MySQL小版本升级解决安全漏洞

1.环境配置信息;mysql5.7.27;社区版;

2.故障现象;

3.根本原因; 需要升级数据库版本。

4.解决方案; 将mysql数据库小版本升级到5.7.36;过程如下

1)检查主从状态、停数据库、对主从节点数据节点数据冷备份和热备

root;localhost [(none)]>show slave statusG
*************************** 1. row ***************************
Slave_IO_State: Checking master version
Master_Host: 172.28.0.59
Master_User: repl
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 101908
Relay_Log_File: relay-bin.000002
Relay_Log_Pos: 367
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 154
Relay_Log_Space: 102322
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1001
Master_UUID: e8e0dfde-4781-11ec-8daf-fa62e67a5500
Master_Info_File: mysql.slave_master_info
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Reading event from the relay log
Master_Retry_Count: 86400
Master_Bind:
Last_IO_Error_Timestamp:
Last_SQL_Error_Timestamp:
Master_SSL_Crl:
Master_SSL_Crlpath:
Retrieved_Gtid_Set: e8e0dfde-4781-11ec-8daf-fa62e67a5500:1-2
Executed_Gtid_Set: a9dcd4f1-45f1-11ec-b440-fa62e67a5500:1-112
Auto_Position: 1
Replicate_Rewrite_DB:
Channel_Name:
Master_TLS_Version:
停库;
[root;bgsimysqldb01 allInstall]# service mysqld stop
Shutting down MySQL… SUCCESS!

[root;bgsimysqldb02 allInstall]# service mysqld stop
Shutting down MySQL… SUCCESS!
热备;
mysqldump -uroot -ppaicdb;NJ15 --single-transaction --master-data=2 --flush-logs --flush-privileges --all-databases --triggers --routines --events >db_fullbackup.sql

然后将备份文件拷贝到从库

冷备;
[root;bgsimysqldb01 ~]# mv /paic/procfiles/mysql /paic/procfiles/mysql_bak
[root;bgsimysqldb01 ~]# mv /paic/mysql/mysql3306/data /paic/mysql/mysql3306/data_27

[root;bgsimysqldb02 ~]# mv /paic/procfiles/mysql /paic/procfiles/mysql_bak
[root;bgsimysqldb02 ~]# mv /paic/mysql/mysql3306/data /paic/mysql/mysql3306/data_27

2)升级mysql程序

将5.7.36安装包上传到主从节点。然后在主从节点升级mysql。
cd /paic/procfiles
tar -zxvf /allInstall/mysql-5.7.36-linux-glibc2.12-x86_64.tar.gz > /dev/null
mv mysql-5.7.36-linux-glibc2.12-x86_64 mysql
chown -R mysql:mysql mysql

3)主从节点重新初始化数据库

/paic/procfiles/mysql/bin/mysqld --defaults-file=/etc/my.cnf --initialize

4)修改mysql管理员root密码 ;主从节点执行;

–mysql初始化完成默认会生成一个临时密码,在/paic/mysql/mysql3306/data下的error.log里面;

cd /paic/mysql/mysql3306/data

more error.log |grep -i temp

主节点;2021-11-17T13:02:53.106925;08:00 1 [Note] A temporary password is generated for root;localhost: ot#8E8Hj/psH
从节点;2021-11-17T13:02:13.629062;08:00 1 [Note] A temporary password is generated for root;localhost: Sc.HKi(Cr2d5

mysql -uroot -p ##密码为上面error.log里面的临时密码

如下红色字体标识的root管理员用户密码请修改并妥善保管, 切勿使用文中密码
主节点;sql>alter user ‘root’;‘localhost’ identified by ‘paicdb;NJ15’ PASSWORD EXPIRE NEVER account unlock;
从节点;sql>alter user ‘root’;‘localhost’ identified by ‘paicdb;NJ15’ PASSWORD EXPIRE NEVER account unlock;

5)主从库导入生产数据

mysql -uroot -ppaicdb;NJ15 < db_fullbackup.sql

6)建立主从同步

mysql -uroot -p
mysql> change master to master_host=‘172.28.0.59’,master_user=‘repl’,master_port=3306,master_password=‘mydb;Paic15’,MASTER_AUTO_POSITION=1;
mysql> start slave;
mysql> show slave statusG

7)主从同步测试

##主创建db/user/table;
mysql -u root -p
mysql>create database gateway;
mysql>CREATE USER ‘gateway’;‘%’ IDENTIFIED BY ‘Uole#03y’;
mysql>GRANT ALL ON gateway.* TO ‘gateway’;‘%’;
mysql>flush privileges;

mysql -u gateway -p
mysql>use gateway;
mysql>create table usertable (
username varchar(10) not null,
password varchar(16) not null);
mysql>insert into usertable values(‘mark’,‘westos’);
mysql>insert into usertable values(‘harry’,‘redhat’);
mysql>select * from usertable;
±---------±---------;
| username | password |
±---------±---------;
| mark | westos |
| harry | redhat |
±---------±---------;
2 rows in set (0.01 sec)

##从库上查看创建的db/user/table;
#>mysql -u gateway -p
gateway;localhost [(none)]>use gateway
Database changed
gateway;localhost [gateway]>select * from usertable;
±---------±---------;
| username | password |
±---------±---------;
| mark | westos |
| harry | redhat |

##从库上测试read only;
gateway;localhost [gateway]>create table usr (
username varchar(10) not null,
password varchar(16) not null);
ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

8)主从状态查看

主;
root;localhost [mysql]>show master statusG

从;
root;localhost [mysql]>show slave statusG
root;localhost [mysql]>select * from mysql.slave_master_info G

6.总结;

1;、在升级前要做好充分的数据备份准备;以防升级失败;
2;、在解决这个故障的时候我使用过升级后用冷备恢复数据库;但是启动mysql时遇到报错“mysqld_safe mysqld from pid file /usr/local/mysql/data/Linux.pid ended”;百思不得其解。最后还是选择了重新初始化数据库;用逻辑导出导入的方式来恢复。
3;、在做数据导入时遇到过以下报错;

ERROR 1840 (HY000) at line 24: ;;GLOBAL.GTID_PURGED can only be set when ;;GLOBAL.GTID_E
解决参考资料;
https://blog.csdn.net/QQ_24909089/article/details/83059624

4;、在做主从同步时遇过以下报错;

Last_IO_Errno: 1236
Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: ‘The slave is connecting using CHANGE MASTER TO MASTER_AUTO_POSITION = 1, but the master has purged binary logs containing GTIDs that the slave requires.’

解决办法;
第一步;在主库执行;
show global variables like ‘%gtid%’;
找到gtid_purged值
第二步;在从库执行
stop slave;
reset master;
set global gtid_purged=‘a9dcd4f1-45f1-11ec-b440-fa62e67a5500:1-112’;
start slave;
show slave statusG