SSL Setup
The SSL setup is valid since MySQL 5.7.6 :
shell> bin/mysql_ssl_rsa_setup –datadir=/var/lib/mysql/
As a reminder, now, the current folder is /usr/local/mysql/
Here is what the command execution must return :
shell> bin/mysql_ssl_rsa_setup –datadir=/var/lib/mysql/ Generating a 2048 bit RSA private key
……………………………………………………………..+++
………………………..+++
writing new private key to ‘ca-key.pem’
—–
Generating a 2048 bit RSA private key
….+++ ………………………………………………………………………………………………………………………………………….+++
writing new private key to ‘server-key.pem’
—–
Generating a 2048 bit RSA private key
…………………+++
……….+++
Mysql service running and testing
To run the service, do as follow :
shell> bin/mysqld_safe –user=mysql &
The administrator feels a legitimate satisfaction when the following message finally appears :
shell> bin/mysql -u root -p
Enter password :
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version : 5.7.9
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement. mysql>
Changing the root password is required, regardless of the command :
mysql> show databases;
ERROR 1820 (HY000) : You must reset your password using ALTER USER statement before executing this statement.
Changing password can be done as follow :
mysql> SET password = password(‘mynewpasswd’);
Query OK, 0 rows affected, 1 warning (0.00 sec)
However, the SET PASSWORD command is deprecated since MySQL 5.7.6, it is best to get used to the ALTER USER command :
mysql> ALTER USER root@localhost IDENTIFIED BY ‘mynewpasswd’;
Mysql service autorun
For an easier way to manage the service, it is advisable to copy the mysql.server script in /etc/init.d/ :
shell> cp support-files/mysql.server /etc/init.d/mysql. server
Thus, MySQL can be administered by the service command (start, stop, restart, reload…).
A symbolic link creation is also required to allow the eponymous command to run the service :
shell> ln -s /usr/local/mysql/bin/mysqld_safe /usr/bin/ mysqld_safe
To automate the MySQL run at system startup, use the command :
shell> update-rc.d mysql defaults
To include binary and other MySQL scripts in the PATH system, we have to create the /etc/profile.d/mysql.sh files :
shell> vi /etc/profile.d/mysql.sh
It is filled with the following lines :
#!/bin/bash
if ! echo ${PATH} | /bin/grep -q /usr/local/mysql/bin ;
then
PATH=/usr/local/mysql/bin :${PATH}
fi
Type this for an immediate consideration :
shell> source /etc/profile.d/mysql.sh
The consideration is effective and can be verified with the following command :
shell> echo $PATH
Configuration
At this stage of the installation, the remote access is not allowed because the MySQL port only listens to the local IP address
Minimum configuration for remote access
This paragraph describes the implementation of a minimum, almost minimalist configuration for the network operation. The first step is to modify the bind-address clause in the my.cnf file :
bind-address = 127.0.0.1
For remote access, 127.0.0.1 should be replaced by the public server address :
bind-address = aa.bbb.cc.ddd # Server Ip address
Then, it is necessary to create an user allowed to access the server from an IP address or an IP address range.
GRANT ALL PRIVILEGES ON . TO ‘root’@’%mondomaine’;
FLUSH PRIVILEGES;
The administrator adapts to its needs by limiting the authorized IP addresses and the accorded privileges to the strict necessary.
Conclusion
This chapter presents the evolution of MySQL 5.7, its architecture and the main engines available. Detailed installation of MySQL also described in these lines has resulted in a MySQL 5.7 operational service, often used for the examples presented in the course of this work.