Install MySQL Community Server on CentOS 8

Published Jan 14, 20205 min read 0 comments

Tags: linux centos mysql

Overview

CentOS distributes MariaDB 10.3, a drop-in replacement for MySQL Server 5.7. If you require MySQL 8, there are a few new steps on CentOS 8 that differ from past versions.

All steps should be performed as the root user.

sudo su

Code snippets that start with a # prompt contain sample output and should not be copied verbatim.

Adding the MySQL repository

Start by downloading the GPG key and saving it in /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql 

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql https://repo.mysql.com/RPM-GPG-KEY-mysql

Next, create a repo file in /etc/yum/repos.d/ and copy the following content.

File: /etc/yum.repos.d/mysql-community.repo

[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

Installing MySQL

Ordinarily, you should be able to proceed to install packages from the newly added repository, but the MySQL installation will fail.

# dnf -y install mysql-community-server                        
MySQL 8.0 Community Server
Last metadata expiration check: 0:00:01 ago...
No match for argument: mysql-community-server
Error: Unable to find a match

If you visit http://repo.mysql.com/yum/mysql-8.0-community/el/8/x86_64/, the baseurl option in the repo file where $releasever is 8 and $basearch is x86_64, you should clearly see the mysql-community-server rpm is present.

CentOS 8 includes a MySQL module that masks packages from MySQL repositories by default. Disable the module with the following command.

dnf -y module disable mysql

Then proceed to install MySQL packages which include the MySQL client and utilities.

dnf -y install mysql-community-server

Configuring MySQL

Starting the server

Start the server with following command

systemctl start mysqld

and optionally configure it to start at system boot.

systemctl enable mysqld
Securing MySQL

When MySQL server starts for the first time, it:

  • installs and enables the validate_password plugin,
  • creates a temporary, one-time password for the root user,
  • and saves it in the the error log defined in /etc/my.cnf

The entry in the log file should look something like this.

# grep password /var/log/mysqld.log
[Note] [MY-010454] [Server] A temporary password is generated for root@localhost: Ypg4hN:KaxOu

Find the password in /var/log/mysqld.log

grep password /var/log/mysqld.log | awk '{print $NF}'

and proceed to set up MySQL server where you'll be required to change it. The default password validation setting is MEDIUM which will require a minimum length of 8 characters, and at least one of each character type: lowercase letter, uppercase letter, number, and symbol.

mysql_secure_installation

There's a GOTCHA in the setup. Older versions of MySQL didn't require a root password and the setup process asked if you wanted to set one. Since MySQL 8 assigns a temporary default password, you're immediately required to change it. You'll then be prompted by the setup if you want to change it again. It's an unnecessary step and can be safely skipped.

# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:

The existing password for the user account root has expired. Please set a new password.

New password:
Re-enter new password:

The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n

 ... skipping.

You should likely answer yes to the next four questions which will immediately remove potential vulnerabilities from the default installation:

  • Remove anonymous users?
  • Disallow root login remotely?
  • Remove test database and access to it?
  • Reload privilege tables now?

MySQL Community Server is now ready to go.

Additional Notes

Best practice dictates to keep the password validation settings as is for a more secured system. If they're too strict (perhaps this is a development environment), you can view and update the settings after logging in.

# mysql -uroot -Ap
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Server version: 8.0.19 MySQL Community Server - GPL
...
mysql> show variables like '%validate%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.01 sec)

mysql> SET GLOBAL validate_password.policy='LOW';
Query OK, 0 rows affected (0.00 sec)

mysql> ALTER USER root@localhost IDENTIFIED BY 'password1';
Query OK, 0 rows affected (0.00 sec)

By default, MySQL 8 uses the caching_sha2_password plugin for authentication which many clients do not yet support. If you have an older application that cannot connect to the database you can update the authentication method on a per-user basis.

mysql> ALTER USER root@localhost IDENTIFIED WITH mysql_native_password BY 'password1';
Query OK, 0 rows affected (0.00 sec)
Newer Older
More Articles
How to enable HAProxy logs on CentOS 8
How to enable HAProxy logs on CentOS 8
Jan 6, 2020
Where does MariaDB save output from SELECT INTO OUTFILE on CentOS 8?
Where does MariaDB save output from SELECT INTO OUTFILE on CentOS 8?
Feb 1, 2020
Copyright © 2017-2023   Mark Brody | Blog