ECS 云服务器Centos7 安装MySQL 5.7

1.下载安装包

下载地址:
https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz

历史版本地址:
https://downloads.mysql.com/archives/community/

安装文档

https://dev.mysql.com/doc/refman/5.7/en/binary-installation.html

2.创建用户和组

groupadd mysqluseradd -g mysql -s /sbin/nologin mysql

3.解压到指定目录

tar -zxvf mysql-5.7.17-linux-glibc2.5-x86_64.tar.gz -C /usr/localcd /usr/local/ln -s mysql-5.7.17-linux-glibc2.5-x86_64 mysql#或者mv  mysql-5.7.17-linux-glibc2.5-x86_64 mysql

4.配置PATH

echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profilesource /etc/profile

5.数据库目录规划

文件类型 实例3306 软链 数据datadir /usr/local/mysql/data /data/mysql/data 参数文件my.cnf /usr/local/mysql/etc/my.cnf 错误日志log-error /usr/local/mysql/log/mysql_error.log 二进制日志log-bin /usr/local/mysql/binlogs/mysql-bin /data/mysql/binlogs/mysql-bin 慢查询日志slow_query_log_file /usr/local/mysql/log/mysql_slow_query.log 套接字socket文件 /usr/local/mysql/run/mysql.sock pid文件 /usr/local/mysql/run/mysql.pid

备注：考虑到数据和二进制日志比较大，需要软链

mkdir -p /data/mysql/{data,binlogs,log,etc,run}ln -s /data/mysql/data    /usr/local/mysql/dataln -s /data/mysql/binlogs    /usr/local/mysql/binlogsln -s /data/mysql/log    /usr/local/mysql/logln -s /data/mysql/etc    /usr/local/mysql/etcln -s /data/mysql/run    /usr/local/mysql/runchown -R mysql.mysql     /data/mysql/chown -R mysql.mysql     /usr/local/mysql/{data,binlogs,log,etc,run}

也可以只对数据目录和二进制日志目录软链

mkdir -p /usr/local/mysql/{log,etc,run}mkdir -p /data/mysql/{data,binlogs}ln -s /data/mysql/data  /usr/local/mysql/dataln -s /data/mysql/binlogs   /usr/local/mysql/binlogschown -R mysql.mysql /usr/local/mysql/{data,binlogs,log,etc,run}chown -R mysql.mysql /data/mysql

6.配置my.cnf参数文件

删除系统自带的my.cnf

rm -f /etc/my.cnf

在/usr/local/mysql/etc/下创建my.cnf文件，加入如下参数，其他参数根据需要配置

[client]port = 3306socket = /usr/local/mysql/run/mysql.sock[mysqld]port = 3306socket = /usr/local/mysql/run/mysql.sockpid_file = /usr/local/mysql/run/mysql.piddatadir = /usr/local/mysql/datadefault_storage_engine = InnoDBmax_allowed_packet = 512Mmax_connections = 2048open_files_limit = 65535skip-name-resolvelower_case_table_names=1character-set-server = utf8mb4collation-server = utf8mb4_unicode_ciinit_connect='SET NAMES utf8mb4'innodb_buffer_pool_size = 1024Minnodb_log_file_size = 2048Minnodb_file_per_table = 1innodb_flush_log_at_trx_commit = 0key_buffer_size = 64Mlog-error = /usr/local/mysql/log/mysql_error.loglog-bin = /usr/local/mysql/binlogs/mysql-binslow_query_log = 1slow_query_log_file = /usr/local/mysql/log/mysql_slow_query.loglong_query_time = 5tmp_table_size = 32Mmax_heap_table_size = 32Mquery_cache_type = 0query_cache_size = 0server-id=1

7.初始化数据库

执行：

mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data

在日志文件里会提示一个临时密码，记录这个密码

grep 'temporary password' /usr/local/mysql/log/mysql_error.log 2017-03-12T13:26:30.619610Z 1 [Note] A temporary password is generated for root@localhost: b#uhQy*=d7yH

8.生成ssl

mysql_ssl_rsa_setup --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/

9.设置启动项

CentOS 6

cd /usr/local/mysqlcp support-files/mysql.server /etc/init.d/mysql.serverchkconfig --add mysql.serverchkconfig  mysql.server onchkconfig --list

CentOS 7

cd /usr/lib/systemd/systemtouch mysqld.service 

编辑内容如下

shell> cat mysqld.service # Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; version 2 of the License.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA## systemd service file for MySQL forking server#[Unit]Description=MySQL ServerDocumentation=man:mysqld(8)Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.htmlAfter=network.targetAfter=syslog.target[Install]WantedBy=multi-user.target[Service]User=mysqlGroup=mysqlType=forkingPIDFile=/usr/local/mysql/run/mysqld.pid# Disable service start and stop timeout logic of systemd for mysqld service.TimeoutSec=0# Execute pre and post scripts as rootPermissionsStartOnly=true# Needed to create system tables#ExecStartPre=/usr/bin/mysqld_pre_systemd# Start main serviceExecStart=/usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr/local/mysql/run/mysqld.pid $MYSQLD_OPTS# Use this to switch malloc implementationEnvironmentFile=-/etc/sysconfig/mysql# Sets open_files_limitLimitNOFILE = 65535Restart=on-failureRestartPreventExitStatus=1PrivateTmp=false

加载

systemctl daemon-reloadsystemctl enable mysqld.servicesystemctl is-enabled mysqld

10. 启动mysql

systemctl start mysqld.service 

11. Securing the Initial MySQL Accounts

重置密码(上一步已经重置过了 这次可以忽略)
删除匿名用户
关闭root用户的远程登录
删除测试数据库

shell> /usr/local/mysql/bin/mysql_secure_installationSecuring the MySQL server deployment.确保MySQL服务器部署。Enter password for user root: 输入用户root的密码：The existing password for the user account root has expired. Please set a new password.用户帐户根的现有密码已过期。请设置新密码。New password: 新的密码：Re-enter new password: 重新输入新密码：VALIDATE PASSWORD PLUGIN can be used to test passwordsand improve security. It checks the strength of passwordand allows the users to set only those passwords which aresecure enough. Would you like to setup VALIDATE PASSWORD plugin?验证密码插件可用于测试密码提高安全。它检查密码的强度并允许用户只设置那些密码是足够安全。是否要安装验证密码插件？Press y|Y for Yes, any other key for No: Y按Y | Y是的，任何没有其他关键：YThere are three levels of password validation policy:密码验证策略有三个级别：LOW    Length >= 8低长度> 8MEDIUM Length >= 8, numeric, mixed case, and special charactersSTRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file强长度= 8，数字，混合的情况下，特殊字符和字典文件Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2请输入0 =低，1 =中等和2 =强：2Using existing password for root.使用现有的root密码。Estimated strength of the password: 100 密码强度估计：100Change the password for root ? ((Press y|Y for Yes, any other key for No) : N更改root密码？（（按Y | Y是的，任何没有其他键）：n ... skipping.…跳过By default, a MySQL installation has an anonymous user,默认情况下，MySQL安装有匿名用户，allowing anyone to log into MySQL without having to havea user account created for them. This is intended only fortesting, and to make the installation go a bit smoother.You should remove them before moving into a productionenvironment.允许任何人登录MySQL而不必为他们创建的用户帐户。这仅用于测试，并使安装有点平滑。你应该在搬入生产前把它们移走环境。Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y删除匿名用户？（按Y | Y是的，任何没有其他键）：YSuccess.成功。Normally, root should only be allowed to connect from'localhost'. This ensures that someone cannot guess atthe root password from the network.通常，根应该只允许连接“localhost”。这确保了某人不能猜测来自网络的根密码。Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y禁止root远程登录？（按Y | Y是的，任何没有其他键）：YSuccess.成功。By default, MySQL comes with a database named 'test' thatanyone can access. This is also intended only for testing,and should be removed before moving into a productionenvironment.默认情况下，MySQL带有一个名为“测试”的数据库任何人都可以访问。这也仅用于测试，并且在进入生产之前应该被移除环境。Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y - Dropping test database...删除测试数据库并访问它吗？（按Y | Y是的，任何没有其他键）：Y跌落测试数据库…Success.成功. - Removing privileges on test database...删除测试数据库的特权…Success.Reloading the privilege tables will ensure that all changesmade so far will take effect immediately.重新加载特权表将确保所有更改到目前为止，将立即生效。Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y重新加载特权表吗？（按Y | Y是的，任何没有其他键）：YSuccess.All done! 

12.Populating the Time Zone Tables

导入时区信息

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

13.测试

shell> mysqladmin version -uroot -pEnter password: mysqladmin  Ver 8.42 Distrib 5.7.17, for linux-glibc2.5 on x86_64Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Server version      5.7.17-logProtocol version    10Connection      Localhost via UNIX socketUNIX socket     /usr/local/mysql/run/mysql.sockUptime:         4 min 0 secThreads: 1  Questions: 8681  Slow queries: 0  Opens: 122  Flush tables: 1  Open tables: 103  Queries per second avg: 36.170

查看变量

shell> mysqladmin variables -uroot -p

14.开放3306端口

##Addfirewall-cmd --permanent --zone=public --add-port=3306/tcp##Reloadfirewall-cmd --reload## 检查是否生效firewall-cmd --zone=public --query-port=3306/tcp## 列出所有的开放端口firewall-cmd --list-all

15.利用logrotate对MySQL日志进行轮转

shell > cat /root/.my.cnf [mysqladmin]  password = password  user= rootchmod 600 /root/.my.cnf

cp  /usr/local/mysql/support-files/mysql-log-rotate /etc/logrotate.d/chmod 644  /etc/logrotate.d/mysql-log-rotate

修改内容如下

shell > cat /etc/logrotate.d/mysql-log-rotate # The log file name and location can be set in# /etc/my.cnf by setting the "log-error" option# in either [mysqld] or [mysqld_safe] section as# follows:## [mysqld]# log-error=/usr/local/mysql/data/mysqld.log## In case the root user has a password, then you# have to create a /root/.my.cnf configuration file# with the following content:## [mysqladmin]# password = <secret> # user= root## where "<secret>" is the password. ## ATTENTION: The /root/.my.cnf file should be readable# _ONLY_ by root !/usr/local/mysql/log/mysql_*.log {        # create 600 mysql mysql        notifempty        weekly         rotate 52        missingok        compress    postrotate    # just if mysqld is really running    if test -x /usr/local/mysql/bin/mysqladmin && \       /usr/local/mysql/bin/mysqladmin ping &>/dev/null    then       /usr/local/mysql/bin/mysqladmin flush-logs    fi    endscript}

测试

/usr/sbin/logrotate  -fv  /etc/logrotate.d/mysql-log-rotate