Install MySQL Community Server on CentOS 8
Published Jan 14, 2020 • 5 min read • 0 commentsTags: linux centos mysql

Overview
CentOS distributes MariaDB 10.3, a drop-in replacement for MySQL Server 5.7. If you require MySQL 8, there are a few new steps on CentOS 8 that differ from past versions.
All steps should be performed as the root user.
sudo su
Code snippets that start with a # prompt contain sample output and should not be copied verbatim.
Adding the MySQL repository
Start by downloading the GPG key and saving it in /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql https://repo.mysql.com/RPM-GPG-KEY-mysql
Next, create a repo file in /etc/yum/repos.d/ and copy the following content.
File: /etc/yum.repos.d/mysql-community.repo
[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
Installing MySQL
Ordinarily, you should be able to proceed to install packages from the newly added repository, but the MySQL installation will fail.
# dnf -y install mysql-community-server
MySQL 8.0 Community Server
Last metadata expiration check: 0:00:01 ago...
No match for argument: mysql-community-server
Error: Unable to find a match
If you visit http://repo.mysql.com/yum/mysql-8.0-community/el/8/x86_64/, the baseurl option in the repo file where $releasever is 8 and $basearch is x86_64, you should clearly see the mysql-community-server rpm is present.
CentOS 8 includes a MySQL module that masks packages from MySQL repositories by default. Disable the module with the following command.
dnf -y module disable mysql
Then proceed to install MySQL packages which include the MySQL client and utilities.
dnf -y install mysql-community-server
Configuring MySQL
Starting the server
Start the server with following command
systemctl start mysqld
and optionally configure it to start at system boot.
systemctl enable mysqld
Securing MySQL
When MySQL server starts for the first time, it:
- installs and enables the validate_password plugin,
- creates a temporary, one-time password for the root user,
- and saves it in the the error log defined in /etc/my.cnf
The entry in the log file should look something like this.
# grep password /var/log/mysqld.log
[Note] [MY-010454] [Server] A temporary password is generated for root@localhost: Ypg4hN:KaxOu
Find the password in /var/log/mysqld.log
grep password /var/log/mysqld.log | awk '{print $NF}'
and proceed to set up MySQL server where you'll be required to change it. The default password validation setting is MEDIUM which will require a minimum length of 8 characters, and at least one of each character type: lowercase letter, uppercase letter, number, and symbol.
mysql_secure_installation
There's a GOTCHA in the setup. Older versions of MySQL didn't require a root password and the setup process asked if you wanted to set one. Since MySQL 8 assigns a temporary default password, you're immediately required to change it. You'll then be prompted by the setup if you want to change it again. It's an unnecessary step and can be safely skipped.
# mysql_secure_installation
Securing the MySQL server deployment.
Enter password for user root:
The existing password for the user account root has expired. Please set a new password.
New password:
Re-enter new password:
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.
Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n
... skipping.
You should likely answer yes to the next four questions which will immediately remove potential vulnerabilities from the default installation:
- Remove anonymous users?
- Disallow root login remotely?
- Remove test database and access to it?
- Reload privilege tables now?
MySQL Community Server is now ready to go.
Additional Notes
Best practice dictates to keep the password validation settings as is for a more secured system. If they're too strict (perhaps this is a development environment), you can view and update the settings after logging in.
# mysql -uroot -Ap
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Server version: 8.0.19 MySQL Community Server - GPL
...
mysql> show variables like '%validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.01 sec)
mysql> SET GLOBAL validate_password.policy='LOW';
Query OK, 0 rows affected (0.00 sec)
mysql> ALTER USER root@localhost IDENTIFIED BY 'password1';
Query OK, 0 rows affected (0.00 sec)
By default, MySQL 8 uses the caching_sha2_password plugin for authentication which many clients do not yet support. If you have an older application that cannot connect to the database you can update the authentication method on a per-user basis.
mysql> ALTER USER root@localhost IDENTIFIED WITH mysql_native_password BY 'password1';
Query OK, 0 rows affected (0.00 sec)