一、描述
漏扫发现MySQL有低风险漏洞,自己写方案、自己做测试、自己升级。
版本:MySQL 5.7.25 升级到MySQL 5.7.28最新版本。
架构:主从架构

二、升级流程
1、下载最新版数据库软件MySQL 5.7.28
2、上传到指定目录
3、备份数据库软件、数据库数据目录、my.cnf
4、解压缩数据库软件到指定路径
5、关闭备库
6、使用新版软件启动备库,mysqld_safe &
7、登录备库,发现版本已升级,使用mysql_upgrade命令升级系统数据库
8、无报错的话,重启备库。
9、主库按照备库流程走一遍
10、最后确认主备库是否一致

三、部分内容

# mysql_upgrade -uroot -p
 mysql_upgrade: [Warning] Using a password on the command line interface can be insecure.
 Checking if update is needed.
 Checking server version.
 Running queries to upgrade MySQL server.
 Checking system database.
 mysql.columns_priv                                 OK
 mysql.db                                           OK
 mysql.engine_cost                                  OK
 mysql.event                                        OK
 mysql.func                                         OK
 mysql.general_log                                  OK
 mysql.gtid_executed                                OK
 mysql.help_category                                OK
 mysql.help_keyword                                 OK
 mysql.help_relation                                OK
 mysql.help_topic                                   OK
 mysql.innodb_index_stats                           OK
 mysql.innodb_table_stats                           OK
 mysql.ndb_binlog_index                             OK
 mysql.plugin                                       OK
 mysql.proc                                         OK
 mysql.procs_priv                                   OK
 mysql.proxies_priv                                 OK
 mysql.server_cost                                  OK
 mysql.servers                                      OK
 mysql.slave_master_info                            OK
 mysql.slave_relay_log_info                         OK
 mysql.slave_worker_info                            OK
 mysql.slow_log                                     OK
 mysql.tables_priv                                  OK
 mysql.time_zone                                    OK
 mysql.time_zone_leap_second                        OK
 mysql.time_zone_name                               OK
 mysql.time_zone_transition                         OK
 mysql.time_zone_transition_type                    OK
 mysql.user                                         OK
 Found outdated sys schema version 1.5.1.
 Upgrading the sys schema.
 Checking databases.
 sys.sys_config                                     OK
 Upgrade process completed successfully.
 Checking if update is needed.mysql> status
 --------------
 mysql  Ver 14.14 Distrib 5.7.28, for linux-glibc2.12 (x86_64) using  EditLine wrapperConnection id:        2
 Current database:    
 Current user:        root@localhost
 SSL:            Not in use
 Current pager:        stdout
 Using outfile:        ''
 Using delimiter:    ;
 Server version:        5.7.28-log MySQL Community Server (GPL)
 Protocol version:    10
 Connection:        Localhost via UNIX socket
 Server characterset:    utf8mb4
 Db     characterset:    utf8mb4
 Client characterset:    utf8mb4
 Conn.  characterset:    utf8mb4
 UNIX socket:        /tmp/mysql.sock
 Uptime:            27 sec


-----------------------------------

升级案例2 

从库

一、新版本mysql环境准备

1.解压mysql 5.7.31

tar -zxf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /software/

2. 替换软链接

[root@study04 software]# ll
 total 0
 drwxr-xr-x 3 mysql mysql 209 Apr 12 14:14 3307
 drwxr-xr-x 3 mysql mysql 209 Apr 12 14:22 3308
 lrwxrwxrwx 1 mysql mysql  35 Apr 12 11:36 mysql -> mysql-5.7.25-linux-glibc2.12-x86_64
 drwxr-xr-x 9 mysql mysql 129 Apr 12 11:30 mysql-5.7.25-linux-glibc2.12-x86_64
 drwxr-xr-x 9  7161 31415 129 Jun  2  2020 mysql-5.7.31-linux-glibc2.12-x86_64[root@study04 software]# unlink mysql
[root@study04 software]# ln -s mysql-5.7.31-linux-glibc2.12-x86_64 mysql
[root@study04 software]# ll
 total 0
 drwxr-xr-x 3 mysql mysql 209 Apr 12 14:14 3307
 drwxr-xr-x 3 mysql mysql 209 Apr 12 14:22 3308
 lrwxrwxrwx 1 root  root   35 Apr 12 14:28 mysql -> mysql-5.7.31-linux-glibc2.12-x86_64
 drwxr-xr-x 9 mysql mysql 129 Apr 12 11:30 mysql-5.7.25-linux-glibc2.12-x86_64
 drwxr-xr-x 9  7161 31415 129 Jun  2  2020 mysql-5.7.31-linux-glibc2.12-x86_64

3.修改目录权限

chown -R mysql.mysql mysql-5.7.31-linux-glibc2.12-x86_64

二、停从库流量和实例并备份数据

1.检查表是否损坏

mysql> select * from information_schema.tables where TABLE_COMMENT like '%repair%';
 Empty set (0.10 sec)

2.检查从库主从是否正常及有无延迟

show slave status \G

3.停从库流量及io_thread

mysql> stop slave io_thread;
 Query OK, 0 rows affected (0.00 sec)


4.数据全部落盘

待slave sql_thread完全应用后全部落盘

mysql> set global innodb_fast_shutdown=0;
 Query OK, 0 rows affected (0.00 sec)

登录到数据库设置innodb_fast_shutdown到0。可以使用SET GLOBAL进行动态更改,

设置为0:会做清除脏页和插入缓冲区的合并操作,也会将脏页全部刷新到磁盘上面去,但是这个时候关闭的速度也是最慢的,此时数据完整性能得到最大保障

设置为1:关闭MySQL的时候不会做清除脏页和插入缓冲区的合并操作,也不会将脏页刷新到磁盘

设置为2:不会做清除脏页和插入缓冲区的合并操作,也不会将脏页刷新到磁盘,但是会刷新到redo log里面,再下次启动mysql的时候恢复
 

5.停从库

mysql> shutdown;
 Query OK, 0 rows affected (0.00 sec)

4.备份从库

通过 cp datadir 目录的方式来备份

cp -a data data0412

三、启动新版本MySQL

1.检查my.cnf配置文件

  • 1.1 检查basedir指向位置是否正确
  • 1.2 super_read_only 如果开启的话需要临时关闭,后期升级数据字典时候需要写入数据

2.检查启动脚本basedir指向是否正确

[root@study04 3308]# cat /etc/systemd/system/mysqld_3308.service | grep ExecStart
 ExecStart=/software/mysql/bin/mysqld --defaults-file=/software/3308/my.cnf

3.启动msyql5.7.31

[root@study04 3308]# systemctl start mysqld_3308
[root@study04 3308]# ps -ef | grep mysqld | grep 3308
 mysql     6703     1 10 14:58 ?        00:00:01 /software/mysql/bin/mysqld --defaults-file=/software/3308/my.cnf

四、运行 mysql_upgrade 升级数据字典

1.运行 mysql_upgrade

  • 1.出现Upgrade process completed successfully字样表示成功
  • 2.如果中间出现错误打断,需要再次运行
[root@study04 3308]# mysql_upgrade -uroot -S /software/3308/mysql.sock
 Checking if update is needed.
 Checking server version.
 Running queries to upgrade MySQL server.
 Checking system database.
 mysql.columns_priv                                 OK
 mysql.db                                           OK
 mysql.engine_cost                                  OK
 ...
 ...
 ...
 sbtest.sbtest3                                     OK
 sbtest.sbtest4                                     OK
 sys.sys_config                                     OK
 Upgrade process completed successfully.
 Checking if update is needed.

然后执行mysql_upgrade,此时需要选择--skip-write-binlog选项

确保mysql数据库中的系统表与新版本完全兼容
快速检查所有表并将其标记为与新版本的MariaDB兼容

systemctl start mariadb    # 启动mariadb
 mysql_upgrade --skip-write-binlog --force -uroot -p    # 执行mysql_upgrade
 此时系统会自动执行以下几个步骤,等待执行完成就好:Checking and upgrading mysql database
 Installing used storage engines:Checking for tables with unknown storage engine
 Fixing views
 Running 'mysql_fix_privilege_tables'
 Fixing table and database names
 Checking and upgrading tables
 Running 'FLUSH PRIVILEGES'


————————————————

2.重启MySQL 5.7.31实例

[root@study04 3308]# systemctl restart mysqld_3308

五、升级后操作

1.确认升级是否成功

mysql> select version();
 +------------+
 | version()  |
 +------------+
 | 5.7.31-log |
 +------------+
 1 row in set (0.00 sec)

2.检查主从状态及延迟情况

mysql> show slave status \G

主库

  • 1.停主库流量
  • 2.待主从数据一致后进行主从切换
  • 3.讲流量指向升级后新主库
  • 4.原主库重复上述步骤升级