As an alternative to the method documented below, it is possible to install MySQL Enterprise Edition from YUM or APT packages (either downloaded locally, to your own package server, or from an online repository).
Installing packages using YUM or APT packages has some disadvantages...
The install will go to the /usr/lib64/mysql directory.
The default databases will be created under /var/lib/mysql.
In Note 1369139.1 Oracle make this statement...
The steps shown are based on a tarball installation for Oracle Enterprise Linux 7
Ensure there are no MariaDB or MySQL CE libraries already installed (some of these have shipped by default on some distributions)....
sudo su - root
yum list installed | grep -i maria
yum list installed | grep -i mysql
To remove, if necessary, use...
yum remove mariadb-libs.x86_64
yum remove mysql-community-*
yum remove mysql-release-el7.x86_64
yum clean all
MySQL has a dependency on the libaio library...
rpm -q --last libaio
yum list installed | grep libaio
To install, if necessary, use...
yum install libaio
MySQL has a dependency on libtinfo.so.5...
(This tends not to be installed by default on OEL8)ls /lib64/libtinfo.so.5
To install, if necessary, use...
yum install ncurses-compat-libs
All MySQL Nodes in the cluster should be reachable via DNS or /etc/hosts
ping node
Network/firewall configuration should allow access to the MySQL server via port 22 and 3306 (assuming use of standard ports)
firewall-cmd --zone=public --list-ports
To configure firewalld appropriately...
firewall-cmd --zone=public --add-port=22/tcp
firewall-cmd --permanent --zone=public --add-port=22/tcp
firewall-cmd --zone=public --add-port=3306/tcp
firewall-cmd --zone=public --permanent --add-port=3306/tcp
firewall-cmd --zone=public --add-port=33060/tcp --permanent
firewall-cmd --zone=public --add-port=33061/tcp --permanent
firewall-cmd --reload
/mysql - ~5GB
/mysql/data - (dependent on amount of data to be stored in database)
/mysql/log - 10GB minimum for test, 50GB minimum for live (dependent on amount of DML)
/mysql/backup - Approx 50% of database size per backup, assuming compression used
Linux Users & Groups
groupadd -g 27 -o -r mysql
useradd -M -N -g mysql -o -r -d /mysql/data -s /bin/false -c "MySQL Server" -u 27 mysql
chown -R mysql:mysql /mysql
chmod 750 /mysql/data
Download Enterprise (or Standard) Edition TAR file from Oracle Software Delivery Cloud or My Oracle Support (Patches & Updates section).
cd /mysql
tar xvf /mysql/${MYTAR}
ln -s $(echo ${MYTAR} | awk -F".tar" '{ print $1 }') current
export PATH=/mysql/current/bin:$PATH
Add this to the .bash_profile for the root usercd /mysql
mkdir mysql-files
chown mysql:mysql mysql-files
chmod 750 mysql-files
Check current status using one/both of these commands...
sestatus
getenforce
If your server has SELinux enabled, you have two choices. Disable SELinux (not recommended, but might be right for a test system), or configure SELinux to allow our configuration...
semanage fcontext -a -t mysqld_db_t "/mysql(/.*)?"
restorecon -Rv /mysql
semanage port -a -t mysqld_port_t -p tcp 3307
setenforce 0
getenforce
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
cd /mysql
touch my.cnf
chown root:root my.cnf
chmod 644 my.cnf
ln -s /mysql/my.cnf /etc/my.cnf
Add the following lines to /etc/my.cnf...
[mysqld]
# GENERAL #
# ------------------------------ #
basedir = /mysql/current
socket = /mysql/mysql.sock
pid-file = /mysql/mysql.pid
port = 3306
user = mysql
# Data Storage #
# ------------------------------ #
datadir = /mysql/data
default-storage-engine = InnoDB
# Secure INFILE/OUTFILE Location #
# ------------------------------ #
local_infile = OFF
secure_file_priv = /mysql/mysql-files
# BINARY LOGGING #
# ------------------------------ #
log-bin = /mysql/log/binlog
binlog_expire_logs_seconds = 2592000
sync-binlog = 1
binlog-format = ROW
binlog_rows_query_log_events = ON
# LOGGING #
# ------------------------------ #
log-error = /mysql/data/mysql-error.log
log-queries-not-using-indexes = 1
slow-query-log = 1
slow-query-log-file = /mysql/data/mysql-slow.log
# INNODB #
# ------------------------------ #
innodb-log-files-in-group = 2
innodb-log-file-size = 256M
innodb-file-per-table = 1
innodb-buffer-pool-size = 2560M
innodb-io-capacity = 2000
innodb-io-capacity-max = 4000
[client]
socket = /mysql/mysql.sock
cd /mysql/current
bin/mysqld --defaults-file=/mysql/my.cnf --initialize
touch /etc/systemd/system/mysqld.service
chmod 644 /etc/systemd/system/mysqld.service
Add the following lines to /usr/lib/systemd/system/mysqld.service...
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
# Have mysqld write its state to the systemd notify socket
Type=notify
# Disable service start and stop timeout logic of systemd for mysqld service.
TimeoutSec=0
# Start main service
ExecStart=/mysql/current/bin/mysqld --defaults-file=/mysql/my.cnf $MYSQLD_OPTS
# Use this to switch malloc implementation
EnvironmentFile=-/etc/sysconfig/mysql
# Sets open_files_limit
LimitNOFILE = 10000
Restart=on-failure
RestartPreventExitStatus=1
# Set environment variable MYSQLD_PARENT_PID. This is required for restart.
Environment=MYSQLD_PARENT_PID=1
PrivateTmp=false
Enable the service...
systemctl enable mysqld.service
Test manually starting MySQL...
systemctl start mysqld
systemctl status mysqld
Reboot your server and check MySQL automatically starts...
reboot
systemctl status mysqld
Check the logfile...
journalctl -u mysqld
Find out the initial password...
grep 'temporary password' /mysql/data/mysql-error.log
Filename is based on value of log-error from /mysql/my.cnfUse it to login...
mysql -u root -p
Enter the password when promptedChange the password (be sure to store it somewhere securely)...
ALTER USER 'root'@'localhost' IDENTIFIED BY RANDOM PASSWORD;
mysqlshow -u root -p
Enter the password when prompted. You should see four default databases.mysqladmin -u root -p version
Enter the password when prompted.mysql -u root -p
show databases;
Paste following into /etc/logrotate.d/mysql...
/mysql/data/*log {
# create 600 mysql mysql
notifempty
weekly
rotate 5
missingok
compress
postrotate
# just if mysqld is really running
if test -x /mysql/current/bin/mysqladmin && \
env HOME=/root/ /mysql/current/bin/mysqladmin ping &>/dev/null
then
env HOME=/root/ /mysql/current/bin/mysqladmin flush-logs
fi
endscript
}
For all files ending with log in /mysql/data
(option) Create new files with 600 permissions
Don't rotate if log file is empty
Rotate weekly
Maximum of 5 versions of a file
If the logfile is missing, ignore and continue
Compress old versions with gzip
After Rotate is complete...
... if the mysqladmin file exists...
... and mysqladmin ping says db is up...
... flush-logs ...
End postrotate commands
NOTE: You need mysqladmin to be able to login locally without needing manual password entry in order for the ping and flush-logs commands to run correctly...
mysql_config_editor set --login-path=mysqladmin --host=localhost --user=root --password
TODO: Password Validation
TODO: Enterprise Audit
https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-audit.html
TODO: Addressing these errors in mysql-error.log...
2021-11-26T17:37:34.914859Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1 is enabled for channel mysql_main
2021-11-26T17:37:34.914895Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1.1 is enabled for channel mysql_main