Documentation Home
MySQL 8.0 参考手册  / 第 6 章 安全  / 6.4 安全组件和插件  / 6.4.7 MySQL 企业防火墙  /  6.4.6.2 安装或卸载 MySQL 企业防火墙

6.4.6.2 安装或卸载 MySQL 企业防火墙

MySQL Enterprise Firewall 安装是一种一次性操作,它安装第 6.4.6.1 节,“MySQL Enterprise Firewall的元素”中描述的元素。可以使用图形界面或手动执行安装:

  • 在 Windows 上,MySQL Installer 包含一个为您启用 MySQL Enterprise Firewall 的选项。

  • MySQL Workbench 6.3.4 或更高版本可以安装 MySQL Enterprise Firewall,启用或禁用已安装的防火墙,或者卸载防火墙。

  • 手动 MySQL Enterprise Firewall 安装涉及运行位于shareMySQL 安装目录中的脚本。

重要的

在按照其说明进行操作之前,请阅读整个部分。该过程的某些部分因您的环境而异。

笔记

如果安装,MySQL Enterprise Firewall 会涉及一些最小的开销,即使在禁用时也是如此。为避免这种开销,请不要安装防火墙,除非您打算使用它。

笔记

MySQL Enterprise Firewall 不与查询缓存一起工作。如果启用了查询缓存,请在安装防火墙之前将其禁用(请参阅第 8.10.3.3 节,“查询缓存配置”)。

有关使用说明,请参阅第 6.4.6.3 节,“使用 MySQL 企业防火墙”。有关参考信息,请参阅 第 6.4.6.4 节,“MySQL 企业防火墙参考”

安装 MySQL 企业防火墙

如果已经从旧版本的 MySQL 安装了 MySQL Enterprise Firewall,请使用本节后面给出的说明将其卸载,然后在安装当前版本之前重新启动服务器。在这种情况下,还需要重新注册您的配置。

On Windows, you can use MySQL Installer to install MySQL Enterprise Firewall, as shown in Figure 6.2, “MySQL Enterprise Firewall Installation on Windows”. Check the Enable MySQL Enterprise Firewall check box. (Open Firewall port for network access has a different purpose. It refers to Windows Firewall and controls whether Windows blocks the TCP/IP port on which the MySQL server listens for client connections.)

Figure 6.2 MySQL Enterprise Firewall Installation on Windows

内容在周围的文字中描述。

To install MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface.

To install MySQL Enterprise Firewall manually, look in the share directory of your MySQL installation and choose the script that is appropriate for your platform. The available scripts differ in the suffix used to refer to the plugin library file:

  • win_install_firewall.sql: Choose this script for Windows systems that use .dll as the file name suffix.

  • linux_install_firewall.sql: Choose this script for Linux and similar systems that use .so as the file name suffix.

The installation script creates stored procedures in the default database, so choose a database to use. Then run the script as follows, naming the chosen database on the command line. The example here uses the mysql system database and the Linux installation script. Make the appropriate substitutions for your system.

$> mysql -u root -p mysql < linux_install_firewall.sql
Enter password: (enter root password here)
Note

As of MySQL 5.7.21, for a new installation of MySQL Enterprise Firewall, InnoDB is used instead of MyISAM for the firewall tables. For upgrades to 5.7.21 or higher of an installation for which MySQL Enterprise Firewall is already installed, it is recommended that you alter the firewall tables to use InnoDB:

ALTER TABLE mysql.firewall_users ENGINE=InnoDB;
ALTER TABLE mysql.firewall_whitelist ENGINE=InnoDB;
Note

To use MySQL Enterprise Firewall in the context of source/replica replication, Group Replication, or InnoDB Cluster, you must use MySQL 5.7.21 or higher, and ensure that the firewall tables use InnoDB as just described. Then you must prepare the replica nodes prior to running the installation script on the source node. This is necessary because the INSTALL PLUGIN statements in the script are not replicated.

  1. On each replica node, extract the INSTALL PLUGIN statements from the installation script and execute them manually.

  2. On the source node, run the installation script as described previously.

Installing MySQL Enterprise Firewall either using a graphical interface or manually should enable the firewall. To verify that, connect to the server and execute this statement:

mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode';
+---------------------+-------+
| Variable_name       | Value |
+---------------------+-------+
| mysql_firewall_mode | ON    |
+---------------------+-------+

If the plugin fails to initialize, check the server error log for diagnostic messages.

Uninstalling MySQL Enterprise Firewall

MySQL Enterprise Firewall can be uninstalled using MySQL Workbench or manually.

To uninstall MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface, in Chapter 29, MySQL Workbench.

要手动卸载 MySQL Enterprise Firewall,请执行以下语句。使用语句IF EXISTS 是因为,根据以前安装的防火墙版本,某些对象可能不存在。

DROP TABLE IF EXISTS mysql.firewall_users;
DROP TABLE IF EXISTS mysql.firewall_whitelist;

UNINSTALL PLUGIN MYSQL_FIREWALL;
UNINSTALL PLUGIN MYSQL_FIREWALL_USERS;
UNINSTALL PLUGIN MYSQL_FIREWALL_WHITELIST;

DROP FUNCTION IF EXISTS mysql_firewall_flush_status;
DROP FUNCTION IF EXISTS normalize_statement;
DROP FUNCTION IF EXISTS read_firewall_users;
DROP FUNCTION IF EXISTS read_firewall_whitelist;
DROP FUNCTION IF EXISTS set_firewall_mode;

DROP PROCEDURE IF EXISTS mysql.sp_reload_firewall_rules;
DROP PROCEDURE IF EXISTS mysql.sp_set_firewall_mode;