1. 说明
适用于CentOS 6.*和CentOS 7.* 系统版本:CentOS 6.8_x86-64 mysql版本:mysql-5.7.21-linux-glibc2.5-x86_64.tar.gz mysql程序安装路径:/data/mysql mysql数据存放路径:/data/mysql/data socket存放路径: /data/mysql/mysql.sock 安装方式:二进制文件安装
2. 新建用户
[[email protected] ~]# yum install libaio -y # 安装依赖包 [[email protected] ~]# groupadd mysql [[email protected] ~]# useradd -r -g mysql -M -s /bin/false mysql
3. 下载解压
[[email protected] ~]# cd /data/
[[email protected] data]# wget https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.21-linux-glibc2.5-x86_64.tar.gz
[[email protected] data]# tar -xvf mysql-5.7.21-linux-glibc2.5-x86_64.tar.gz
[[email protected] data]# mv mysql-5.7.21-linux-glibc2.5-x86_64 /data/mysql
[[email protected] data]# mkdir -p/data/mysql/{logs,tmp}
[[email protected] data]# chown -R mysql:mysql /data/mysql/
4. 添加环境变量:
[[email protected] data]# cd /data/mysql/
[[email protected] mysql]# echo export PATH='${PATH}':/data/mysql/bin > /etc/profile.d/mysql.sh
[[email protected] mysql]# source /etc/profile.d/mysql.sh
[[email protected] mysql]# echo $PATH # 验证
# 环境变量添加到全局中时,两个软链接可以不用设置
[[email protected] mysql]# ln -s /data/mysql/bin/mysql /usr/bin [[email protected] mysql]# ln -s /data/mysql/bin/mysqld /usr/bin
5. 添加MySQL类到系统
[[email protected] mysql]# echo "/data/mysql/lib" > /etc/ld.so.conf.d/mysql.conf [[email protected] mysql]# ldconfig # 重新加载动态链接库
6. 修改启动脚本
如果安装在/usr/local/mysql/目录下,则两个sed不许执行,因为默认安装在/usr/local/目录下;
[[email protected] mysql]# sed -i 's#/usr/local/mysql#/data/mysql#g' /data/mysql/bin/mysqld_safe [[email protected] mysql]# sed -i 's#/usr/local/mysql#/data/mysql#g' /data/mysql/support-files/mysql.server
7. 修改配置文件
参考知数堂叶金荣老师的my.cnf生成器,附链接: http://imysql.com/my-cnf-wizard.html
[[email protected] mysql]# vim /etc/my.cnf [client] port = 3306 socket = /data/mysql/mysql.sock default-character-set = utf8 [mysqld] server-id = 1 user = mysql port = 3306 basedir = /data/mysql datadir = /data/mysql/data socket = /data/mysql/mysql.sock tmpdir = /data/mysql/tmp character-set-server = utf8mb4 innodb_file_per_table = 1 lower_case_table_names = 1 #0:区分大小写,1:不区分大小写 skip_name_resolve = 1 open_files_limit = 65535 back_log = 1024 max_connections = 512 max_connect_errors = 1000000 table_open_cache = 60000 table_definition_cache = 60000 #两个table为预计建表个数的两倍 table_open_cache_instances = 64 thread_stack = 512K external-locking = FALSE max_allowed_packet = 32M sort_buffer_size = 16M join_buffer_size = 16M thread_cache_size = 768 query_cache_size = 0 query_cache_type = 0 interactive_timeout = 600 wait_timeout = 600 tmp_table_size = 96M max_heap_table_size = 96M log_error = /data/mysql/logs/error.log slow_query_log = 1 slow_query_log_file = /data/mysql/logs/slow.log long_query_time = 0.1 binlog-ignore-db = mysql log-bin = /data/mysql/logs/mysql-bin sync_binlog = 0 binlog_cache_size = 4M max_binlog_cache_size = 2G max_binlog_size = 1G expire_logs_days = 60 #bin-log保留天数 master_info_repository = TABLE relay_log_info_repository = TABLE gtid_mode = on enforce_gtid_consistency = 1 log_slave_updates binlog_format = row relay_log_recovery = 1 relay-log-purge = 1 key_buffer_size = 32M read_buffer_size = 8M read_rnd_buffer_size = 16M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 lock_wait_timeout = 3600 explicit_defaults_for_timestamp = 1 #autocommit = 1 #autocommit=1事务自动执行 innodb_thread_concurrency = 0 innodb_sync_spin_loops = 100 innodb_spin_wait_delay = 30 sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION #sql_mode自定义在项目sql语句报错时开启 transaction_isolation = REPEATABLE-READ #innodb_additional_mem_pool_size = 16M innodb_buffer_pool_size = 10469M #innodb_buffer_pool_size物理内存的70% innodb_buffer_pool_instances = 8 innodb_buffer_pool_load_at_startup = 1 innodb_buffer_pool_dump_at_shutdown = 1 #innodb_data_file_path = ibdata1:1G:autoextend #innodb_data_file_path待优化 innodb_flush_log_at_trx_commit = 2 #默认值1是每一次事务提交或事务外的指令都需要把日志写入(flush)硬盘 #设成2是不写入硬盘而是写入系统缓存。日志仍然会每秒flush到硬盘,处理效率会很高,设成2只会在整个操作系统挂了时才可能丢数据。 innodb_log_buffer_size = 32M innodb_log_file_size = 2G innodb_log_files_in_group = 2 innodb_max_undo_log_size = 4G # 根据您的服务器IOPS能力适当调整 # 一般配普通SSD盘的话,可以调整到 10000 - 20000 # 配置高端PCIe SSD卡的话,则可以调整的更高,比如 50000 - 80000 innodb_io_capacity = 4000 innodb_io_capacity_max = 8000 innodb_flush_neighbors = 0 innodb_write_io_threads = 8 innodb_read_io_threads = 8 innodb_purge_threads = 4 innodb_page_cleaners = 4 innodb_open_files = 65535 innodb_max_dirty_pages_pct = 50 innodb_flush_method = O_DIRECT innodb_lru_scan_depth = 4000 innodb_checksum_algorithm = crc32 #innodb_file_format = Barracuda #innodb_file_format_max = Barracuda innodb_lock_wait_timeout = 10 innodb_rollback_on_timeout = 1 innodb_print_all_deadlocks = 1 innodb_online_alter_log_max_size = 4G internal_tmp_disk_storage_engine = InnoDB innodb_stats_on_metadata = 0 innodb_status_file = 1 # 注意: 开启 innodb_status_output & innodb_status_output_locks 后, 可能会导致log-error文件增长较快 innodb_status_output = 0 innodb_status_output_locks = 0 #performance_schema performance_schema = 1 performance_schema_instrument = '%=on' #innodb monitor innodb_monitor_enable="module_innodb" innodb_monitor_enable="module_server" innodb_monitor_enable="module_dml" innodb_monitor_enable="module_ddl" innodb_monitor_enable="module_trx" innodb_monitor_enable="module_os" innodb_monitor_enable="module_purge" innodb_monitor_enable="module_log" innodb_monitor_enable="module_lock" innodb_monitor_enable="module_buffer" innodb_monitor_enable="module_index" innodb_monitor_enable="module_ibuf_system" innodb_monitor_enable="module_buffer_page" innodb_monitor_enable="module_adaptive_hash" [mysqldump] quick max_allowed_packet = 32M
8. 初始化数据库
--initialize-insecure参数:暂时不设置密码。
[[email protected] mysql]# cd /data/mysql/ [[email protected] mysql]# ./bin/mysqld --initialize-insecure --defaults-file=/etc/my.cnf --basedir=/data/mysql --datadir=/data/mysql/data --user=mysql
或者
--initialize参数:生成随机密码。
[[email protected] mysql]# cd /data/mysql/ [[email protected] mysql]# ./bin/mysqld --initialize --defaults-file=/etc/my.cnf --basedir=/data/mysql --datadir=/data/mysql/data --user=mysql 2017-07-11T07:34:36.210764Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2017-07-11T07:34:37.826785Z 0 [Warning] InnoDB: New log files created, LSN=45790 2017-07-11T07:34:38.275547Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2017-07-11T07:34:38.487524Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 65189e9f-660b-11e7-912f-b0518e005cf6. 2017-07-11T07:34:38.544417Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2017-07-11T07:34:38.545337Z 1 [Note] A temporary password is generated for [email protected]: chpta=hXj4*#
注意:[email protected]:后面的是临时密码,如果没有输出上面的信息,请把/etc/my.cnf文件移走;
9. 开启SSL连接(可选)
[[email protected] mysql]# cd /data/mysql/ [[email protected] mysql]# bin/mysql_ssl_rsa_setup --basedir=/data/mysql --datadir=/data/mysql/data --user=mysql
10. 添加到系统服务
CentOS 6.*:
[[email protected] ~]# cd /data/mysql
[[email protected] mysql]# chmod 755 support-files/mysql.server
[[email protected] mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[[email protected] mysql]# chkconfig --add mysqld
[[email protected] mysql]# chkconfig mysqld on
[[email protected] mysql]# chkconfig --list mysqld
CentOS 7.*:
[[email protected] mysql]# vim /usr/lib/systemd/system/mysqld.service
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
ExecStart=${BASEDIR}/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE = 5000
[[email protected] mysql]# systemctl enable mysqld.service
[[email protected] mysql]# systemctl list-unit-files | grep mysql
11. 启动mysql
[[email protected] mysql]# /data/mysql/bin/mysqld_safe & # 守护进程能在崩溃后自动重启,推荐
或者
CentOS 6.* [[email protected] mysql]# service mysqld start [[email protected] mysql]# service mysqld status # 查看是否运行 CentOS 7.* [[email protected] mysql]# systemctl start mysqld.service [[email protected] mysql]# systemctl status mysqld.service
12. 配置安全策略:
[[email protected] ~]# cd /data/mysql [[email protected] mysql]# ./bin/mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: #输入初始化时的临时密码 The existing password for the user account root has expired. Please set a new password. New password: #设置新密码 Re-enter new password: #重复新密码 VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No: y #是否设置密码安全插件(不是DBA,不推荐设置) There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0 #选择0,长度大于8位;根据自己设置 Using existing password for root. Estimated strength of the password: 100 Change the password for root ? ((Press y|Y for Yes, any other key for No) : n #是否更改root的现有密码 ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y #删除匿名用户 Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y #禁止root登录远程 Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y #删除测试数据库 - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y #重新加载权限表 Success. All done! [[email protected] mysql]#
13. 登录并添加用户及授权
[[email protected] mysql]# mysql -uroot -p mysql> grant all on *.* to 'java'@'%' identified by '[email protected]'; #授权并同时新建用户 mysql> flush privileges; #刷新权限 附: create user java identified by '123456'; #新建普通用户java(密码:123456) grant all on ras.* to "java"@"%"; #授权:把ras库内的所有权限授权给java用户 revoke all on *.* from "java"@"%"; #取消授权 drop user "java"@"%"; #直接删除用户 grant all on *.* to 'java'@'%' identified by '[email protected]'; #授权并同时新建用户 grant select,insert,update,delete on ras.* to [email protected]”%” Identified by “123456”; #权限:增删查改
14. 拓展:导出用户及权限
在对MySQL数据库进行迁移的时候,有时候也需要迁移源数据库内的用户与权限。 对于这个迁移我们可以从mysql.user表来获取用户的相关权限来生成相应的SQL语句,然后在目标服务器上来执行生成的SQL语句即可。 说明:mysql中直接通过授权即可使用对应用户,不必使用创建用户命令(如CREATE USER 'xxx'@'%' IDENTIFIED BY 'XXX';)先建用户再授权。 该脚本可以将所有授权数据到当前目录下的sql脚本(grants.sql)中,使用grants.sql脚本刷到数据库中即可完成授权数据迁移(注意:这里导出的数据包含root用户的授权关系,而且导入之后会把目前已有的数据覆盖掉,请确认需要覆盖再进行导入!!):
vim mysql_user_ migrate.sh
#!/bin/bash
#Function export user privileges
pwd=rootroot
expgrants()
{
mysql -B -u'root' -p${pwd} -N [email protected] -e "SELECT CONCAT('SHOW GRANTS FOR ''', user, '''@''', host, ''';') AS query FROM mysql.user" | mysql -u'root' -p${pwd} [email protected] | sed 's/\(GRANT .*\)/\1;/;s/^\(Grants for .*\)/-- \1 /;/--/{x;p;x;}'
}
expgrants > ./grants.sql
注意:上述代码中,需要根据实际情况(mysql的root用户的密码)替换pwd的值。 将上述代码拷贝后,新建并贴到shell脚本(如exp_grants.sh)中执行该脚本即可完成数据库用户授权导出。 以上文件导出后的脚本(grants.sql)中内容类似如下片段:
1. -- Grants for [email protected]% 2. GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*FAAFFE644E901CFAFAEC7562415E5FAEC243B8B2' WITH GRANT OPTION; 3. 4. -- Grants for [email protected]% 5. GRANT ALL PRIVILEGES ON *.* TO 'aaa'@'%' IDENTIFIED BY PASSWORD '*E6A7BF712C9294EEF165FC1CD0AD04FABC5E1136' WITH GRANT OPTION; 6. 7. -- Grants for [email protected]% 8. GRANT ALL PRIVILEGES ON *.* TO 'aaa1'@'%' IDENTIFIED BY PASSWORD '*1E9DC9809EBE1D5089616868F2DE14B375DACF64' WITH GRANT OPTION; 9. 10. -- Grants for [email protected]% 11. GRANT ALL PRIVILEGES ON *.* TO 'aaa2'@'%' IDENTIFIED BY PASSWORD '*A601FAAA6AB2D539501BA7FE6E816D499207BA76' WITH GRANT OPTION; 12.
导入新数据库:
mysql -uroot -p mysql < grants.sql
15. END
原文地址:http://blog.51cto.com/moerjinrong/2092614
时间: 2024-11-06 03:29:46