Infrastructure Design and Build

Database

MySQL Installation Guide

Version 1.0
Last Updated: 4/25/2018

Blue Cross and Blue Shield of Illinois, Blue Cross and Blue Shield of Montana,
Blue Cross and Blue Shield of New Mexico, Blue Shield of Oklahoma, and Blue Cross and Blue Shield of Texas
Divisions of Health Care Service Corporation, a Mutual Legal Reserve Company, an Independent Licensee of the Blue
Cross and Blue Shield Association.
 DBMS Roles & Responsibilities for No Excuses

TABLE OF CONTENTS
Revision History ............................................................................................................................ 1
1 Purpose .............................................................................................................................. 2
2 Overview ............................................................................................................................ 2
3 Prerequisites ..................................................................................................................... 2
3.1 Security requests .............................................................................................................................. 2
3.2 MySQL software ............................................................................................................................... 3
4 Implementation ................................................................................................................. 3
4.1 Prep/verify system environment ....................................................................................................... 3
4.2 Check for existing DBMSs ................................................................................................................ 4
4.3 Install MySQL DBMS ........................................................................................................................ 5
4.4 Start the MySQL service (mysqld) .................................................................................................... 5
4.5 Secure the installation ...................................................................................................................... 7
4.6 Verify installation ............................................................................................................................... 8
Appendix A – MySQL Install Output ........................................................................................... 9
Appendix B - mysql_secure_installation Output .................................................................... 11

Version 1.0 i Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

Figures
No table of figures entries found.

Tables
No table of figures entries found.

Version 1.0 ii Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

Revision History
Version Date Description Modified by
1.0 4/25/2018 Initial draft document. Fish Pierce

Version 1.0 1 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

1 Purpose
This document describes the actions to install MySQL on a Linux system..

2 Overview

• Why are we capturing these details?

This is part of the MySQL support documentation.
• Where will it be used?
It will be used by DBAs installing and supporting MySQL.
• What is the objective?
Provide DBAs with a consistent and proven approach to installing MySQL on HCSC
Linux-based servers.
• Will other team’s use this document?
This version is primarily meant for use by the DBMS services team. This is a “living”
document, which is at the “birth” stage of maturity. I expect the document to mature and
evolve as it is used.

3 Prerequisites
Installing MySQL will require certain items to be in place prior to implementation time. Due
to the time needed to submit requests and obtain approvals, the prerequisites should be
started at least 2 weeks prior to the install.

3.1 Security requests

1. ‘mysql’ id
a. Create IIQ request to provision ‘mysql’ ID on server(s)
b. Request Powerbroker access for ‘mysql’ on server(s)
i. If this installation is part of project implementation, instruct the
Project Manager to include the access as part of their request.
ii. If Powerbroker access is needed outside of the scope of a
project implementation, create a CHG request.
1. SNOW ticket CHG0053765 can be used as a template
for the request.
iii. NOTE: Temporary access should be requested for the 30 day
maximum.
2. Network
a. Ports to open :
i. 3306 - used by MySQL

Version 1.0 2 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

ii. 22 - used by SSH

b. If this installation is part of project implementation, instruct the Project
Manager to include the port access as part of their request.
c. If not part of a project implementation, open a ‘tufin’ request

3.2 MySQL software

1. Identify the version of MySQL to be used in the installation. In some cases, such as 3rd
party vendor software, the latest version may not be compatible. Verify with the PM
which version to use. If there are no limitations on the version, use the latest.
WARNING : If an earlier version of MySQL is required, find a download specific to that
version; do not use the latest MySQL repository or follow the instructions on the MySQL
website. They are incompatible with how HCSC manages repositories.
2. Assuming the latest version is appropriate, download the install package from the online
yum repository : https://dev.mysql.com/downloads/repo/yum/.
Be sure to download the correct version for the correct OS. Save this package for
implementation date.

NOTE: This document was built from an installation of an older version (v5.6.x) of MySQL.

4 Implementation

4.1 Prep/verify system environment

1. IDs
a. Test ‘mysql’ ID and Powerbroker access to verify they are working. Report any
issues.
b. Change ‘mysql’ password to standard password : all4dba2
2. Libs –
a. Create these directories if they don’t already exist.
b. ‘chmod’ to allow ‘mysql’ read/write auths
c. List
i. Temp : /tmp/
ii. Error log : /var/log/
iii. Base : /var/lib/mysql
‘chmod’ mysql:mysql
iv. Data : /mysql/ <= mount point?
‘chmod’ mysql:mysql

Version 1.0 3 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

v. Backup : /backup/<db>

3. Config files
a. /etc/ssh/ssh_config : Add or change AllowTcpForwarding yes

4. MySQL software
FTP the MySQL install .rpm file to directory /tmp/. It will be installed from that location.

4.2 Check for existing DBMSs

1. Invoke Powerbroker as you will need root access to install/remove packages.
2. Check for any currently installed MySQL
$> yum list installed | grep mysql -i
WARNING : This command should return no results. If any instance of MySQL is
already installed, DO NOT PROCEED. Verify you’re on the correct server and resolve
why MySQL is already installed.

3. Check for and remove any instance of mariadb.

a. Check:
$> yum list installed | grep mariadb -i

b. If any results are returned, as illustrated above, they must be removed one at a
time. Respond ‘Y’ to all prompts.
$> yum remove <package name>

After the removes execute, rerun the check to verify it is gone:

$> yum list installed | grep mariadb -i

Version 1.0 4 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

4.3 Install MySQL DBMS

NOTE: Sample output from this step is in Appendix A – MySQL Install Output.
1. Navigate to the /tmp/ directory where the MySQL install .rpm file is located.

2. Run the yum install command for each rpm file in the install download. Respond ‘Y’ to all
prompts.
$> yum localinstall <rpm file name>
E.G. <rpm file name> = MySQL-shared-5.6.32-1.el6.x86_64.rpm

3. Verify that MySQL is now installed

$> yum list installed | grep mysql -i

4.4 Start the MySQL service (mysqld)

NOTES :
• ‘mysqld’ is the MySQL DBMS server bin. When this is running, MySQL is
up; when not running, MySQL is down.
• In some releases, the system service is also named ‘mysqld’; in other
releases, it’s named ‘mysql’. This distinction is important when
managing/stopping/starting the service.

1. Invoke Powerbroker
2. Run the chkconfig command to find the service name.
(NOTE: This step is to demonstrate how to determine the service name. The
remainder of this section will assume the service name is ‘mysql’.)

Version 1.0 5 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

$> chkconfig -list mysql

If the chkconfig command returns a listing showing ‘mysql’ similar to the

above, the name of the service is ‘mysql’. If the command returns no listing
as show below,

Then try the command again with ‘mysqld’.

WARNING : If neither ‘mysql’ nor ‘mysqld’ service is found, then something is
wrong. Stop and determine why the is no MySQL service.
3. Set the mysql service to start on reboot.

$> chkconfig mysql on

4. Start mysql service.

5. Verify the service is running

$> service --status-all | grep mysql -i

Version 1.0 6 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

4.5 Secure the installation

NOTE: Sample output from this step is in Appendix B - mysql_secure_installation
Output.

After the initial installation is complete, it must be secured with the

mysql_secure_installation script. The script will:
• Change root password
• Remove anonymous users
• Disallow root login remotely
• Remove test database and access to it
• Reload privilege tables

1. Get the randomly-generated ‘root’ password created for ‘root’.

$> grep 'temporary password' /var/log/mysqld.log

EXPLANATION : When MySQL is installed, a MySQL password for ‘root’ is randomly

generated and stored in the mysqld.log file. You will need this password to run the
‘mysql_secure_installation’ script as ‘root’

2. Run the script using ‘root’ authority. NOTE: ‘root’ authority does not mean Powerbroker here.
Use the ‘-u root -p’ options:
$> mysql_secure_installation -u root -p

3. The script will prompt you for the randomly-generated ‘root’ password from step #1. Enter it
and reply ‘Y’ to all prompts.

4. When prompted to change the root password, use ‘unix1234’.

Set root password? [Y/n] Y

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

Version 1.0 7 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

4.6 Verify installation

After mysql_secure_installation is complete, MySQL is ready for use. Do a few
things to ensure everything is up and running as expected.
• Log on as ‘root’
$> mysql -u root -punix1234
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 249442
Server version: 5.6.39 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserv
ed.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input state
ment.

mysql>

• Execute a few commands : show databases, use database, show tables, etc.

Version 1.0 8 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

Appendix A – MySQL Install Output

Version 1.0 9 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

Version 1.0 10 Confidential & Proprietary

 DBMS Roles & Responsibilities for No Excuses

Appendix B - mysql_secure_installation Output

$> /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone

to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y

... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

#

Version 1.0 11 Confidential & Proprietary