我这里是 RHEL6.5 的系统, 因此选择 RedHat 6 x86,64bit 操作系统 --- 下载第一个 RPM Bundle 即可 --mysql-8.0.11-1.el6.x86_64.rpm-bundle.tar.
目前 MySQL8.0.11 社区版提供了多种多样的安装方式, 但是并未发现针对 Linux Generic 安装包包含的 mysql_secure_installation 的安装说明.
MySQL 官网地址: https://dev.mysql.com/downloads/mysql/
因此这里使用推荐的 RPM 安装:
一, mysql-8.0.11-1.el6.x86_64.rpm-bundle.tar 解压后有如下 7 个文件:
- -rw-r--r-- 1 root root 28987588 Apr 9 01:06 mysql-community-client-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 672184 Apr 9 01:06 mysql-community-common-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 4443296 Apr 9 01:06 mysql-community-devel-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 2579460 Apr 9 01:06 mysql-community-libs-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 1902676 Apr 9 01:06 mysql-community-libs-compat-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 395918848 Apr 9 01:07 mysql-community-server-8.0.11-1.el6.x86_64.rpm
- -rw-r--r-- 1 root root 49092596 Apr 9 01:07 mysql-community-test-8.0.11-1.el6.x86_64.rpm
然后创建 mysql 用户:
- useradd mysql
- passwd mysql
二, 安装顺序为:(建议装之前先把之前的 mysql 相关包全部卸载, rpm -e --nodeps < 包名> 即可)
- [root@python ~]# rpm -ivh mysql-community-common-8.0.11-1.el6.x86_64.rpm
- warning: mysql-community-common-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-common ########################################### [100%]
- [root@python ~]# rpm -ivh mysql-community-libs-8.0.11-1.el6.x86_64.rpm
warning: mysql-community-libs-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-libs ########################################### [100%]
- [root@python ~]# rpm -ivh mysql-community-libs-compat-8.0.11-1.el6.x86_64.rpm
warning: mysql-community-libs-compat-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
file /usr/lib64/mysql/libmysqlclient.so.16.0.0 from install of mysql-community-libs-compat-8.0.11-1.el6.x86_64 conflicts with file from package mysql-libs-5.1.73-8.0.1.el6_8.x86_64
file /usr/lib64/mysql/libmysqlclient_r.so.16.0.0 from install of mysql-community-libs-compat-8.0.11-1.el6.x86_64 conflicts with file from package mysql-libs-5.1.73-8.0.1.el6_8.x86_64
- [root@python ~]# rpm -e --nodeps mysql-libs-5.1.73-8.0.1.el6_8.x86_64
- [root@python ~]# rpm -ivh mysql-community-libs-compat-8.0.11-1.el6.x86_64.rpm
warning: mysql-community-libs-compat-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-libs-co########################################### [100%]
- [root@python ~]# rpm -ivh mysql-community-server-8.0.11-1.el6.x86_64.rpm
- warning: mysql-community-server-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
- error: Failed dependencies:
- mysql-community-client(x86-64)>= 8.0.0 is needed by mysql-community-server-8.0.11-1.el6.x86_64
- [root@python ~]# rpm -ivh mysql-community-client-8.0.11-1.el6.x86_64.rpm
warning: mysql-community-client-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-client ########################################### [100%]
- [root@python ~]# rpm -ivh mysql-community-server-8.0.11-1.el6.x86_64.rpm
- warning: mysql-community-server-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-server ########################################### [100%]
- [root@python ~]# rpm -ivh mysql-community-devel-8.0.11-1.el6.x86_64.rpm
warning: mysql-community-devel-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ########################################### [100%]
- 1:mysql-community-devel ########################################### [100%]
- ^[[A[root@python ~]# rpm -ivh mysql-community-test-8.0.11-1.el6.x86_64.rpm
- warning: mysql-community-test-8.0.11-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
- error: Failed dependencies:
- perl(JSON) is needed by mysql-community-test-8.0.11-1.el6.x86_64
-- 懒的去装 perl 了, 因此测试套件就不装了.
三, 安装完毕后相关信息如下:
- [root@python ~]# mysql -V
- mysql Ver 8.0.11 for Linux on x86_64 (MySQL Community Server - GPL)
- [root@python ~]# ll /etc/init.d/mysqld
- -rwxr-xr-x 1 root root 7166 Apr 8 16:21 /etc/init.d/mysqld
- [root@python ~]# ll /etc/my.cnf -- 配置文件位置
- -rw-r--r-- 1 root root 1188 Apr 8 16:21 /etc/my.cnf
默认的 datadir 是在 / var/lib/mysql/, 可以通过修改 my.cnf 修改, 启动命令如下:
- [root@python ~]# service mysqld start
- Initializing MySQL database: [ OK ]
- Starting mysqld: [ OK ]
四, 发现没密码不能登录, 于是添加 skip-grant-tables 到 my.cnf, 重启进去重置密码
- mysql> alter user root@'localhost' identified by 'mysql';
- ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
- mysql> exit
- Bye
居然不能改... 于是:
- mysql> delete from mysql.user where user='root';
- Query OK, 1 row affected (0.10 sec)
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> create user root@'localhost' identified by 'mysql';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
还是不能改, 查看密码复杂度要求:
- mysql> show variables like '%pass%';
- +----------------------------------------------+-----------------+
- | Variable_name | Value |
- +----------------------------------------------+-----------------+
- | caching_sha2_password_auto_generate_rsa_keys | ON |
- | caching_sha2_password_private_key_path | private_key.pem |
- | caching_sha2_password_public_key_path | public_key.pem |
- | default_password_lifetime | 0 |
- | disconnect_on_expired_password | ON |
- | mysql_native_password_proxy_users | OFF |
- | password_history | 0 |
- | password_reuse_interval | 0 |
- | report_password | |
- | sha256_password_auto_generate_rsa_keys | ON |
- | sha256_password_private_key_path | private_key.pem |
- | sha256_password_proxy_users | OFF |
- | sha256_password_public_key_path | public_key.pem |
- | validate_password.check_user_name | ON |
- | validate_password.dictionary_file | |
- | validate_password.length | 8 |
- | validate_password.mixed_case_count | 1 |
- | validate_password.number_count | 1 |
- | validate_password.policy | MEDIUM |
- | validate_password.special_char_count | 1 |
- +----------------------------------------------+-----------------+
查看官网 https://dev.mysql.com/doc/refman/8.0/en/validate-password-options-variables.html#sysvar_validate_password.policy
发现此值有 3 个, 如下所示:
于是设置为 0, 然后将 validate_password.length 设置为 4, 表示最少需要 4 字符. 之所以设置为 4 是因为这个参数的值不能小于如下公式的计算结果:
- validate_password.number_count
- + validate_password.special_char_count
- + (2 * validate_password.mixed_case_count)
于是继续创建用户, MySQL8.0 取消了直接 grant 创建用户的语法, 只能先 create user 再 grant, 因此创建 root 如下:
- mysql> create user root@'localhost' identified by 'mysql';
- ERROR 1396 (HY000): Operation CREATE USER failed for 'root'@'localhost'
- mysql> FLUSH PRIVILEGES;
- Query OK, 0 rows affected (0.00 sec)
- mysql> create user root@'localhost' identified by 'mysql';
- ERROR 1396 (HY000): Operation CREATE USER failed for 'root'@'localhost'
尼玛... 什么玩意儿?
于是去逛了一圈 stackoverflow, 都说这是一个 BUG, 于是操作如下:
mysql> drop user root@'localhost'; -- 是的没错, 虽然没有 root@'localhost'用户, 但你还是要删一遍.
- Query OK, 0 rows affected (0.05 sec)
- mysql> FLUSH PRIVILEGES;
- Query OK, 0 rows affected (0.01 sec)
- mysql> create user root@'localhost' identified by 'mysql';
- Query OK, 0 rows affected (0.03 sec)
- mysql> grant all on *.* to root@'localhost' with grant option;
- Query OK, 0 rows affected (0.03 sec)
终于改完密码了... 去掉参数文件的 skip-grant-tables 参数, service mysqld restart 重启服务.
五, 终于设置好密码了, 建一个测试用户 leo, 然后尝试远程连接下吧:
$ mysql -uleo -pmysql -h192.168.1.193
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
我这 5.7 的 mysql 工具都连不上, 这就尴尬了, 查看认证相关参数:
- mysql> show variables like '%auth%';
- +-------------------------------+-----------------------+
- | Variable_name | Value |
- +-------------------------------+-----------------------+
- | default_authentication_plugin | caching_sha2_password |
- +-------------------------------+-----------------------+
- 1 row in set (0.02 sec)
查看官网发现此值的取值如下:
官网还说此值影响 create user 不显式指定 auth plugin 时密码的默认加密算法, 卧槽... 那岂不是说我之前创建的 leo 用户使用的是默认的 caching_sha2_password 认证, 查看一下:
- mysql> select user,host,plugin from mysql.user;
- +------------------+-----------+-----------------------+
- | user | host | plugin |
- +------------------+-----------+-----------------------+
- | leo | % | caching_sha2_password |
- | mysql.infoschema | localhost | mysql_native_password |
- | mysql.session | localhost | mysql_native_password |
- | mysql.sys | localhost | mysql_native_password |
- | root | localhost | caching_sha2_password |
- +------------------+-----------+-----------------------+
完了, 全 TM 完了......
显然不能直接 update plugin, 因为这可能导致加密的密码无法被正确解密, 你所有的密码都会变异, 因此除 root@'localhost'外全部删掉重建.
首先需要在 my.cnf 里添加: default_authentication_plugin=mysql_native_password, 然后 service mysqld restart 重启服务:
- mysql> drop user leo;
- Query OK, 0 rows affected (0.10 sec)
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> create user leo identified by 'mysql';
- Query OK, 0 rows affected (0.02 sec)
- mysql> grant all on *.* to leo;
- Query OK, 0 rows affected (0.08 sec)
- $mysql -V
- mysql Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine wrapper
- $ mysql -uleo -pmysql -h192.168.1.193
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
- Your MySQL connection id is 16
- Server version: 8.0.11 MySQL Community Server - GPL
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
- Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
- mysql>
至此远程连接正常.
来源: http://www.linuxidc.com/Linux/2018-05/152409.htm