nov 2 18:47 share
drwxr-xr-x 2 root root 90 Nov 2 18:47 support-filesmkdir -p /data/mysql/{data,binlogs,log,etc,run}
ln -s /data/mysql/data /usr/local/mysql/data
ln -s /data/mysql/binlogs /usr/local/mysql/binlogs
ln -s /data/mysql/log /usr/local/mysql/log
ln -s /data/mysql/etc /usr/local/mysql/etc
ln -s /data/mysql/run /usr/local/mysql/run
chown -R mysql.mysql /data/mysql/
chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run}也可以只对数据目录和二进制日志目录软链,如下 :
mkdir -p /usr/local/mysql/{log,etc,run}
mkdir -p /data/mysql/{data,binlogs}
ln -s /data/mysql/data /usr/local/mysql/data
ln -s /data/mysql/binlogs /usr/local/mysql/binlogs
chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run}
chown -R mysql.mysql /data/mysql配置mysql
- 配置my.cnf参数文件
删除系统自带的my.cnf
[root@node1 ~]# rm /etc/my.cnf -f- 在
/usr/local/mysql/etc/下创建my.cnf文件,加入如下参数,其他参数根据需要配置
[client]
port = 3306
socket = /usr/local/mysql/run/mysql.sock
[mysqld]
port = 3306
socket = /usr/local/mysql/run/mysql.sock
pid_file = /usr/local/mysql/run/mysql.pid
datadir = /usr/local/mysql/data
default_storage_engine = InnoDB
max_allowed_packet = 512M
max_connections = 2048
open_files_limit = 65535
skip-name-resolve
lower_case_table_names=1
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect='SET NAMES utf8mb4'
innodb_buffer_pool_size = 1024M
innodb_log_file_size = 2048M
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 0
key_buffer_size = 64M
log-error = /usr/local/mysql/log/mysql_error.log
log-bin = /usr/local/mysql/binlogs/mysql-bin
slow_query_log = 1
slow_query_log_file = /usr/local/mysql/log/mysql_slow_query.log
long_query_time = 5
tmp_table_size = 32M
max_heap_table_size = 32M
query_cache_type = 0
query_cache_size = 0
server-id=18C16G生产环境推荐配置
[client]
port = 3306
socket = /usr/local/mysql/run/mysql.sock
[mysql]
prompt="\u@nrpp-web-db-prd \R:\m:\s [\d]> "
no-auto-rehash
您暂时无权查看此隐藏内容!
[mysqldump]
quick
max_allowed_packet = 32M- 设置开机启动项
首先让systemd能管理mysql
在/usr/lib/systemd/system创建mysqld.service文件。
[root@node1 ~]# cat /etc/systemd/system/mysqld.service
# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# systemd service file for MySQL forking server
#
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile=/usr/local/mysql/run/mysqld.pid
# Disable service start and stop timeout logic of systemd for mysqld service.
TimeoutSec=0
# Execute pre and post scripts as root
PermissionsStartOnly=true
# Needed to create system tables
#ExecStartPre=/usr/bin/mysqld_pre_systemd
# Start main service
ExecStart=/usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr/local/mysql/run/mysqld.pid $MYSQLD_OPTS
# Use this to switch malloc implementation
EnvironmentFile=-/etc/sysconfig/mysql
# Sets open_files_limit
LimitNOFILE = 65535
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false- 启用开机启动
systemctl daemon-reload
systemctl enable mysqld.service
systemctl is-enabled mysqld- 初始化数据库
[root@node1 ~]# mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data- 在日志文件里会提示一个临时密码,记录这个密码
[root@node2 ~]# grep 'temporary password' /usr/local/mysql/log/mysql_error.log
2018-11-02T11:58:35.441018Z 1 [Note] A temporary password is generated for root@localhost: phH!QobO;2/a- 生成ssl
[root@node1 ~]# mysql_ssl_rsa_setup --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/- 启动mysql
[root@node1 ~]# systemctl start mysqld.service
[root@node1 ~]# netstat -lntp|grep mysqld
tcp6 0 0 :::3306 :::* LISTEN 2624/mysqld- Securing the Initial MySQL Accounts
[root@node1 ~]# mysql_secure_installation
Securing the MySQL server deployment.
Enter password for user root:
The existing password for the user account root has expired. Please set a new password.
New password:
Re-enter new password:
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
Press y|Y for Yes, any other key for No: y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0
Using existing password for root.
Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n
... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done! - Populating the Time Zone Tables
导入时区信息
[root@node1 ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p123456 mysql
测试
[root@node1 ~]# mysqladmin version -uroot -p
Enter password:
mysqladmin Ver 8.42 Distrib 5.7.24, for linux-glibc2.12 on x86_64
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Server version 5.7.24-log
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /usr/local/mysql/run/mysql.sock
Uptime: 17 min 18 sec
Threads: 1 Questions: 8767 Slow queries: 0 Opens: 152 Flush tables: 1 Open tables: 145 Queries per second avg: 8.446- 查看系统变量
[root@node1 ~]# mysqladmin variables -uroot -p- 利用logrotate对MySQL日志进行轮转
cat .my.cnf
[mysqladmin]
password = 123456
user= root
[root@node1 ~]# chmod 600 .my.cnf
[root@node1 ~]# ll .my.cnf
-rw------- 1 root root 42 Nov 2 20:17 .my.cnf[root@node1 ~]# cp /usr/local/mysql/support-files/mysql-log-rotate /etc/logrotate.d/
[root@node1 ~]# chmod 644 /etc/logrotate.d/mysql-log-rotatecat /etc/logrotate.d/mysql-log-rotate
# The log file name and location can be set in
# /etc/my.cnf by setting the "log-error" option
# in either [mysqld] or [mysqld_safe] section as
# follows:
#
# [mysqld]
# log-error=/usr/local/mysql/data/mysqld.log
#
# In case the root user has a password, then you
# have to create a /root/.my.cnf configuration file
# with the following content:
#
# [mysqladmin]
# password = <secret>
# user= root
#
# where "<secret>" is the password.
#
# ATTENTION: The /root/.my.cnf file should be readable
# _ONLY_ by root !
/usr/local/mysql/log/mysql_*.log {
# create 600 mysql mysql
notifempty
weekly
rotate 52
missingok
compress
postrotate
# just if mysqld is really running
if test -x /usr/local/mysql/bin/mysqladmin && \
/usr/local/mysql/bin/mysqladmin ping &>/dev/null
then
/usr/local/mysql/bin/mysqladmin flush-logs
fi
endscript
}测试
[root@node1 ~]# /usr/sbin/logrotate -fv /etc/logrotate.d/mysql-log-rotate
WEB架构
安全监控体系
集群架构
