~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
前几天晚上把阿里云服务器整个磁盘重置了,里面本来东西也不多,就自己平时测试用一下而已。之前不重视安全问题,就因为上面啥东。,后来发现老是被人暴力尝试root密码,虽然我没有开放ssh root用户登录,但是感觉还是会有风险,重置系统后就把ssh默认的端口号改了,还装了tripwire文件系统检测软件,以及fail2ban用来防止ssh暴力**。
阿里云centos默认的是7.3,几个月前第一次装的时候没有更新系统就装MySQL,用rpm命令装特麻烦,要解决各种依赖,还要把自带的mariaDB-libs 先删掉才能装,安装好之后还无法启动,各种报错,后来重装了一两次才搞定了。 这一次先把系统升级到了centos7.5 , 一开始还配置了mysql 在线yum源,可是通过在线yum源下载实在是太慢,几k每秒,后来直接把下载好的rpm包配置好本地yum源,然后直接yum安装,特别轻松,一次搞定,启动也没问题,以下是详细步骤:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
从mysql官网下载安装包,mysql-5.7.23-1.el7.x86_64.rpm-bundle.tar,再传到Linux服务器或者直接wget下载下来
解档放到 /usr/local/yum/mysqlRPMs 下
1.执行createrepo /usr/local/yum 命令之后,会在该目录下产生yum源元数据,
2.再去到 /etc/yum.repos.d/ 目录下添加一个后缀为repo的文件,取名为mysql-local.repo, 内容为
#the RPMs of MySQL server
[mysql-local]
name=mysql-local
baseurl=file:///usr/local/yum
gpgcheck=0
enabled=1
如此这般本地yum源就配置好了
[[email protected] ~]# createrepo /usr/local/yum
Spawning worker 0 with 3 pkgs
Spawning worker 1 with 3 pkgs
Spawning worker 2 with 3 pkgs
Spawning worker 3 with 3 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[[email protected] ~]# ls /usr/local/yum
mysqlRPMs repodata[[email protected] ~]# vim /etc/yum.repos.d/mysql-local.repo [[email protected] ~]# yum list|grep mysql-local
mysql-community-client.x86_64 5.7.23-1.el7 mysql-local
mysql-community-common.x86_64 5.7.23-1.el7 mysql-local
mysql-community-devel.x86_64 5.7.23-1.el7 mysql-local
mysql-community-embedded.x86_64 5.7.23-1.el7 mysql-local
mysql-community-embedded-compat.x86_64 5.7.23-1.el7 mysql-local
mysql-community-embedded-devel.x86_64 5.7.23-1.el7 mysql-local
mysql-community-libs.x86_64 5.7.23-1.el7 mysql-local
mysql-community-libs-compat.x86_64 5.7.23-1.el7 mysql-local
mysql-community-minimal-debuginfo.x86_64 5.7.23-1.el7 mysql-local
mysql-community-server.x86_64 5.7.23-1.el7 mysql-local
mysql-community-server-minimal.x86_64 5.7.23-1.el7 mysql-local
mysql-community-test.x86_64 5.7.23-1.el7 mysql-local接下来就可以执行命令yum install mysql-community-server 进行安装了,期间会自动替换mariadb-libs库文件,如下图。
若是用rpm命令安装,要手动先把mariadb-libs删掉,才能安装mysql,还要按顺序一步步解决依赖性问题,特麻烦,我第一次装的时候就是用rpm,超级麻烦!还是yum好用啊。
这样MySQL就安装好了,接下来进行简单的配置。
首先执行命令 mysqld --initialize --user=mysql --console 进行初始化,之后可以从log中获取初始密码
[[email protected] ~]# mysqld --initialize --user=mysql --console
[[email protected] ~]# grep password /var/log/mysqld.log
2018-10-23T00:21:48.595001Z 1 [Note] A temporary password is generated for [email protected]: >sax;A?sK6Mc通过mysql -uroot -p 输入上面默认密码登陆上去
修改/etc/my.cnf 配置文件,主要是修改默认字符为utf-8,不然数据库表无法正常插入中文,可以用show variables like 'character%'; 来看看默认的字符编码。 结果提示必须修改密码, 应该是初始密码过期了(默认只有360秒的有效期),那就用ALTER USER user() INDENTIFIED BY '新密码' 来改密码吧,之后再查看一下默认编码,value为latin1的那两个都要改成utf8
mysql> show variables like 'character%';
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> ALTER USER user() IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | latin1 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | latin1 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)
执行命令 vim /etc/my.cnf 添加以下两项
[client]
port=3306
default-character-set=utf8
[mysql]
default-character-set=utf8
并在[mysqld]下追加
collation-server=utf8_general_ci
character_set_server=utf8
如图: 保存并重启mysqld服务 sytemctl restart mysqld , 再执行show variables like 'character%';去查询字符集编码,就改成了utf8了。
mysql> show variables like 'character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)mysql 默认不允许远程登陆的,所以即便防火墙添加了3306端口,或者关闭防火墙,telnet ip 3306都是不通的。需要修改mysql.user 用户表的host字段,把值localhost 改成%即可。
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
3 rows in set (0.00 sec)
mysql> update user set host = '%' where user ='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
+---------------+-----------+
3 rows in set (0.00 sec)至此,mysql 5.7 在centos7.5下最基本的安装与配置就完成了。
-----------------------------------------------------------------------------------------------------------------------------------------------------------
补充:后来发现仅仅是修改上面的host字段还是不能远程访问,还是直接用授权法毕竟简单快捷。
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root' @'%' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)这样就没问题啦~~