MySQL Enterprise Firewall 安装是一种一次性操作,它安装第 6.4.6.1 节,“MySQL Enterprise Firewall的元素”中描述的元素。可以使用图形界面或手动执行安装:
在 Windows 上,MySQL Installer 包含一个为您启用 MySQL Enterprise Firewall 的选项。
MySQL Workbench 6.3.4 或更高版本可以安装 MySQL Enterprise Firewall,启用或禁用已安装的防火墙,或者卸载防火墙。
手动 MySQL Enterprise Firewall 安装涉及运行位于
share
MySQL 安装目录中的脚本。
在按照其说明进行操作之前,请阅读整个部分。该过程的某些部分因您的环境而异。
如果安装,MySQL Enterprise Firewall 会涉及一些最小的开销,即使在禁用时也是如此。为避免这种开销,请不要安装防火墙,除非您打算使用它。
MySQL Enterprise Firewall 不与查询缓存一起工作。如果启用了查询缓存,请在安装防火墙之前将其禁用(请参阅第 8.10.3.3 节,“查询缓存配置”)。
有关使用说明,请参阅第 6.4.6.3 节,“使用 MySQL 企业防火墙”。有关参考信息,请参阅 第 6.4.6.4 节,“MySQL 企业防火墙参考”。
如果已经从旧版本的 MySQL 安装了 MySQL Enterprise Firewall,请使用本节后面给出的说明将其卸载,然后在安装当前版本之前重新启动服务器。在这种情况下,还需要重新注册您的配置。
On Windows, you can use MySQL Installer to install MySQL Enterprise Firewall, as shown in Figure 6.2, “MySQL Enterprise Firewall Installation on Windows”. Check the Enable MySQL Enterprise Firewall check box. (Open Firewall port for network access has a different purpose. It refers to Windows Firewall and controls whether Windows blocks the TCP/IP port on which the MySQL server listens for client connections.)
To install MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface.
To install MySQL Enterprise Firewall manually, look in the
share
directory of your MySQL
installation and choose the script that is appropriate for
your platform. The available scripts differ in the suffix used
to refer to the plugin library file:
win_install_firewall.sql
: Choose this script for Windows systems that use.dll
as the file name suffix.linux_install_firewall.sql
: Choose this script for Linux and similar systems that use.so
as the file name suffix.
The installation script creates stored procedures in the
default database, so choose a database to use. Then run the
script as follows, naming the chosen database on the command
line. The example here uses the mysql
system database and the Linux installation script. Make the
appropriate substitutions for your system.
$> mysql -u root -p mysql < linux_install_firewall.sql
Enter password: (enter root password here)
As of MySQL 5.7.21, for a new installation of MySQL Enterprise Firewall,
InnoDB
is used instead of
MyISAM
for the firewall tables. For
upgrades to 5.7.21 or higher of an installation for which
MySQL Enterprise Firewall is already installed, it is recommended that you
alter the firewall tables to use InnoDB
:
ALTER TABLE mysql.firewall_users ENGINE=InnoDB;
ALTER TABLE mysql.firewall_whitelist ENGINE=InnoDB;
To use MySQL Enterprise Firewall in the context of source/replica replication,
Group Replication, or InnoDB Cluster, you must use MySQL
5.7.21 or higher, and ensure that the firewall tables use
InnoDB
as just described. Then you must
prepare the replica nodes prior to running the installation
script on the source node. This is necessary because the
INSTALL PLUGIN
statements in
the script are not replicated.
On each replica node, extract the
INSTALL PLUGIN
statements from the installation script and execute them manually.On the source node, run the installation script as described previously.
Installing MySQL Enterprise Firewall either using a graphical interface or manually should enable the firewall. To verify that, connect to the server and execute this statement:
mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode';
+---------------------+-------+
| Variable_name | Value |
+---------------------+-------+
| mysql_firewall_mode | ON |
+---------------------+-------+
If the plugin fails to initialize, check the server error log for diagnostic messages.
MySQL Enterprise Firewall can be uninstalled using MySQL Workbench or manually.
To uninstall MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface, in Chapter 29, MySQL Workbench.
要手动卸载 MySQL Enterprise Firewall,请执行以下语句。使用语句IF EXISTS
是因为,根据以前安装的防火墙版本,某些对象可能不存在。
DROP TABLE IF EXISTS mysql.firewall_users;
DROP TABLE IF EXISTS mysql.firewall_whitelist;
UNINSTALL PLUGIN MYSQL_FIREWALL;
UNINSTALL PLUGIN MYSQL_FIREWALL_USERS;
UNINSTALL PLUGIN MYSQL_FIREWALL_WHITELIST;
DROP FUNCTION IF EXISTS mysql_firewall_flush_status;
DROP FUNCTION IF EXISTS normalize_statement;
DROP FUNCTION IF EXISTS read_firewall_users;
DROP FUNCTION IF EXISTS read_firewall_whitelist;
DROP FUNCTION IF EXISTS set_firewall_mode;
DROP PROCEDURE IF EXISTS mysql.sp_reload_firewall_rules;
DROP PROCEDURE IF EXISTS mysql.sp_set_firewall_mode;