How to Install MySQL 5.7 on RHEL 7

How to Install MySQL 5.7 on RHEL 7

MySQL 5.7 is one of the most widely deployed open-source relational database management systems in the world. While RHEL 7 ships with MariaDB as its default MySQL-compatible database, many production environments specifically require the Oracle MySQL 5.7 branch for compatibility with existing applications, stored procedures, or third-party tooling. This guide walks you through every step of installing MySQL 5.7 Community Edition on Red Hat Enterprise Linux 7, from adding the official yum repository through to securing the installation and opening the firewall for remote connections.

Prerequisites

• A running RHEL 7 system with root or sudo access
• Active internet connection or access to a local mirror containing the MySQL Community repository
• A registered RHEL 7 subscription (for base packages such as wget and libaio)
• firewalld installed and running if you need to allow remote database connections
• Any existing MariaDB packages removed to avoid conflicts

Before starting, verify that no conflicting MariaDB packages are installed:

sudo yum list installed | grep mariadb
sudo yum remove mariadb mariadb-server mariadb-libs -y

Step 1: Add the MySQL 5.7 Community Yum Repository

Oracle distributes MySQL through its own yum repository. The easiest way to enable it is to download and install the MySQL repository RPM, which automatically configures the correct repository definitions for your RHEL version.

sudo yum install -y wget
wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm -ivh mysql57-community-release-el7-11.noarch.rpm

This installs two repository files under /etc/yum.repos.d/:

ls /etc/yum.repos.d/ | grep mysql
# mysql-community.repo
# mysql-community-source.repo

Verify the MySQL 5.7 repository is enabled and others are disabled:

sudo yum repolist enabled | grep mysql

If you see multiple MySQL versions listed, explicitly enable only the 5.7 repository:

sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community

Step 2: Install MySQL Community Server

With the repository in place, install the MySQL Community Server package and its dependencies using yum:

sudo yum install -y mysql-community-server

Yum resolves and installs all required packages including mysql-community-client, mysql-community-common, and mysql-community-libs. Confirm the installed version after the process completes:

mysqld --version
# mysqld  Ver 5.7.44 Distrib 5.7.44, for Linux (x86_64)

Step 3: Start and Enable the mysqld Service

Use systemctl to start MySQL and configure it to launch automatically on every system boot:

sudo systemctl start mysqld
sudo systemctl enable mysqld

Confirm the service is active and running:

sudo systemctl status mysqld

Expected output includes a line containing Active: active (running). MySQL 5.7 performs an automatic data directory initialization on first start, which may take a few seconds longer than subsequent startups.

Step 4: Retrieve the Temporary Root Password

MySQL 5.7 generates a strong temporary password for the root account during the first initialization and writes it to the MySQL error log. You must use this password before you can perform any administrative tasks.

sudo grep 'temporary password' /var/log/mysqld.log

Example output:

2024-03-15T10:22:43.812643Z 1 [Note] A temporary password is generated for root@localhost: <Ab#7xQ2mPz!

Copy the password shown after the colon — you will need it in the next step. If you cannot find the log entry, the data directory may have been initialized previously. In that case, stop the service, remove the data directory, and restart to trigger a fresh initialization:

sudo systemctl stop mysqld
sudo rm -rf /var/lib/mysql/*
sudo systemctl start mysqld
sudo grep 'temporary password' /var/log/mysqld.log

Step 5: Secure the MySQL Installation

Run the mysql_secure_installation script to change the temporary root password, remove anonymous users, disallow remote root login, and drop the test database:

sudo mysql_secure_installation

The script prompts for the temporary root password first. MySQL 5.7 enforces the validate_password plugin by default, which requires passwords to contain at least one uppercase letter, one lowercase letter, one digit, and one special character, with a minimum length of eight characters.

Respond to each prompt as follows:

Enter password for user root: [paste temporary password]
New password: [enter your new strong password]
Re-enter new password: [confirm new password]
Change the password for root? (Press y|Y for Yes, any other key for No): Y
Remove anonymous users? (Press y|Y for Yes): Y
Disallow root login remotely? (Press y|Y for Yes): Y
Remove test database and access to it? (Press y|Y for Yes): Y
Reload privilege tables now? (Press y|Y for Yes): Y

Step 6: Create a Database and User

Log in to the MySQL shell with the new root password and create a dedicated database and non-root user for your application:

mysql -u root -p

Inside the MySQL shell:

-- Create a new database
CREATE DATABASE appdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

-- Create a dedicated user
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'SecureP@ss1!';

-- Grant full privileges on the new database
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';

-- Apply privilege changes
FLUSH PRIVILEGES;

-- Verify
SHOW GRANTS FOR 'appuser'@'localhost';

EXIT;

To allow the user to connect from a specific remote host (replace 192.168.1.50 with the actual client IP):

CREATE USER 'appuser'@'192.168.1.50' IDENTIFIED BY 'SecureP@ss1!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'192.168.1.50';
FLUSH PRIVILEGES;

Step 7: Configure the Firewall for Port 3306

If remote applications need to connect to MySQL, open TCP port 3306 through firewalld:

# Add the rule to the permanent configuration
sudo firewall-cmd --permanent --add-port=3306/tcp

# Reload firewalld to apply
sudo firewall-cmd --reload

# Verify the port is open
sudo firewall-cmd --list-ports

For tighter security, restrict access to a specific source IP or subnet rather than opening the port globally:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="3306" accept'
sudo firewall-cmd --reload

Step 8: SELinux Considerations

RHEL 7 runs SELinux in enforcing mode by default. MySQL’s default data directory /var/lib/mysql and log directory /var/log/mysqld.log are already labelled with the correct mysqld_db_t and mysqld_log_t contexts. If you relocate the data directory, you must relabel it:

# Check the current context of the data directory
ls -Z /var/lib/mysql

# If you move the data directory, apply the correct label
sudo semanage fcontext -a -t mysqld_db_t "/data/mysql(/.*)?"
sudo restorecon -Rv /data/mysql

To check for SELinux denials that might be blocking MySQL:

sudo ausearch -m avc -ts recent | grep mysqld
sudo journalctl -u mysqld | grep -i selinux

Step 9: Verify the Installation

Connect with the new application user to confirm everything works end-to-end:

mysql -u appuser -p appdb
# Enter password when prompted

-- Inside MySQL shell
SELECT DATABASE();
CREATE TABLE test_table (id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100));
INSERT INTO test_table (name) VALUES ('RHEL 7 MySQL test');
SELECT * FROM test_table;
DROP TABLE test_table;
EXIT;

MySQL 5.7 is now fully installed and secured on your RHEL 7 system. You have added the official Oracle yum repository, installed the community server package, retrieved and replaced the temporary root password, hardened the installation with mysql_secure_installation, created a dedicated application database and user, and configured firewalld to allow connections on port 3306. For production deployments, review the /etc/my.cnf configuration file to tune InnoDB buffer pool size, binary logging, and slow query logging to match your workload requirements.