1、在阿里云服务器搭建openv-p-n
服务器已销毁,下面是自动化Openv-p-n的脚本,一直到第一个客户端为止,后续自动化客户端生成脚本直接有老王的现成脚本,就没额外去写:
#!/bin/bash
#****************************************************************************************#
#Author: Yabao11
#QQ: xxx
#Date: 2021-09-20
#FileName: openvpn2.sh
#URL: Temporary Null
#Description: OpenVPN
#Copyright (C): 2021 All rights reserved
#*******************************定义颜色*************************************************#
RED="\e[1;31m"
GREEN="\e[1;32m"
SKYBLUE="\e[1;36m"
YELLOW="\e[1;33m"
BLUE="\e[1;34m"
END="\e[0m"
RandomColor="\e[1;$[RANDOM%7+31]m"
#****************************************************************************************#
function color {
RES_COL=60
MOVE_TO_COL="echo -en \E[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \E[1;32m"
SETCOLOR_FAILURE="echo -en \E[1;31m"
SETCOLOR_WARNING="echo -en \E[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [[ $2 = "success" || $2 = "0" ]]; then
${SETCOLOR_SUCCESS}
echo -n " OK "
elif [[ $2 = "failure" || $2 = "1" ]]; then
${SETCOLOR_FAILURE}
echo -n "FAILED"
else
${SETCOLOR_WARNING}
echo -n "WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
function openvpn_install {
echo -e $RED"注意,将彻底从0开始安装,会卸载现有软件,提供5s给你考虑一下,可ctrl+c退出!!!"$END
sleep 5
rpm -qa openvpn &> /dev/null && ( yum -y remove openvpn &> /dev/null || { color "openvpn软件卸载失败..." 1;exit 1; } )
rpm -qa easy-rsa &> /dev/null && ( yum -y remove easy-rsa &> /dev/null || { color "easy-rsa软件卸载失败..." 1;exit 1; } )
yum -y install openvpn &> /dev/null || { color "openvpn下载失败,请确认YUM源或网络环境..." 1;exit 1; }
yum -y install easy-rsa &> /dev/null || { color "easy-rsa下载失败,请确认YUM源或网络环境..." 1;exit 1; }
}
function openvpn_init {
cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf ${openvpnpath}/ || { color "服务器配置文件复制失败..." 1;exit 1; }
cp -r /usr/share/easy-rsa ${openvpnpath}/${easyrsaserverpath} || { color "证书签发文件复制失败..." 1;exit 1; }
cp /usr/share/doc/easy-rsa/vars.example ${openvpnpath}/${easyrsaserverpath}/3/vars || { color "证书签发变量文件vars复制失败..." 1;exit 1; }
sed -r -e '/set_var EASYRSA_CA_EXPIRE/s|(.*)|#\1|' \
-e '/set_var EASYRSA_CA_EXPIRE/a\set_var EASYRSA_CA_EXPIRE 36500\' \
-e '/set_var EASYRSA_CERT_EXPIRE/s|(.*)|#\1|' \
-e '/set_var EASYRSA_CERT_EXPIRE/a\set_var EASYRSA_CERT_EXPIRE 3650\' \
-i.bak \
${openvpnpath}/${easyrsaserverpath}/3/vars || { color "var文件修改失败.." 1;exit 1; }
}
function openvpn_rootca {
cd ${openvpnpath}/${easyrsaserverpath}/3/
./easyrsa init-pki <<EOF &> /dev/null || { color "初始化pki失败.." 1;exit 1; }
yes
EOF
./easyrsa build-ca nopass <<EOF &> /dev/null || { color "自签名证书生成失败.." 1;exit 1; }
EOF
}
function openvpn_serverpki {
./easyrsa gen-req server nopass <<EOF || { color "服务器CSR生成失败.." 1;exit 1; }
EOF
./easyrsa sign server server <<EOF || { color "服务器证书导入成功.." 1;exit 1; }
yes
EOF
./easyrsa gen-dh &> /dev/null || { color "DH秘钥生成失败.." 1;exit 1; }
ls ${openvpnpath}/${easyrsaserverpath}/3.0.8/pki/dh.pem && echo -e "DH秘钥在这儿" || { echo -e "DH秘钥没找到";exit 1; }
}
function openvpn_firstclient {
cp -r /usr/share/easy-rsa ${openvpnpath}/${easyrsaclientpath} || { color "客户端CSR生成专用PKI目录复制失败.." 1;exit 1; }
cp /usr/share/doc/easy-rsa/vars.example ${openvpnpath}/${easyrsaclientpath}/3/vars || { color "客户端var复制失败.." 1;exit 1; }
cd ${openvpnpath}/${easyrsaclientpath}/3/
./easyrsa init-pki <<EOF &> /dev/null || { color "客户端PKI初始化失败.." 1;exit 1; }
yes
EOF
./easyrsa gen-req ${user1} nopass <<EOF || { color "客户端CSR生成失败.." 1;exit 1; }
EOF
cd ${openvpnpath}/${easyrsaserverpath}/3
./easyrsa import-req ${openvpnpath}/${easyrsaclientpath}/3/pki/reqs/${user1}.req ${user1}
sed -r -e '/set_var EASYRSA_CERT_EXPIRE/s|(.*)|#\1|' \
-e '/set_var EASYRSA_CERT_EXPIRE/a\set_var EASYRSA_CERT_EXPIRE '${cpkiexpire}'\' \
-i.bak2 \
${openvpnpath}/${easyrsaserverpath}/3/vars || { color "var文件修改失败.." 1;exit 1; }
sed -r -n '/set_var EASYRSA_CERT_EXPIRE/p' ${openvpnpath}/${easyrsaserverpath}/3/vars
./easyrsa sign client ${user1} <<EOF || { color "用户证书签发失败.." 1;exit 1; }
yes
EOF
}
function openvpn_filecopy {
mkdir ${openvpnpath}/certs
cp ${openvpnpath}/${easyrsaserverpath}/3/pki/ca.crt ${openvpnpath}/certs/
cp ${openvpnpath}/${easyrsaserverpath}/3/pki/issued/server.crt ${openvpnpath}/certs/
cp ${openvpnpath}/${easyrsaserverpath}/3/pki/private/server.key ${openvpnpath}/certs/
cp ${openvpnpath}/${easyrsaserverpath}/3/pki/dh.pem ${openvpnpath}/certs/
mkdir /var/log/openvpn
chown openvpn.openvpn /var/log/openvpn
color "创建日志存储目录..." 0
sleep 1.5s
color "服务器证书等文件复制完毕!" 0
mkdir ${openvpnpath}/client/${user1}
find ${openvpnpath}/ \( -name "${user1}.key" -o -name "${user1}.crt" -o -name ca.crt \) -exec cp {} ${openvpnpath}/client/${user1}/ \; && color "客户端文件复制完毕!" 0
echo -e $RED"开启ip forward..."$END
echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p
[ `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ] && color "ip forward启动成功!" 0 || { color "ip forward配置失败.." 1;exit 1; }
}
function openvpn_serverconfig {
cp ${openvpnpath}/server.conf{,.bak}
echo -n > ${openvpnpath}/server.conf
cat > ${openvpnpath}/server.conf <<EOF || { color "server.conf文件写入失败.." 1;exit 1; }
port 1194
proto tcp
dev tun
ca ${openvpnpath}/certs/ca.crt
cert ${openvpnpath}/certs/server.crt
key ${openvpnpath}/certs/server.key
dh ${openvpnpath}/certs/dh.pem
server 10.8.0.0 255.255.255.0
push "route ${innet}"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 100
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
EOF
}
function openvpn_servicefile {
cat > /lib/systemd/system/openvpn@.service <<EOF
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/openvpn --cd ${openvpnpath}/ --config %i.conf
[Install]
WantedBy=multi-user.target
EOF
ls /lib/systemd/system/openvpn@.service &> /dev/null && color "Openvpn服务文件准备完毕,可通过systemctl start openvpn@server启动.." 0 || { color "找不到OpenVPN 服务unit文件" 1;exit 1; }
}
function openvpn_clientfile {
cat > ${openvpnpath}/client/${user1}/client.ovpn <<EOF
client
dev tun
proto tcp
remote ${public_ip} 1194
resolv-retry infinite
nobind
#persist-key
#persist-tun
ca ca.crt
cert mxx.crt
key mxx.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
compress lz4-v2
EOF
}
function openvpn_takey {
openvpn --genkey --secret ${openvpnpath}/certs/ta.key || { color "ta.key生成失败.." 1;exit 1; }
grep tls-auth ${openvpnpath}/server.conf && sed -r -e '/tls-auth/s|(.*)|#\1|' -e '/tls-auth/a\tls-auth '${openvpnpath}'/certs/ta.key 0\' -i.bak2 ${openvpnpath}/server.conf || echo "tls-auth ${openvpnpath}/certs/ta.key 0" >> ${openvpnpath}/server.conf
grep tls-auth ${openvpnpath}/server.conf && color "server.conf已补充takey配置" 0 || { color "server.conf的takey配置补充失败" 1;exit 1; }
grep tls-auth ${openvpnpath}/client/${user1}/client.ovpn && sed -r -e '/tls-auth/s|(.*)|#\1|' -e '/tls-auth/a\tls-auth ta.key 1\' -i.bak2 ${openvpnpath}/client/${user1}/client.ovpn || echo "tls-auth ta.key 1" >> ${openvpnpath}/client/${user1}/client.ovpn
grep tls-auth ${openvpnpath}/client/${user1}/client.ovpn && color "server.conf已补充takey配置" 0 || { color "server.conf的takey配置补充失败" 1;exit 1; }
}
#定义菜单变量
i=1
j=7
((All=i))
((onlyinstall=i+all))
((onlyfileinit=i+onlyinstall))
((onlyrootca=i+onlyfileinit))
((onlyserverpki=i+onlyrootca))
((onlyoneuser=i+onlyserverpki))
((quit=j))
echo -en $RandomColor
PS3="请选择您要执行的操作,分步操作的脚本没测试!!!(1-$j):"
MENU='
从零开始搭建OpenVPN,并配置完成所有项目
只帮我安装OpenVPN,但不要执行其他操作
帮我完成OpenVPN的文件初始化(文件复制、目录创建等)
帮我完成easy-rsa RootCA的搭建
帮我完成Server PKI的签发
帮我完成第一个用户的初始化设置
退出
'
openvpnpath="/etc/openvpn"
easyrsaserverpath="easy-rsa-server"
easyrsaclientpath="easy-rsa-client"
innet="172.16.1.0 255.255.255.0"
select M in $MENU ;do
echo -en '\E[0m'
case $REPLY in
$All)
read -p "输入你OpenVPN的公网IP?" public_ip
[ -z ${public_ip} ] && { color "你必须要提供公网IP!" 1;exit 1; }
read -p "初始第一个用户的用户名?(如:mxx)" user1
[ -z ${user1} ] && { color "你必须要提供一个用户名!" 1;exit 1; }
read -p "客户端证书的有效期你想定多久?(默认90,回车使用默认值)" etime
cpkiexpire=${etime:-90}
openvpn_install && color "安装成功!" 0 || exit
openvpn_init && color "openvpn文件初始化成功!" 0 || exit
openvpn_rootca && color "openvpn RootCA初始化成功!" 0 || exit
openvpn_serverpki && color "openvpn Server PKI颁发成功!" 0 || exit
openvpn_firstclient && color "openvpn第一个用户文件生成成功" 0
openvpn_filecopy && color "OpenVPN 证书文件复制成功(客户端文件没校验)..." 0 || exit
openvpn_serverconfig && color "OpenVPN 服务器配置文件准备完毕" 0 || exit
openvpn_servicefile && { systemctl daemon-reload;sleep 2;systemctl restart openvpn@server; } && systemctl enable --now openvpn@server
openvpn_clientfile && color "OpenVPN第一个用户配置文件创建成功" 0
openvpn_takey && { color "OpenVPN 服务器端takey配置成功" 0;systemctl restart openvpn@server; } || exit
;;
$onlyinstall)
color "注意!本脚本只是假设用户已完成当前步骤前提下补充执行部分操作!" 2
openvpn_install && color "安装成功!" 0 || exit
;;
$onlyfileinit)
color "注意!本脚本只是假设用户已完成当前步骤前提下补充执行部分操作!" 2
openvpn_init && color "openvpn文件初始化成功!" 0 || exit
;;
$onlyrootca)
color "注意!本脚本只是假设用户已完成当前步骤前提下补充执行部分操作!" 2
openvpn_rootca && color "openvpn RootCA初始化成功!" 0 || exit
;;
$onlyserverpki)
color "注意!本脚本只是假设用户已完成当前步骤前提下补充执行部分操作!" 2
openvpn_serverpki && color "openvpn Server PKI颁发成功!" 0 || exit
;;
$onlyoneuser)
color "注意!本脚本只是假设用户已完成当前步骤前提下补充执行部分操作!" 2
read -p "输入你OpenVPN的公网IP?" public_ip
[ -z ${public_ip} ] && { color "你必须要提供公网IP!" 1;exit 1; }
read -p "初始第一个用户的用户名?(如:mxx)" user1
[ -z ${user1} ] && { color "你必须要提供一个用户名!" 1;exit 1; }
read -p "客户端证书的有效期你想定多久?(默认90,回车使用默认值)" etime
cpkiexpire=${etime:-90}
openvpn_firstclient && color "openvpn第一个用户文件生成成功" 0
;;
$quit)
exit
;;
*)
color "输入错误!" 2
;;
esac
done
阿里主机已经干掉了,如下是成功部署后的截图信息————目录结构
[root@OpenVPN openvpn]# tree
.
├── certs
│ ├── ca.crt
│ ├── dh.pem
│ ├── server.crt
│ └── server.key
├── client
│ └── mxx
│ ├── ca.crt
│ ├── client.ovpn
│ ├── client.ovpn.bak
│ ├── mxx.crt
│ ├── mxx.key
│ └── mxx.tar.gz
├── easy-rsa-client
│ ├── 3 -> 3.0.8
│ ├── 3.0 -> 3.0.8
│ └── 3.0.8
│ ├── easyrsa
│ ├── openssl-easyrsa.cnf
│ ├── pki
│ │ ├── openssl-easyrsa.cnf
│ │ ├── private
│ │ │ ├── mxx2.key
│ │ │ └── mxx.key
│ │ ├── reqs
│ │ │ ├── mxx2.req
│ │ │ └── mxx.req
│ │ └── safessl-easyrsa.cnf
│ ├── vars
│ └── x509-types
│ ├── ca
│ ├── client
│ ├── code-signing
│ ├── COMMON
│ ├── email
│ ├── kdc
│ ├── server
│ └── serverClient
├── easy-rsa-server
│ ├── 3 -> 3.0.8
│ ├── 3.0 -> 3.0.8
│ └── 3.0.8
│ ├── easyrsa
│ ├── openssl-easyrsa.cnf
│ ├── pki
│ │ ├── ca.crt
│ │ ├── certs_by_serial
│ │ │ ├── 0315821DD9A6736CCAFB4EF3D5D63CCD.pem
│ │ │ ├── CAB96C3CC308BFB75AB5BADAB7DC3213.pem
│ │ │ └── F02CE7C1CF64E8BE1EA07180A8832F14.pem
│ │ ├── dh.pem
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── index.txt.attr.old
│ │ ├── index.txt.old
│ │ ├── issued
│ │ │ ├── mxx2.crt
│ │ │ ├── mxx.crt
│ │ │ └── server.crt
│ │ ├── openssl-easyrsa.cnf
│ │ ├── private
│ │ │ ├── ca.key
│ │ │ └── server.key
│ │ ├── renewed
│ │ │ ├── certs_by_serial
│ │ │ ├── private_by_serial
│ │ │ └── reqs_by_serial
│ │ ├── reqs
│ │ │ ├── mxx2.req
│ │ │ ├── mxx.req
│ │ │ └── server.req
│ │ ├── revoked
│ │ │ ├── certs_by_serial
│ │ │ ├── private_by_serial
│ │ │ └── reqs_by_serial
│ │ ├── safessl-easyrsa.cnf
│ │ ├── serial
│ │ └── serial.old
│ ├── vars
│ └── x509-types
│ ├── ca
│ ├── client
│ ├── code-signing
│ ├── COMMON
│ ├── email
│ ├── kdc
│ ├── server
│ └── serverClient
├── server
├── server.conf
└── server.conf.bak
30 directories, 61 files
阿里云主机信息:三台设备在一个LAN内,使用172.16.1.0/24网段:
image.png
windows主机连接后可以看到分配的IP信息:
image.png
客户端相关文件和连接信息:
image.png
image.png
可以打开后端的web服务器
image.png
2、通过编译、二进制安装MySQL5.7
源码编译安装
源码编译虽然成功了,但是有三个问题未解决:
- mysql的日志不知道放在了哪里,/var/log下没看到mysql,暂时也还没深入学习,不清楚如何看mysql的文件;
#服务启动时,会提示错误日志的存放路径
[root@centos8-mini bin]# service mysqld start
Starting MySQL.Logging to '/data/mysql/centos8-mini.mxx.com.err'.
[ OK ]
#也可以登录进去查看log_error服务器变量的值
mysql> SHOW GLOBAL VARIABLES LIKE 'log_error';
+---------------+----------------------------+
| Variable_name | Value |
+---------------+----------------------------+
| log_error | ./centos8-mini.mxx.com.err |
+---------------+----------------------------+
1 row in set (0.00 sec)
mysql>
- cmake的配置中,指定了错误的
-DDEFAULT_COLLATION值,每次mysql的时候都会弹出值不存在,官方文档说是要去Index.xml里加上这个值,或者修改/etc/my.cnf文件的默认值,默认值虽然修改掉了,但日志还是一直在弹;不清楚如何将这个编译时的错误修改掉,不知道这个写在了哪个配置文件里;只能重新编译么,待解决;
- 初始密码是什么,因为不知道日志文件位置,不清楚是否有随机初始密码,至少肯定不是空;之后通过mysql_secure_installation重新设置了一个密码;虽然能够修改my.cnf跳过密码后重新修改,但是不知道初始密码始终难受;
答:初始密码是在初始化数据库文件的时候生成的,建议增加--initialized-insecure关键字让初始密码为空
建议:内存6G以上,CPU核数越多越好
* 安装依赖包:
yum -y install gcc gcc-c++ cmake bison zlib-devel libcurl-devel
boost-devel ncurses-devel gnutls-devel libxml2-devel
openssl-devel libevent-devel libaio-devel perl-Data-Dumper
* 准备用户和数据目录
useradd -r -s /sbin/nologin -d /data/mysql mysql
mkdir /data/mysql
chown mysql.mysql /data/mysql
* 下载并解压缩源码包
5.7建议直接下载带boost的,因为之后安装也需要下载
tar xvf mysql-5.7.35.tar.gz -C /usr/local/src
* 额外安装的包
```http
mkdir /usr/local/src/boost
mkdir /usr/local/mysql
#5.7.35需要额外安装的lib库,这里建议yum search libtirpc来查找,因为错误提示提示的libtirpc,但实际包名可能更长或有好几种包
yum -y install libtirpc-devel
[root@centos8 lib64]# find / -name rpc.h
/usr/include/gssrpc/rpc.h
/usr/include/event2/rpc.h
/usr/include/tirpc/rpc/rpc.h #安装时需要查找这个文件
#除了libtirpc之外,还需要rpcgen,编译中会提示缺少rpcgen.cmake,官网搜索可以找到如下提示信息:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html
#这个包YUM仓库不提供,因此需要自行解决:
https://www.linuxfromscratch.org/blfs/view/svn/basicnet/rpcsvc-proto.html
wget https://github.com/thkukuk/rpcsvc-proto/releases/download/v1.4.2/rpcsvc-proto-1.4.2.tar.xz
tar xf解压后
./configure && make && make install
#如果下载的是mysql-boost-5.7.35.tar.gz,则不会有这种问题,rapid/plugin/group_replication/rpcgen.cmake目录中直接就有rpcgen.cmake文件
- 源码编译和安装,如果出错,执行
rm -f CMakeCache.txt,然后重新编译
cd /usr/local/src/mysql-5.7.35
cmake . \
-DDOWNLOAD_BOOST=1 \
-DWITH_BOOST=/usr/local/src/boost \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
#在screen中编译,防止xshell窗口异常关闭导致编译失败
screen -S mysql
make -j 8
make install
#5.7.35版本可以不用指定-DMYSQL_USER、-DWITHOUT_MROONGA_STORAGE_ENGINE、-DWITH_READLINE,5.7.35已经是不可用了:
CMake Warning:
Manually-specified variables were not used by the project:
MYSQL_USER
WITHOUT_MROONGA_STORAGE_ENGINE
WITH_READLINE
-- Build files have been written to: /usr/local/src/mysql-5.7.35
- 准备环境变量,将编译安装的mysql路径加到$PATH变量里,否则使用mysql工具时需要指定路径
[root@centos8 mysql-5.7.35]# echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos8 mysql-5.7.35]# . /etc/profile.d/mysql.sh
[root@centos8 mysql-5.7.35]# echo $PATH
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
- 准备配置文件,没找到官方提供的模板:
mkdir /etc/my.cnf.d/
cat > /etc/my.cnf <<\EOF
[mysqld]
datadir = /data/mysql
innodb_file_per_table = on
skip_name_resolve = on
[client]
!includedir /etc/my.cnf.d
EOF
- 生成数据库文件,手动生成数据库的基础文件:
#5.7.35路径变了,包括install_db文件的路径也不同,和二进制安装步骤是一样的
#先安装libao
yum -y install libaio
#确认/etc/my.cnf.d/目录已提前创建,否则会报错
cd /usr/local/mysql/bin
./mysql_install_db --datadir=/data/mysql --user=mysql
- 准备启动脚本,并启动服务
#官方的启动脚本,路径都是指向/usr/local/mysql的,所以不建议安装到其他目录,免得后续还要修改(可能编译的时候如果指定了会自动修改?未测试)
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
service mysqld start
- 安全初始化
mysql_secure_installation
二进制安装步骤
#用户创建
groupadd -r -g 306 mysql
useradd -r -g 306 -u 306 -d /data/mysql mysql
#数据库目录创建
mkdir /data/mysql
chown mysql:mysql /data/mysql
#解压并为解压后的文件创建软链接
tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local
cd /usr/local
ln -sv mysql-5.7.35-linux-glibc2.12-x86_64 mysql
chown -R root:root /usr/local/mysql/
#5.7.35版本没有模板文件,需要自行创建
cat > /etc/my.cnf <<\EOF
[mysqld]
datadir = /data/mysql
innodb_file_per_table = on
skip_name_resolve = on
[client]
!includedir /etc/my.cnf.d
EOF
#5.7.35版本初始化和5.6略有不同
yum -y install libaio
#先创建该目录
mkdir /etc/my.cnf.d
cd /usr/local/mysql/bin
./mysql_install_db --datadir=/data/mysql --user=mysql
[root@centos8 bin]# ls /data/mysql/ -l
total 110652
-rw-r-----. 1 mysql mysql 56 Nov 24 17:29 auto.cnf
-rw-------. 1 mysql mysql 1676 Nov 24 17:29 ca-key.pem
-rw-r--r--. 1 mysql mysql 1112 Nov 24 17:29 ca.pem
-rw-r--r--. 1 mysql mysql 1112 Nov 24 17:29 client-cert.pem
-rw-------. 1 mysql mysql 1680 Nov 24 17:29 client-key.pem
-rw-r-----. 1 mysql mysql 436 Nov 24 17:29 ib_buffer_pool
-rw-r-----. 1 mysql mysql 12582912 Nov 24 17:29 ibdata1
-rw-r-----. 1 mysql mysql 50331648 Nov 24 17:29 ib_logfile0
-rw-r-----. 1 mysql mysql 50331648 Nov 24 17:29 ib_logfile1
drwxr-x---. 2 mysql mysql 4096 Nov 24 17:29 mysql
drwxr-x---. 2 mysql mysql 4096 Nov 24 17:29 performance_schema
-rw-------. 1 mysql mysql 1676 Nov 24 17:29 private_key.pem
-rw-r--r--. 1 mysql mysql 452 Nov 24 17:29 public_key.pem
-rw-r--r--. 1 mysql mysql 1112 Nov 24 17:29 server-cert.pem
-rw-------. 1 mysql mysql 1680 Nov 24 17:29 server-key.pem
drwxr-x---. 2 mysql mysql 12288 Nov 24 17:29 sys
#使用官方提供的脚本进行开机自启动
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
#添加服务
chkconfig --add mysqld
service mysqld start
#执行安全初始化
mysql_secure_installation
#初次登陆需要修改密码后才能执行命令
[root@centos8 support-files]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.7.35
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
mysql> status
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> help alter user
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> help alter
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> alter user root@'localhost' identified by 'Lahmy1c.';
Query OK, 0 rows affected (0.00 sec)
mysql>
mysql>
mysql> exit
Bye
[root@centos8 support-files]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 5.7.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> status
--------------
mysql Ver 14.14 Distrib 5.7.35, for linux-glibc2.12 (x86_64) using EditLine wrapper
Connection id: 14
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.35 MySQL Community Server (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /tmp/mysql.sock
Uptime: 7 min 0 sec
Threads: 1 Questions: 37 Slow queries: 0 Opens: 122 Flush tables: 1 Open tables: 115 Queries per second avg: 0.088
--------------
mysql> exit
Bye
3、二进制安装mariadb 10.4
步骤与5.7 二进制安装一模一样,唯一不同就是文件名叫mariadb。
[root@centos8 etc]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 39
Server version: 10.4.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.001 sec)
MariaDB [(none)]> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]>
MariaDB [mysql]> show tables
-> ;
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| column_stats |
| columns_priv |
| db |
| event |
| func |
| general_log |
| global_priv |
| gtid_slave_pos |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| index_stats |
| innodb_index_stats |
| innodb_table_stats |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| roles_mapping |
| servers |
| slow_log |
| table_stats |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| transaction_registry |
| user |
+---------------------------+
31 rows in set (0.000 sec)
MariaDB [mysql]> select user,host from user
-> ;
+-------------+-----------+
| User | Host |
+-------------+-----------+
| mariadb.sys | localhost |
| mysql | localhost |
| root | localhost |
+-------------+-----------+
3 rows in set (0.001 sec)
MariaDB [mysql]> help altar user
Nothing found
Please try to run 'help contents' for a list of all accessible topics
MariaDB [mysql]> help altar
Nothing found
Please try to run 'help contents' for a list of all accessible topics
MariaDB [mysql]> help alter
Many help items for your request exist.
To make a more specific request, please type 'help <item>',
where <item> is one of the following
topics:
ALTER DATABASE
ALTER EVENT
ALTER FUNCTION
ALTER LOGFILE GROUP
ALTER PROCEDURE
ALTER SEQUENCE
ALTER TABLE
ALTER TABLESPACE
ALTER USER
ALTER VIEW
MariaDB [mysql]> alter user root@'localhost' identified by 'Admin.123'
-> ;
Query OK, 0 rows affected (0.001 sec)
MariaDB [mysql]>
MariaDB [mysql]>
MariaDB [mysql]> exit
Bye
[root@centos8 etc]# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@centos8 etc]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 41
Server version: 10.4.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> exit
Bye
[root@centos8 etc]#
