Linux系統環境基於Docker搭建Mysql數據庫服務實戰

時間 2020-09-29

標籤 linux 系統環境基於 docker 搭建 mysql 數據庫服務實戰欄目 Linux 简体版

原文原文鏈接

開放端口規劃：mysql

mysql-develop：3407
mysql-test： 3408
mysql-release： 3409

ps：
1.不推薦使用默認端口-3306，建議自定義端口
2.若是採用阿里雲服務器，在安全組開放端口
3.自建服務器依據實際狀況打開防火牆開放端口[各個系統防火牆不同,操做有所不一樣]，譬如：
Centos7 環境-防火牆[firewall-cmd]：git

firewall-cmd --zone=public --add-port=3407/tcp --permanent
firewall-cmd --zone=public --add-port=3408/tcp --permanent
firewall-cmd --zone=public --add-port=3409/tcp --permanent

4.防火牆[firewall-cmd]經常使用操做github

（1）設置開機啓用防火牆：systemctl enable firewalld.service
（2）設置開機禁用防火牆：systemctl disable firewalld.service
（3）啓動防火牆：systemctl start firewalld
（4）關閉防火牆：systemctl stop firewalld
（5）檢查防火牆狀態：systemctl status firewalld
2、使用firewall-cmd配置端口
（1）查看防火牆狀態：firewall-cmd --state
（2）從新加載配置：firewall-cmd --reload
（3）查看開放的端口：firewall-cmd --list-ports
（4）開啓防火牆端口：firewall-cmd --zone=public --add-port=9200/tcp --permanent
　　命令含義：
　　–zone #做用域
　　–add-port=9200/tcp #添加端口，格式爲：端口/通信協議
　　–permanent #永久生效，沒有此參數重啓後失效
　　注意：添加端口後，必須用命令firewall-cmd --reload從新加載一遍纔會生效
    firewall-cmd --zone=public --add-port=9200/tcp --permanent
（5）關閉防火牆端口：firewall-cmd --zone=public --remove-port=9200/tcp --permanent

查找鏡像：docker search mysqlsql

docker search mysql

拉取鏡像：docker pull mysqldocker

docker pull mysql

ps：若是不是自建倉庫鏡像,通常從https://hub.docker.com/拉取官方鏡像：
docker pull mysql:5.7 # 拉取mysql 5.7
docker pull mysql # 拉取最新版mysql鏡像數據庫

部署mysql服務：
1.簡單命令實例：[主要使用Docker原生命令部署]安全

docker run -itd -p 3306:3306 --restart always --name mysql-server   -e MYSQL_ROOT_PASSWORD=db-password -e MYSQL_USER=db-username  mysql:tag

2.使用docker-compose 部署實例：使用docker-compose搭建
docker-compose.yml文件進行部署可從,github和碼雲等雲倉庫git clone 而後修改執行[docker-compose up -d]部署：
docker-compose.yml 配置實例：bash

version: '2'
services:
  db:
    image: 'mysql/mysql-server:tag'
    restart: always
    container_name: mysql-server
    environment:
      MYSQL_USER: username
      MYSQL_PASSWORD: password
      MYSQL_DATABASE: database
      MYSQL_ROOT_PASSWORD: password
    ports:
      - 'server-port[自定義端口]: container-port[默認3306]'

3.使用Docker Portainer可視化界面自建進行部署
服務器

Mysql8.0 數據庫配置

基於Docker安裝的數據庫安裝完成以後，只能在本地登陸,須要進行受權遠程訪問鏈接操做。session

1.建立用戶和受權

# 建立自定義myql用戶-username 和密碼-pssword
create user 'username'@'%' identified by 'pssword';
>ps：create user 'developer'@'%' identified by '123456Abc@2019';

# 對自定義用戶進行受權操做
grant all privileges on *.* to 'username'@'%' with grant option;
>ps：grant all privileges on *.* to 'developer'@'%' with grant option;

# 刷新操做權限[切記此點]
flush privileges;

進入[root@mysql-develop]容器：

root@mysql-develop:/# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 8.0.18 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> create user 'developer'@'%' identified by '123456Abc@2019';
Query OK, 0 rows affected (0.01 sec)

mysql> grant all privileges on *.* to 'developer'@'%' with grant option;
Query OK, 0 rows affected (0.00 sec)

mysql>
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

如圖：

ps：
1.mysql8.0數據操做受權以前得先自定義建立用戶，不然沒法受權遠程登陸訪問
2.mysql8.0受權沒法使用mysql5.7方式：
grant all privileges on . to 'developer'@'%' identified by '123456Abc@2019';
請使用：grant all privileges on . to 'developer'@'%' with grant option;

第一種：grant all privileges on . to 'developer'@'%' identified by '123456Abc@2019' with grant option;

mysql> use mysql
Database changed
mysql> grant all privileges on *.* to 'developer'@'%'  identified by '123456Abc@2019' with grant option;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by '123456Abc@2019' with grant option' at line 1

第二種：grant all privileges on . to 'developer'@'%' identified by 123456Abc@2019'；

mysql> use mysql;
Database changed
mysql> grant all privileges on *.* to 'developer'@'%'  identified by '123456Abc@2019';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by '123456Abc@2019 at line 1
mysql>

3.必定並且必須進行刷新權限操做,不然沒法生效，甚至沒法受權遠程訪問

2.mysql8.0遠程訪問連接[root 和developer]

在 mysql 數據庫的 user 表中查看當前用戶的相關信息：

mysql> use mysql
Database changed
mysql> select host, user, authentication_string, plugin from user;
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
| host      | user             | authentication_string                                                  | plugin                |
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
| %         | developer        | *F286F2787D69B007CFDE83C115325B2A6FF0B6D2                              | caching_sha2_password |
| %         | root             | *F286F2787D69B007CFDE83C115325B2A6FF0B6D2                              | caching_sha2_password |
| localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| localhost | mysql.session    | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| localhost | mysql.sys        | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
_Oo8xLxsqwEOxEkY1i7kToF8VbktysFDQuevvwYqsK61Qi7 | caching_sha2_password |
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
6 rows in set (0.00 sec)
mysql>

root 用戶：

mysql> use mysql;
Database changed
mysql> GRANT ALL ON *.* TO 'root'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456Abc@2019;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

developer用戶：

mysql> use mysql;
Database changed
mysql> GRANT ALL ON *.* TO 'developer'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> ALTER USER 'developer'@'%' IDENTIFIED WITH mysql_native_password BY '123456Abc@2019';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>

修改加密規則:

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> ALTER USER 'root'@'%' IDENTIFIED BY '123456Abc@2019' PASSWORD EXPIRE NEVER;
Query OK, 0 rows affected (0.01 sec)

mysql> ALTER USER 'developer'@'%' IDENTIFIED BY '123456Abc@2019' PASSWORD EXPIRE NEVER;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>

設置完成須要再次驗證用戶權限信息：

mysql> use mysql
Database changed
mysql> select host, user, authentication_string, plugin from user;
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
| host      | user             | authentication_string                                                  | plugin                |
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
| %         | developer        | *F286F2787D69B007CFDE83C115325B2A6FF0B6D2                              | mysql_native_password |
| %         | root             | *F286F2787D69B007CFDE83C115325B2A6FF0B6D2                              | mysql_native_password |
| localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| localhost | mysql.session    | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| localhost | mysql.sys        | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
_Oo8xLxsqwEOxEkY1i7kToF8VbktysFDQuevvwYqsK61Qi7 | caching_sha2_password |
+-----------+------------------+------------------------------------------------------------------------+-----------------------+
6 rows in set (0.00 sec)

mysql>

到此，Navicat測試鏈接msql：

ps[注意事項]：
1.mysql8.0版本加密規則插件的plugin 已經換爲caching_sha2_password，而以前的版本的加密規則是mysql_native_password，通過實測已經不適用於Navicat 12如下版本,可依據自身狀況升級客戶端到Navicat 12+，不然會報2059 或者1251 錯誤。

[Question-01].Navicat 2059錯誤：

[Question-02].Navicat 1251錯誤：

2.鑑於第一條的狀況，能夠將caching_sha2_password修改成mysql_native_password作一個兼容,低版本也可適用。
3.修改加密規則，使得密碼長期有效。

完整sql記錄：

mysql> use mysql
mysql> create user 'developer'@'%' identified by '123456Abc@2019';
Query OK, 0 rows affected (0.01 sec)

mysql> grant all privileges on *.* to 'developer'@'%' with grant option;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL ON *.* TO 'root'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456Abc@2019';
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT ALL ON *.* TO 'developer'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> ALTER USER 'developer'@'%' IDENTIFIED WITH mysql_native_password BY '123456Abc@2019';
Query OK, 0 rows affected (0.01 sec)

mysql>  ALTER USER 'root'@'%' IDENTIFIED BY 'GuangDian@2019' PASSWORD EXPIRE NEVER;
Query OK, 0 rows affected (0.01 sec)

mysql> ALTER USER 'developer'@'%' IDENTIFIED BY 'GuangDian@2019' PASSWORD EXPIRE NEVER;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>

3套mysql環境：
mysql-develop：
IP：192.168.0.1
Port：3407
Username：root/developer
password：123456Abc@2019

mysql-test：
IP：192.168.0.2
Port：3408
Username：root/developer
password：123456Abc@2019

mysql-release：
IP：192.168.0.3
Port：3409
Username：root/developer
password：123456Abc@2019

數據文件遷移操做

1.基於mysqldump+docker cp 命令進行操做

方式1：直接在宿主機器進行數據備份

docker exec -it docker-id[容器實際部署id] mysqldump -u root -p passowrd --databases dbA dbB > /root/all-databases-backup.sql

方式2：先進入到docker在執行mysqldump，而後再將導出的sql拷貝到宿主

#進入docker
docker exec -it docker-id[容器實際部署id] /bin/bash
#可選的
source /etc/profile
#執行導出命令
mysqldump -u username -p password --databases dbA dbB > /root/all-databases-backup.sql
#拷貝到宿主機器
#退出Docker，執行exit命令
exit
#此時，已經在宿主的環境，執行拷貝命令，將sql文件從docker紅拷貝出來
docker cp docker-id[容器實際部署id]: /root/all-databases-backup.sql  /root/all-databases-backup.sql

2.導入數據文件到容器

#拷貝備份的文件到docker中
docker cp /root/all-databases-backup.sql docker-id[容器實際部署id]:/root/all-databases-backup.sql
#先進入docker環境，而後導入到數據庫
docker exec -it xxx /bin/bash
mysql -u username -p password < /root/all-databases-backup.sql