SELINUX

If the database is on another server, the remote connection must be enabled in SELINUX

setsebool -P httpd_can_network_connect_db 1

Percona (MySQL)

Disable the MySQL Module

# Rhel 8
# PERCONA IS NOT CURRENTLY SUPPORTE BY RHEL 9, in that case skip this step
yum -y module disable mysql

Install the Percona repo

## PERCONA IS NOT CURRENTLY SUPPORTE BY RHEL 9, in that case skip this step

yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
yum -y update percona-release

Install Percona

## PERCONA IS NOT CURRENTLY SUPPORTED BY RHEL 9, in that case skip this step

# Install the Percona Server
yum -y remove mysql*
rm -rf /var/lib/mysql/*
rm -rf /var/log/mysql*
rm -rf /etc/my.cnf*
yum -y install Percona-Server-server-57

# Install the Percona Client
yum -y install Percona-Server-client-57

## PERCONA IS NOT CURRENTLY SUPPORTED BY RHEL 9, use this to install MySQL 8

setsebool -P httpd_can_network_connect_db 1
dnf install mysql mysql-server mysql-client -y

Enable and Start the Percona service

systemctl enable mysql
systemctl start mysql

Secure the installation

#############
### RHEL < 9
#############

TEMP_DB_PW=$(grep -o "temporary password is generated for root@localhost.*" /var/log/mysql/mysqld.log | cut -f2- -d: | tail -1 | sed -e 's/^[[:space:]]*//')
echo -e "Temporary root password: ${TEMP_DB_PW}"
echo -e "Configured root password: ${DB_ROOT_PASSWORD}"
# run the secure installation to setup the root password
echo "mysql_secure_installation"
mysql_secure_installation -p${TEMP_DB_PW} << EOF
N
Y
Y
Y
Y
EOF  

#############
### RHEL 9 +
############# 

> mysql_secure_installation

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Please set the password for root here.

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done!

Update the database config

cat > /etc/my.cnf << SQL
#
# The Percona Server 5.7 configuration file.
#
[mysqld]
#
# Recommended Settings
#
innodb_buffer_pool_size = 5600M    # set value to max out at 70% of the total ram
innodb_log_file_size = 256M        # set a hard limit on the log file size
innodb_log_buffer_size = 1M
innodb_flush_log_at_trx_commit = 1 # this is actually the default, but I put it in here to make it easier to adjust, if needed
innodb_flush_method = O_DIRECT     # avoid double buffering
symbolic-links=0                   # Disabling symbolic-links is recommended to prevent assorted security risks
#
# Make MySQL more strict (for future-proofing MySQL version upgrades)
#
sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ALLOW_INVALID_DATES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
#
# Optional, but often useful, tweaks
#
join_buffer_size = 16M
key_buffer_size = 4M
log_queries_not_using_indexes = 0
long_query_time = 7
max_allowed_packet = 32M
max_connections = 30
query_cache_limit = 2M
query_cache_min_res_unit = 2048
query_cache_size = 256M
query_cache_size = 67108864
slow_query_log = 1
slow_query_log_file=/var/log/mysqld-slow.log
table_definition_cache = 800
table_open_cache = 810
thread_cache_size = 8
SQL

# restart MySQL
systemctl restart mysql

Create the Databases and Users.
NOTE: This is just an example of how to create the SQL. Previous installations used a pcr360_usr to access both databases. For all new installations, we want to have separate users for the prod and test databases. The placeholder information needs to filled in and the query it needs to run for the Test and Production Database, i.e pcr360_prod & pcr360_test.

# create temp file
cat >mysql_setup.sql <<SQL
CREATE USER 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod_archive CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

CREATE DATABASE pcr360_prod_metadata CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>';
GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>';

GRANT USAGE ON *.* TO 'pcr360_prod'@'%';
GRANT USAGE ON *.* TO 'pcr360_prod'@'localhost';

CREATE USER 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
GRANT USAGE ON *.* TO 'dmpusr'@'localhost';
GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod_archive.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>';
SQL

# create the database
mysql -h localhost -uroot -p<DB_ROOT_PASSWORD> -f < mysql_setup.sql
# remove the temp create file
rm -f mysql_setup.sql

Oracle

Install the Oracle Instant Client
We highly recommend installing Oracle on a dedicated database server. To communicate with Oracle on that server completing this installation will require the username, password, hostname, port (e.g. 1521) and SID.
Download and install the Oracle Instant Client on the PCR-360 application server. This is required before installing the PHP oracle driver (oci8).
Required to compile OCI8 PHP module:
oracle-instantclientxx.x-basic-xx.x.x.x.x-x.x86_64.rpm
Required to use the sqlplus interface:
oracle-instantclientxx.x-sqlplus-xx.x.x.x.x-x.x86_64.rpm
Download each and install each using rpm:
yum -y install oracle-instantclient19.5-basic-19.5.0.0.0-1.x86_64.rpm
yum -y install oracle-instantclient19.5-sqlplus-19.5.0.0.0-1.x86_64.rpm
yum -y install libnsl

Set the library location

sh -c "echo /usr/lib/oracle/19.5/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf";
ldconfig

Browser not supported