test markdown

1.下載安裝包

下載地址

https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz

安裝文檔

https://dev.mysql.com/doc/refman/5.7/en/binary-installation.html

2.建立用戶和組

groupadd mysql
useradd -g mysql -s /sbin/nologin mysql

3.解壓到指定目錄

tar -zxvf mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz -C /usr/local
cd /usr/local/
ln -s mysql-5.7.17-linux-glibc2.5-x86_64 mysql
或者
mv  mysql-5.7.17-linux-glibc2.5-x86_64 mysql

4.配置PATH

echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
source /etc/profile

5.數據庫目錄規劃

文件類型	實例3306	軟鏈
數據datadir	/usr/local/mysql/data	/data/mysql/data
參數文件my.cnf	/usr/local/mysql/etc/my.cnf
錯誤日誌log-error	/usr/local/mysql/log/mysql_error.log
二進制日誌log-bin	/usr/local/mysql/binlogs/mysql-bin	/data/mysql/binlogs/mysql-bin
慢查詢日誌slow_query_log_file	/usr/local/mysql/log/mysql_slow_query.log
套接字socket文件	/usr/local/mysql/run/mysql.sock
pid文件	/usr/local/mysql/run/mysql.pid

備註：考慮到數據和二進制日誌比較大，須要軟鏈

mkdir -p /data/mysql/{data,binlogs,log,etc,run}
ln -s /data/mysql/data    /usr/local/mysql/data
ln -s /data/mysql/binlogs    /usr/local/mysql/binlogs
ln -s /data/mysql/log    /usr/local/mysql/log
ln -s /data/mysql/etc    /usr/local/mysql/etc
ln -s /data/mysql/run    /usr/local/mysql/run
chown -R mysql.mysql     /data/mysql/
chown -R mysql.mysql     /usr/local/mysql/{data,binlogs,log,etc,run}

也能夠只對數據目錄和二進制日誌目錄軟鏈

mkdir -p /usr/local/mysql/{log,etc,run}
mkdir -p /data/mysql/{data,binlogs}
ln -s /data/mysql/data  /usr/local/mysql/data
ln -s /data/mysql/binlogs   /usr/local/mysql/binlogs
chown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run}
chown -R mysql.mysql /data/mysql

6.配置my.cnf參數文件

刪除系統自帶的my.cnf

rm -f /etc/my.cnf

在/usr/local/mysql/etc/下建立my.cnf文件，加入以下參數，其餘參數根據須要配置

[client]
port = 3306
socket = /usr/local/mysql/run/mysql.sock

[mysqld]
port = 3306
socket = /usr/local/mysql/run/mysql.sock
pid_file = /usr/local/mysql/run/mysql.pid
datadir = /usr/local/mysql/data
default_storage_engine = InnoDB
max_allowed_packet = 512M
max_connections = 2048
open_files_limit = 65535

skip-name-resolve
lower_case_table_names=1

character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect='SET NAMES utf8mb4'


innodb_buffer_pool_size = 1024M
innodb_log_file_size = 2048M
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 0


key_buffer_size = 64M

log-error = /usr/local/mysql/log/mysql_error.log
log-bin = /usr/local/mysql/binlogs/mysql-bin
slow_query_log = 1
slow_query_log_file = /usr/local/mysql/log/mysql_slow_query.log
long_query_time = 5


tmp_table_size = 32M
max_heap_table_size = 32M
query_cache_type = 0
query_cache_size = 0

server-id=1

7.初始化數據庫

執行：

mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data

在日誌文件裏會提示一個臨時密碼，記錄這個密碼

grep 'temporary password' /usr/local/mysql/log/mysql_error.log 
2017-03-12T13:26:30.619610Z 1 [Note] A temporary password is generated for root@localhost: b#uhQy*=d7yH

8.生成ssl

mysql_ssl_rsa_setup --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/

9.設置啓動項

CentOS 6

cd /usr/local/mysql
cp support-files/mysql.server /etc/init.d/mysql.server
chkconfig --add mysql.server
chkconfig  mysql.server on
chkconfig --list

CentOS 7

cd /usr/lib/systemd/system
touch mysqld.service

編輯內容以下

shell> cat mysqld.service 
# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
#
# systemd service file for MySQL forking server
#

[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target

[Service]
User=mysql
Group=mysql

Type=forking

PIDFile=/usr/local/mysql/run/mysqld.pid

# Disable service start and stop timeout logic of systemd for mysqld service.
TimeoutSec=0

# Execute pre and post scripts as root
PermissionsStartOnly=true

# Needed to create system tables
#ExecStartPre=/usr/bin/mysqld_pre_systemd

# Start main service
ExecStart=/usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr/local/mysql/run/mysqld.pid $MYSQLD_OPTS

# Use this to switch malloc implementation
EnvironmentFile=-/etc/sysconfig/mysql

# Sets open_files_limit
LimitNOFILE = 65535

Restart=on-failure

RestartPreventExitStatus=1

PrivateTmp=false

加載

systemctl daemon-reload
systemctl enable mysqld.service
systemctl is-enabled mysqld

10. 啓動mysql

systemctl start mysqld.service

11. Securing the Initial MySQL Accounts

重置密碼(上一步已經重置過了 此次能夠忽略)
刪除匿名用戶
關閉root用戶的遠程登陸
刪除測試數據庫

shell> /usr/local/mysql/bin/mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 

The existing password for the user account root has expired. Please set a new password.

New password: 

Re-enter new password: 

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done!

12.Populating the Time Zone Tables

導入時區信息

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

13.測試

shell> mysqladmin version -uroot -p
Enter password: 
mysqladmin  Ver 8.42 Distrib 5.7.17, for linux-glibc2.5 on x86_64
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Server version      5.7.17-log
Protocol version    10
Connection      Localhost via UNIX socket
UNIX socket     /usr/local/mysql/run/mysql.sock
Uptime:         4 min 0 sec

Threads: 1  Questions: 8681  Slow queries: 0  Opens: 122  Flush tables: 1  Open tables: 103  Queries per second avg: 36.170

查看變量

shell> mysqladmin variables -uroot -p

14.開放3306端口

##Add
firewall-cmd --permanent --zone=public --add-port=3306/tcp
 
##Reload
firewall-cmd --reload
 
## 檢查是否生效
firewall-cmd --zone=public --query-port=3306/tcp
 
## 列出全部的開放端口
firewall-cmd --list-all

15.利用logrotate對MySQL日誌進行輪轉

shell > cat /root/.my.cnf 
[mysqladmin]  
password = password  
user= root
 
chmod 600 /root/.my.cnf

cp  /usr/local/mysql/support-files/mysql-log-rotate /etc/logrotate.d/
chmod 644  /etc/logrotate.d/mysql-log-rotate

修改內容以下

shell > cat /etc/logrotate.d/mysql-log-rotate 
# The log file name and location can be set in
# /etc/my.cnf by setting the "log-error" option
# in either [mysqld] or [mysqld_safe] section as
# follows:
#
# [mysqld]
# log-error=/usr/local/mysql/data/mysqld.log
#
# In case the root user has a password, then you
# have to create a /root/.my.cnf configuration file
# with the following content:
#
# [mysqladmin]
# password = <secret> 
# user= root
#
# where "<secret>" is the password. 
#
# ATTENTION: The /root/.my.cnf file should be readable
# _ONLY_ by root !

/usr/local/mysql/log/mysql_*.log {
        # create 600 mysql mysql
        notifempty
        weekly 
        rotate 52
        missingok
        compress
    postrotate
    # just if mysqld is really running
    if test -x /usr/local/mysql/bin/mysqladmin && \
       /usr/local/mysql/bin/mysqladmin ping &>/dev/null
    then
       /usr/local/mysql/bin/mysqladmin flush-logs
    fi
    endscript
}

測試

/usr/sbin/logrotate  -fv  /etc/logrotate.d/mysql-log-rotate

參考

1. Installing MySQL on Unix/Linux Using Generic Binaries
2. CentOS6.5 上部署 MySQL5.7.17 二進制安裝以及多實例配置