18.2 初始化mariaDB服务
相较于MySQL,MariaDB数据库管理系统有了很多新鲜的扩展特性,例如对微秒级别的支持、线程池、子查询优化、进程报告等。在配置妥当Yum软件仓库后,即可安装部署MariaDB数据库主程序及服务端程序了。
在安装完毕后,记得启动服务程序,并将其加入到开机启动项中。
[root@linuxprobe ~]# yum install mariadb mariadb-server
Loaded plugins: langpacks, product-id, subscription-manager
………………省略部分输出信息………………
Installing:
mariadb x86_64 1:5.5.35-3.el7 rhel 8.9 M
mariadb-server x86_64 1:5.5.35-3.el7 rhel 11 M
Installing for dependencies:
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 rhel 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 rhel 57 k
perl-DBD-MySQL x86_64 4.023-5.el7 rhel 140 k
perl-DBI x86_64 1.627-4.el7 rhel 802 k
perl-Data-Dumper x86_64 2.145-3.el7 rhel 47 k
perl-IO-Compress noarch 2.061-2.el7 rhel 260 k
perl-Net-Daemon noarch 0.48-5.el7 rhel 51 k
perl-PlRPC noarch 0.2020-14.el7 rhel 36 k
Transaction Summary
================================================================================
Install 2 Packages (+8 Dependent packages)
Total download size: 21 M
Installed size: 107 M
Is this ok [y/d/N]: y
Downloading packages:
--------------------------------------------------------------------------------
Total 82 MB/s | 21 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
………………省略部分输出信息………………
Installed:
mariadb.x86_64 1:5.5.35-3.el7 mariadb-server.x86_64 1:5.5.35-3.el7
Dependency Installed:
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBD-MySQL.x86_64 0:4.023-5.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
Complete!
[root@linuxprobe ~]# systemctl start mariadb
[root@linuxprobe ~]# systemctl enable mariadb
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
在确认MariaDB数据库软件程序安装完毕并成功启动后请不要立即使用。为了确保数据库的安全性和正常运转,需要先对数据库程序进行初始化操作。这个初始化操作涉及下面5个步骤。
设置root管理员在数据库中的密码值(注意,该密码并非root管理员在系统中的密码,这里的密码值默认应该为空,可直接按回车键)。 设置root管理员在数据库中的专有密码。 随后删除匿名账户,并使用root管理员从远程登录数据库,以确保数据库上运行的业务的安全性。 删除默认的测试数据库,取消测试数据库的一系列访问权限。 刷新授权列表,让初始化的设定立即生效。 对于上述数据库初始化的操作步骤,刘遄老师已经在下面的输出信息旁边进行了简单注释,确保各位读者更直观地了解要输入的内容:
[root@linuxprobe ~]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): 当前数据库密码为空,直接按回车键
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:输入要为root管理员设置的数据库密码
Re-enter new password:再次输入密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y(删除匿名账户)
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y(禁止root管理员从远程登录)
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y(删除test数据库并取消对它的访问权限)
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y(刷新授权表,让初始化后的设定立即生效)
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
在很多生产环境中都需要使用站库分离的技术(即网站和数据库不在同一个服务器上),如果需要让root管理员远程访问数据库,可在上面的初始化操作中设置策略,以允许root管理员从远程访问。然后还需要设置防火墙,使其放行对数据库服务程序的访问请求,数据库服务程序默认会占用3306端口,在防火墙策略中服务名称统一叫作mysql:
[root@linuxprobe ~]# firewall-cmd --permanent --add-service=mysql
success
[root@linuxprobe ~]# firewall-cmd --reload
success
一切准备就绪。现在我们将首次登录MariaDB数据库。其中,-u参数用来指定以root管理员的身份登录,而-p参数用来验证该用户在数据库中的密码值。
[root@linuxprobe ~]# mysql -u root -p
Enter password: 此处输入root管理员在数据库中的密码
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
在登录MariaDB数据库后执行数据库命令时,都需要在命令后面用分号(;)结尾,这也是与Linux命令最显著的区别。大家需要慢慢习惯数据库命令的这种设定。下面执行如下命令查看数据库管理系统中当前都有哪些数据库:
MariaDB [(none)]> SHOW databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.01 sec)
小试牛刀过后,接下来使用数据库命令将root管理员在数据库管理系统中的密码值修改为linuxprobe。这样退出后再尝试登录,如果还坚持输入原先的密码,则将提示访问失败。
MariaDB [(none)]> SET password = PASSWORD('linuxprobe');
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@linuxprobe ~]# mysql -u root -p
Enter password:此处输入root管理员在数据库中的新密码
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
更多建议: