MariaDB: Difference between revisions
| Mckaygerhard (talk | contribs)  (→Configuration files and customization:  more explicy of the config files for all alpine versions) | Rogermccoy (talk | contribs)   (Edited for spelling and readability) | ||
| Line 81: | Line 81: | ||
| In order to finish setup into '''MariaDB''' now provide '''this script called <code>mysql_secure_instalation</code> that also are present as <code>mariadb-secure-installation</code>''', too. This script provides minimal and security setup to the database, and here are the questions made explained: | In order to finish setup into '''MariaDB''' now provide '''this script called <code>mysql_secure_instalation</code> that also are present as <code>mariadb-secure-installation</code>''', too. This script provides minimal and security setup to the database, and here are the questions made explained: | ||
| # '''Enter current password for root (enter for none):'''  | # '''Enter current password for root (enter for none):''' If you have previously set up a root password, provide it here and press enter. If correctly entered, the response will be <code>OK, successfully used password, moving on...</code> | ||
| #  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the  | #  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the Unix_socket ensures that only admins can log into engine database. MySQL 5.6 and MariaDB 10.2 introduced socket authentication, where system users are the same as the MySQL/MariaDB users. For production servers you should disable this by answering "n", which will give you the response <code>... skipping.</code> | ||
| # '''Change the root password? [Y/n]'''  | # '''Change the root password? [Y/n]''' This gives you the opportunity to change the root password to a stronger one if necessary. If this is not needed, enter 'n'. | ||
| # '''Remove anonymous users? [Y/n]'''  | # '''Remove anonymous users? [Y/n]''' Remove anonymous users created to log in using socket authentication. For production systems, disallow this by answering 'Y', resulting in: <code>... Success!</code>. | ||
| # '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' | # '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Enter 'Y' to get: <code>... Success!</code>. | ||
| # '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access.  | # '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, 'Y'. The response will be: <code>... Success!</code>. | ||
| # '''Reload privilege tables now? [Y/n]''' Reloading the privilege tables will ensure that all changes made so far will take effect immediately | # '''Reload privilege tables now? [Y/n]''' Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer 'Y' and the response will be: <code>... Success!</code>. | ||
| After  | After responding to each question, restart the service with <code>rc-service mariadb restart</code> | ||
| === Configuration files and customization === | === Configuration files and customization === | ||
Revision as of 02:15, 24 March 2020
MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.
Instalation
Alpine Linux has dummy counterparts packages for those that are not close to that change from mysql to mariadb naming packages.
Take in consideration that the user mysql was created during instalation of packages, in the initialization section two users will be created in database init: root and mysql, and in that point only if are in their respective system accounts, will be able to connect to the database service.
apk add mysql mysql-client
That will install the most used ones.. mariadb-cient and mariadb-server, rest of packages are brief described here for more information, here are listed in orden of relevance for production server
| MySQL name package | Since Alpine: | Brief usage | Related package | 
|---|---|---|---|
| mysql | v2 | it's a dummy package to easy install of mariadb | mariadb | 
| mysql-client | v2 | it's a dummy package to easy install of commands tools | mariadb-client | 
| mariadb | v2 | server equivalent to mysql-server | mariadb-common | 
| mariadb-client | v2 | connection command line and tools | mariadb-common | 
| mariadb-doc | v3.0 | manpages are there! | man man-pages | 
| mariadb-connector-odbc | edge | coding or making OS level connections, to any DB without libs install | . | 
| mariadb-connector-c | v3.8 | coding connection on C sources | mariadb-connector-c-dev | 
| mariadb-backup | v3.8 | to external backup devices, not widely used, in past was inside mariadb package | . | 
| mariadb-server-utils | v3.8 | server commands not widely used, in past was inside mariadb package | . | 
| mariadb-dev | v3.1 | Need for compilations depends on source code | . | 
| mariadb-test | v3.3 | testing suite from MariaDB tools | . | 
| mariadb-mytop | v3.9 | data performance monitoring | . | 
| mariadb-plugin-rocksdb | v3.9 | plain key-value event relational for data | . | 
| mariadb-static | v3.8 | static libs for static non depends linking in builds | . | 
| mariadb-embedded | v3.9 | the libmysqld identical interface as the C client | mariadb-embedded-dev | 
| mariadb-embedded-dev | v3.9 | use the normal mysql.h and link with libmysqld instead of libmysqlclient | mariadb-dev | 
| mariadb-openrc | v3.8 | separate scripts, in past was embebed on server package | . | 
Initialization
The alpine package of MySQL/MariaDB are like normal tarball of MySQL one, admins must be know what they want.. there's no automatic window-like here.
The datadir are located to /var/lib/mysql must be owned by the mysql user and group. You can modify this behavior but must edit the service file at /etc/init.d directory. Also, you need to set datadir=<YOUR_DATADIR> under section [mysqld] at the config file.
- Initialize the main mysql database, and the data dir as standardized to /var/lib/mysqlby the rc script
- Then initialize the service, root account and socket connection are enabled without password at this point
- Setup the root account by asignes a proper password, this are purely paranoid. due next step already do that!
- Setup and init the installation by running the mysql_secure_installation
- Setup permissions for manage others users and databases
mysql_install_db --user=mysql --datadir=/var/lib/mysql rc-service mariadb start mysqladmin -u root password toor
After that, all are initializated to proceed with configuration, now can be done using the 
mysql_secure_installation script at the next section:
Configuration
In order to finish setup into MariaDB now provide this script called mysql_secure_instalation that also are present as mariadb-secure-installation, too. This script provides minimal and security setup to the database, and here are the questions made explained:
- Enter current password for root (enter for none): If you have previously set up a root password, provide it here and press enter. If correctly entered, the response will be OK, successfully used password, moving on...
- Switch to unix_socket authentication [Y/n] Setting the root password or using the Unix_socket ensures that only admins can log into engine database. MySQL 5.6 and MariaDB 10.2 introduced socket authentication, where system users are the same as the MySQL/MariaDB users. For production servers you should disable this by answering "n", which will give you the response ... skipping.
- Change the root password? [Y/n] This gives you the opportunity to change the root password to a stronger one if necessary. If this is not needed, enter 'n'.
- Remove anonymous users? [Y/n] Remove anonymous users created to log in using socket authentication. For production systems, disallow this by answering 'Y', resulting in: ... Success!.
- Disallow root login remotely? [Y/n] Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Enter 'Y' to get: ... Success!.
- Remove test database and access to it? [Y/n] By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, 'Y'. The response will be: ... Success!.
- Reload privilege tables now? [Y/n] Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer 'Y' and the response will be: ... Success!.
After responding to each question, restart the service with rc-service mariadb restart
Configuration files and customization
Due today were influenced by systemd standardization, the famous my.cnf are not more the main config file for the server engine. Now only few variables are defined there and all the settings are provided by independent files into the /etc/my.cnf.d/ directory, user own config files are under ~/.my.cnf config file of each home dir, and are read after global ones; so then we have:
| Config file | Path and name | Versions of Alpine | Contents to configure | 
|---|---|---|---|
| my.cnf | /etc/mysql/my.cnf | v2 to v3.8 | All the directives, Global config file | 
| mariadb-server.cnf | /etc/my.cnf.d/mariadb-server.cnf | since 3.9 | First Global config file, main directives | 
| .my.cnf | $HOME | all | user name only config directives | 
Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output:
- On older Alpine system must set config files for MAX ALLOWED PACKETS to minimun proper amount:
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/mysql/my.cnf sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/my.cnf.d/mariadb-server.cnf
- Only allow local connections on cases where there's only one server or no expected to connect from others:
sed -i "s|.*bind-address\s*=.*|bind-address=127.0.0.1|g" /etc/mysql/my.cnf sed -i "s|.*bind-address\s*=.*|bind-address=127.0.0.1|g" /etc/my.cnf.d/mariadb-server.cnf
- If are not in domain controller, dont search for hostnames to improve performance responses (ideal for local only servers):
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
- Set default charset to UTF8MB4, in newer versions (since Alpine v3.9), just added a new file to added thus customization, but older versions (below Alpine v3.8)of the package does not have a charset section, so you must added manually to the main configuration in each respective section:
cat > /etc/my.cnf.d/mariadb-server-default-charset.cnf << EOF [client] default-character-set = utf8mb4 [mysqld] collation_server = utf8mb4_unicode_ci character_set_server = utf8mb4 [mysql] default-character-set = utf8mb4 EOF
Updating or comming from upgrading
Mayor Upgrades beetween Alpine linux version are so easy as change the repository version, but the MySQL/MariaDB engine need some extra steps when this are performed:
Upgrade databases on major releases Upon a major version release of mariadb (for example mariadb-10.1.10-1 to mariadb-10.1.18-1), it is wise to upgrade databases:
- keep the old database (mysql sheme) structure of the engine daemon, currently this are not more the case, today this not make sense anymore
- upgrade the MariaDB/MySQL packages, of course with must be done if the upgrade process to mayor alpine version does not!
- run the mysql_upgrade -u root -pscript, providing the password or root, (from the new package version) against the old still-running database (mysql sheme). This will produce some error messages; however, the upgrade will succeed.
- Restart the service
If are unable to run mysql_upgrade because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script.
Relevant important notes
File system notes about the databases managed
BTRFS Notes
If the database (in /var/lib/mysql) resides on a Btrfs file system, you should consider disabling Copy-on-Write for the directory before creating any database (schemes), after initialization you can enabled again. But .. on every database creation (scheme creation), you must disabled again, to avoid corrupted data.
ZFS Bock sizes
ZFS, unlike most other file systems, has a variable record size, or what is commonly referred to as a block size. By default, the recordsize on ZFS is 128KiB, which means it will dynamically allocate blocks of any size from 512B to 128KiB depending on the size of file being written. Most RDBMSes work in 8KiB-sized blocks by default. Although the block size is tunable for MySQL/MariaDB use an 8KiB block size by default.
It is usually desirable to tune ZFS instead to accommodate the databases, using a command such as zfs set recordsize=8K /var/lib/mysql (or change /var/lib/mysql to the mount point where /var/lib/mysql resides) and in the interest of saving memory, it is best to simply disable ZFS's caching of the database's file data and let the database do its own job  with zfs set primarycache=metadata /var/lib/mysql (or change /var/lib/mysql to the mount point where /var/lib/mysql resides).
But beware, these kinds of tuning parameters are only if RDBMSes are setup in dedicated partitions, if your root and of course database are all in one partition, dont do that. Separate ones.