Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Using MySQL

MySQL server is a high-performance, open source relational database management system (RDBMS). It offers an SQL interface for data access and includes advanced features, such as support for multiple storage engines.

Learn how to install and configure MySQL on a RHEL system, how to back up MySQL data, how to migrate from an earlier MySQL version, and how to replicate a MySQL.

3.1. Installing MySQL
Copy link

RHEL 9 provides MySQL 8.0 as the initial version of the Application Stream, which you can install as an RPM package. Additional MySQL versions are provided as modules with a shorter life cycle in minor releases of RHEL 9.

In RHEL 9, the MySQL server is available in the following versions, each provided by a separate stream:

  • MySQL 8.0
  • MySQL 8.4 - available since RHEL 9.6
Important

By design, you can install only one version (stream) of the same module and, because of conflicting RPM packages, you cannot install MariaDB and MySQL on the same host. As an alternative, you can run the database server services in a container. See Using containers to run multiple MariaDB and MySQL instances on a single host.

Procedure

  1. Install the MySQL server packages:

    • For MySQL 8.0 from the RPM package, enter: 

      # dnf install mysql-server

    • For MySQL 8.4 by selecting the 8.4 stream from the mysql module and specifying the server profile: 

      # dnf module install mysql:8.4/server

  2. Enable and start the mysqld service: 

    # systemctl enable --now mysqld.service

  3. Improve the security: 

    $ mysql_secure_installation

    The command launches a fully interactive script, which prompts for each step in the process. The script enables you to improve security in the following ways:

    • Setting a password for root accounts
    • Removing anonymous users
    • Disallowing remote root logins (outside the local host)

If you install MariaDB or MySQL from packages, you can only run one of these services and only a single version of it on the same host. As an alternative, you can run the services in a container.

You can configure the following scenarios:

  • You want to run multiple instances of MariaDB or MySQL on the same host.
  • You want to run both MariaDB and MySQL on the same host.
Note

The container names and host ports of the database servers must differ.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Use your Red Hat Customer Portal account to authenticate to the registry.redhat.io registry: 

    # podman login registry.redhat.io

    Skip this step if you are already logged in to the container registry.

  2. Run MySQL 8.0 in a container: 

    $ podman run -d --name <container_name> -e MYSQL_ROOT_PASSWORD=<mysql_root_password> -p <host_port_1>:3306 rhel9/mysql-80

    For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

  3. Run MySQL 8.4 in a container: 

    $ podman run -d --name <container_name> -e MYSQL_ROOT_PASSWORD=<mysql_root_password> -p <host_port_2>:3306 rhel9/mysql-84

    For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

  4. Run MariaDB 10.5 in a container: 

    $ podman run -d --name <container_name> -e MYSQL_ROOT_PASSWORD=<mariadb_root_password> -p <host_port_3>:3306 rhel9/mariadb-105

    For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

  5. Run MariaDB 10.11 in a container: 

    $ podman run -d --name <container_name> -e MYSQL_ROOT_PASSWORD=<mariadb_root_password> -p <host_port_4>:3306 rhel9/mariadb-1011

    For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

  6. To ensure that clients can access the database server on the network, open the host ports in the firewall: 

    # firewall-cmd --permanent --add-port={<host_port_1>/tcp,<host_port_2>/tcp,<host_port_3>/tcp,<host_port_4>/tcp,...}
# firewall-cmd --reload

Verification

  1. Display information about running containers: 

    $ podman ps

  2. Connect to the database server and log in as root: 

    # mysql -u root -p -h localhost -P <host_port> --protocol tcp

3.3. Configuring MySQL
Copy link

To configure the MySQL server for networking, use the following procedure.

Procedure

  1. Edit the [mysqld] section of the /etc/my.cnf.d/mysql-server.cnf file. You can set the following configuration directives:

    • bind-address - is the address on which the server listens. Possible options are:

      • a host name
      • an IPv4 address
      • an IPv6 address

    • skip-networking - controls whether the server listens for TCP/IP connections. Possible values are:

      • 0 - to listen for all clients
      • 1 - to listen for local clients only
    • port - the port on which MySQL listens for TCP/IP connections.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service

3.4. Setting up TLS encryption on a MySQL server
Copy link

By default, MySQL uses unencrypted connections. For secure connections, enable TLS support on the MariaDB server and configure your clients to establish encrypted connections.

Before you can enable TLS encryption on the MySQL server, store the certificate authority (CA) certificate, the server certificate, and the private key on the MySQL server.

Prerequisites

  • The following files in Privacy Enhanced Mail (PEM) format have been copied to the server:

    • The private key of the server: server.example.com.key.pem
    • The server certificate: server.example.com.crt.pem
    • The Certificate Authority (CA) certificate: ca.crt.pem

    For details about creating a private key and certificate signing request (CSR), as well as about requesting a certificate from a CA, see your CA’s documentation.

Procedure

  1. Store the CA and server certificates in the /etc/pki/tls/certs/ directory: 

    # mv <path>/server.example.com.crt.pem /etc/pki/tls/certs/
# mv <path>/ca.crt.pem /etc/pki/tls/certs/

  2. Set permissions on the CA and server certificate that enable the MySQL server to read the files: 

    # chmod 644 /etc/pki/tls/certs/server.example.com.crt.pem /etc/pki/tls/certs/ca.crt.pem

    Because certificates are part of the communication before a secure connection is established, any client can retrieve them without authentication. Therefore, you do not need to set strict permissions on the CA and server certificate files.

  3. Store the server’s private key in the /etc/pki/tls/private/ directory: 

    # mv <path>/server.example.com.key.pem /etc/pki/tls/private/

  4. Set secure permissions on the server’s private key: 

    # chmod 640 /etc/pki/tls/private/server.example.com.key.pem
# chgrp mysql /etc/pki/tls/private/server.example.com.key.pem

    If unauthorized users have access to the private key, connections to the MySQL server are no longer secure.

  5. Restore the SELinux context: 

    # restorecon -Rv /etc/pki/tls/

By default, MySQL uses unencrypted connections. For more secure connections, you can enable Transport Layer Security (TLS) support on the MySQL server and configure your clients to establish encrypted connections.

Prerequisites

  • The MySQL server is installed.
  • The mysqld service is running.

  • The following files in Privacy Enhanced Mail (PEM) format exist on the server and are readable by the mysql user:

    • The private key of the server: /etc/pki/tls/private/server.example.com.key.pem
    • The server certificate: /etc/pki/tls/certs/server.example.com.crt.pem
    • The Certificate Authority (CA) certificate /etc/pki/tls/certs/ca.crt.pem
  • The subject distinguished name (DN) or the subject alternative name (SAN) field in the server certificate matches the server’s host name.

Procedure

  1. Create the /etc/my.cnf.d/mysql-server-tls.cnf file:

    1. Add the following content to configure the paths to the private key, server and CA certificate: 

      [mysqld]
ssl_key = /etc/pki/tls/private/server.example.com.key.pem
ssl_cert = /etc/pki/tls/certs/server.example.com.crt.pem
ssl_ca = /etc/pki/tls/certs/ca.crt.pem

    2. If you have a Certificate Revocation List (CRL), configure the MySQL server to use it: 

      ssl_crl = /etc/pki/tls/certs/example.crl.pem

    3. Optional: Reject connection attempts without encryption. To enable this feature, append: 

      require_secure_transport = on

    4. Optional: Set the TLS versions the server should support. For example, to support only TLS 1.3, append: 

      tls_version = TLSv1.3

      By default, the server supports TLS 1.2 and TLS 1.3.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service

Verification

To simplify troubleshooting, perform the following steps on the MySQL server before you configure the local client to use TLS encryption:

  1. Verify that MySQL now has TLS encryption enabled: 

    # mysql -u root -p -h <MySQL_server_hostname> -e "SHOW session status LIKE 'Ssl_cipher';"
+---------------+------------------------+
| Variable_name | Value                  |
+---------------+------------------------+
| Ssl_cipher    | TLS_AES_256_GCM_SHA384 |
+---------------+------------------------+

  2. If you configured the MySQL server to only support specific TLS versions, display the tls_version variable: 

    # mysql -u root -p -e "SHOW GLOBAL VARIABLES LIKE 'tls_version';"
+---------------+---------+
| Variable_name | Value   |
+---------------+---------+
| tls_version   | TLSv1.3 |
+---------------+---------+

  3. Verify that the server uses the correct CA certificate, server certificate, and private key files: 

    # mysql -u root -e "SHOW GLOBAL VARIABLES WHERE Variable_name REGEXP '^ssl_ca|^ssl_cert|^ssl_key';"
+-----------------+-------------------------------------------------+
| Variable_name   | Value                                           |
+-----------------+-------------------------------------------------+
| ssl_ca          | /etc/pki/tls/certs/ca.crt.pem                   |
| ssl_capath      |                                                 |
| ssl_cert        | /etc/pki/tls/certs/server.example.com.crt.pem   |
| ssl_key         | /etc/pki/tls/private/server.example.com.key.pem |
+-----------------+-------------------------------------------------+

You can configure specific MySQL accounts to require TLS-encrypted connections to protect sensitive data transmission.

If you cannot configure on the server that a secure transport is required for all connections (require_secure_transport = on), configure individual user accounts to require TLS encryption.

Prerequisites

  • The MySQL server has TLS support enabled.
  • The user you configure to require secure transport exists.
  • The CA certificate is stored on the client.

Procedure

  1. Connect as an administrative user to the MySQL server: 

    # mysql -u root -p -h server.example.com

    If your administrative user has no permissions to access the server remotely, perform the command on the MySQL server and connect to localhost.

  2. Use the REQUIRE SSL clause to enforce that a user must connect using a TLS-encrypted connection: 

    MySQL [(none)]> ALTER USER 'example'@'%' REQUIRE SSL;

Verification

  1. Connect to the server as the example user using TLS encryption: 

    # mysql -u example -p -h server.example.com
...
MySQL [(none)]>

    If no error is shown and you have access to the interactive MySQL console, the connection with TLS succeeds.

    By default, the client automatically uses TLS encryption if the server provides it. Therefore, the --ssl-ca=ca.crt.pem and --ssl-mode=VERIFY_IDENTITY options are not required, but improve the security because, with these options, the client verifies the identity of the server.

  2. Attempt to connect as the example user with TLS disabled: 

    # mysql -u example -p -h server.example.com --ssl-mode=DISABLED
ERROR 1045 (28000): Access denied for user 'example'@'server.example.com' (using password: YES)

    The server rejected the login attempt because TLS is required for this user but disabled (--ssl-mode=DISABLED).

If your MySQL server supports TLS encryption, configure your clients to establish only secure connections and to verify the server certificate. This procedure describes how to enable TLS support for all users on the server.

On RHEL, you can globally configure that the MySQL client uses TLS encryption and verifies that the Common Name (CN) in the server certificate matches the hostname the user connects to. This prevents man-in-the-middle attacks.

Prerequisites

  • The MySQL server has TLS support enabled.
  • The CA certificate is stored in the /etc/pki/tls/certs/ca.crt.pem file on the client.

Procedure

  • Create the /etc/my.cnf.d/mysql-client-tls.cnf file with the following content: 

    [client]
ssl-mode=VERIFY_IDENTITY
ssl-ca=/etc/pki/tls/certs/ca.crt.pem

    These settings define that the MySQL client uses TLS encryption and that the client compares the hostname with the CN in the server certificate (ssl-mode=VERIFY_IDENTITY). Additionally, it specifies the path to the CA certificate (ssl-ca).

Verification

  • Connect to the server using the hostname, and display the server status: 

    # mysql -u root -p -h server.example.com -e status
...
SSL:        Cipher in use is TLS_AES_256_GCM_SHA384

    If the SSL entry contains Cipher in use is…​, the connection is encrypted.

    Note that the user you use in this command has permissions to authenticate remotely.

    If the hostname you connect to does not match the hostname in the TLS certificate of the server, the ssl-mode=VERIFY_IDENTITY parameter causes the connection to fail. For example, if you connect to localhost: 

    # mysql -u root -p -h localhost -e status
ERROR 2026 (HY000): SSL connection error: error:0A000086:SSL routines::certificate verify failed

A logical backup of MySQL data consists of the SQL statements necessary to restore the data. The advantage of logical backup over physical backup is that the data can be restored on other hardware configurations and MySQL versions.

You can use the mysqldump utility to back up MySQL databases while the database server is running and store the exported data in an SQL file. Store the backup in a safe location to be able to recover it in data loss scenarios.

Frequent scenarios with mysqldump include:

  • Backing up a single database
  • Backing up multiple databases
  • Backing up all databases

The mysqldump utility stores its output in a single file. If you want to back up multiple databases and require one file per database, back up each database individually.

Note

The mysqldump utility can back up only databases. This also includes server settings stored in the mysql database. However, the utility does not back up configuration files, such as /etc/my.cnf.

Prerequisites

  • The mysqld service is running.
  • You have credentials with permissions to back up a database, for example, the root account.

Procedure

  • Create a consistent and comprehensive logical backup of databases: 

    # mysqldump -u <username> -p --routines --events --triggers --single-transaction --result-file=backup.sql --databases <database_1> <database_2>

    where:

    -u <username>
    Sets the username the utility uses to connect to the database server.
    -p
    Prompts for the password.
    --routines
    Includes stored procedures and functions in the backup.
    --events
    Includes scheduled events in the backup.
    --triggers
    Includes triggers in the backup.
    --single-transaction

    Initiates a consistent snapshot of databases with a transactional storage engine, such as InnoDB. By using a single transaction, all read operations reflect the database state at the moment the dump begins.

    If you still use a non-transactional storage engine, such as MyISAM, use the --lock-tables option instead of --single-transaction to ensure a consistent backup.

    --result-file=<output_file>
    Defines in which file mysqldump stores the output.
    --databases <list_of_databases>

    Defines the databases to back up. Alternatively, to backup all databases at once, use the --all-databases option.

    Important

    A backup of a database contains only the data from that database. It does not include user accounts or other server settings. The server stores this essential security and system information in a separate mysql system database. Therefore, you must back up mysql as well if you need to preserve these settings.

Verification

  • Restore the backup in a sandbox environment and ensure that the data is correct.

  • To load a database to a remote MySQL server, run: 

    # mysql --host=remote_host < backup-file.sql

  • To dump a subset of tables from one database, add a list of the chosen tables at the end of the mysqldump command: 

    # mysqldump [options] db_name [tbl_name ...​] > backup-file.sql

  • To load a literal,subset of tables dumped from one database, run: 

    # mysql db_name < backup-file.sql
    Note

    The db_name database must exist at this point.

  • To see a list of the options that mysqldump supports, run: 

    $ mysqldump --help

If you backed up one or multiple databases to an SQL file, you can use this file to re-create the database structure and its data.

Prerequisites

  • The mysqld service is running.
  • You have credentials with permissions to restore data, for example, the root account.

Procedure

  1. If the database you want to restore already exists and your SQL file does not contain DROP TABLE IF EXISTS statements, you must manually remove the tables or the entire database:

    • To remove a table, enter: 

      # mysql -u root -p -e "DROP TABLE <database>.<table>;"

      Repeat this command for every table that the SQL file will re-create.

    • To remove a database, enter: 

      # mysql -u root -p -e "DROP DATABASE <database>;"

      Repeat this command for every database that the SQL file will re-create.

  2. Import the SQL file: 

    # mysql -u root -p < backup.sql"

Verification

  • Connect to a MySQL database and query data, for example: 

    # mysql -u root -p <database> -e "*SELECT * FROM <table>;"

A physical backup of MySQL data contains files and directories that store the content. This method is typically faster and smaller in size.

A file system-level backup is a fast way to back up a complete MySQL instance. This method requires a shutdown of the mysqld service for data consistency.

Important

A file system-level backup is specific to an architecture and MySQL version. You cannot restore data backed up by this method on a different architecture or MySQL version.

Procedure

  1. Stop the mysqld service: 

    # systemctl stop mysqld.service

  2. Create a backup directory, for example: 

    # mkdir -p /root/mysqld-backup/{data,config}/

  3. Back up the data directory: 

    # cp -rp /var/lib/mysql/ /root/mysqld-backup/data/

  4. Back up the configuration files: 

    # cp -rp /etc/my.cnf /etc/my.cnf.d/ /root/mysqld-backup/config/

  5. Start the mysqld service: 

    # systemctl start mysqld.service

If your MySQL instance has been corrupted, and you previously performed a file system backup that includes the data directory and the configuration files, you can restore the instance from this backup.

Prerequisites

Procedure

  1. Stop the mysqld service: 

    # systemctl stop mysqld.service

  2. Remove the current /var/lib/mysql/ directory: 

    # rm -rf /var/lib/mysql/

  3. Restore the data directory from your backup: 

    # cp -rp /root/mysqld-backup/data/mysql/ /var/lib/

  4. Ensure the correct ownership of the /var/lib/mysql/ directory: 

    # chown -R mysql:mysql /var/lib/mysql/

  5. Restore the SELinux context of the /var/lib/mysql/ directory: 

    # restorecon -Rv /var/lib/mysql/

  6. Remove the current configuration files: 

    # rm -rf /etc/my.cnf /etc/my.cnf.d/

  7. Restore the configuration files from your backup: 

    # cp -rp /root/mysqld-backup/config/my.cnf /root/mysqld-backup/config/my.cnf.d/ /etc/

  8. Ensure the correct ownership of the configuration files: 

    # chown -R root:root /etc/my.cnf /etc/my.cnf.d/

  9. Restore the SELinux context of the configuration files: 

    # restorecon -Rv /etc/my.cnf /etc/my.cnf.d/

  10. Start the mysqld service: 

    # systemctl start mysqld.service

Verification

  • Connect to a MySQL database and query data, for example: 

    # mysql -u root -p <database> -e "*SELECT * FROM <table>;"

3.8. Replicating MySQL with TLS encryption
Copy link

You can set up MySQL replication with TLS encryption to create secure data replication between source and replica servers.

Warning

Replication itself is not a sufficient backup solution. Replication protects source servers against hardware failures, but it does not ensure protection against data loss.

3.8.1. Configuring a MySQL source server
Copy link

You can set configuration options required for a MySQL source server to properly run and replicate all changes made on the database server through the TLS protocol.

Prerequisites

  • The source server is installed.

  • The source server has TLS set up.

    Important

    The source and replica certificates must be signed by the same certificate authority.

Procedure

  1. Include the following options in the /etc/my.cnf.d/mysql-server.cnf file under the [mysqld] section:

    • bind-address=source_ip_adress

      This option is required for connections made from replicas to the source.

    • server-id=id

      The id must be unique.

    • log_bin=path_to_source_server_log

      This option defines a path to the binary log file of the MySQL source server. For example: log_bin=/var/log/mysql/mysql-bin.log.

    • gtid_mode=ON

      This option enables global transaction identifiers (GTIDs) on the server.

    • enforce-gtid-consistency=ON

      The server enforces GTID consistency by allowing execution of only statements that can be safely logged using a GTID.

    • Optional: binlog_do_db=db_name

      Use this option if you want to replicate only selected databases. To replicate more than one selected database, specify each of the databases separately: 

      binlog_do_db=db_name1
binlog_do_db=db_name2
binlog_do_db=db_name3

    • Optional: binlog_ignore_db=db_name

      Use this option to exclude a specific database from replication.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service

3.8.2. Configuring a MySQL replica server
Copy link

You can set configuration options required for a MySQL replica server to ensure a successful replication.

Prerequisites

  • The replica server is installed.

  • The replica server has TLS set up.

    Important

    The source and replica certificates must be signed by the same certificate authority.

Procedure

  1. Include the following options in the /etc/my.cnf.d/mysql-server.cnf file under the [mysqld] section:

    • server-id=id

      The id must be unique.

    • relay-log=path_to_replica_server_log

      The relay log is a set of log files created by the MySQL replica server during replication.

    • log_bin=path_to_replica_sever_log

      This option defines a path to the binary log file of the MySQL replica server. For example: log_bin=/var/log/mysql/mysql-bin.log.

      This option is not required in a replica but strongly recommended.

    • gtid_mode=ON

      This option enables global transaction identifiers (GTIDs) on the server.

    • enforce-gtid-consistency=ON

      The server enforces GTID consistency by allowing execution of only statements that can be safely logged using a GTID.

    • log-replica-updates=ON

      This option ensures that updates received from the source server are logged in the replica’s binary log.

    • skip-replica-start=ON

      This option ensures that the replica server does not start the replication threads when the replica server starts.

    • Optional: binlog_do_db=db_name

      Use this option if you want to replicate only certain databases. To replicate more than one database, specify each of the databases separately: 

      binlog_do_db=db_name1
binlog_do_db=db_name2
binlog_do_db=db_name3

    • Optional: binlog_ignore_db=db_name

      Use this option to exclude a specific database from replication.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service

You must create a replication user with appropriate permissions on the MySQL source server to enable replica servers to connect and receive data changes.

Prerequisites

Procedure

  1. Create a replication user: 

    mysql> CREATE USER 'replication_user'@'replica_server_hostname' IDENTIFIED WITH mysql_native_password BY 'password';

  2. Grant the user replication permissions: 

    mysql> GRANT REPLICATION SLAVE ON *.* TO 'replication_user'@'replica_server_hostname';

  3. Reload the grant tables in the MySQL database: 

    mysql> FLUSH PRIVILEGES;

  4. Set the source server to read-only state: 

    mysql> SET @@GLOBAL.read_only = ON;

On the MySQL replica server, you must configure credentials and the address of the source server. Use the following procedure to implement the replica server.

Prerequisites

Procedure

  1. Set the replica server to read-only state: 

    mysql> SET @@GLOBAL.read_only = ON;

  2. Configure the replication source: 

    mysql> CHANGE REPLICATION SOURCE TO
       SOURCE_HOST='source_hostname',
       SOURCE_USER='replication_user',
       SOURCE_PASSWORD='password',
       SOURCE_AUTO_POSITION=1,
       SOURCE_SSL=1,
       SOURCE_SSL_CA='path_to_ca_on_source',
       SOURCE_SSL_CAPATH='path_to_directory_with_certificates',
       SOURCE_SSL_CERT='path_to_source_certificate',
       SOURCE_SSL_KEY='path_to_source_key';

  3. Start the replica thread in the MySQL replica server: 

    mysql> START REPLICA;

  4. Unset the read-only state on both the source and replica servers: 

    mysql> SET @@GLOBAL.read_only = OFF;

  5. Optional: Inspect the status of the replica server for debugging purposes: 

    mysql> SHOW REPLICA STATUS\G;
    Note

    If the replica server fails to start or connect, you can skip a certain number of events following the binary log file position displayed in the output of the SHOW MASTER STATUS command. For example, skip the first event from the defined position: 

    mysql> SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1;

    and try to start the replica server again.

  6. Optional: Stop the replica thread in the replica server: 

    mysql> STOP REPLICA;

3.8.5. Verifying replication on a MySQL server
Copy link

You can verify that MySQL replication works correctly by creating test databases and checking replication status on source and replica servers.

Procedure

  1. Create an example database on the source server: 

    mysql> CREATE DATABASE test_db_name;
  2. Verify that the test_db_name database replicates on the replica server.

  3. Display status information about the binary log files of the MySQL server by executing the following command on either of the source or replica servers: 

    mysql> SHOW MASTER STATUS;

    The Executed_Gtid_Set column, which shows a set of GTIDs for transactions executed on the source, must not be empty.

    Note

    The same set of GTIDs is displayed in the Executed_Gtid_Set row when you use the SHOW REPLICA STATUS on the replica server.

3.9. Migrating to a RHEL 9 version of MySQL 8.0
Copy link

RHEL 8 contains the MySQL 8.0, MariaDB 10.3, and MariaDB 10.5 implementations of a server from the MySQL databases family. RHEL 9 provides MySQL 8.0 and MariaDB 10.5.

This procedure describes migration from a RHEL 8 version of MySQL 8.0 to a RHEL 9 version of MySQL 8.0 using the mysql_upgrade utility. The mysql_upgrade utility is provided by the mysql-server package.

Prerequisites

  • You created a backup of your MySQL databases and configuration files.

Procedure

  1. Ensure that the mysql-server package is installed on the RHEL 9 system: 

    # dnf install mysql-server

  2. Ensure that the mysqld service is not running on either of the source and target systems at the time of copying data: 

    # systemctl stop mysqld.service
  3. Copy the data from the source location to the /var/lib/mysql/ directory on the RHEL 9 target system.

  4. Set the appropriate permissions and SELinux context for copied files on the target system: 

    # restorecon -vr /var/lib/mysql

  5. Ensure that mysql:mysql is an owner of all data in the /var/lib/mysql directory: 

    # chown -R mysql:mysql /var/lib/mysql

  6. Start the MySQL server on the target system: 

    # systemctl start mysqld.service

    Note: In earlier versions of MySQL, the mysql_upgrade command was needed to check and repair internal tables. This is now done automatically when you start the server.

You can upgrade your MySQL database from version 8.0 to 8.4 on RHEL 9 to access new features and improvements.

For notable enhancements and changes, see the release note in the RHEL 9.6 release notes document.

Prerequisites

  • You run MySQL 8.0 on RHEL 9.
  • You run RHEL 9.6 or later.
  • You created a backup of your MySQL databases and configuration files.

Procedure

  1. Stop the mysqld service: 

    # systemctl stop mysqld.service

  2. Switch to the modular MySQL 8.4 stream: 

    # dnf module switch-to mysql:8.4
  3. Adjust the configuration so that files located in the /etc/my.cnf.d/ directory include only settings valid for MySQL 8.4. For details, see upstream documentation.

  4. Start the mysqld service: 

    # systemctl start mysqld.service

    When the service starts, MySQL automatically checks, repairs, and updates internal tables.

3.11. Developing MySQL client applications
Copy link

MariaDB client applications should be developed against the MariaDB client library. The development files and programs necessary for building these applications are provided by the mariadb-connector-c-devel package.

Instead of using a direct library name, use the mariadb_config program, which is distributed in the mariadb-connector-c-devel package. This program ensures that the correct build flags are returned.

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top