MySQL Installation and Configuration

Installing MySQL Server

The TeamDrive Hosting Service requires a MySQL database to store its information. This document assumes that the MySQL instance runs on the same host as the Host Server itself, connecting to it via the local socket file.

Alternatively, it’s possible to use an external MySQL Server. In this case, you need to make sure that this external MySQL instance is reachable via TCP from the Host Server (usually via TCP port 3306) and that the teamdrive MySQL user account is defined correctly (e.g. the MySQL username in the remote database would become teamdrive@hostserver.yourdomain.com instead of teamdrive@localhost).

Most MySQL installations usually do not allow the root user to log in from a remote host. In this case the installation script is unable to create the dedicated teamdrive user automatically and you need to perform this step manually before performing the installation of the TeamDrive Hosting Service databases.

Especially the correct definition of the host part is critical, as MySQL considers username@hostserver and username@hostserver.yourdomain.com as two different user accounts.

Install the MySQL Client and Server packages from the default repository:

dnf install mysql mysql-server

For reliablility and performance reasons, we recommend placing the MySQL data directory /var/lib/mysql on a dedicated file system or storage volume.

The default maximum file handle limit in CentOS 7/8 is 1024 which might be to less for the amount of file handles and database connections for the TeamDrive apache module. The amount of file handles can be calculated: tables (currently 26) x 2 (2 files per table) x apache processes x 2 (for restarting the apache). For less than 100 users it will be 26 x 2 x 20 x 2 = 2080 file handles, for 500 users 26 x 2 x 50 x 2 = 2200 file handles and for more than 1000 users 26 x 150 x 2 = 15600

To be save, we increase the value to 65535 in the following three configuration files.

First: Edit /etc/sysctl.conf and add the below line, save and exit:

fs.file-max = 65535

Second: Increase the hard and soft limits in /etc/security/limits.conf. Add the below lines before the #End, save and exit:

* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535

After the change execute:

sysctl -p

Third: For MySQL, create an override file for the service:

mkdir -pv /etc/systemd/system/mysqld.service.d
echo "LimitNOFILE=65535" >> /etc/systemd/system/mysqld.service.d/override.conf
echo "LimitNPROC=65535" >> /etc/systemd/system/mysqld.service.d/override.conf

After the change execute:

systemctl daemon-reload

Start the MySQL server now:

[root@hostserver ~ ]# service mysqld start
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h hostinstalltest.local password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

Run the secure installation script and follow the recommendations. Make sure to create a password for the MySQL root user and take note of it:

[root@hostserver ~ ]# mysql_secure_installation

    Securing the MySQL server deployment.

    Connecting to MySQL using a blank password.

    VALIDATE PASSWORD COMPONENT can be used to test passwords
    and improve security. It checks the strength of password
    and allows the users to set only those passwords which are
    secure enough. Would you like to setup VALIDATE PASSWORD component?

    Press y|Y for Yes, any other key for No: No
    Please set the password for root here.

    New password: <mysql_root_pw>

    Re-enter new password: <mysql_root_pw>
    By default, a MySQL installation has an anonymous user,
    allowing anyone to log into MySQL without having to have
    a user account created for them. This is intended only for
    testing, and to make the installation go a bit smoother.
    You should remove them before moving into a production
    environment.

    Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
    Success.


    Normally, root should only be allowed to connect from
    'localhost'. This ensures that someone cannot guess at
    the root password from the network.

    Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
    Success.

    By default, MySQL comes with a database named 'test' that
    anyone can access. This is also intended only for testing,
    and should be removed before moving into a production
    environment.


    Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
     - Dropping test database...
    Success.

     - Removing privileges on test database...
    Success.

    Reloading the privilege tables will ensure that all changes
    made so far will take effect immediately.

    Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
    Success.

    All done!

MySQL is now up and running and you can proceed with creating the teamdrive user and the MySQL databases required for the TeamDrive Host Server.

Creating TeamDrive MySQL User and Databases

The TeamDrive Hosting Service requires two MySQL databases hostapilog and pspace, which will be accessed using a dedicated teamdrive MySQL user.

The Host Server installation package ships with a script that performs the required configuration steps:

  • Modify the local configuration file /etc/my.cnf, start and enable MySQL Server at system bootup (only when using a local MySQL Server)
  • Create the MySQL user account teamdrive, assign the provided password and assign the necessary database privileges (requires access to the MySQL root account)
  • Create and populate the required Hosting Service MySQL databases
  • Modify the local Host Server configuration file /etc/td-hostserver.my.cnf

The following example assumes that the MySQL database is located on the same system where the TeamDrive Host Server instance is installed.

You need to have the following information available:

  • The password of the MySQL root user account you defined while running mysql_secure_installation
  • The password that you want to assign to the teamdrive user

The script is part of the td-hostserver package and is installed in /opt/teamdrive/hostserver/mysql/mysql_install.sh. Call it as the root user and follow the instructions:

[root@hostserver ~]# /opt/teamdrive/hostserver/mysql/mysql_install.sh

TeamDrive Hosting Service MySQL Database Install Script
-------------------------------------------------------

Configuring MySQL database for TeamDrive Hosting Service
version 3.5.x.0

This script will perform the following steps:

 - Modify the local configuration file /etc/my.cnf,
   start and enable MySQL Server
   (only when MySQL Server runs locally)
 - Create the required MySQL user "teamdrive",
   assign the provided password and the required
   database privileges
   (requires access to the MySQL root account)
 - Create and populate the required Hosting Service
   MySQL databases
 - Modify the local Host Server configuration file
   /etc/td-hostserver.my.cnf

Enter MySQL hostname: localhost
Enter MySQL root password for localhost: <mysql_root_pw>
Enter MySQL password to be set for user teamdrive: <td_pw>

mysqld (pid  7490) is running...
Stopping mysqld:                                           [  OK  ]
Changing local MySQL Server configuration...
Backing up existing configuration file /etc/my.cnf...
`/etc/my.cnf' -> `/etc/my.cnf-2015-05-19-17:19.bak'
Starting and enabling MySQL Server...
Starting mysqld:                                           [  OK  ]
Trying to connect to the MySQL server as root...
+---------------+
| MySQL Version |
+---------------+
| 5.1.73        |
+---------------+
Creating teamdrive MySQL user on localhost
Trying to connect to the MySQL server as the teamdrive user...
Creating Hosting Service databases...
Updating /etc/td-hostserver.my.cnf...
Backing up existing configuration file ...
`/etc/td-hostserver.my.cnf' -> `/etc/td-hostserver.my.cnf-2015-05-19-17:19.bak'

Finished!
The MySQL configuration for TeamDrive Hosting Service
version 3.5.x.0 is now complete.

The MySQL database is now properly configured and populated. As a final test, try logging into the MySQL database from the Host Server system, using the teamdrive user account and the password you defined — you should be able to see and access the TeamDrive Hosting Service databases:

[root@hostserver ~]# mysql -u teamdrive -p<password>
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.1.71 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| hostapilog         |
| pspace             |
+--------------------+
3 rows in set (0.00 sec)

mysql> QUIT
Bye

CentOS Hardening

We recommend to harden the CentOS system as described in TeamDrive Server Hardening.

The script can be retrieved from TeamDrive Systems.