MariaDB: Difference between revisions

From Alpine Linux
(Edited for spelling and readability)
(reduce info and setup for local systems and focus on fast usage, we have professional one wiki page for that 04149928467)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.
'''This is the general documentation for normal and common general usage, for professional usage please use [[Production DataBases : mysql]] that is the same as MariaDB but with several modifications focused on production and security!'''


== Instalation ==
== Instalation ==
Line 54: Line 56:
== Initialization ==
== Initialization ==


The alpine package of MySQL/MariaDB are like normal tarball of MySQL one, admins must be know what they want.. there's no automatic window-like here.
The alpine package of MySQL/MariaDB are like normal tarball of MySQL one, admins must know what they want.. there's no automatic window-like installation here.


The ''datadir'' are located to <code>/var/lib/mysql</code> must be owned by the mysql user and group. You can modify this behavior but must edit the service file at <code>/etc/init.d</code> directory. Also, you need to set <code><nowiki>datadir=<YOUR_DATADIR></nowiki></code> under section <code>[mysqld]</code> at the config file.
The ''datadir'' located at <code>/var/lib/mysql</code> must be owned by the mysql user and group. You can modify this behavior but must edit the service file at <code>/etc/init.d</code> directory. Also, you need to set <code><nowiki>datadir=<YOUR_DATADIR></nowiki></code> under section <code>[mysqld]</code> at the config file.


# Initialize the main mysql database, and the data dir as standardized to <code>/var/lib/mysql</code> by the rc script
# Initialize the main mysql database, and the data dir as standardized to <code>/var/lib/mysql</code> by the rc script.<br>/etc/init.d/mariadb setup
# Then initialize the service, root account and socket connection are enabled without password at this point
# Then you can start the service but there's no root password set until this point.<br>/etc/init.d/mariadb start
# Setup the root account by asignes a proper password, this are purely paranoid. due next step already do that!
# Secure the installation by running<code>mysql_secure_installation</code>
# Setup and init the installation by running the <code>mysql_secure_installation</code>
# Setup permissions for manage others users and databases
# Setup permissions for manage others users and databases
<pre>
<nowiki>
mysql_install_db --user=mysql --datadir=/var/lib/mysql
rc-service mariadb start
mysqladmin -u root password toor
</nowiki>
</pre>
After that, all are initializated to proceed with configuration, now can be done using the <code>
mysql_secure_installation</code> script at the next section:


== Configuration ==
== Configuration ==
Line 81: Line 69:
In order to finish setup into '''MariaDB''' now provide '''this script called <code>mysql_secure_instalation</code> that also are present as <code>mariadb-secure-installation</code>''', too. This script provides minimal and security setup to the database, and here are the questions made explained:
In order to finish setup into '''MariaDB''' now provide '''this script called <code>mysql_secure_instalation</code> that also are present as <code>mariadb-secure-installation</code>''', too. This script provides minimal and security setup to the database, and here are the questions made explained:


# '''Enter current password for root (enter for none):''' If you have previously set up a root password, provide it here and press enter. If correctly entered, the response will be <code>OK, successfully used password, moving on...</code>
# '''Enter current password for root (enter for none):''' If you have previously set up a root password, provide it here and press enter, either just push enter. If correctly entered, the response will be <code>OK, successfully used password, moving on...</code>
#  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the Unix_socket ensures that only admins can log into engine database. MySQL 5.6 and MariaDB 10.2 introduced socket authentication, where system users are the same as the MySQL/MariaDB users. For production servers you should disable this by answering "n", which will give you the response <code>... skipping.</code>
#  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the Unix_socket ensures that only admins can log into engine database, cos we are not production one just pust "n" to setup a root password, which will give you the response <code>... skipping.</code>
# '''Change the root password? [Y/n]''' This gives you the opportunity to change the root password to a stronger one if necessary. If this is not needed, enter 'n'.
# '''Change the root password? [Y/n]''' This gives you the opportunity to change the root password to a stronger one if necessary. So enter "Y" and lest type the new password.. be carefully with that can be remembered.
# '''Remove anonymous users? [Y/n]''' Remove anonymous users created to log in using socket authentication. For production systems, disallow this by answering 'Y', resulting in: <code>... Success!</code>.
# '''Remove anonymous users? [Y/n]''' Remove anonymous users created to log in using socket authentication. Answering 'Y', resulting in: <code>... Success!</code>.
# '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Enter 'Y' to get: <code>... Success!</code>.
# '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Enter 'Y' to get: <code>... Success!</code>.
# '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, 'Y'. The response will be: <code>... Success!</code>.
# '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, 'Y'. The response will be: <code>... Success!</code>.
Line 90: Line 78:


After responding to each question, restart the service with <code>rc-service mariadb restart</code>
After responding to each question, restart the service with <code>rc-service mariadb restart</code>
so to make always work on each restart set to default as <code>rc-update add mariadb default</code>


=== Configuration files and customization ===
=== Configuration files and customization ===
Line 106: Line 97:
|}
|}


As previously pointed here is the general documentation for normal and common general usage, for professional usage please use [[Production DataBases : mysql]] that is the same as MariaDB but with several modifications focused on production and security.


Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output:
Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output:


* On older Alpine system must set config files for MAX ALLOWED PACKETS to minimun proper amount:
* First lest allowed all incoming connections if we plan to use in our network or remotelly, we do not put focus on security cos we must focus on easy usage and/or development:
 
<pre>
<nowiki>
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/mysql/my.cnf
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>
</pre>
 
* Only allow local connections on cases where there's only one server or no expected to connect from others:


<pre>
<pre>
<nowiki>
<nowiki>
sed -i "s|.*bind-address\s*=.*|bind-address=127.0.0.1|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=127.0.0.1|g" /etc/my.cnf.d/mariadb-server.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>
</nowiki>
</pre>
</pre>


* If are not in domain controller, dont search for hostnames to improve performance responses (ideal for local only servers):
* So we are a simple install and not are in domain controller, dont search for hostnames to improve performance responses (ideal for local only servers):


<pre>
<pre>
Line 133: Line 116:
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>
</pre>
* Set default charset to UTF8MB4, in newer versions (since Alpine v3.9), just added a new file to added thus customization, but older versions (below Alpine v3.8)of the package does not have a charset section, so you must added manually to the main configuration in each respective section:
<pre>
<nowiki>
cat > /etc/my.cnf.d/mariadb-server-default-charset.cnf << EOF
[client]
default-character-set = utf8mb4
[mysqld]
collation_server = utf8mb4_unicode_ci
character_set_server = utf8mb4
[mysql]
default-character-set = utf8mb4
EOF
</nowiki>
</nowiki>
</pre>
</pre>
Line 167: Line 132:


If are unable to run ''mysql_upgrade'' because MySQL cannot start try run MySQL in safemode with <code>mysqld_safe --datadir=/var/lib/mysql/</code> command and then run the <code>mysql_upgrade -u root -p</code> script.
If are unable to run ''mysql_upgrade'' because MySQL cannot start try run MySQL in safemode with <code>mysqld_safe --datadir=/var/lib/mysql/</code> command and then run the <code>mysql_upgrade -u root -p</code> script.
= Relevant important notes =
== File system notes about the databases managed ==
'''BTRFS Notes'''
If the database (in <code>/var/lib/mysql</code>) resides on a Btrfs file system, you should consider disabling '''Copy-on-Write''' for the directory before creating any database (schemes), after initialization you can enabled again. But .. on every database creation (scheme creation), you must disabled again, to avoid corrupted data.
'''ZFS Bock sizes'''
ZFS, unlike most other file systems, has a variable record size, or what is commonly referred to as a block size. By default, the recordsize on ZFS is 128KiB, which means it will dynamically allocate blocks of any size from 512B to 128KiB depending on the size of file being written. Most RDBMSes work in 8KiB-sized blocks by default. Although the block size is tunable for MySQL/MariaDB use an 8KiB block size by default.
It is usually desirable to tune ZFS instead to accommodate the databases, using a command such as <code>zfs set recordsize=8K /var/lib/mysql</code> (or change /var/lib/mysql to the mount point where /var/lib/mysql resides) and in the interest of saving memory, it is best to simply disable ZFS's caching of the database's file data and let the database do its own job  with <code>zfs set primarycache=metadata /var/lib/mysql</code> (or change /var/lib/mysql to the mount point where /var/lib/mysql resides).
But beware, these kinds of tuning parameters are only if RDBMSes are setup in dedicated partitions, if your root and of course database are all in one partition, dont do that. Separate ones.


= See Also =
= See Also =


* [[PotsgreSQL]]
* [[Production DataBases : mysql]]
* [[Production LAMP system: Lighttpd + PHP + MySQL]]
* [[Production LAMP system: Lighttpd + PHP + MySQL]]
* [[Alpine newbie developer]]
* [[Alpine newbie developer]]

Revision as of 15:37, 11 August 2020

MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.

This is the general documentation for normal and common general usage, for professional usage please use Production DataBases : mysql that is the same as MariaDB but with several modifications focused on production and security!

Instalation

Alpine Linux has dummy counterparts packages for those that are not close to that change from mysql to mariadb naming packages.

Take in consideration that the user mysql was created during instalation of packages, in the initialization section two users will be created in database init: root and mysql, and in that point only if are in their respective system accounts, will be able to connect to the database service.

apk add mysql mysql-client

That will install the most used ones.. mariadb-cient and mariadb-server, rest of packages are brief described here for more information, here are listed in orden of relevance for production server

MySQL name package Since Alpine: Brief usage Related package
mysql v2 it's a dummy package to easy install of mariadb mariadb
mysql-client v2 it's a dummy package to easy install of commands tools mariadb-client
mariadb v2 server equivalent to mysql-server mariadb-common
mariadb-client v2 connection command line and tools mariadb-common
mariadb-doc v3.0 manpages are there! man man-pages
mariadb-connector-odbc edge coding or making OS level connections, to any DB without libs install .
mariadb-connector-c v3.8 coding connection on C sources mariadb-connector-c-dev
mariadb-backup v3.8 to external backup devices, not widely used, in past was inside mariadb package .
mariadb-server-utils v3.8 server commands not widely used, in past was inside mariadb package .
mariadb-dev v3.1 Need for compilations depends on source code .
mariadb-test v3.3 testing suite from MariaDB tools .
mariadb-mytop v3.9 data performance monitoring .
mariadb-plugin-rocksdb v3.9 plain key-value event relational for data .
mariadb-static v3.8 static libs for static non depends linking in builds .
mariadb-embedded v3.9 the libmysqld identical interface as the C client mariadb-embedded-dev
mariadb-embedded-dev v3.9 use the normal mysql.h and link with libmysqld instead of libmysqlclient mariadb-dev
mariadb-openrc v3.8 separate scripts, in past was embebed on server package .

Initialization

The alpine package of MySQL/MariaDB are like normal tarball of MySQL one, admins must know what they want.. there's no automatic window-like installation here.

The datadir located at /var/lib/mysql must be owned by the mysql user and group. You can modify this behavior but must edit the service file at /etc/init.d directory. Also, you need to set datadir=<YOUR_DATADIR> under section [mysqld] at the config file.

  1. Initialize the main mysql database, and the data dir as standardized to /var/lib/mysql by the rc script.
    /etc/init.d/mariadb setup
  2. Then you can start the service but there's no root password set until this point.
    /etc/init.d/mariadb start
  3. Secure the installation by runningmysql_secure_installation
  4. Setup permissions for manage others users and databases

Configuration

In order to finish setup into MariaDB now provide this script called mysql_secure_instalation that also are present as mariadb-secure-installation, too. This script provides minimal and security setup to the database, and here are the questions made explained:

  1. Enter current password for root (enter for none): If you have previously set up a root password, provide it here and press enter, either just push enter. If correctly entered, the response will be OK, successfully used password, moving on...
  2. Switch to unix_socket authentication [Y/n] Setting the root password or using the Unix_socket ensures that only admins can log into engine database, cos we are not production one just pust "n" to setup a root password, which will give you the response ... skipping.
  3. Change the root password? [Y/n] This gives you the opportunity to change the root password to a stronger one if necessary. So enter "Y" and lest type the new password.. be carefully with that can be remembered.
  4. Remove anonymous users? [Y/n] Remove anonymous users created to log in using socket authentication. Answering 'Y', resulting in: ... Success!.
  5. Disallow root login remotely? [Y/n] Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Enter 'Y' to get: ... Success!.
  6. Remove test database and access to it? [Y/n] By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, 'Y'. The response will be: ... Success!.
  7. Reload privilege tables now? [Y/n] Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer 'Y' and the response will be: ... Success!.

After responding to each question, restart the service with rc-service mariadb restart

so to make always work on each restart set to default as rc-update add mariadb default


Configuration files and customization

Due today were influenced by systemd standardization, the famous my.cnf are not more the main config file for the server engine. Now only few variables are defined there and all the settings are provided by independent files into the /etc/my.cnf.d/ directory, user own config files are under ~/.my.cnf config file of each home dir, and are read after global ones; so then we have:

Config file Path and name Versions of Alpine Contents to configure
my.cnf /etc/mysql/my.cnf v2 to v3.8 All the directives, Global config file
mariadb-server.cnf /etc/my.cnf.d/mariadb-server.cnf since 3.9 First Global config file, main directives
.my.cnf $HOME all user name only config directives

As previously pointed here is the general documentation for normal and common general usage, for professional usage please use Production DataBases : mysql that is the same as MariaDB but with several modifications focused on production and security.

Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output:

  • First lest allowed all incoming connections if we plan to use in our network or remotelly, we do not put focus on security cos we must focus on easy usage and/or development:

sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf

  • So we are a simple install and not are in domain controller, dont search for hostnames to improve performance responses (ideal for local only servers):

sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf

Updating or comming from upgrading

Mayor Upgrades beetween Alpine linux version are so easy as change the repository version, but the MySQL/MariaDB engine need some extra steps when this are performed:

Upgrade databases on major releases Upon a major version release of mariadb (for example mariadb-10.1.10-1 to mariadb-10.1.18-1), it is wise to upgrade databases:

  1. keep the old database (mysql sheme) structure of the engine daemon, currently this are not more the case, today this not make sense anymore
  2. upgrade the MariaDB/MySQL packages, of course with must be done if the upgrade process to mayor alpine version does not!
  3. run the mysql_upgrade -u root -p script, providing the password or root, (from the new package version) against the old still-running database (mysql sheme). This will produce some error messages; however, the upgrade will succeed.
  4. Restart the service

If are unable to run mysql_upgrade because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script.

See Also