mysql7后性能、安全性有所提高。默认启动mysqld后安全性大幅度上升,而且会产生随机root的密码。
安装
1.获取percona mysql5.7套件
wget https://www.percona.com/downloads/Percona-Server-5.7/Percona-Server-5.7.27-30/binary/redhat/7/x86_64/Percona-Server-5.7.27-30-r8916819-el7-x86_64-bundle.tar
tar xvf Percona-Server-5.7.27-30-r8916819-el7-x86_64-bundle.tar
rpm -ivh Percona-Server-server* Percona-Server-client* Percona-Server-dev*
### 初始化密码策略修改
1.获取初始化默认密码
密码获取方式
2019-09-02T02:47:23.330657Z 1 [Note] A temporary password is generated for root@localhost: 3fiyM7VWuF#t
或者通过journalctl查看
mysql> show processlist;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
设置密码提示必须修改默认密码以及安全策略限制不能设置简单密码
2.修改初始化密码
SET PASSWORD = PASSWORD('sklinux');
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
临时修改
set global validate_password_mixed_case_count=0;
set global validate_password_number_count=3;
set global validate_password_special_char_count=0;
set global validate_password_length=3;
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 3 |
| validate_password_mixed_case_count | 0 |
| validate_password_number_count | 3 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 0 |
+--------------------------------------+-------+
7 rows in set (0.01 sec)
关闭密码策略插件
validate_password=off
然后service mysqld restart或者systemctl restart mysqld.service重启mysqld,通过SHOW PLUGINS;即可看到密码验证的插件被停止了。
更改策略级别
更改密码策略为LOW set global validate_password_policy=0; 更改密码长度 set global validate_password_length=0; 如此即可随意设置密码
当然,我们还有一种办法,就是在最最开始的时候,不设置初始密码: 只需要在初始化时指定–initialize-insecure即可,比如:
mysqld --initialize-insecure \
--datadir=/var/lib/mysql \
--basedir=/usr \
--user=mysql
此时,SHOW VARIABLES LIKE ‘vali%’;也会为空,因为该插件没有被安装。
mysql5.7 for percona的一些配置示范
# Percona Server template configuration
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
explicit_defaults_for_timestamp=true
#sk
validate_password=off
max_allowed_packet = 1024M
#log_bin_trust_routine_creators = 1
sort_buffer_size = 16M
read_buffer_size = 16M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 128M
thread_cache_size = 8
query_cache_size= 32M
#default-character-set=utf8
#character_set_database=utf8
character-set-server=utf8
max_connections = 1024
max_connect_errors=256
back_log=500
skip-name-resolve
log_queries_not_using_indexes=1
slow_launch_time=1
slow_query_log_file=slow.log
expire_logs_days=7
performance_schema=1
log-bin=mysql-bin
server-id = 100
innodb_data_home_dir = /var/lib/mysql
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /var/lib/mysql
innodb_buffer_pool_size = 512M
innodb_log_file_size = 128M
innodb_log_buffer_size = 32M
innodb_flush_log_at_trx_commit = 0
innodb_lock_wait_timeout = 50
innodb_file_per_table=1
innodb_flush_method=O_DIRECT
[mysqldump]
quick
max_allowed_packet = 16M
#validate_password_mixed_case_count=0
#validate_password_number_count=3
#validate_password_special_char_count=0
#validate_password_length=3
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid