docker Mysql:5.7的持久化存儲及遠程連接

1. 前置條件:

• 華爲雲 centos7.5 環境下
• docker 已經安裝完成
• docker 服務已經啓動

2. 拉取mysql:5.7的docker鏡像

[root@laoliu mysql5.7]# docker pull mysql:5.7  # 使用這個命令拉取mysql鏡像
Trying to pull repository docker.io/library/mysql ... 
5.7: Pulling from docker.io/library/mysql
fc7181108d40: Pull complete 
787a24c80112: Pull complete 
a08cb039d3cd: Pull complete 
4f7d35eb5394: Pull complete 
5aa21f895d95: Pull complete 
a742e211b7a2: Pull complete 
0163805ad937: Pull complete 
62d0ebcbfc71: Pull complete 
559856d01c93: Pull complete 
c849d5f46e83: Pull complete 
f114c210789a: Pull complete 
Digest: sha256:c3594c6528b31c6222ba426d836600abd45f554d078ef661d3c882604c70ad0a
Status: Downloaded newer image for docker.io/mysql:5.7
[root@laoliu mysql5.7]# docker images   # 查看鏡像
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/mysql     5.7                 a1aa4f76fab9        11 days ago         373 MB
[root@laoliu mysql5.7]# 

3. 預先配置

• 配置好本地的文件目錄

[root@laoliu mysql5.7]# mkdir -p /home/project/mysql5.7/{data,conf}
[root@laoliu mysql5.7]# ll
total 0
drwxr-xr-x. 2 root root 6 Mar 10 10:01 conf
drwxr-xr-x. 2 root root 6 Mar 10 10:01 data
[root@laoliu mysql5.7]# pwd
/home/project/mysql5.7

4. 建立配置文件

• 坑1: 配置文件最好是以.cnf作爲後綴, 試過以.conf後綴, 可以啓動mysql, 但配置文件不起作用.
• 坑2: 修改完配置文件, 記得docker restart containername 一下

[root@laoliu conf]# pwd
/home/project/mysql5.7/conf
[root@laoliu conf]# cat mysql5.7.cnf  # 注意這裏, 我是已配置好了`mysql5.7.cnf`, 使用cat命令只是爲了查看這個文件的內容.
[client]
default-character-set=utf8
 
[mysql]
default-character-set=utf8
 
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
# default: sql_mode= STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
# modeified: 
sql_mode= STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
max_allowed_packet=10M
default-time_zone='+8:00'

[root@laoliu conf]# 

5. 運行命令

[root@laoliu conf]# docker run -d -p 3306:3306 --restart=always --privileged=true -v /home/project/mysql5.7/conf:/etc/mysql/conf.d -v /home/project/mysql5.7/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql5.7  mysql:5.7
e2c88740425a9b3eecfb3945e632255776e0fe636b008715f1444c8b8e7fd613
# 查看 容器運行狀態
[root@laoliu conf]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
e2c88740425a        mysql:5.7           "docker-entrypoint..."   8 seconds ago       Up 7 seconds        0.0.0.0:3306->3306/tcp, 33060/tcp   mysql5.7
# 查看 容器運行狀態
[root@laoliu conf]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
e2c88740425a        mysql:5.7           "docker-entrypoint..."   19 seconds ago      Up 18 seconds       0.0.0.0:3306->3306/tcp, 33060/tcp   mysql5.7
[root@laoliu conf]# 

• docker run是啓動容器的命令；

  • --restart=always: 配置此項後, 當 Docker 重啓時，容器總是可以自動啓動, 其它參數可以參考:[no,on-failure,always]

    • 1.no爲默認值，表示容器退出時，docker不自動重啓容器
    • 2.on-failure表示，若容器的退出狀態非0，則docker自動重啓容器,還可以指定重啓次數，若超過指定次數未能啓動容器則放棄：
    • 3.always表示，只要容器退出，則docker將自動重啓容器

  • --privileged=true : 使用該參數，container內的root擁有真正的root權限, 否則，container內的root只是外部的一個普通用戶權限

  • --name：指定了容器的名稱，方便之後進入容器的命令行

  • -d：d指的是在後臺運行。 也可以使用-idt，i是交互式操作，t是一個終端，

  • -p：指在本地生成一個隨機端口，用來映射mysql的3306端口

  • -e：設置環境變量

  • MYSQL_ROOT_PASSWORD=emc123123：指定了mysql的root密碼

  • mysql:5.7：指運行mysql鏡像及tag

  • -v :表示掛載, 持久化存儲的關鍵所在

6. 使用navicat連接mysql進行檢查

在電腦本地使用navicat連接時報錯:
Host '127.0.0.1' is not allowed to connect to this MySQL server
其實就是我們的MySQL不允許遠程登錄，所以遠程登錄失敗了，解決方法如下：

[root@laoliu conf]# docker exec -it mysql5.7 /bin/bash   #進入mysql5.7 容器

root@7e8060b03125:/# mysql -u root -p                # 登錄mysql服務器
# 在這裏輸入mysql密碼:123456
mysql> show databases;                              # 查看數據庫
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.09 sec)
mysql> select host, user,plugin,authentication_string from mysql.user;
+-----------+---------------+-----------------------+-------------------------------------------+
| host      | user          | plugin                | authentication_string                     |
+-----------+---------------+-----------------------+-------------------------------------------+
| localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| %         | root          | mysql_native_password | *50208BAA1E29F372145D89CC187279F75FBEC2CC |
+-----------+---------------+-----------------------+-------------------------------------------+
3 rows in set (0.00 sec)
# 備註：host爲 % 表示不限制ip
# localhost表示本機使用 
# plugin 非mysql_native_password則需要修改密碼

也有可能需要

mysql> update mysql.user set host='%' where user='root';     # 更新 root的 遠程登錄爲所有
Query OK, 1 row affected (0.10 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select host, user,plugin,authentication_string from mysql.user;
+-----------+---------------+-----------------------+-------------------------------------------+
| host      | user          | plugin                | authentication_string                     |
+-----------+---------------+-----------------------+-------------------------------------------+
| localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| %         | root          | mysql_native_password | *50208BAA1E29F372145D89CC187279F75FBEC2CC |
+-----------+---------------+-----------------------+-------------------------------------------+
3 rows in set (0.00 sec)
# 備註：host爲 % 表示不限制ip localhost表示本機使用 plugin非mysql_native_password 則需要修改密碼
mysql> flush privileges;                    # 刷新權限
Query OK, 0 rows affected (0.03 sec)

但是還報錯了,報錯內容不一樣了:
1045 Access denied for user 'root'@'192.168.31.43' (usingpassword:YES)
解決方法如下:

mysql> grant all privileges on *.* to root@'%' identified by '123456';    # 給用戶授權
Query OK, 0 rows affected, 1 warning (0.11 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)

mysql> 

7. 順便說下mysql給用戶授權

mysql> grant 權限1,權限2, … 權限n on 數據庫名稱.表名稱 to 用戶名@用戶地址 identified by ‘連接口令’;

權限1，權限2，… 權限n 代表 select、insert、update、delete、create、drop、index、alter、grant、references、reload、shutdown、process、file 等14個權限。
當權限1，權限2，… 權限n 被 all privileges 或者 all 代替時，表示賦予用戶全部權限。
當 數據庫名稱.表名稱 被 . 代替時，表示賦予用戶操作服務器上所有數據庫所有表的權限。
用戶地址可以是localhost，也可以是IP地址、機器名和域名。也可以用 ‘%’ 表示從任何地址連接。
‘連接口令’ 不能爲空，否則創建失敗。

舉幾個例子：
mysql> grant select,insert,update,delete,create,drop on vtdc.employee to [email protected] identified by ‘123′;
給來自10.163.225.87的用戶joe分配可對數據庫vtdc的employee表進行select,insert,update,delete,create,drop等操作的權限，並設定口令爲123。

mysql> grant all privileges on vtdc.* to [email protected] identified by ‘123′;
給來自10.163.225.87的用戶joe分配可對數據庫vtdc所有表進行所有操作的權限，並設定口令爲123。

mysql> grant all privileges on . to [email protected] identified by ‘123′;
給來自10.163.225.87的用戶joe分配可對所有數據庫的所有表進行所有操作的權限，並設定口令爲123。

mysql> grant all privileges on . to joe@localhost identified by ‘123′;
給本機用戶joe分配可對所有數據庫的所有表進行所有操作的權限，並設定口令爲123。

8. 連接雲端mysql

• 在華爲雲上使用docker安裝好mysql後, 電腦本地連接不上,解決過程如下:
• 前置條件: 1-7都已經調試完成

# 前置條件檢查
# 檢查docker mysql 有沒有啓動
[root@ecs-s6-medium-2-linux-20191113090041 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
00d7fb16f4d1        mysql:5.7           "docker-entrypoint..."   23 hours ago        Up 23 hours         0.0.0.0:3306->3306/tcp, 33060/tcp   mysql5.7

# 果然已經停了, 那就重啓它
[root@ecs-s6-medium-2-linux-20191113090041 ~]# docker restart 00d7fb16f4d1
00d7fb16f4d1

# 現在mysql5.7服務已經啓動
[root@ecs-s6-medium-2-linux-20191113090041 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
00d7fb16f4d1        mysql:5.7           "docker-entrypoint..."   23 hours ago        Up 7 seconds        0.0.0.0:3306->3306/tcp, 33060/tcp   mysql5.7
[root@ecs-s6-medium-2-linux-20191113090041 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
00d7fb16f4d1        mysql:5.7           "docker-entrypoint..."   23 hours ago        Up 14 seconds       0.0.0.0:3306->3306/tcp, 33060/tcp   mysql5.7

# 進入mysql5.7 容器中檢查細節
[root@ecs-s6-medium-2-linux-20191113090041 ~]# docker exec -it mysql5.7 /bin/bash
# 已經進入容器, 使用root賬戶 登陸mysql
root@00d7fb16f4d1:/# mysql -u root -p
Enter password: ##### 在這裏輸入密碼 ########
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.28 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)
# 查看數據庫用戶及其訪問權限控制
mysql> select host, user,plugin,authentication_string from mysql.user;
+-----------+---------------+-----------------------+-------------------------------------------+
| host      | user          | plugin                | authentication_string                     |
+-----------+---------------+-----------------------+-------------------------------------------+
| localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| %         | root          | mysql_native_password | *50208BAA1E29F372145D89CC187279F75FBEC2CC |
+-----------+---------------+-----------------------+-------------------------------------------+
3 rows in set (0.00 sec)

mysql> exit;
Bye
root@00d7fb16f4d1:/# exit
exit
# 至此,數據庫裏的配置及權限都已經驗證完畢, 查看mysql服務有沒有啓動
[root@ecs-s6-medium-2-linux-20191113090041 ~]# netstat -an | grep 3306
tcp6       0      0 :::3306                 :::*                    LISTEN     
# 查看防火牆是否狀態 返回running 或 not running
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --state
not running
# 關閉防火牆
[root@ecs-s6-medium-2-linux-20191113090041 ~]# systemctl stop firewalld.service
# 禁用防火牆
[root@ecs-s6-medium-2-linux-20191113090041 ~]# systemctl disable firewalld.service
# 啓動防火牆
[root@ecs-s6-medium-2-linux-20191113090041 ~]# systemctl start firewalld.service
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --state
running
# 打開3306端口
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
success
# 重載防火牆
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --reload
success
# 查看80端口是否打開
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --query-port=80/tcp
no
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success

[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --query-port=3306/tcp
yes
[root@ecs-s6-medium-2-linux-20191113090041 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
Warning: ALREADY_ENABLED: 80:tcp
success

8.2 華爲雲安全組配置

• 8 以上全部配置完成,就可以在電腦本地使用navicate premuim訪問了mysql了2