MariaDB: Difference between revisions

From Alpine Linux
m (single quotes does not evaluate an variable so password is set to literal ${DB_ROOT_PASS})
m (Use apk template.)
 
(33 intermediate revisions by 13 users not shown)
Line 1: Line 1:
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.
[https://mariadb.org/ MariaDB] is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.


= Setup =
'''This is the general documentation for normal and common general usage, for professional usage please use [[MySQL]] that is the same as MariaDB but with several modifications focused on production and security!'''
MariaDB packages can be installed by running
{{cmd|apk add mariadb mariadb-client}}


Defining variables that will be used for setup and configuration
== Installation ==
{{cmd|<nowiki>DB_DATA_PATH="/var/lib/mysql"
DB_ROOT_PASS="mariadb_root_password"
DB_USER="mariadb_user"
DB_PASS="mariadb_user_password"
MAX_ALLOWED_PACKET="200M"</nowiki>}}


Installing mysql database
The Alpine Linux repositories no longer include the actual MySQL binaries, installing the <code>mysql-*</code> packages will instead install MariaDB.
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=${DB_DATA_PATH}</nowiki>}}


Starting service
Installing <code>mariadb</code> will create the user <code>mysql</code>. When the database is initialized, two users will be added to the database: <code>root</code> and <code>mysql</code>. By default these users will only be accessible if you are logged in as the corresponding system user.
{{cmd|rc-service mariadb start}}


You should get something like
{{Cmd|apk add {{pkg|mysql|arch=}} {{pkg|mysql-client|arch=}}}}
<pre>
* Caching service dependencies ...                      [ ok ]
* Starting mariadb ...
161122 09:23:06 mysqld_safe Logging to syslog.            [ ok ]
</pre>


Setting root password
Installing the above packages will add the main components of MariaDB to the system: <code>mariadb-cient</code> and <code>mariadb-server</code>. Other available packages are described in the table below, and are listed in order of relevance for a production server.
{{cmd|<nowiki>mysqladmin -u root password "${DB_ROOT_PASS}"</nowiki>}}


Creating new user, removing sequrity sensitive data
{| class="wikitable"
{{cmd|<nowiki>echo "GRANT ALL ON *.* TO ${DB_USER}@'127.0.0.1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" > /tmp/sql
|-
echo "GRANT ALL ON *.* TO ${DB_USER}@'localhost' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql
! MySQL name package !! Since Alpine: !! Brief usage !! Related package
echo "GRANT ALL ON *.* TO ${DB_USER}@'::1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql
|-
echo "DELETE FROM mysql.user WHERE User='';" >> /tmp/sql
| {{Pkg|mysql}} || v2 || a transitional package that installs mariadb || mariadb
echo "DROP DATABASE test;" >> /tmp/sql
|-
echo "FLUSH PRIVILEGES;" >> /tmp/sql
| {{Pkg|mysql-client}} || v2 || a transitional package that installs the mariadb client tools || mariadb-client
cat /tmp/sql | mysql -u root --password="${DB_ROOT_PASS}"</nowiki>}}
|-
| {{Pkg|mariadb}} || v2 || server equivalent to mysql-server || mariadb-common
|-
| {{Pkg|mariadb-client}} || v2 || connection command line and tools || mariadb-common
|-
| {{Pkg|mariadb-doc}} || v3.0 || manpages for mariadb || man man-pages
|-
| {{Pkg|mariadb-connector-odbc}} || edge || coding or making OS level connections, to any DB without libs install || .
|-
| {{Pkg|mariadb-connector-c}} || v3.8 || coding connection on C sources || mariadb-connector-c-dev
|-
| {{Pkg|mariadb-backup}} || v3.8 || tool for physical online backups, no longer widely used || .
|-
| {{Pkg|mariadb-server-utils}} || v3.8 || server commands not widely used, in past was inside MariaDB package || .
|-
| {{Pkg|mariadb-dev}} || v3.1 || development files for MariaDB || .
|-
| {{Pkg|mariadb-test}} || v3.3 || testing suite from MariaDB tools || .
|-
| {{Pkg|mariadb-mytop}} || v3.9 || data performance monitoring || .
|-
| {{Pkg|mariadb-plugin-rocksdb}} || v3.9 || plain key-value event relational for data || .
|-
| {{Pkg|mariadb-static}} || v3.8 || static libs for static non depends linking in builds || .
|-
| {{Pkg|mariadb-embedded}} || v3.9 || the libmysqld identical interface as the C client || mariadb-embedded-dev
|-
| {{Pkg|mariadb-embedded-dev}} || v3.9 ||  use the normal mysql.h and link with libmysqld instead of libmysqlclient || mariadb-dev
|-
| {{Pkg|mariadb-openrc}} || v3.8 || separate scripts, in past was embebed on server package || .
|}


Modifying configuration file /etc/mysql/my.cnf
== Initialization ==
{{cmd|<nowiki>sed -i "s|max_allowed_packet\s*=\s*1M|max_allowed_packet = ${MAX_ALLOWED_PACKET}|g" /etc/mysql/my.cnf
sed -i "s|max_allowed_packet\s*=\s*16M|max_allowed_packet = ${MAX_ALLOWED_PACKET}|g" /etc/mysql/my.cnf</nowiki>}}


Normally you want to start the MariaDB server when the system is launching. This is done by adding MariaDB to the needed runlevel.
The version of MariaDB in the Alpine repositories behave like the MySQL tarball. No graphical tools are included.
{{cmd|rc-update add mariadb default}}


Now MariaDB server should start automatically when you launch your system next time. To test that run:
The ''datadir'' located at {{Path|/var/lib/mysql}} must be owned by the mysql user and group. The location of the ''datadir'' can be changed by editing the <code>mariadb</code> service file in {{Path|/etc/init.d}}. The new location will also need to be set by adding <code><nowiki>datadir=<YOUR_DATADIR></nowiki></code> in the <code>[mysqld]</code> section in a mariadb configuration file.
{{cmd|reboot}}


To make sure that Nginx and PHP are started run:
Normal initialization of mariadb can be done as follows:
{{cmd|<nowiki>ps aux | grep mysql</nowiki>}}


You should get something like this:
# Initialize the main mysql database, and the data dir as standardized to {{Path|/var/lib/mysql}} by running <code>rc-service mariadb setup</code>
<pre>
# Start the main service. At this point there will be no root password set. <code>rc-service mariadb start</code>
  382 mysql     0:00 /usr/bin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --pid-file=/run/mysqld/mysqld.pid --socket=/run/mysqld/mysqld.sock --port=3306
# Secure the database by running <code>mysql_secure_installation</code>
  383 root      0:00 logger -t mysqld -p daemon.error
# Setup permissions for managing others users and databases
</pre>


[[Category:SQL]]
== Configuration ==
 
In order to help with the basic configuration of the database engine, MariaDB provides <code>mysql_secure_installation</code>.
This script walks you through the basics of securing the database. The options are explained below.
 
# '''Enter current password for root (enter for none):''' If you have previously set up a root password, provide it here and press enter. If not, just press enter.
#  '''Switch to unix_socket authentication [Y/n]''' Setting the root password or using the Unix_socket ensures that only admins can log into engine database. For non-production servers just press "n" to setup a root password, which will give you the response <code>... skipping.</code>
# '''Change the root password? [Y/n]''' Here you can change the root password, or set one if needed. Press "Y" and enter the new password.
# '''Remove anonymous users? [Y/n]''' Remove anonymous users created to log in using socket authentication. Unless you're sure you need this, answer "Y" to remove them.
# '''Disallow root login remotely? [Y/n]''' Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Answer "Y".
# '''Remove test database and access to it? [Y/n]''' By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, answer "Y".
# '''Reload privilege tables now? [Y/n]''' Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer "Y".
 
After the script exits, restart the service with <code>rc-service mariadb restart</code>
 
To start the database daemon on every boot, run <code>rc-update add mariadb default</code>
 
=== Configuration files and customization ===
 
Rather than being stored in {{Path|my.cnf}}, configuration settings for MariaDB are now organized in separate files. The primary configuration is done by adding files to {{Path|/etc/my.cnf.d/}}. User-specific configuration files are stored in {{Path|~/.my.cnf}}. User-specific configuration files are loaded after the system-wide configuration. The locations of the various configuration files are listed below.
 
{| class="wikitable"
|-
! Config file !! Versions of Alpine !! Contents to configure
|-
| {{Path|/etc/mysql/my.cnf}} || v2 to v3.8 || All the directives, global config file
|-
| {{Path|/etc/my.cnf.d/mariadb-server.cnf}} || since 3.9 || First global config file, main directives
|-
| {{path|$HOME/.my.cnf}} || all || user name only config directives
|}
 
As previously mentioned, this page describes basic usage of MariaDB. For professional usage, [[MySQL]] should also be referenced.
 
* The following command will configure the server to accept all incoming connections. This should only be done for development, or if the database is not exposed to the Internet or a sensitive network.
 
{{Cmd|<nowiki>sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>}}
 
* For simple installations, disabling hostname search can improve performance, but is only useful for local servers.
 
{{Cmd|<nowiki>sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
</nowiki>}}
 
== Updating or coming from upgrading ==
 
When upgrading between Alpine Linux releases, MariaDB may also have a major version change, and the databases should be upgraded to match. The recommended steps in this process are detailed below.
 
# While it may no longer be strictly necessary, it's useful to backup your databases before upgrading the database version.
# Update Alpine Linux and the MariaDB/MySQL packages.
# Install mariadb-server-utils by running <code>apk add {{pkg|mariadb-server-utils|arch=}}</code>.
# Run <code>mysql_upgrade -u root -p</code> script, and provide the password for the root database user.
# Restart the service by running <code>rc-service mariadb restart</code>.
 
If <code>mysql_upgrade</code> fails because MySQL cannot start, try running MySQL in safemode with <code>mysqld_safe --datadir=/var/lib/mysql/</code>, and then run <code>mysql_upgrade -u root -p</code> again.
 
= See Also =
 
* [[MySQL]]
* [[Production LAMP system: Lighttpd + PHP + MySQL]]
 
[[Category:Newbie]]
[[Category:Server]]
[[Category:Server]]
[[Category:Database]]
[[Category:Development]]
[[Category:Security]]
[[Category:Production]]

Latest revision as of 23:18, 21 March 2024

MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.

This is the general documentation for normal and common general usage, for professional usage please use MySQL that is the same as MariaDB but with several modifications focused on production and security!

Installation

The Alpine Linux repositories no longer include the actual MySQL binaries, installing the mysql-* packages will instead install MariaDB.

Installing mariadb will create the user mysql. When the database is initialized, two users will be added to the database: root and mysql. By default these users will only be accessible if you are logged in as the corresponding system user.

apk add mysql mysql-client

Installing the above packages will add the main components of MariaDB to the system: mariadb-cient and mariadb-server. Other available packages are described in the table below, and are listed in order of relevance for a production server.

MySQL name package Since Alpine: Brief usage Related package
mysql v2 a transitional package that installs mariadb mariadb
mysql-client v2 a transitional package that installs the mariadb client tools mariadb-client
mariadb v2 server equivalent to mysql-server mariadb-common
mariadb-client v2 connection command line and tools mariadb-common
mariadb-doc v3.0 manpages for mariadb man man-pages
mariadb-connector-odbc edge coding or making OS level connections, to any DB without libs install .
mariadb-connector-c v3.8 coding connection on C sources mariadb-connector-c-dev
mariadb-backup v3.8 tool for physical online backups, no longer widely used .
mariadb-server-utils v3.8 server commands not widely used, in past was inside MariaDB package .
mariadb-dev v3.1 development files for MariaDB .
mariadb-test v3.3 testing suite from MariaDB tools .
mariadb-mytop v3.9 data performance monitoring .
mariadb-plugin-rocksdb v3.9 plain key-value event relational for data .
mariadb-static v3.8 static libs for static non depends linking in builds .
mariadb-embedded v3.9 the libmysqld identical interface as the C client mariadb-embedded-dev
mariadb-embedded-dev v3.9 use the normal mysql.h and link with libmysqld instead of libmysqlclient mariadb-dev
mariadb-openrc v3.8 separate scripts, in past was embebed on server package .

Initialization

The version of MariaDB in the Alpine repositories behave like the MySQL tarball. No graphical tools are included.

The datadir located at /var/lib/mysql must be owned by the mysql user and group. The location of the datadir can be changed by editing the mariadb service file in /etc/init.d. The new location will also need to be set by adding datadir=<YOUR_DATADIR> in the [mysqld] section in a mariadb configuration file.

Normal initialization of mariadb can be done as follows:

  1. Initialize the main mysql database, and the data dir as standardized to /var/lib/mysql by running rc-service mariadb setup
  2. Start the main service. At this point there will be no root password set. rc-service mariadb start
  3. Secure the database by running mysql_secure_installation
  4. Setup permissions for managing others users and databases

Configuration

In order to help with the basic configuration of the database engine, MariaDB provides mysql_secure_installation. This script walks you through the basics of securing the database. The options are explained below.

  1. Enter current password for root (enter for none): If you have previously set up a root password, provide it here and press enter. If not, just press enter.
  2. Switch to unix_socket authentication [Y/n] Setting the root password or using the Unix_socket ensures that only admins can log into engine database. For non-production servers just press "n" to setup a root password, which will give you the response ... skipping.
  3. Change the root password? [Y/n] Here you can change the root password, or set one if needed. Press "Y" and enter the new password.
  4. Remove anonymous users? [Y/n] Remove anonymous users created to log in using socket authentication. Unless you're sure you need this, answer "Y" to remove them.
  5. Disallow root login remotely? [Y/n] Normally, root should only be allowed to connect from 'localhost' in order to protect from password sniffing attempts over the network. Answer "Y".
  6. Remove test database and access to it? [Y/n] By default, MariaDB comes with a database named 'test' that anyone can access. If this is not needed, answer "Y".
  7. Reload privilege tables now? [Y/n] Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Answer "Y".

After the script exits, restart the service with rc-service mariadb restart

To start the database daemon on every boot, run rc-update add mariadb default

Configuration files and customization

Rather than being stored in my.cnf, configuration settings for MariaDB are now organized in separate files. The primary configuration is done by adding files to /etc/my.cnf.d/. User-specific configuration files are stored in ~/.my.cnf. User-specific configuration files are loaded after the system-wide configuration. The locations of the various configuration files are listed below.

Config file Versions of Alpine Contents to configure
/etc/mysql/my.cnf v2 to v3.8 All the directives, global config file
/etc/my.cnf.d/mariadb-server.cnf since 3.9 First global config file, main directives
$HOME/.my.cnf all user name only config directives

As previously mentioned, this page describes basic usage of MariaDB. For professional usage, MySQL should also be referenced.

  • The following command will configure the server to accept all incoming connections. This should only be done for development, or if the database is not exposed to the Internet or a sensitive network.

sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf

  • For simple installations, disabling hostname search can improve performance, but is only useful for local servers.

sed -i "s|.*skip-networking.*|skip-networking|g" /etc/mysql/my.cnf sed -i "s|.*skip-networking.*|skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf

Updating or coming from upgrading

When upgrading between Alpine Linux releases, MariaDB may also have a major version change, and the databases should be upgraded to match. The recommended steps in this process are detailed below.

  1. While it may no longer be strictly necessary, it's useful to backup your databases before upgrading the database version.
  2. Update Alpine Linux and the MariaDB/MySQL packages.
  3. Install mariadb-server-utils by running apk add mariadb-server-utils.
  4. Run mysql_upgrade -u root -p script, and provide the password for the root database user.
  5. Restart the service by running rc-service mariadb restart.

If mysql_upgrade fails because MySQL cannot start, try running MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/, and then run mysql_upgrade -u root -p again.

See Also