centos7.6 rpm包安装mysql5.7.25

1、操作系统版本：

[root@gfs01 ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)

2、下载安装包：

[root@gfs01 soft]# ll mysql-community*
-rw-r--r-- 1 root root  25402568 Aug 15 16:54 mysql-community-client-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root    280904 Aug 15 16:52 mysql-community-common-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   2271668 Aug 15 16:58 mysql-community-libs-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 173130520 Aug  6 15:13 mysql-community-server-5.7.25-1.el7.x86_64.rpm

四个包就够了。

下载地址：

链接：https://pan.baidu.com/s/1pNbkWU99-R4tSwxe9Txijw 
提取码：4fu8 
3、安装

先卸载自带的mariadb，否则安装可能会报冲突：

[root@gfs01 soft]# rpm -qa |grep mariadb
mariadb-libs-5.5.56-2.el7.x86_64

[root@gfs01 soft]# yum remove mariadb-libs-5.5.56-2.el7.x86_64

然后直接安装rpm包：

[root@gfs01 soft]# ll mysql-community*
-rw-r--r-- 1 root root  25402568 Aug 15 16:54 mysql-community-client-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root    280904 Aug 15 16:52 mysql-community-common-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   2271668 Aug 15 16:58 mysql-community-libs-5.7.25-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 173130520 Aug  6 15:13 mysql-community-server-5.7.25-1.el7.x86_64.rpm

[root@gfs01 soft]# rpm -ivh mysql-community-client-5.7.25-1.el7.x86_64.rpm mysql-community-common-5.7.25-1.el7.x86_64.rpm mysql-community-server-5.7.25-1.el7.x86_64.rpm mysql-community-libs-5.7.25-1.el7.x86_64.rpm
warning: mysql-community-client-5.7.25-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:mysql-community-common-5.7.25-1.e################################# [ 25%]
   2:mysql-community-libs-5.7.25-1.el7################################# [ 50%]
   3:mysql-community-client-5.7.25-1.e################################# [ 75%]
   4:mysql-community-server-5.7.25-1.e################################# [100%]

检查安装：

[root@gfs01 soft]# rpm -qa |grep mysql
mysql-community-server-5.7.25-1.el7.x86_64
mysql-community-common-5.7.25-1.el7.x86_64
mysql-community-client-5.7.25-1.el7.x86_64
mysql-community-libs-5.7.25-1.el7.x86_64

4、配置文件：

安装完成后会默认在/etc/下面生成一个/etc/my.cnf文件，如果原来就有这个配置文件的话，会直接被覆盖掉。

内容如下：

[root@gfs01 soft]# cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root@gfs01 soft]# 

如果改了参数，最好先初始化一下：

root@medicalpay[/usr/data/mysql]#cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/usr/data/mysql/data
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/usr/data/mysql/logs/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

lower_case_table_names = 1


basedir = /usr/data/mysql
log_bin = /usr/data/mysql/binlog
server-id = 1

注意：server-id一定要跟log_bin成对出现，有log_bin，一定需要server-id，否则初始化报错。

初始化：

mysqld --defaults-file=/etc/my.cnf --initialize --user=mysql --basedir=/usr/data/mysql --datadir=/usr/data/mysql/data

确保初始化不报错，有问题排查日志。

5、启动。

[root@gfs01 soft]# systemctl start mysqld
[root@gfs01 soft]# systemctl status mysqld
● mysqld.service - MySQL Server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-08-15 17:03:45 CST; 4s ago
     Docs: man:mysqld(8)
           http://dev.mysql.com/doc/refman/en/using-systemd.html
  Process: 2002 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
  Process: 1921 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
 Main PID: 2005 (mysqld)
   CGroup: /system.slice/mysqld.service
           └─2005 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid

Aug 15 17:03:30 gfs01 systemd[1]: Starting MySQL Server...
Aug 15 17:03:45 gfs01 systemd[1]: Started MySQL Server.

停止：

systemctl stop mysqld

重启：

systemctl restart mysqld

开机自启动：

systemctl enable mysqld

重新加载配置文件：

systemctl daemon-reload

6、登陆

mysql安装完成之后，在/var/log/mysqld.log文件中给root生成了一个默认密码。通过下面的方式找到root默认密码，然后登录mysql进行修改：

[root@gfs01 soft]# grep 'temporary password' /var/log/mysqld.log
2019-08-15T09:03:41.058055Z 1 [Note] A temporary password is generated for root@localhost: /Hga(:;0pY8H

登陆：

[root@gfs01 soft]# mysql -uroot -p"/Hga(:;0pY8H"
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.25

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 

修改密码：

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'newrootpa$$wd';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Newrootpa$$wd';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Newrootpa$$wd123';
Query OK, 0 rows affected (0.00 sec)

mysql> 

注意：mysql5.7默认安装了密码安全检查插件（validate_password），默认密码检查策略要求密码必须包含：大小写字母、数字和特殊符号，并且长度不能少于8位。

mysql> show databases ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

mysql> 

通过msyql环境变量可以查看密码策略的相关信息：

mysql> show variables like '%password%';
+---------------------------------------+--------+
| Variable_name                         | Value  |
+---------------------------------------+--------+
| default_password_lifetime             | 0      |
| disconnect_on_expired_password        | ON     |
| log_builtin_as_identified_by_password | OFF    |
| mysql_native_password_proxy_users     | OFF    |
| old_passwords                         | 0      |
| report_password                       |        |
| sha256_password_proxy_users           | OFF    |
| validate_password_check_user_name     | OFF    |
| validate_password_dictionary_file     |        |
| validate_password_length              | 8      |
| validate_password_mixed_case_count    | 1      |
| validate_password_number_count        | 1      |
| validate_password_policy              | MEDIUM |
| validate_password_special_char_count  | 1      |
+---------------------------------------+--------+
14 rows in set (0.00 sec)

mysql> 

validate_password_policy：密码策略，默认为MEDIUM策略 
validate_password_dictionary_file：密码策略文件，策略为STRONG才需要 
validate_password_length：密码最少长度 
validate_password_mixed_case_count：大小写字符长度，至少1个 
validate_password_number_count ：数字至少1个 
validate_password_special_char_count：特殊字符至少1个 
上述参数是默认策略MEDIUM的密码检查规则。

共有以下几种密码策略：

MySQL官网密码策略详细说明：

http://dev.mysql.com/doc/refman/5.7/en/validate-password-options-variables.html#sysvar_validate_password_policy

修改密码策略

在/etc/my.cnf文件添加validate_password_policy配置，指定密码策略

# 选择0（LOW），1（MEDIUM），2（STRONG）其中一种，选择2需要提供密码字典文件
validate_password_policy=0

如果不需要密码策略，添加my.cnf文件中添加如下配置禁用即可：

validate_password = off

重新启动mysql服务使配置生效。

7、远程连接

默认只允许root帐户在本地登录，如果要在其它机器上连接mysql，必须修改root允许远程连接，或者添加一个允许远程连接的帐户:

默认只有这些账户，而且只能本地登陆。

新建一个可以远程登陆的账户： 

mysql> GRANT ALL PRIVILEGES ON *.* TO 'wufan'@'%' IDENTIFIED BY 'Wufan0815!' WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> grant all privileges on *.* to wufan@'localhost' identified by 'Wufan5$123' with grant option ;

mysql> grant all privileges on *.* to wufan@'192.168.10.190' identified by 'Wufan5$123' with grant option ;
Query OK, 0 rows affected, 1 warning (0.00 sec)

 登陆测试：

[root@gfs01 soft]# mysql -uwufan -p"Wufan5\$123" -h192.168.10.190 
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.7.25 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

mysql> 

8、配置默认编码

当前默认字符编码：

mysql> show variables like '%character%' ;
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | latin1                     |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | latin1                     |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

mysql> 

修改/etc/my.cnf配置文件，在[mysqld]下添加编码配置，如下所示：

character_set_server=utf8
init_connect='SET NAMES utf8'

重启mysql服务：

[root@gfs01 soft]# systemctl restart mysqld

重新连接检查：

[root@gfs01 soft]# mysql -uwufan -p"Wufan5\$123" -h192.168.10.190 
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.25 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like '%character%';
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | utf8                       |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | utf8                       |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.01 sec)

mysql> 

9、相关默认配置文件：

配置文件：/etc/my.cnf 

数据文件：/var/lib/mysql/
日志文件：/var/log/mysqld.log 
服务启动脚本：/usr/lib/systemd/system/mysqld.service
socket文件：/var/run/mysqld/mysqld.pid

10、关于审计

mysql5.7自带审计，默认是关闭的：

mysql> show variables like '%general%'
    -> ;
+------------------+--------------------------+
| Variable_name    | Value                    |
+------------------+--------------------------+
| general_log      | OFF                      |
| general_log_file | /var/lib/mysql/gfs01.log |
+------------------+--------------------------+

设置开启审计： 

mysql> set global general_log=on ;
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%general%';
+------------------+--------------------------+
| Variable_name    | Value                    |
+------------------+--------------------------+
| general_log      | ON                       |
| general_log_file | /var/lib/mysql/gfs01.log |
+------------------+--------------------------+
2 rows in set (0.00 sec)

然后做一些操作如下（主要观察审计日志文件是否能够获取到相关操作记录）：

mysql> create database test ;
Query OK, 1 row affected (0.00 sec)

mysql> show databases ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| test               |
+--------------------+
5 rows in set (0.00 sec)

mysql>

查看日志文件：

[root@gfs01 ~]# view /var/lib/mysql/gfs01.log
/usr/sbin/mysqld, Version: 5.7.25 (MySQL Community Server (GPL)). started with:
Tcp port: 3306  Unix socket: /var/lib/mysql/mysql.sock
Time                 Id Command    Argument
2019-08-15T10:06:28.860026Z         2 Query     show variables like '%general%'
2019-08-15T10:06:42.579516Z         2 Query     create database test
2019-08-15T10:06:46.651550Z         2 Query     show databases