Automation the Lazy Way
A Simple MySQL Build For Postfix
The LazyITDude
August 7, 2023
Uncategorized

Pre-Requisites

For this build, we will create a Fedora 38 server on Proxmox and prep it to connect to the Postfix mail server which is already started. Our server is initially setup with the following hardware stats:

The system connects to a backend iSCSI block setup for the simplicity of database storage. It is recommended for any database build (MySQL, Oracle, PostgreSQL, Microsoft, etc.) to separate the data and log files onto their own separate storage. Since this is just a simple build to demonstrate an internal mail system, we are putting the data and logs on the same disk. It should also be noted that we are only setting 2GB of memory since this is designed for internal use only. We will use this for later blogs related to a bigger Kubernetes/Openshift project. Once the hardware is defined, we need to install Fedora.

Operating System Install

I'm including it here just as a listing of manual steps which could be put into an automated form. We are starting with Fedora 38 and after picking the "Install Fedora" option, you are presented with the following:

For this, I will pick English across the board and click "Continue." In the next window pick the Installation Destination:

Pick the drive (if you have more than one) to install the system on:

I chose "Custom" storage configuration to set up the drives using best practices:

This is the base partitioning scheme which can be added later since we are using LVM:

The final screen for the drive setup:

Next, click on "Network and Hostname" and create your hostname for the machine. Make sure it is in your DNS first (instructions not included here):

Once you are finished, click "Done."

Now you want to create a user by clicking the "User Creation" icon on the left side of the screen. We are not showing this here, but only a username and password need to be created. Click "Done" when finished.

Click on "Root Account," enable the root user (you may not want to, but for a test server you can) and set a password as below:

Next, we click "Software Selection" and change it to the below. The changes are to remove the graphical environment since it's a server and allow us to install only what is absolutely needed.

Click "Done" when finished.

Click on "Begin Installation" when ready.

The installation will run. You will only need to reboot when it tells you to.

Click on "Reboot System"

Once we reboot, we need to login via ssh:

Check the firewall status and what services are currently allowed through:

sudo systemctl status firewalld

sudo firewall-cmd --list-services

In order to make sure your soon to be mysql installation is accessible remotely, add the following two commands:

sudo firewall-cmd --zone=public --add-port=3306/tcp

sudo firewall-cmd --runtime-to-permanent

You should also go ahead and reload the firewall rules by typing:

sudo systemctl reload firewalld

Just so things are up to date and patches are applied before installing MySQL, run "sudo dnf update."

When the update is complete, if the update upgraded the kernel, reboot.

Now we are finally ready to to do the MySQL install:

sudo dnf install community-mysql-server (you can add -y if you don't want prompts):

Even though we have installed MySQL, we need to check whether it is running.

As you can see, the service is installed, but not started. This gives us a chance to check the configuration and version. Let's check the version first:

At the command prompt type mysql --version

You should see something like the following:

Let's go ahead and start the service:

Type this command: sudo systemctl enable mysqld

Now that we've done a basic install of MySQL, let's secure it to start setting up some armor around the installation. The default installation of MySQL has weak passwords or no passwords which makes it easy to hack. In a development instance, we can let this go, but if this system will be used for production or you wish to mirror your production, it is highly encouraged to secure the database server.

Start the MySQL service by typing: sudo systemctl start mysqld

To begin, type sudo mysql_secure_installation at the prompt:

You may select from 3 different types of passwords. If you are in a highly secured environment, select "2," otherwise, select "1" where you only need 8 characters which must have at least one numeric, one mixed case set, and one special character.

Enter your password as above, re-enter it, and select "y"

Next, you will be asked to remove anonymous users, disable temporary passwords, and whether to reload the tables. Select "y" to each:

We made it the end of the installation! *well, almost...

There is one last step we need to complete. Now that the installation is secured, we cannot log in remotely as "root." We need to create a user with administrative privileges so we can administer it through MySQL Workbench or another tool. Login at the shell with mysql -u root -p and enter the password you created earlier for root:

Let's create a user to administrate the system:

CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

Finally, grant all privileges to the user:

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost';

And that's it! You can now log in with mysql -u username -p to administrate the server, create new users, create databases, or whatever else you need to do. Have fun with your new server!

🔖Tags: Database Databases mysql postfix
Share on Facebook
Share on Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *