Souce Install MariaDB 10.3 with OpenSSL 1.1.1g on CentOS 7

CentOS 7 에서 OpenSSL 1.1.1 버전과 함께 MariaDB 10.3 컴파일 설치하는 방법에 대한 예제

포스팅을 통해 계속 얘기하고 있지만 보안 이슈 및 오래된 버전의 EOL 문제로 인해 OpenSSL 최신버전을 권장합니다.

참고 URL: https://umount.net/openssl-심각한-보안-취약점-발견-cve-2020-1967/

OpenSSL 1.1.1g 설치 참고 URL  : https://umount.net/souce-install-nginx-with-openssl-1-1-1-on-centos-7/

MariaDB cmake 시 OpenSSL 경로를 지정하는 옵션이 없기때문에 PKG_CONFIG_PATH 설정을 해주어야 합니다.

또한 OpenSSL 관련내용 외에도 기존에 작성된 MariaDB 10.3 설치 가이드와는 cmake 옵션, systemd 파일 등을 조금 다르게 설정했기 때문에 이 부분도 유심히 살펴 보시고 어떤 차이점이 있는지 확인 해보시는것을 권장합니다.

의존성 패키지 설치

[root@172-16-11-100 /]# yum install -y cmake make gcc gcc-c++ ncurses-devel libevent-devel libxml2 libxml2-devel bison wget valgrind-devel libzstd-devel lz4-devel jemalloc-devel

유저생성

[root@172-16-11-100 /]# useradd -M -r -s /sbin/nologin maria

mariadb 다운로드

[root@172-16-11-100 /]# cd /usr/local/src
[root@172-16-11-100 src]# wget https://downloads.mariadb.org/interstitial/mariadb-10.3.23/source/mariadb-10.3.23.tar.gz

mariadb 압축해제

[root@172-16-11-100 src]# tar xvzf mariadb-10.3.23.tar.gz

cmake

[root@172-16-11-100 src]# cd /usr/local/src/mariadb-10.3.23/
[root@172-16-11-100 mariadb-10.3.23]# mkdir target
[root@172-16-11-100 mariadb-10.3.23]# cd target
[root@172-16-11-100 target]# export PKG_CONFIG_PATH=/usr/local/openssl-1.1.1g/lib/pkgconfig
[root@172-16-11-100 target]# cmake .. \
-DCMAKE_INSTALL_PREFIX=/data/apps/src/mariadb-10.3.23 \
-DINSTALL_SYSCONFDIR=/data/apps/src/mariadb-10.3.23/etc \
-DINSTALL_SUPPORTFILESDIR=/data/apps/src/mariadb-10.3.23/support-files \
-DTMPDIR=/data/apps/src/mariadb-10.3.23/tmp \
-DMYSQL_DATADIR=/data/apps/src/mariadb-10.3.23/data \
-DMYSQL_UNIX_ADDR=/data/apps/src/mariadb-10.3.23/mysql.sock \
-DPID_FILE_DIR=/data/apps/src/mariadb-10.3.23 \
-DSYSTEMD_PID_DIR=/data/apps/src/mariadb-10.3.23 \
-DSYSTEMD_SERVICE_NAME=mariadb \
-DENABLED_LOCAL_INFILE=0 \
-DWITH_SYSTEMD=yes \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_JEMALLOC=yes \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_ARIA_STORAGE_ENGINE=1 \
-DWITH_XTRADB_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATEDX_STORAGE_ENGINE=1 \
-DWITH_QUERY_CACHE_INFO=1 \
-DWITH_QUERY_RESPONSE_TIME=1 \
-DWITH_SAFEMALLOC=AUTO \
-DDEFAULT_CHARSET=utf8mb4 \
-DDEFAULT_COLLATION=utf8mb4_unicode_ci

컴파일 및 설치

[root@172-16-11-100 target]# make 
[root@172-16-11-100 target]# make install

권한 수정 및 tmp, logs 디렉토리 생성

[root@172-16-11-100 target]# mkdir /data/apps/src/mariadb-10.3.23/tmp /data/apps/src/mariadb-10.3.23/logs
[root@172-16-11-100 target]# chown -Rf maria. /data/apps/src/mariadb-10.3.23
[root@172-16-11-100 target]# chmod -Rf 700 /data/apps/src/mariadb-10.3.23/bin/*

심볼릭 링크 생성

[root@172-16-11-100 target]# ln -s /data/apps/src/mariadb-10.3.23 /data/apps/ln/mariadb

mariadb 설정파일 편집

설치 테스트를 위한 서버는 메모리 8GB 로 되어 있으며, 아래 설정은 해당서버 기준으로 대략적으로 셋팅한 값이므로, 본인의 서버 사양에 맞게 적절히 옵션을 수정해 주셔야 합니다.
: vi /data/apps/src/mariadb-10.3.23/etc/my.cnf

[client]
port    = 3306
socket  = /data/apps/ln/mariadb/mysql.sock

[mysql]
no_auto_rehash

[myisamchk]
aria_pagecache_buffer_size = 64M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

[mysqldump]
quick
max_allowed_packet = 1024M

[mysqld_safe]
open_files_limit = 8000
user = maria

[mysqld]
user = maria
port = 3306
extra_port = 13306
extra_max_connections = 5
bind-address = 0.0.0.0

socket   = /data/apps/ln/mariadb/mysql.sock
pid-file = /data/apps/ln/mariadb/mysqld.pid
tmpdir   = /data/apps/ln/mariadb/tmp

log_warnings = 2
log-error    = /data/apps/ln/mariadb/logs/mysqld.log

slow_query_log      = 1
long_query_time     = 3
slow_query_log_file = /data/apps/ln/mariadb/logs/mysqld-slow.log

# replication setting
server-id        = 1
log-bin          = mariadb-bin
log-bin-index    = mariadb-bin.index
expire_logs_days = 1
max_binlog_size  = 1024M
binlog_format    = row
gtid_strict_mode = 1

event_scheduler  = ON
log-bin-trust-function-creators = 1

max_allowed_packet      = 1024M
default_storage_engine  = InnoDB
character-set-server    = utf8mb4

skip-name-resolve
local-infile         = OFF

back_log             = 1500
max_connections      = 2500
max_user_connections = 0
thread_cache_size    = 64
wait_timeout         = 300
interactive_timeout  = 350

thread_pool_size         = 4
thread_handling          = pool-of-threads
thread_pool_max_threads  = 1024
thread_pool_idle_timeout = 120

tmp_table_size             = 256M
table_open_cache           = 70000
myisam_sort_buffer_size    = 64M
max_heap_table_size        = 256M

innodb_data_home_dir      = /data/apps/ln/mariadb/data
innodb_log_group_home_dir = /data/apps/ln/mariadb/data
innodb_data_file_path     = ibdata1:2048M;ibdata2:2048M:autoextend

# files
innodb_file_per_table
innodb_log_file_size      = 832M
innodb_log_files_in_group = 2
innodb_open_files         = 4000
innodb_undo_tablespaces   = 4

# buffers
innodb_buffer_pool_dump_at_shutdown = 1
innodb_buffer_pool_load_at_startup  = 1
innodb_buffer_pool_size             = 6656M
innodb_buffer_pool_instances        = 6
innodb_log_buffer_size              = 64M

# tune
innodb_doublewrite             = 1
innodb_thread_concurrency      = 0
innodb_flush_log_at_trx_commit = 0
innodb_flush_method            = O_DIRECT_NO_FSYNC
innodb_max_dirty_pages_pct     = 30
innodb_max_dirty_pages_pct_lwm = 3
innodb_lru_scan_depth          = 2048
join_buffer_size               = 512K
sort_buffer_size               = 512K
innodb_use_native_aio          = 1
innodb_stats_persistent        = 1
innodb_adaptive_flushing       = 1
innodb_flush_neighbors         = 0
innodb_read_io_threads         = 16
innodb_write_io_threads        = 16
innodb_io_capacity             = 1500
innodb_io_capacity_max         = 2500
innodb_purge_threads           = 4
innodb_adaptive_hash_index     = 0
max_prepared_stmt_count        = 500000
innodb_monitor_enable = '%'
performance_schema = ON

systemd 파일생성
: vi /usr/lib/systemd/system/mariadb.service

[Unit]
Description=MariaDB Database Server
Documentation=man:mysqld(8)
Documentation=https://mariadb.com/kb/en/library/systemd/
After=network.target

[Service]
Environment=PATH=/usr/bin:/usr/sbin/:/data/apps/ln/mariadb/bin/
Environment=LD_LIBRARY_PATH=/usr/local/openssl-1.1.1g/lib/
Type=notify
PrivateNetwork=false
CapabilityBoundingSet=CAP_IPC_LOCK
ProtectSystem=full
PrivateDevices=true
ProtectHome=true
PermissionsStartOnly=true

KillSignal=SIGTERM
SendSIGKILL=no

User=maria
Group=maria
UMask=007
PIDFile=/data/apps/ln/mariadb/mysqld.pid

LimitNOFILE=infinity
LimitNPROC=4096
LimitCORE=infinity
PermissionsStartOnly=true
PrivateTmp=true
OOMScoreAdjust=-600
ExecStartPre=sync
ExecStartPre=sysctl -q -w vm.drop_caches=3
ExecStart=/data/apps/ln/mariadb/bin/mysqld --defaults-file=/data/apps/ln/mariadb/etc/my.cnf --plugin-dir=/data/apps/ln/mariadb/lib/plugin --pid-file=/data/apps/ln/mariadb/mysqld.pid

Restart=on-abort
RestartSec=5s
TimeoutStartSec=900
TimeoutStopSec=900

[Install]
WantedBy=multi-user.target
Alias=maria.service
Alias=mysql.service
Alias=mysqld.service

systemd 등록 및 실행

[root@172-16-11-100 target]# systemctl enable mariadb
[root@172-16-11-100 target]# systemctl start mariadb

TIP. MysqlTuner 를 이용하여 자신의 서버에 맞게 옵션 튜닝