Linux,Unix,BSD
외부 네트워크가 연결되지 않는 CentOS7에 MariaDB 설치하기
채윤아빠
2019. 2. 18. 20:49
728x90
반응형
보통 DMZ 내부에서 외부 네트워크와 완벽하게 단절된 경우, yum을 사용할 수 없기 때문에 패키지 관리 및 신규 패키지 설치에 어려움이 있습니다.
본 문서에서는 외부 네트워크를 사용할 수 없는 곳에 위치해 있는 CentOS7에 "MariaDB"를 설치하는 방법에 대하여 설명합니다.
"MariaDB" 설치에 필요한 rpm 파일 구하기
동일 버전의 CentOS7 준비
"MariaDB" 설치 대상 서버와 동일한 버전의 CentOS minimal 버전을 구하여 VirutalBox 등을 이용하여 외부 네트워크를 이용할 수 있는 동일한 환경을 구성합니다.
"MariaDB" 설치에 필요한 rpm 파일 다운로드
동일한 환경으로 구성한 CentOS7에서 다음과 같은 과정으로 "MariaDB" 설치에 필요한 rpm 파일들은 다운로드 받을 수 있도록 준비합니다.
참고 : https://mariadb.com/kb/en/library/yum/
- yum repo에 "MariaDB" 패키지 저장소 설정 추가합
vi /etc/yum.repos.d/MariaDB.repo [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.3/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
- MariaDB 설치에 필요한 rpm 파일 목록 확인
yum install MariaDB-client MariaDB-server ===================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================== Installing: MariaDB-client x86_64 10.3.12-1.el7.centos mariadb 53 M MariaDB-compat x86_64 10.3.12-1.el7.centos mariadb 2.8 M replacing mariadb-libs.x86_64 1:5.5.56-2.el7 MariaDB-server x86_64 10.3.12-1.el7.centos mariadb 123 M Installing for dependencies: MariaDB-common x86_64 10.3.12-1.el7.centos mariadb 166 k boost-program-options x86_64 1.53.0-27.el7 base 156 k galera x86_64 25.3.25-1.rhel7.el7.centos mariadb 8.1 M lsof x86_64 4.87-6.el7 base 331 k perl x86_64 4:5.16.3-294.el7_6 updates 8.0 M perl-Carp noarch 1.26-244.el7 base 19 k perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-DBI x86_64 1.627-4.el7 base 802 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-Encode x86_64 2.51-7.el7 base 1.5 M perl-Exporter noarch 5.68-3.el7 base 28 k perl-File-Path noarch 2.09-2.el7 base 26 k perl-File-Temp noarch 0.23.01-3.el7 base 56 k perl-Filter x86_64 1.49-3.el7 base 76 k perl-Getopt-Long noarch 2.40-3.el7 base 56 k perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-PathTools x86_64 3.40-5.el7 base 82 k perl-PlRPC noarch 0.2020-14.el7 base 36 k perl-Pod-Escapes noarch 1:1.04-294.el7_6 updates 51 k perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k perl-Pod-Usage noarch 1.63-3.el7 base 27 k perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k perl-Socket x86_64 2.010-4.el7 base 49 k perl-Storable x86_64 2.45-3.el7 base 77 k perl-Text-ParseWords noarch 3.29-4.el7 base 14 k perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k perl-Time-Local noarch 1.2300-2.el7 base 24 k perl-constant noarch 1.27-2.el7 base 19 k perl-libs x86_64 4:5.16.3-294.el7_6 updates 688 k perl-macros x86_64 4:5.16.3-294.el7_6 updates 44 k perl-parent noarch 1:0.225-244.el7 base 12 k perl-podlators noarch 2.5.1-3.el7 base 112 k perl-threads x86_64 1.87-4.el7 base 49 k perl-threads-shared x86_64 1.43-6.el7 base 39 k rsync x86_64 3.1.2-4.el7 base 403 k Transaction Summary ===================================================================================================================================================================== Install 3 Packages (+39 Dependent packages) Total download size: 201 M
- MariaDB 설치에 필요한 파일 다운로드
yum install --downloadonly --downloaddir=/root/mariadb MariaDB-client MariaDB-server
"MariaDB" 설치 준비
MariaDB를 위한 데이터 폴더 준비
rpm으로 "MariaDB"를 설치하면 "/var/lib/mysql" 폴더 아래에 데이터 파일이 저장/관리 됩니다. 해당 파티션에 용량이 충분한 경우에는 그대로 사용하면 되지만, "MariaDB"를 설치하려는 서버에는 "/" 파티션의 용량이 부족하여 용량이 충분한 "/home" 폴더에 데이터를 저장하기 위한 준비를 다음과 같이 합니다.
- MariaDB data 폴더 생성
mkdir -p /var/lib/mysql mkdir -p /home/mariadb/mysql
- mount 명령을 이용하여 "/home" 파티션의 폴더를 "/var/lib/mysql"로 마운트함
mount --bind /home/mariadb/mysql /var/lib/mysql
- MariaDB data 폴더 mount를 위한 /etc/fstab 수정 ; mysql 관련 폴더 설정 추가
/home/mariadb/mysql /var/lib/mysql none bind 0 0
위와 같이 설정을 적용해 놓으면, 서버를 재부팅하여도 데이터 폴더는 그대로 "/home" 파티션에 있는 폴더에 저장되게 됩니다.
"MariaDB" 수동 설치
- 필수 패키지 수동 설치 ; perl 등
rpm -Uvh boost-program-options-1.53.0-27.el7.x86_64.rpm rpm -Uvh lsof-4.87-6.el7.x86_64.rpm rpm -Uvh rsync-3.1.2-4.el7.x86_64.rpm rpm -Uvh perl*
- 필수 패키지 수동 설치 결과
rpm -Uvh boost-program-options-1.53.0-27.el7.x86_64.rpm 경고: boost-program-options-1.53.0-27.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:boost-program-options-1.53.0-27.e################################# [100%] [root@webbuilderIMAGE mariadb]# rpm -Uvh lsof-4.87-6.el7.x86_64.rpm 경고: lsof-4.87-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:lsof-4.87-6.el7 ################################# [ 50%] Cleaning up / removing... 2:lsof-4.87-4.el7 ################################# [100%] [root@webbuilderIMAGE mariadb]# rpm -Uvh rsync-3.1.2-4.el7.x86_64.rpm 경고: rsync-3.1.2-4.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:rsync-3.1.2-4.el7 ################################# [ 50%] Cleaning up / removing... 2:rsync-3.0.9-18.el7 ################################# [100%] [root@webbuilderIMAGE mariadb]# [root@webbuilderIMAGE mariadb]# rpm -Uvh perl* 경고: perl-5.16.3-294.el7_6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:perl-Getopt-Long-2.40-3.el7 ################################# [ 6%] 2:perl-libs-4:5.16.3-294.el7_6 ################################# [ 12%] 3:perl-macros-4:5.16.3-294.el7_6 ################################# [ 18%] 4:perl-4:5.16.3-294.el7_6 ################################# [ 24%] 5:perl-Compress-Raw-Bzip2-2.061-3.e################################# [ 29%] 6:perl-Compress-Raw-Zlib-1:2.061-4.################################# [ 35%] 7:perl-IO-Compress-2.061-2.el7 ################################# [ 41%] 8:perl-Data-Dumper-2.145-3.el7 ################################# [ 47%] 9:perl-Net-Daemon-0.48-5.el7 ################################# [ 53%] 10:perl-PlRPC-0.2020-14.el7 ################################# [ 59%] 11:perl-DBI-1.627-4.el7 ################################# [ 65%] 12:perl-Pod-Escapes-1:1.04-294.el7_6################################# [ 71%] Cleaning up / removing... 13:perl-Pod-Escapes-1:1.04-292.el7 ################################# [ 76%] 14:perl-Getopt-Long-2.40-2.el7 ################################# [ 82%] 15:perl-libs-4:5.16.3-292.el7 ################################# [ 88%] 16:perl-macros-4:5.16.3-292.el7 ################################# [ 94%] 17:perl-4:5.16.3-292.el7 ################################# [100%]
- MariaDB 수동 설치
rpm -Uvh galera-25.3.25-1.rhel7.el7.centos.x86_64.rpm rpm -Uvh MariaDB*
- MariaDB 수동 설치 결과
[root@webbuilderIMAGE mariadb]# rpm -Uvh galera-25.3.25-1.rhel7.el7.centos.x86_64.rpm 경고: galera-25.3.25-1.rhel7.el7.centos.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 1bb943db: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:galera-25.3.25-1.rhel7.el7.centos################################# [100%] [root@webbuilderIMAGE mariadb]# rpm -Uvh MariaDB* 경고: MariaDB-10.3.12-centos73-x86_64-client.rpm: Header V4 DSA/SHA1 Signature, key ID 1bb943db: NOKEY 준비 중... ################################# [100%] Updating / installing... 1:MariaDB-compat-10.3.12-1.el7.cent################################# [ 20%] 2:MariaDB-common-10.3.12-1.el7.cent################################# [ 40%] 3:MariaDB-client-10.3.12-1.el7.cent################################# [ 60%] 4:MariaDB-server-10.3.12-1.el7.cent################################# [ 80%] PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER ! To do so, start the server, then issue the following commands: '/usr/bin/mysqladmin' -u root password 'new-password' '/usr/bin/mysqladmin' -u root -h webbuilderIMAGE password 'new-password' Alternatively you can run: '/usr/bin/mysql_secure_installation' which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the MariaDB Knowledgebase at http://mariadb.com/kb or the MySQL manual for more instructions. Please report any problems at http://mariadb.org/jira The latest information about MariaDB is available at http://mariadb.org/. You can find additional information about the MySQL part at: http://dev.mysql.com Consider joining MariaDB's strong and vibrant community: https://mariadb.org/get-involved/ Cleaning up / removing... 5:mariadb-libs-1:5.5.56-2.el7 ################################# [100%]
"MariaDB" 환경설정
/etc/my.cnf.d/server.cnf 수정
- 운영 포트 변경 ; 보안을 위하여 알려진 "3306" 대신 다른 포트로 운영
[server] port=16033
- 로그 활성화 ; 수행에 3초 이상 걸리는 느린 쿼리 남기기
[mysqld] slow_launch_time=3 slow_query_log=1
/etc/my.cnf 수정
- 운영 포트 변경 ; 보안을 위하여 알려진 "3306" 대신 다른 포트로 운영
[client] port=16033
기타 보안을 위한 조치
- MariaDB 환경설정 파일의 권한 수정
chown -R mysql:mysql /etc/my.cnf* chmod 600 /etc/my.cnf chmod 700 /etc/my.cnf.d
- MariaDB 서비스 시작
systemctl start mariadb
- MariaDB의 "root" 계정 비밀번호 설정
/usr/bin/mysqladmin -u root password 'new-password'
- "mysql_secure_installation" 스크립트 실행
/usr/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
- 보안 권고에 따른 불필요한 계정 삭제
MariaDB [mysql]> DELETE FROM mysql.user WHERE User = ''; Query OK, 2 rows affected (0.000 sec) MariaDB [mysql]> DELETE FROM mysql.user WHERE Host <> 'localhost'; Query OK, 3 rows affected (0.000 sec)
'Linux,Unix,BSD' 카테고리의 다른 글
| 우분투에서 cifs를 이용하여 ipTIME NAS2Dual 장비의 공유폴더 마운트하기 (0) | 2019.02.20 |
|---|---|
| sshfs를 활용한 원격 서버의 폴더를 네트워크 드라이브로 연결하기 (0) | 2019.02.19 |
| XRDP를 이용한 원격 접속 (터널링) (3) | 2019.02.17 |
| [실패기] "fsck" file & directory corrupted 복구 (0) | 2019.02.10 |
| sshd port 변경 (0) | 2014.05.21 |
'Linux,Unix,BSD'의 다른글
- 현재글외부 네트워크가 연결되지 않는 CentOS7에 MariaDB 설치하기