一、描述
漏扫发现MySQL有低风险漏洞,自己写方案、自己做测试、自己升级。
版本:MySQL 5.7.25 升级到MySQL 5.7.28最新版本。
架构:主从架构
二、升级流程
1、下载最新版数据库软件MySQL 5.7.28
2、上传到指定目录
3、备份数据库软件、数据库数据目录、my.cnf
4、解压缩数据库软件到指定路径
5、关闭备库
6、使用新版软件启动备库,mysqld_safe &
7、登录备库,发现版本已升级,使用mysql_upgrade命令升级系统数据库
8、无报错的话,重启备库。
9、主库按照备库流程走一遍
10、最后确认主备库是否一致
三、部分内容
# mysql_upgrade -uroot -p
mysql_upgrade: [Warning] Using a password on the command line interface can be insecure.
Checking if update is needed.
Checking server version.
Running queries to upgrade MySQL server.
Checking system database.
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.gtid_executed OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.innodb_index_stats OK
mysql.innodb_table_stats OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.proxies_priv OK
mysql.server_cost OK
mysql.servers OK
mysql.slave_master_info OK
mysql.slave_relay_log_info OK
mysql.slave_worker_info OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
Found outdated sys schema version 1.5.1.
Upgrading the sys schema.
Checking databases.
sys.sys_config OK
Upgrade process completed successfully.
Checking if update is needed.mysql> status
--------------
mysql Ver 14.14 Distrib 5.7.28, for linux-glibc2.12 (x86_64) using EditLine wrapperConnection id: 2
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.28-log MySQL Community Server (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /tmp/mysql.sock
Uptime: 27 sec
-----------------------------------
升级案例2
从库
一、新版本mysql环境准备
1.解压mysql 5.7.31
tar -zxf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /software/
2. 替换软链接
[root@study04 software]# ll
total 0
drwxr-xr-x 3 mysql mysql 209 Apr 12 14:14 3307
drwxr-xr-x 3 mysql mysql 209 Apr 12 14:22 3308
lrwxrwxrwx 1 mysql mysql 35 Apr 12 11:36 mysql -> mysql-5.7.25-linux-glibc2.12-x86_64
drwxr-xr-x 9 mysql mysql 129 Apr 12 11:30 mysql-5.7.25-linux-glibc2.12-x86_64
drwxr-xr-x 9 7161 31415 129 Jun 2 2020 mysql-5.7.31-linux-glibc2.12-x86_64[root@study04 software]# unlink mysql
[root@study04 software]# ln -s mysql-5.7.31-linux-glibc2.12-x86_64 mysql
[root@study04 software]# ll
total 0
drwxr-xr-x 3 mysql mysql 209 Apr 12 14:14 3307
drwxr-xr-x 3 mysql mysql 209 Apr 12 14:22 3308
lrwxrwxrwx 1 root root 35 Apr 12 14:28 mysql -> mysql-5.7.31-linux-glibc2.12-x86_64
drwxr-xr-x 9 mysql mysql 129 Apr 12 11:30 mysql-5.7.25-linux-glibc2.12-x86_64
drwxr-xr-x 9 7161 31415 129 Jun 2 2020 mysql-5.7.31-linux-glibc2.12-x86_64
3.修改目录权限
chown -R mysql.mysql mysql-5.7.31-linux-glibc2.12-x86_64
二、停从库流量和实例并备份数据
1.检查表是否损坏
mysql> select * from information_schema.tables where TABLE_COMMENT like '%repair%';
Empty set (0.10 sec)
2.检查从库主从是否正常及有无延迟
show slave status \G
3.停从库流量及io_thread
mysql> stop slave io_thread;
Query OK, 0 rows affected (0.00 sec)
4.数据全部落盘
待slave sql_thread完全应用后全部落盘
mysql> set global innodb_fast_shutdown=0;
Query OK, 0 rows affected (0.00 sec)
登录到数据库设置innodb_fast_shutdown到0。可以使用SET GLOBAL进行动态更改,
设置为0:会做清除脏页和插入缓冲区的合并操作,也会将脏页全部刷新到磁盘上面去,但是这个时候关闭的速度也是最慢的,此时数据完整性能得到最大保障
设置为1:关闭MySQL的时候不会做清除脏页和插入缓冲区的合并操作,也不会将脏页刷新到磁盘
设置为2:不会做清除脏页和插入缓冲区的合并操作,也不会将脏页刷新到磁盘,但是会刷新到redo log里面,再下次启动mysql的时候恢复
5.停从库
mysql> shutdown;
Query OK, 0 rows affected (0.00 sec)
4.备份从库
通过 cp datadir 目录的方式来备份
cp -a data data0412
三、启动新版本MySQL
1.检查my.cnf配置文件
- 1.1 检查basedir指向位置是否正确
- 1.2 super_read_only 如果开启的话需要临时关闭,后期升级数据字典时候需要写入数据
2.检查启动脚本basedir指向是否正确
[root@study04 3308]# cat /etc/systemd/system/mysqld_3308.service | grep ExecStart
ExecStart=/software/mysql/bin/mysqld --defaults-file=/software/3308/my.cnf
3.启动msyql5.7.31
[root@study04 3308]# systemctl start mysqld_3308
[root@study04 3308]# ps -ef | grep mysqld | grep 3308
mysql 6703 1 10 14:58 ? 00:00:01 /software/mysql/bin/mysqld --defaults-file=/software/3308/my.cnf
四、运行 mysql_upgrade 升级数据字典
1.运行 mysql_upgrade
- 1.出现Upgrade process completed successfully字样表示成功
- 2.如果中间出现错误打断,需要再次运行
[root@study04 3308]# mysql_upgrade -uroot -S /software/3308/mysql.sock
Checking if update is needed.
Checking server version.
Running queries to upgrade MySQL server.
Checking system database.
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
...
...
...
sbtest.sbtest3 OK
sbtest.sbtest4 OK
sys.sys_config OK
Upgrade process completed successfully.
Checking if update is needed.
然后执行mysql_upgrade,此时需要选择--skip-write-binlog选项
确保mysql数据库中的系统表与新版本完全兼容
快速检查所有表并将其标记为与新版本的MariaDB兼容
systemctl start mariadb # 启动mariadb
mysql_upgrade --skip-write-binlog --force -uroot -p # 执行mysql_upgrade
此时系统会自动执行以下几个步骤,等待执行完成就好:Checking and upgrading mysql database
Installing used storage engines:Checking for tables with unknown storage engine
Fixing views
Running 'mysql_fix_privilege_tables'
Fixing table and database names
Checking and upgrading tables
Running 'FLUSH PRIVILEGES'
————————————————
2.重启MySQL 5.7.31实例
[root@study04 3308]# systemctl restart mysqld_3308
五、升级后操作
1.确认升级是否成功
mysql> select version();
+------------+
| version() |
+------------+
| 5.7.31-log |
+------------+
1 row in set (0.00 sec)
2.检查主从状态及延迟情况
mysql> show slave status \G
主库
- 1.停主库流量
- 2.待主从数据一致后进行主从切换
- 3.讲流量指向升级后新主库
- 4.原主库重复上述步骤升级