常用软件安装 - mysql8 - 《docker》

docker-compose.yml
mysql+mysqld-exporter
常用操作
踩坑经历

docker-compose.yml

version: "3"
services:
  mysql:
    container_name: mysql8
    image: mysql/mysql-server:8.0.18-1.1.13
    command: --default-authentication-plugin=mysql_native_password
    ports:
      - 3306:3306
      - 33060:33060
    environment:
      MYSQL_ROOT_PASSWORD: 123456
      MYSQL_USER: hxy
      MYSQL_PASSWORD: hxy
    volumes:
      - ./conf/my.cnf:/etc/mysql/my.cnf
      - ./conf/conf.d:/etc/mysql/conf.d
      - ./data:/var/lib/mysql
      - ./log:/var/log/mysql

MYSQL_USER 、 MYSQL_PASSWORD 配置 mysql 新用户账号密码

在./conf目录下新建my.cnf，配置以下内容

!includedir /etc/mysql/conf.d

这样 /etc/mysql/conf.d 下的 .cnf 配置文件就会被加载

在 ./conf/conf.d 新建文件 mysql.cnf，内容如下：

[mysqld]
# -----binlog 相关配置 start---------
# 打开 binlog 需要指定 server-id
server-id=1
# binlog 地址
log_bin=/var/log/mysql/mysql-bin.log
# binlog 过期数据
expire_logs_days=10
# binlog 文件最大大小
max_binlog_size=100M
# binlog 格式，有 row/statement/mixed 三种格式
binlog_format=row
# -----binlog 相关配置 end---------
bind-address=0.0.0.0

如果不打开 binlog，可以不用配置 binlog 相关配置参考：https://snapshooter.com/learn/mysql/enable-and-use-binary-log-mysql

启动：

docker-compose up -d

客户端连接：

mysql+mysqld-exporter

version: "3"
services:
  mysql:
    container_name: mysql8
    image: mysql/mysql-server:8.0.18-1.1.13
    command: --default-authentication-plugin=mysql_native_password
    ports:
      - 3306:3306
      - 33060:33060
    environment:
      MYSQL_ROOT_PASSWORD: 123456
      MYSQL_USER: hxy
      MYSQL_PASSWORD: hxy
    volumes:
      - ./conf/my.cnf:/etc/mysql/my.cnf
      - ./conf/conf.d:/etc/mysql/conf.d
      - ./data:/var/lib/mysql
      - ./log:/var/log/mysql
    networks:
      - mysql-network
  mysqld-exporter:
    container_name: mysqld-exporter
    image: prom/mysqld-exporter:v0.12.1
    ports:
      - 9104:9104
    environment:
      DATA_SOURCE_NAME: "hxy:hxy@(mysql:3306)/"
    networks:
      - mysql-network
    depends_on:
      - mysql
networks:
  mysql-network:

浏览器访问 http://localhost:9104 ，出现 mysql 监控参数，证明配置成功

...
mysql_global_status_commands_total{command="create_function"} 0
mysql_global_status_commands_total{command="create_index"} 0
mysql_global_status_commands_total{command="create_procedure"} 0
mysql_global_status_commands_total{command="create_resource_group"} 0
mysql_global_status_commands_total{command="create_role"} 0
mysql_global_status_commands_total{command="create_server"} 0
mysql_global_status_commands_total{command="create_spatial_reference_system"} 0
mysql_global_status_commands_total{command="create_table"} 34
mysql_global_status_commands_total{command="create_trigger"} 0
mysql_global_status_commands_total{command="create_udf"} 0
mysql_global_status_commands_total{command="create_user"} 0
mysql_global_status_commands_total{command="create_view"} 0
mysql_global_status_commands_total{command="dealloc_sql"} 0
mysql_global_status_commands_total{command="delete"} 0
...

链接：https://registry.hub.docker.com/r/prom/mysqld-exporter

常用操作

进入 mysql 容器

$ mysql -uroot -p
Enter password:

查看用户权限

语法：show grants for '{user}'@'{host}'

$ show grants for 'hxy'@'%';
+-------------------------------------------------------------------+
| Grants for hxy@%                                                  |
+-------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `hxy`@`%`                                   |
| GRANT ALL PRIVILEGES ON `testdb`.* TO `hxy`@`%` WITH GRANT OPTION |
+-------------------------------------------------------------------+

用户授权

给用户授予某个库的所有权限
语法：grant all privileges on{db_name}.{table_name} to {user}@'{host}' [WITH GRANT OPTION]

$ grant all privileges on `testdb`.* to hxy@'%';
Query OK, 0 rows affected (0.00 sec)

WITH GRANT OPTION 表示该用户可以将该权限授予其他用户

撤销权限

语法：revoke all on{db_name}.{table_name} from {user}@'{host}';

$ revoke all on `testdb`.* from hxy@'%';
Query OK, 0 rows affected (0.01 sec)

踩坑经历

如果不挂载 my.cnf 文件，并配置!includedir，mysql 并不会加载 /etc/mysql/conf.d 下的配置文件，这点在 dockerhub 中没讲

https://hub.docker.com/_/mysql?tab=description

进入 mysql 容器，使用 mysql --help | grep my.cnf -C 1

# mysql --help | grep /my.cnf -C 1
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf
The following groups are read: mysql client

可以看到 mysql 读取配置文件的优先级是/etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf，然后在容器中只看到/etc/my.cnf这一个配置文件，该配置文件的内容如下

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
skip-host-cache
skip-name-resolve
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
secure-file-priv=/var/lib/mysql-files
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
#log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

可以看到，my.cnf 并没有使用 !includedir 加载 /etc/mysql/conf.d 目录下的配置文件

即使加了!includedir配置后，启动的时候，mysql 还是不会读取 /etc/mysql/conf.d 目录下的配置文件

docker-compose.yml 中挂载了 ./conf/my.cnf 到 /etc/mysql/conf.d/my.cnf，并且在 ./conf/my.cnf 下加了 !includedir 配置，指定加载 /etc/mysql/conf.d 下的配置文件

!includedir /etc/mysql/conf.d

在 /etc/mysql/conf.d 下新建 mysql.cnf 配置文件，配置如下

[mysqld]
server-id=1
log_bin=/var/log/mysql/mysql-bin.log
expire_logs_days=10
max_binlog_size=100M
binlog_format=row

然后启动 mysql 容器，进入到容器中发现 binlog 还是处于 off 状态

$ docker exec -it mysql5.7 /bin/bash
bash-4.2# mysql -uroot -p123456 -e "show variables like '%log_bin%';"
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------------------+--------------------------------+
| Variable_name                   | Value                          |
+---------------------------------+--------------------------------+
| log_bin                         | OFF                            |
| log_bin_basename                |                                |
| log_bin_index                   |                                |
| log_bin_trust_function_creators | OFF                            |
| log_bin_use_v1_row_events       | OFF                            |
| sql_log_bin                     | ON                             |
+---------------------------------+--------------------------------+

log_bin = OFF 证明没打开 binlog

证明 mysql.cnf 配置不起作用/mysql 没加载到该配置，接着还是使用 mysql —help 查看是什么情况，执行命令发现有一行 warning 如下

# mysql --help
Warning: World-writable config file '/etc/mysql/conf.d' is ignored

该 warning 的意思是 /etc/mysql/conf.d 的权限太大，mysql 认为所有人都可以修改该目录下的文件，不安全，所以忽略该配置文件，因为我之前将这个目录的权限修改为 777，所以才会出现这种情况，将权限修改为 644 就可以了

chmod 644 /etc/mysql/conf.d

这里，删除容器重新build容器也是可以的

镜像为什么使用 mysql/mysql-server:8.0.18-1.1.13

这里有点忘了，因为 dockerhub 里，mysql 的镜像并不是这个，不知道为什么要用这个，后面有空再研究
dockerhub - mysql: https://hub.docker.com/_/mysql?tab=tags