Install the Database

SELINUX

If the database is on another server, the remote connection must be enabled in SELINUX

Percona (MySQL)

1. Disable the MySQL Module

   # Rhel 8+ yum -y module disable mysql

   
   
   

2. Install the Percona repo

   yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm yum -y update percona-release

   
   
   

3. Install Percona

   # remove any lingering mysql data or configs yum -y remove mysql* rm -rf /var/lib/mysql/* rm -rf /var/log/mysql* rm -rf /etc/my.cnf* # Install the Percona Server yum -y install percona-server-server # Install the Percona Client yum -y install percona-server-client

   
   
   

4. Enable and Start the Percona service

   systemctl enable mysql systemctl start mysql

   
   
   

5. Secure the installation

   ############# ### RHEL < 9 ############# # copy and paste lines into the terminal TEMP_DB_PW=$(grep -o "temporary password is generated for root@localhost.*" /var/log/mysql/mysqld.log | cut -f2- -d: | tail -1 | sed -e 's/^[[:space:]]*//') echo -e "Temporary root password: ${TEMP_DB_PW}" # run the secure installation to setup the root password mysql_secure_installation -p${TEMP_DB_PW} << EOF N Y Y Y Y EOF   ############# ### RHEL 9 + ############# # run the mysql_secure_installation command > mysql_secure_installation Securing the MySQL server deployment. Connecting to MySQL using a blank password. VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: y There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2 Please set the password for root here. New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y Success. All done!

   
   
   

6. Update the database config

   cat > /etc/my.cnf << SQL # # The Percona Server configuration file. # [mysqld] # # Recommended Settings # innodb_buffer_pool_size = 5600M # set value to max out at 70% of the total ram innodb_log_file_size = 256M # set a hard limit on the log file size innodb_log_buffer_size = 1M innodb_flush_log_at_trx_commit = 1 # this is actually the default, but I put it in here to make it easier to adjust, if needed innodb_flush_method = O_DIRECT # avoid double buffering symbolic-links=0 # Disabling symbolic-links is recommended to prevent assorted security risks # # Make MySQL more strict (for future-proofing MySQL version upgrades) # sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ALLOW_INVALID_DATES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' # # Optional, but often useful, tweaks # join_buffer_size = 16M key_buffer_size = 4M log_queries_not_using_indexes = 0 long_query_time = 7 max_allowed_packet = 32M max_connections = 30 query_cache_limit = 2M query_cache_min_res_unit = 2048 query_cache_size = 256M query_cache_size = 67108864 slow_query_log = 1 slow_query_log_file=/var/log/mysqld-slow.log table_definition_cache = 800 table_open_cache = 810 thread_cache_size = 8 SQL # restart MySQL systemctl restart mysql

   
   
   

7. Create the Databases and Users.
   NOTE: This is just an example of how to create the SQL. Previous installations used a pcr360_usr to access both databases. For all new installations, we want to have separate users for the prod and test databases. The placeholder information needs to filled in and the query it needs to run for the Test and Production Database, i.e pcr360_prod & pcr360_test. 
   
   For MySQL the database must be configured with the UTF8 character set. For MySQL 8 utf8mb4 and utf8mb4_unicode_ci are supported as well. Currently, other character sets and collations are not supported.

   # create temp file cat >mysql_setup.sql <<SQL CREATE USER 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>'; CREATE DATABASE pcr360_prod CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>'; GRANT ALL PRIVILEGES ON pcr360_prod.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>'; CREATE DATABASE pcr360_prod_archive CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>'; GRANT ALL PRIVILEGES ON pcr360_prod_archive.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>'; CREATE DATABASE pcr360_prod_metadata CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'%' IDENTIFIED BY '<DB_PASSWORD>'; GRANT ALL PRIVILEGES ON pcr360_prod_metadata.* TO 'pcr360_prod'@'localhost' IDENTIFIED BY '<DB_PASSWORD>'; GRANT USAGE ON *.* TO 'pcr360_prod'@'%'; GRANT USAGE ON *.* TO 'pcr360_prod'@'localhost'; CREATE USER 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>'; GRANT USAGE ON *.* TO 'dmpusr'@'localhost'; GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>'; GRANT SELECT, SHOW VIEW, LOCK TABLES ON pcr360_prod_archive.* TO 'dmpusr'@'localhost' IDENTIFIED BY '<DMP_USER_PASSWORD>'; SQL # create the database mysql -h localhost -uroot -p<DB_ROOT_PASSWORD> -f < mysql_setup.sql # remove the temp create file rm -f mysql_setup.sql

   
   
   

Oracle

1. Install the Oracle Instant Client
   
   

   We highly recommend installing Oracle on a dedicated database server. To communicate with Oracle on that server completing this installation will require the username, password, hostname, port (e.g. 1521) and SID.

   Download and install the Oracle Instant Client on the PCR-360 application server. This is required before installing the PHP oracle driver (oci8).

   
   
   

2. Required to compile OCI8 PHP module:

   
   
   

3. Required to use the sqlplus interface:

   
   
   

4. Download each and install each using rpm:

   
   
   

5. Set the library location

   sh -c "echo /usr/lib/oracle/19.5/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf"; ldconfig