CentOS 更改 MySQL 5.7数据库存储位置及 SELinux 设置
MySQL 默认安装将 /var/lib/mysql 作为数据存储目录,可以通过登录 mysql 查看 datadir 变量的值,或者查看 /etc/my.cnf 文件查看: mysql> SHOW VARIABLES like 'datadir'; +---------------+--------------------+ | Variable_name | V
MySQL 默认安装将 /var/lib/mysql 作为数据存储目录,可以通过登录 mysql 查看 datadir 变量的值,或者查看 /etc/my.cnf 文件查看:
mysql> SHOW VARIABLES like 'datadir';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| datadir | /var/lib/mysql |
+---------------+--------------------+
1 row in set (0.01 sec)
查看 /etc/my.cnf:
[devalone@online ~]$ cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
更改数据库存储位置之前先停止 mysqld 服务:
[root@online devalone]# systemctl stop mysqld.service
1. 准备新的数据存储目录
-------------------------------------------------------------------------------------------------------------------------
首先在想要存储数据的位置创建新的数据库目录:
[root@online devalone]# mkdir /disk2T-2/mysqldb
[root@online devalone]# chown mysql:mysql /disk2T-2/mysqldb
将原来的数据库目录内容保留其原始属性拷贝到目标目录:
[root@online devalone]# cp -R -p /var/lib/mysql/* /disk2T-2/mysqldb/
2. 修改配置文件 /etc/my.cnf 将 datadir 指向新的数据存储目录
-------------------------------------------------------------------------------------------------------------------------
配置文件中修改两处内容:
# datadir=/var/lib/mysql
datadir=/disk2T-2/mysqldb
# socket=/var/lib/mysql/mysql.sock
socket=/disk2T-2/mysqldb/mysql.sock
3. 启动 mysqld 服务
-------------------------------------------------------------------------------------------------------------------------
[root@online devalone]# systemctl start mysqld.service
Job for mysqld.service failed because the control process exited with error code. See "systemctl status mysqld.service"
and "journalctl -xe" for details.
[root@online devalone]# systemctl status mysqld.service
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: activating (start-pre) since 五 2018-08-24 09:39:55 CST; 3ms ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 13276 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=1/FAILURE)
Main PID: 21547 (code=exited, status=0/SUCCESS); : 13511 ((_systemd))
Tasks: 0
CGroup: /system.slice/mysqld.service
└─control
└─13511 (_systemd)
8月 24 09:39:55 online.sansovo.org systemd[1]: Starting MySQL Server...
启动错误。
这是 SELinux 保护造成的结果:
4. 设置 SELinux
-------------------------------------------------------------------------------------------------------------------------
查看 SELinux 状态:
[root@online ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
SELinux 处于启动状态。
查看 /etc/selinux/config :
[root@online ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
SELINUX=enforcing,强制执行 SELinux。
查看原始数据库目录的 SELinux 设置:
[root@online ~]# sudo ls -Zl /var/lib/mysql
总用量 110660
-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 56 8月 16 15:37 auto.cnf
-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1679 8月 16 15:37 ca-key.pem
-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1107 8月 16 15:37 ca.pem
-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1107 8月 16 15:37 client-cert.pem
-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1679 8月 16 15:37 client-key.pem
-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 915 8月 24 09:43 ib_buffer_pool
-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 12582912 8月 24 09:43 ibdata1
-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 50331648 8月 24 09:43 ib_logfile0
-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 50331648 8月 16 15:37 ib_logfile1
drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql 4096 8月 16 15:37 mysql
drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql 8192 8月 16 15:37 performance_schema
-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1679 8月 16 15:37 private_key.pem
drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql 60 8月 20 16:31 proxy
-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 451 8月 16 15:37 public_key.pem
-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1107 8月 16 15:37 server-cert.pem
-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 1679 8月 16 15:37 server-key.pem
drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql 8192 8月 16 15:37 sys
查看新的数据库目录的 SELinux 设置:
[root@online ~]# sudo ls -Zl /disk2T-2/mysqldb/
总用量 122952
-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 56 8月 16 15:37 auto.cnf
-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1679 8月 16 15:37 ca-key.pem
-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1107 8月 16 15:37 ca.pem
-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1107 8月 16 15:37 client-cert.pem
-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1679 8月 16 15:37 client-key.pem
-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1346 8月 24 09:29 ib_buffer_pool
-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 12582912 8月 24 09:51 ibdata1
-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 50331648 8月 24 09:51 ib_logfile0
-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 50331648 8月 16 15:37 ib_logfile1
-rw-r-----. 1 system_u:object_r:default_t:s0 mysql mysql 12582912 8月 24 09:51 ibtmp1
drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 4096 8月 16 15:37 mysql
srwxrwxrwx. 1 system_u:object_r:default_t:s0 mysql mysql 0 8月 24 09:51 mysql.sock
-rw-------. 1 system_u:object_r:default_t:s0 mysql mysql 5 8月 24 09:51 mysql.sock.lock
drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 8192 8月 16 15:37 performance_schema
-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1679 8月 16 15:37 private_key.pem
drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 60 8月 20 16:31 proxy
-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 451 8月 16 15:37 public_key.pem
-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1107 8月 16 15:37 server-cert.pem
-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 1679 8月 16 15:37 server-key.pem
drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 8192 8月 16 15:37 sys
差别很大。
有人认为直接将 SELINUX 设为 disabled 来启动 mysqld 服务。
这的确可以成功启动 mysqld.service,但本人不建议这样做,原因不言自明。
可以使用简单的方法将新的数据库目录设置为与默认目录完全一样的 SELinux 设置:
[root@online ~]# chcon -R --reference=/var/lib/mysql /disk2T-2/mysqldb
再次查看新的数据库目录的 SELinux 设置:
[root@online ~]# ll -Z /disk2T-2/mysqldb
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 auto.cnf
-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 ca-key.pem
-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 ca.pem
-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 client-cert.pem
-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 client-key.pem
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_buffer_pool
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ibdata1
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_logfile0
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_logfile1
-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ibtmp1
drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql
srwxrwxrwx. mysql mysql system_u:object_r:mysqld_var_run_t:s0 mysql.sock
-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.sock.lock
drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 performance_schema
-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 private_key.pem
drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 proxy
-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 public_key.pem
-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 server-cert.pem
-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 server-key.pem
drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 sys
再次启动 mysqld 服务:
[root@online ~]# systemctl start mysqld.service
[root@online ~]# systemctl status mysqld.service
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2018-08-24 10:50:03 CST; 1min 5s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 6827 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 6491 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 6831 (mysqld)
Tasks: 27
CGroup: /system.slice/mysqld.service
└─6831 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
8月 24 10:50:01 online.sansovo.org systemd[1]: Starting MySQL Server...
8月 24 10:50:03 online.sansovo.org systemd[1]: Started MySQL Server.
OK. 成功启动
另一种方法是单独设置新目录内每一个文件的 SELinux 设置,例如:
[root@online ~]# chcon -R -t mysqld_db_t -u system_u -r object_r /disk2T-2/mysqldb
...
这种方法也可以完成新目录的设置,但太繁琐,每一个文件都需要对照原始目录内的设置,中间也可能出现错误,因此不建议使用。
更多推荐
所有评论(0)