构建基于RHEL8系列(CentOS8,AlmaLinux8,RockyLinux8等)的MySQL8.0.32的RPM包

本文适用:rhel8系列,或同类系统(CentOS8,AlmaLinux8,RockyLinux8等)
文档形成时期:2023年
因系统版本不同,构建部署应略有差异,但本文未做细分,对稍有经验者应不存在明显障碍。
因软件世界之复杂和个人能力之限,难免疏漏和错误,欢迎指正。

文章目录

  • 背景
  • 环境准备
  • 准备工作
  • mysql-8.0.32-el8.spec内容
  • 文件位置
  • 构建
  • 安装和卸载
  • 目标服务器其他配置参考
    • 启动MySQL服务
    • 查看默认的配置路径和变量来源
    • 安全配置
    • 修改密码简要示例
    • 安装密码策略控制的安全组件

背景

不同时期因各种原因经常产生部署LNMP环境的需求,某些场景下需要自定义软件,比如参数、模块、安装路径,或多个版本共存,不能采用Docker等容器环境,采用自主构建RPM包便成了比较快捷的方式之一。
在网上几乎没有发现有基于RHEL8系列自主构建MySQL8的RPM包,采用DNF安装的比较多,实践之后特地分享于众,欢迎指正或探讨。

环境准备

yum install rpmdevtools
#创建目录
rpmdev-setuptree
#或手动创建目录:

mkdir rpmbuild-mysql-8.0.32; cd rpmbuild-mysql-8.0.32
mkdir -p ./{BUILD,RPMS,SOURCES,SPECS,SRPMS}

准备工作

准备好mysql-boost-8.0.32.tar.gz,官网下载:https://downloads.mysql.com/archives/community/,它包含mysql-8.0.32.tar.gz的所有文件,并多出boost。
准备好my.cnf,配置建议参考生产环境的常用配置,做成一个比较通用的;
示例:

[client]
port=3306
socket=/opt/mysql8/tmp/mysql.sock

[mysqld]
user=mysql
# skip-symbolic-links或symbolic-links=0不再建议被使用
# symbolic-links=0
# skip-grant-tables
# mysql8.0.32推荐使用authentication_policy代替原default_authentication_plugin
authentication_policy=mysql_native_password
port=3306
socket=/opt/mysql8/tmp/mysql.sock
pid-file=/opt/mysql8/tmp/mysqld.pid
basedir=/opt/mysql8
datadir=/opt/mysql8/data
tmpdir=/opt/mysql8/tmp


### 密码复杂度控制参数开始 ###
# mysql启用密码复杂度控制
# 密码复杂度这部分以插件的方式安装配置,在mysql8能用,但官方推荐mysql8改为组件,将来会弃用插件的方式。
# 先在mysql终端里启用组件,
# UNINSTALL COMPONENT 'file://component_validate_password';
# INSTALL COMPONENT 'file://component_validate_password';
# SELECT * FROM mysql.component;
# SET GLOBAL validate_password.check_user_name=ON;
# SET GLOBAL validate_password.dictionary_file="";
# SET GLOBAL validate_password.length=8;
# SET GLOBAL validate_password.mixed_case_count=1;
# SET GLOBAL validate_password.number_count=1;
# SET GLOBAL validate_password.policy=1;
# SET GLOBAL validate_password.special_char_count=0;
# SHOW GLOBAL VARIABLES LIKE 'validate_password%';

#然后可在my.cnf中启用相应的配置(命令行中未启用密码验证组件前,启用下面的配置会报错,应该先启用后再取消下面配置的注释):
##plugin-load=validate_password.so # mysql5.7和mysql8均可用,但mysql8提示将弃用
##validate-password=FORCE_PLUS_PERMANENT # mysql8不支持
# validate_password.policy=1


# 检查用户名
# validate_password.check_user_name=ON

# 密码策略文件,策略为STRONG才需要 
# validate_password.dictionary_file=

# 密码最少长度 
# validate_password.length=8

# 大小写字符长度,各至少1个,共至少2个
# validate_password.mixed_case_count=1

# 数字至少1个
# validate_password.number_count=1

# 特殊字符至少1个上述参数是默认策略MEDIUM的密码检查规则。
# validate_password.special_char_count=0
### 密码复杂度控制参数结束 ###


ft_min_word_len=4
event_scheduler=1
max_allowed_packet=128M
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci

explicit_defaults_for_timestamp=true

#skip-networking
wait_timeout=1800
interactive_timeout=1800
open_files_limit=65535
back_log=512
connect-timeout=300
net_write_timeout=300
net_read_timeout=300
max_connections=5000
max_connect_errors=64

table_open_cache=2048
table_definition_cache=2048
max_heap_table_size=128M
tmp_table_size=128M
sort_buffer_size=32M
join_buffer_size=32M
thread_cache_size=1024
#query_cache_size=128M
#query_cache_limit=8M
#query_cache_min_res_unit=4k
thread_stack=192K
read_buffer_size=16M
read_rnd_buffer_size=8M
bulk_insert_buffer_size=64M

#external-locking
default-storage-engine=innodb
log-error=/opt/mysql8/var/error.log
#log_warnings=2
log_error_verbosity=2
slow-query-log
slow-query-log-file=/opt/mysql8/var/slow.log
log_slow_admin_statements
long_query_time=5
log-queries-not-using-indexes=0

#server-id=1
#binlog_format=ROW
#log-bin=/opt/mysql8/var/mysql-bin
#binlog_cache_size=512M
#max_binlog_cache_size=2G
#max_binlog_size=1G
#expire_logs_days=7
#relay-log-purge=1
#sync_binlog=0

#binlog-ignore-db=mysql
binlog-ignore-db=information_schema
binlog-ignore-db=performance_schema

key_buffer_size=128M
myisam_sort_buffer_size=128M
# mysql8.0.33不支持myisam_repair_threads
#myisam_repair_threads=1
myisam-recover-options
# docker容器中初始化时使用lower_case_table_names=1会报错:The designated data directory /var/lib/mysql/ is unusable
lower_case_table_names=1
skip-name-resolve
myisam_max_sort_file_size=4G



### innodb配置 ###
innodb_buffer_pool_size=1024M
innodb_data_file_path=ibdata1:128M:autoextend
innodb_file_per_table=1
innodb_write_io_threads=4
innodb_read_io_threads=4
innodb_thread_concurrency=0
innodb_flush_log_at_trx_commit=2
innodb_log_buffer_size=128M

# 8.0.30之后,innodb_log_file_size and/or innodb_log_files_in_group提示将弃用,改用innodb_redo_log_capacity
#innodb_log_file_size=32M
#innodb_log_files_in_group=2
innodb_redo_log_capacity=128MB

innodb_max_dirty_pages_pct=85
innodb_rollback_on_timeout
innodb_status_file=1
innodb_io_capacity=800
transaction_isolation=READ-COMMITTED
innodb_flush_method=O_DIRECT
#innodb_file_format=Barracuda
innodb_use_native_aio=1
innodb_lock_wait_timeout=120



[mysqldump]
quick
max_allowed_packet=128M
column-statistics=0


[mysql]
no-auto-rehash
#safe-updates
prompt="\\u@\\h: \\d \\R:\\m:\\s>"


[myisamchk]
key_buffer_size=32M
sort_buffer_size=32M
#read_buffer=8M
#write_buffer=8M


[mysqlhotcopy]
interactive-timeout


[mysqld_safe]
open-files-limit=8192
log-error=/opt/mysql8/var/error.log
pid-file=/opt/mysql8/tmp/mysqld.pid

mysql-8.0.32-el8.spec内容

Name:           mysql
Version:        8.0.32
Release:        custom%{?dist}
Summary:        www.mysql.com

Group:          Applications/Databases
License:        GPLv3+
URL:            https://www.mysql.com
Source0:        mysql-boost-8.0.32.tar.gz

BuildRequires:  gcc
#Requires:


%define debug_package %{nil}
%define _prefix  /opt/mysql8
Prefix:     %{_prefix}


%description


%prep
%setup -q

%build
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-DMYSQL_UNIX_ADDR=%{_prefix}/tmp/mysql.sock \
-DSYSCONFDIR=%{_prefix}/etc \
-DSYSTEMD_PID_DIR=%{_prefix} \
-DDEFAULT_charset=utf8mb4 \
-DDEFAULT_COLLATION=utf8mb4_unicode_ci \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_INNODB_MEMCACHED=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_SSL=system -DWITH_READLINE=on \
-DMYSQL_DATADIR=%{_prefix}/data \
-DWITH_BOOST=./boost -DWITH_SYSTEMD=1 \
-DFORCE_INSOURCE_BUILD=1 \
-DENABLED_PROFILING=ON \
-DMYSQL_TCP_PORT=3306 \
-DWITH_ZLIB=bundled \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_MAINTAINER_MODE=OFF \
-DWITH_DEBUG=OFF


make %{?_smp_mflags}




#
# Installation section
#
%install
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
make install DESTDIR=%{buildroot}

%__install -c -d -m 755 "%{buildroot}%{_prefix}/etc"
cp -f %_sourcedir/my.cnf "%{buildroot}%{_prefix}/etc/"





#
# Clean section
#

%clean
[ %{buildroot} != "/" ] && rm -rf "%{buildroot}"





%files
%{_prefix}
%doc
#/usr/lib/systemd/system/mysqld.service # 因为mysqld.service是安装后产生的,所以这里暂时不写,不然构建会报错






#安装后执行的命令
%post
if [ $1 == 1 ];then
    mv /etc/my.cnf /etc/my.cnf.bak-`date +"%Y%m%d-%H%M%S"`
    cat /dev/null > /etc/my.cnf
    chattr +i /etc/my.cnf

    sed -i '/PATH=/s/PATH=*/PATH=\/opt\/mysql8\/bin:/' ~/.bash_profile  # rhel7 rhel8
    source ~/.bash_profile

    groupadd mysql -g 318
    useradd -s /sbin/nologin -M mysql -u 318 -g 318
    mkdir /home/mysql
    chown mysql:mysql /home/mysql

    mkdir /opt/mysql8/{tmp,var,data}; chown mysql:mysql -R /opt/mysql8/{tmp,var,data}
    chown mysql:mysql /opt/mysql8/etc/my.cnf

    sed '1i\/opt\/mysql8\/lib' /etc/ld.so.conf
    ldconfig
    #或
    ln -s /opt/mysql8/lib/libmysqlclient.so.21 /usr/lib/libmysqlclient.so.21
    
    cp /opt/mysql8/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
    systemctl daemon-reload
    systemctl enable mysqld

    mysqld --initialize-insecure

    echo "------------------------------------------------------------------------------------------------------------"
    echo -e  "|  \033[32mInitialization is complete.\033[0m"
    echo "------------------------------------------------------------------------------------------------------------"
fi

 



#卸载前执行的命令
%preun
if [ "$1" = 0 ]
then
    systemctl disable mysqld
    systemctl stop mysqld
    # userdel -r mysql
    cp -r %{_prefix}/etc /opt/mysql8_my.cnf.rpmsave-`date +"%Y%m%d-%H%M%S"`
fi





#卸载后执行的命令
%postun
if [ "$1" = 0 ]
then
    systemctl disable mysqld
    rm -f /usr/lib/systemd/system/mysqld.service
    rm -rf /opt/mysql8
    echo "%{name}-%{version}-%{release} uninstalled."
fi





%changelog
* Sat Dec 16 2023 N
- For the first time, Custom made MySQL8.0.32 in AlmaLinux8.8.

说明:

  • RPM包安装后会完成初始化,使用空密码,请务必配置好root权限;
  • 卸载时会把配置追加时间后缀保存在/opt,会清理/opt/mysql8,其包含数据库文件,请务必谨慎。

文件位置

文件位置参考MySQL8.0.32构建后的目录树:
构建基于RHEL8系列(CentOS8,AlmaLinux8,RockyLinux8等)的MySQL8.0.32的RPM包_第1张图片

构建

rpmbuild --define "_topdir `pwd`" --nodebuginfo -ba SPECS/mysql-8.0.32-el8.spec

构建时间:在一台4核8G的机子上,构建了71分钟。

构建成功的包如下:
mysql-8.0.32-custom.el8.x86_64.rpm

安装和卸载

dnf localinstall mysql-8.0.32-custom.el8.x86_64.rpm
dnf remove mysql-8.0.32-custom.el8.x86_64

目标服务器其他配置参考

启动MySQL服务

systemctl enable mysqld
systemctl start mysqld

查看默认的配置路径和变量来源

mysqld --verbose --help| grep -A 1 "Default options"

要注意,mysql运行用户要能读取到my.cnf,如果系统umask配置的027,就要注意了,实践中就遇到了这个问题,排查了好久才知晓。

-- 查看变量来源
SELECT t1.*, VARIABLE_VALUE 
       FROM performance_schema.variables_info t1 
       JOIN performance_schema.global_variables t2 
         ON t2.VARIABLE_NAME=t1.VARIABLE_NAME
      WHERE t1.VARIABLE_NAME LIKE 'lower_case_table_names'\G

安全配置

mysql_secure_installation

修改密码简要示例

以下是相关命令:[请参考官网的示例]

-- 修改root用户密码时,用root用户登陆后设置:
set password="pass";
CREATE USER "root"@"%" IDENTIFIED BY "pass";
GRANT ALL PRIVILEGES ON *.* TO "root"@"%" WITH GRANT OPTION;

CREATE USER ""@"%" IDENTIFIED WITH mysql_native_password BY "";
GRANT Alter, Alter Routine, Create, Create Routine, Create Temporary Tables, Create View, Delete, Drop, Event, Execute, Index, Insert, Lock Tables, References, Select, Show View, Trigger, Update ON ``.* TO ``@`%`;

FLUSH PRIVILEGES;
SELECT host,user,authentication_string FROM mysql.user ORDER BY user;

安装密码策略控制的安全组件

UNINSTALL COMPONENT 'file://component_validate_password';
INSTALL COMPONENT 'file://component_validate_password';
SELECT * FROM mysql.component;
SET GLOBAL validate_password.check_user_name=ON;
SET GLOBAL validate_password.dictionary_file="";
SET GLOBAL validate_password.length=12;
SET GLOBAL validate_password.mixed_case_count=1;
SET GLOBAL validate_password.number_count=1;
SET GLOBAL validate_password.policy=1;
SET GLOBAL validate_password.special_char_count=1;
SHOW GLOBAL VARIABLES LIKE 'validate_password%';

你可能感兴趣的:(#,RPM包构建,mysql,软件构建,运维)