Versions Compared

Old Version 4

changes.mady.by.user Brian Dixon

Saved on

compared with

New Version Current

changes.mady.by.user Marty Goodrich

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Disable the MySQL Module

    Code Block
    # Rhel 8
# PERCONA IS NOT CURRENTLY SUPPORTE BY RHEL 9, in that case skip this step
+
yum -y module disable mysql


  2. Install the Percona repo

    Code Block
    ## PERCONA IS NOT CURRENTLY SUPPORTE BY RHEL 9, in that case skip this step

yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
yum -y update percona-release


  3. Install Percona

    Code Block
    ##
PERCONA# ISremove NOTany CURRENTLYlingering SUPPORTEDmysql BYdata RHEL 9, in that case skip this step

# Install the Percona Server
or configs
yum -y remove mysql*
rm -rf /var/lib/mysql/*
rm -rf /var/log/mysql*
rm -rf /etc/my.cnf*
yum
-y install Percona-Server-server-57

# Install the Percona ClientServer
yum -y install Perconapercona-Serverserver-client-57server

### PERCONAInstall ISthe NOTPercona CURRENTLY SUPPORTED BY RHEL 9, use this to install MySQL 8

setsebool -P httpd_can_network_connect_db 1
dnf install mysql mysql-server mysql-client -y
Client
yum -y install percona-server-client


  4. Enable and Start the Percona service

    Code Block
    systemctl enable mysql
systemctl start mysql


  5. Secure the installation

    Code Block
    #############
### RHEL < 9
#############

# copy and paste lines into the terminal

TEMP_DB_PW=$(grep -o "temporary password is generated for root@localhost.*" /var/log/mysql/mysqld.log | cut -f2- -d: | tail -1 | sed -e 's/^[[:space:]]*//')
echo -e "Temporary root password: ${TEMP_DB_PW}"
echo -e "Configured
root
password: ${DB_ROOT_PASSWORD}"
# run the secure installation to setup the root password
echo "mysql_secure_installation" mysql_secure_installation -p${TEMP_DB_PW} << EOF
N
Y
Y
Y
Y
EOF  

#############
### RHEL 9 +
############# 

# run the mysql_secure_installation command

> mysql_secure_installation

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Please set the password for root here.

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done!


  6. Update the database config

    Code Block
    cat > /etc/my.cnf << SQL
#
# The Percona Server 5.7 configuration file.
#
[mysqld]
#
# Recommended Settings
#
innodb_buffer_pool_size = 5600M    # set value to max out at 70% of the total ram
innodb_log_file_size = 256M        # set a hard limit on the log file size
innodb_log_buffer_size = 1M
innodb_flush_log_at_trx_commit = 1 # this is actually the default, but I put it in here to make it easier to adjust, if needed
innodb_flush_method = O_DIRECT     # avoid double buffering
symbolic-links=0                   # Disabling symbolic-links is recommended to prevent assorted security risks
#
# Make MySQL more strict (for future-proofing MySQL version upgrades)
#
sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ALLOW_INVALID_DATES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
#
# Optional, but often useful, tweaks
#
join_buffer_size = 16M
key_buffer_size = 4M
log_queries_not_using_indexes = 0
long_query_time = 7
max_allowed_packet = 32M
max_connections = 30
query_cache_limit = 2M
query_cache_min_res_unit = 2048
query_cache_size = 256M
query_cache_size = 67108864
slow_query_log = 1
slow_query_log_file=/var/log/mysqld-slow.log
table_definition_cache = 800
table_open_cache = 810
thread_cache_size = 8
SQL

# restart MySQL
systemctl restart mysql


  7. Create the Databases and Users.
    NOTE: This is just an example of how to create the SQL. Previous installations used a pcr360_usr to access both databases. For all new installations, we want to have separate users for the prod and test databases. The placeholder information needs to filled in and the query it needs to run for the Test and Production Database, i.e pcr360_prod & pcr360_test. 

    For MySQL the database must be configured with the UTF8 character set. For MySQL 8 utf8mb4 and utf8mb4_unicode_ci are supported as well. Currently, other character sets and collations are not supported.

    Code Block
    # create temp file
cat >mysql_setup.sql <<SQL
CREATE USER 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod_archive CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod_metadata CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

GRANT USAGE ON *.* TO 'pcr360_prod'@'%';
GRANT USAGE ON *.* TO 'pcr360_prod'@'localhost';

CREATE USER 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
GRANT USAGE ON *.* TO 'dmpusr'@'localhost';
GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod_archive.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
SQL

# create the database
mysql -h localhost -uroot -p<DB_ROOT_PASSWORD> -f < mysql_setup.sql
# remove the temp create file
rm -f mysql_setup.sql


...