MySQL5.7的搭建以及SSL证书
Centos7 安装MySQL 5.7 (通用二进制包)
1.1 下载软件包
https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz
1.2 安装
官方文档:https://dev.mysql.com/doc/refman/5.7/en/binary-installation.html
[root@db01 src]# ll
total 638680
-rw-r--r-- 1 root root 654007697 Aug 28 18:39 mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz
[root@db01 src]# tar xf mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz
[root@db01 src]# ll
total 638680
drwxr-xr-x 9 root root 120 Aug 28 18:45 mysql-5.7.17-linux-glibc2.5-x86_64
-rw-r--r-- 1 root root 654007697 Aug 28 18:39 mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz
[root@db01 src]# mv mysql-5.7.17-linux-glibc2.5-x86_64 ../mysql
[root@db01 src]# useradd mysql -s /sbin/nologin -M
[root@db01 src]# mkdir -p /data/mysql
[root@db01 src]# chown -R mysql.mysql /data/mysql/ /usr/local/mysql/
[root@db01 src]# cd ../mysql/
[root@db01 mysql]# ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql
2018-08-28T10:47:23.429133Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-08-28T10:47:26.301233Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-08-28T10:47:26.578937Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-08-28T10:47:26.728515Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: c0e8dc08-aaaf-11e8-b620-000c29605a1f.
2018-08-28T10:47:26.773967Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2018-08-28T10:47:26.785100Z 1 [Note] A temporary password is generated for root@localhost: 2F=6?08hUw5J
[root@db01 mysql]# \cp support-files/mysql.server /etc/init.d/mysqld
[root@db01 data]# cat /etc/my.cnf
[client]
port = 3306
[mysqld]
port = 3306
pid_file = /data/mysql/mysql.pid
datadir = /data/mysql
ssl-ca=/data/mysql/ca.pem
ssl-cert=/data/mysql/server-cert.pem
ssl-key=/data/mysql/server-key.pem
default_storage_engine = InnoDB
max_allowed_packet = 512M
max_connections = 2048
open_files_limit = 65535
skip-name-resolve
lower_case_table_names=1
innodb_buffer_pool_size = 512M
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 0
key_buffer_size = 64M
log-error = /data/mysql/mysql_error.log
log-bin = /data/mysql/mysql-bin
slow_query_log = 1
long_query_time = 5
tmp_table_size = 32M
max_heap_table_size = 32M
query_cache_type = 0
query_cache_size = 0
server-id=1
[root@db01 ~]# echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
[root@db01 ~]# source /etc/profile
[root@db01 ~]# mysql -uroot -p'2F=6?08hUw5J'
#生成ssl证书
[root@db01 ~]# mysql_ssl_rsa_setup --basedir=/usr/local/mysql --datadir=/data/mysql
[root@db01 ~]# chown -R mysql.mysql /data/mysql
mysql> show variables like "ssl%";
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> show variables like "ssl%";
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> set password = password("123456");
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> show variables like "%ssl%";
+---------------+-----------------------------+
| Variable_name | Value |
+---------------+-----------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /data/mysql/ca.pem |
| ssl_capath | |
| ssl_cert | /data/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /data/mysql/server-key.pem |
+---------------+-----------------------------+
9 rows in set (0.00 sec)
