MariaDB: Difference between revisions

From Alpine Linux
m (Fix typo)
 
(39 intermediate revisions by 13 users not shown)
Line 1: Line 1:
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.


= Setup =
'''This is the general documentation for normal and common general usage, for professional usage please use [[MySQL]] that is the same as MariaDB but with several modifications focused on production and security!'''
MariaDB packages can be installed by running
{{cmd|apk add mariadb mariadb-client}}


Defining variables that will be used for setup and configuration
== Installation ==
{{cmd|<nowiki>DB_DATA_PATH="/var/lib/mysql"
DB_ROOT_PASS="mariadb_root_password"
DB_USER="mariadb_user"
DB_PASS="mariadb_user_password"
MAX_ALLOWED_PACKET="200M"</nowiki>}}


Installing mysql database
The Alpine Linux repositories no longer include the actual MySQL binaries, installing the <code>mysql-*</code> packages will instead install MariaDB.
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=${DB_DATA_PATH}</nowiki>}}


Starting service
Installing <code>mariadb</code> will create the user <code>mysql</code>. When the database is initialized, two users will be added to the database: <code>root</code> and <code>mysql</code>. By default these users will only be accessible if you are logged in as the corresponding system user.
{{cmd|rc-service mariadb start}}


You should get something like
{{Cmd|apk add {{pkg|mariadb|arch=}} {{pkg|mariadb-client|arch=}}}}
<pre>
* Caching service dependencies ...                      [ ok ]
* Starting mariadb ...
161122 09:23:06 mysqld_safe Logging to syslog.            [ ok ]
</pre>


Setting root password
Installing the above packages will add the main components of MariaDB to the system: <code>mariadb-cient</code> and <code>mariadb-server</code>. Other available packages are described in the table below, and are listed in order of relevance for a production server.
{{cmd|<nowiki>mysqladmin -u root password "${DB_ROOT_PASS}"</nowiki>}}


Creating new user, removing security sensitive data
{| class="wikitable"
{{cmd|<nowiki>echo "GRANT ALL ON *.* TO ${DB_USER}@'127.0.0.1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" > /tmp/sql
|-
echo "GRANT ALL ON *.* TO ${DB_USER}@'localhost' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql
! MySQL name package !! Since Alpine: !! Brief usage !! Related package
echo "GRANT ALL ON *.* TO ${DB_USER}@'::1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql
|-
echo "DELETE FROM mysql.user WHERE User='';" >> /tmp/sql
| {{Pkg|mysql}} || v2 || a transitional package that installs mariadb || mariadb
echo "DROP DATABASE test;" >> /tmp/sql
|-
echo "FLUSH PRIVILEGES;" >> /tmp/sql
| {{Pkg|mysql-client}} || v2 || a transitional package that installs the mariadb client tools || mariadb-client
cat /tmp/sql | mysql -u root --password="${DB_ROOT_PASS}"</nowiki>}}
|-
| {{Pkg|mariadb}} || v2 || server equivalent to mysql-server || mariadb-common
|-
| {{Pkg|mariadb-client}} || v2 || connection command line and tools || mariadb-common
|-
| {{Pkg|mariadb-doc}} || v3.0 || manpages for mariadb || man man-pages
|-
| {{Pkg|mariadb-connector-odbc}} || edge || coding or making OS level connections, to any DB without libs install || .
|-
| {{Pkg|mariadb-connector-c}} || v3.8 || coding connection on C sources || mariadb-connector-c-dev
|-
| {{Pkg|mariadb-backup}} || v3.8 || tool for physical online backups, no longer widely used || .
|-
| {{Pkg|mariadb-server-utils}} || v3.8 || server commands not widely used, in past was inside MariaDB package || .
|-
| {{Pkg|mariadb-dev}} || v3.1 || development files for MariaDB || .
|-
| {{Pkg|mariadb-test}} || v3.3 || testing suite from MariaDB tools || .
|-
| {{Pkg|mariadb-mytop}} || v3.9 || data performance monitoring || .
|-
| {{Pkg|mariadb-plugin-rocksdb}} || v3.9 || plain key-value event relational for data || .
|-
| {{Pkg|mariadb-static}} || v3.8 || static libs for static non depends linking in builds || .
|-
| {{Pkg|mariadb-embedded}} || v3.9 || the libmysqld identical interface as the C client || mariadb-embedded-dev
|-
| {{Pkg|mariadb-embedded-dev}} || v3.9 ||  use the normal mysql.h and link with libmysqld instead of libmysqlclient || mariadb-dev
|-
| {{Pkg|mariadb-openrc}} || v3.8 || separate scripts, in past was embebed on server package || .
|}


Modifying configuration file /etc/mysql/my.cnf
== Initialization ==
{{cmd|<nowiki>sed -i "s|max_allowed_packet\s*=\s*1M|max_allowed_packet = ${MAX_ALLOWED_PACKET}|g" /etc/mysql/my.cnf
sed -i "s|max_allowed_packet\s*=\s*16M|max_allowed_packet = ${MAX_ALLOWED_PACKET}|g" /etc/mysql/my.cnf</nowiki>}}


Normally you want to start the MariaDB server when the system is launching. This is done by adding MariaDB to the needed runlevel.
The version of MariaDB in the Alpine repositories behave like the MySQL tarball. No graphical tools are included.
{{cmd|rc-update add mariadb default}}


Now MariaDB server should start automatically when you launch your system next time. To test that run:
The ''datadir'' located at {{Path|/var/lib/mysql}} must be owned by the mysql user and group. The location of the ''datadir'' can be changed by editing the <code>mariadb</code> service file in {{Path|/etc/init.d}}. The new location will also need to be set by adding <code><nowiki>datadir=<YOUR_DATADIR></nowiki></code> in the <code>[mysqld]</code> section in a mariadb configuration file.
{{cmd|reboot}}


To make sure that mysql started run:
Normal initialization of mariadb can be done as follows:
{{cmd|<nowiki>ps aux | grep mysql</nowiki>}}


You should get something like this:
# Start the main service. At this point there will be no root password set. <code>rc-service mariadb start</code>
<pre>
# Secure the database by running <code>mysql_secure_installation</code>
  382 mysql      0:00 /usr/bin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --pid-file=/run/mysqld/mysqld.pid --socket=/run/mysqld/mysqld.sock --port=3306
# Setup permissions for managing others users and databases see: '''[[#Configuration|Configuration]]'''
  383 root      0:00 logger -t mysqld -p daemon.error
# Add MariaDb to OpenRC. <code>rc-update add mariadb default</code>
</pre>


[[Category:SQL]]
== Configuration ==
 
In order to help with the basic configuration of the database engine, MariaDB provides <code>mysql_secure_installation</code>.
This script walks you through the basics of securing the database. The options are explained below.
 
# '''Enter current password for root (enter for none):''' If you have previously set up a root password, provide it here and press enter. If not, just press enter.
#  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the Unix_socket ensures that only admins can log into engine database. For non-production servers just press "n" to setup a root password, which will give you the response <code>... skipping.</code>
# '''Change the root password? [Y/n]''' Here you can change the root password, or set one if needed. Press "Y" and enter the new password.
# '''Remove anonymous users? [Y/n]''' Remove anonymous users created to log in using socket authentication. Unless you're sure you need this, answer "Y" to remove them.
# '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Answer "Y".
# '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, answer "Y".
# '''Reload privilege tables now? [Y/n]''' Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer "Y".
 
After the script exits, restart the service with <code>rc-service mariadb restart</code>
 
To start the database daemon on every boot, run <code>rc-update add mariadb default</code>
 
=== Configuration files and customization ===
 
Rather than being stored in {{Path|my.cnf}}, configuration settings for MariaDB are now organized in separate files. The primary configuration is done by adding files to {{Path|/etc/my.cnf.d/}}. User-specific configuration files are stored in {{Path|~/.my.cnf}}. User-specific configuration files are loaded after the system-wide configuration. The locations of the various configuration files are listed below.
 
{| class="wikitable"
|-
! Config file !! Versions of Alpine !! Contents to configure
|-
| {{Path|/etc/mysql/my.cnf}} || v2 to v3.8 || All the directives, global config file
|-
| {{Path|/etc/my.cnf.d/mariadb-server.cnf}} || since 3.9 || First global config file, main directives
|-
| {{path|$HOME/.my.cnf}} || all || user name only config directives
|}
 
As previously mentioned, this page describes basic usage of MariaDB. For professional usage, [[MySQL]] should also be referenced.
 
* The following command will configure the server to accept all incoming connections. This should only be done for development, or if the database is not exposed to the Internet or a sensitive network.
 
{{Cmd|<nowiki>sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>}}
 
* For simple installations, disabling hostname search can improve performance, but is only useful for local servers.
 
{{Cmd|<nowiki>sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>}}
 
== Updating or coming from upgrading ==
 
When upgrading between Alpine Linux releases, MariaDB may also have a major version change, and the databases should be upgraded to match. The recommended steps in this process are detailed below.
 
# While it may no longer be strictly necessary, it's useful to backup your databases before upgrading the database version.
# Update Alpine Linux and the MariaDB/MySQL packages.
# Install mariadb-server-utils by running <code>apk add {{pkg|mariadb-server-utils|arch=}}</code>.
# Run <code>mysql_upgrade -u root -p</code> script, and provide the password for the root database user.
# Restart the service by running <code>rc-service mariadb restart</code>.
 
If <code>mysql_upgrade</code> fails because MySQL cannot start, try running MySQL in safemode with <code>mysqld_safe --datadir=/var/lib/mysql/</code>, and then run <code>mysql_upgrade -u root -p</code> again.
 
= Create a user =
You should want to create a user with will access to a database remotly
 
So open mariadb Client: <code>mariadb</code>
 
add the user with associated host and password: <code> CREATE OR REPLACE USER admin@'%' IDENTIFIED BY 'ASecurePassword';</code>
 
''NB: @'%' allow connection from anny host''
 
= See Also =
 
* [[MySQL]]
* [[Production LAMP system: Lighttpd + PHP + MySQL]]
 
[[Category:Newbie]]
[[Category:Server]]
[[Category:Server]]
[[Category:Database]]
[[Category:Development]]
[[Category:Security]]
[[Category:Production]]

Latest revision as of 16:51, 30 December 2024

MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.

This is the general documentation for normal and common general usage, for professional usage please use MySQL that is the same as MariaDB but with several modifications focused on production and security!

Installation

The Alpine Linux repositories no longer include the actual MySQL binaries, installing the mysql-* packages will instead install MariaDB.

Installing mariadb will create the user mysql. When the database is initialized, two users will be added to the database: root and mysql. By default these users will only be accessible if you are logged in as the corresponding system user.

apk add mariadb mariadb-client

Installing the above packages will add the main components of MariaDB to the system: mariadb-cient and mariadb-server. Other available packages are described in the table below, and are listed in order of relevance for a production server.

MySQL name package Since Alpine: Brief usage Related package
mysql v2 a transitional package that installs mariadb mariadb
mysql-client v2 a transitional package that installs the mariadb client tools mariadb-client
mariadb v2 server equivalent to mysql-server mariadb-common
mariadb-client v2 connection command line and tools mariadb-common
mariadb-doc v3.0 manpages for mariadb man man-pages
mariadb-connector-odbc edge coding or making OS level connections, to any DB without libs install .
mariadb-connector-c v3.8 coding connection on C sources mariadb-connector-c-dev
mariadb-backup v3.8 tool for physical online backups, no longer widely used .
mariadb-server-utils v3.8 server commands not widely used, in past was inside MariaDB package .
mariadb-dev v3.1 development files for MariaDB .
mariadb-test v3.3 testing suite from MariaDB tools .
mariadb-mytop v3.9 data performance monitoring .
mariadb-plugin-rocksdb v3.9 plain key-value event relational for data .
mariadb-static v3.8 static libs for static non depends linking in builds .
mariadb-embedded v3.9 the libmysqld identical interface as the C client mariadb-embedded-dev
mariadb-embedded-dev v3.9 use the normal mysql.h and link with libmysqld instead of libmysqlclient mariadb-dev
mariadb-openrc v3.8 separate scripts, in past was embebed on server package .

Initialization

The version of MariaDB in the Alpine repositories behave like the MySQL tarball. No graphical tools are included.

The datadir located at /var/lib/mysql must be owned by the mysql user and group. The location of the datadir can be changed by editing the mariadb service file in /etc/init.d. The new location will also need to be set by adding datadir=<YOUR_DATADIR> in the [mysqld] section in a mariadb configuration file.

Normal initialization of mariadb can be done as follows:

  1. Start the main service. At this point there will be no root password set. rc-service mariadb start
  2. Secure the database by running mysql_secure_installation
  3. Setup permissions for managing others users and databases see: Configuration
  4. Add MariaDb to OpenRC. rc-update add mariadb default

Configuration

In order to help with the basic configuration of the database engine, MariaDB provides mysql_secure_installation. This script walks you through the basics of securing the database. The options are explained below.

  1. Enter current password for root (enter for none): If you have previously set up a root password, provide it here and press enter. If not, just press enter.
  2. Switch to unix_socket authentication [Y/n] Setting the root password or using the Unix_socket ensures that only admins can log into engine database. For non-production servers just press "n" to setup a root password, which will give you the response ... skipping.
  3. Change the root password? [Y/n] Here you can change the root password, or set one if needed. Press "Y" and enter the new password.
  4. Remove anonymous users? [Y/n] Remove anonymous users created to log in using socket authentication. Unless you're sure you need this, answer "Y" to remove them.
  5. Disallow root login remotely? [Y/n] Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Answer "Y".
  6. Remove test database and access to it? [Y/n] By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, answer "Y".
  7. Reload privilege tables now? [Y/n] Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer "Y".

After the script exits, restart the service with rc-service mariadb restart

To start the database daemon on every boot, run rc-update add mariadb default

Configuration files and customization

Rather than being stored in my.cnf, configuration settings for MariaDB are now organized in separate files. The primary configuration is done by adding files to /etc/my.cnf.d/. User-specific configuration files are stored in ~/.my.cnf. User-specific configuration files are loaded after the system-wide configuration. The locations of the various configuration files are listed below.

Config file Versions of Alpine Contents to configure
/etc/mysql/my.cnf v2 to v3.8 All the directives, global config file
/etc/my.cnf.d/mariadb-server.cnf since 3.9 First global config file, main directives
$HOME/.my.cnf all user name only config directives

As previously mentioned, this page describes basic usage of MariaDB. For professional usage, MySQL should also be referenced.

  • The following command will configure the server to accept all incoming connections. This should only be done for development, or if the database is not exposed to the Internet or a sensitive network.

sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf

  • For simple installations, disabling hostname search can improve performance, but is only useful for local servers.

sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf

Updating or coming from upgrading

When upgrading between Alpine Linux releases, MariaDB may also have a major version change, and the databases should be upgraded to match. The recommended steps in this process are detailed below.

  1. While it may no longer be strictly necessary, it's useful to backup your databases before upgrading the database version.
  2. Update Alpine Linux and the MariaDB/MySQL packages.
  3. Install mariadb-server-utils by running apk add mariadb-server-utils.
  4. Run mysql_upgrade -u root -p script, and provide the password for the root database user.
  5. Restart the service by running rc-service mariadb restart.

If mysql_upgrade fails because MySQL cannot start, try running MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/, and then run mysql_upgrade -u root -p again.

Create a user

You should want to create a user with will access to a database remotly

So open mariadb Client: mariadb

add the user with associated host and password: CREATE OR REPLACE USER admin@'%' IDENTIFIED BY 'ASecurePassword';

NB: @'%' allow connection from anny host

See Also