MariaDB

Från wiki.soltec.se
Hoppa till: navigering, sök


MariaDB

MariaDB TX, when deployed, is comprised of

 MariaDB connectors (e.g., JDBC/ODBC)
 MariaDB MaxScale (a database proxy and firewall)
 MariaDB Server
 MariaDB Cluster (multi-master replication)
 MariaDB tools 
 MariaDB services – access is available via an enterprise open source subscription.

CLI start/stop

Manual start/stop, mysqld_safe is the recommended way to start a mysqld server on Unix that doesn't have systemd.

  # <mysql_installation_directory>/bin/mysqld_safe &

Auto start/stop, use the mysql.server script.
The mysql.server script starts mysqld by first changing to the MariaDB install directory and then calling mysqld_safe.
Adding an appropriate user line to the [mysqld] group in your my.cnf file will cause the server to be run as that user.
Copy the mysql.server file to the init.d

  # cd </path/to/your/mariadb-version/support-files/; cp mysql.server /etc/init.d/mysql
  # chmod +x /etc/init.d/mysql

N.B! Don't forget to enable at boot. e.g chkconfig

Systemd: systemd service files are included in the MariaDB-server package.
The service definition is installed in /usr/lib/systemd/system/mariadb.service.
The service name is mariadb.service; however aliases to mysql.service and mysqld.service are included for convenience.
Use the systemctl command:-

  # systemctl enable mariadb
  # systemctl start mariadb
  # systemctl stop mariadb
  # systemctl restart mariadb
  # systemctl reload mariadb
  # systemctl status mariadb

N.B! You can usually leave off the ".service" suffix as systemd is smart enough to do the math itself!

Security

MariaDB TX keeps your data safe and your applications running.

  • Encryption: TLS for encrypted connections and AES for encrypted Storage. To counter "Man-in-the-Middle", Package sniffing, Compromised Architecture and Internal bad actors. N.B! SPARC sun4v CPU has this encryption already built into the chip hardware so increasing database performance
  • Database Proxy: Query whitelisting/blacklisting and Data masking. To counter DoS, SQL Injection, Application spoofing. N.B! All of these are protected by software in silicon på SPARC M7 CPUs.
  • User Management: LDAP user & group mapping, RBAC, PAM authentication, Password validation. To counter compromised application servers, Human error and Bad actors. Compatible with standard Linux tools for connecting with AD authentication using SSSD, PAM, Samba and Kerberos.
  • Auditing: Local autdit logs, Remote centralised audit logs. To counter lack of visibility in security breaches Unmet compliance regualation and GDPR regulations (Req'd by EU to be implemented by May 2018)

Database status

 # mysql -u root -p
 > show databases;
 Select database
 > use [database];
 > create database [database];
 Status info
 > show processlist;
 > SHOW GLOBAL STATUS;
 > SHOW STATUS LIKE 'Key%';
 > SHOW STATUS LIKE '%Tables%';
 Show Variables
 > show variables like 'version%';
 > show variables like '%userstat%';

Users functions

 List all users:  > SELECT User,Host FROM mysql.user;
 Create new user:  > CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
 Grant ALL access to user for * tables:  > GRANT ALL ON database.* TO 'user'@'localhost';
 show user privs  > show grants;
 Grant all right  > grant all privileges on *.* to 'soltec'@'%' with grant option;
 display for user  > show grants for soltec;
 Set password  > set password for 'soltec'@'%' = password(‘cleartext’);

Import

Import a database dump:

 # mysql -u [username] -p -h localhost [database] < db_backup.sql
 Logout
 > exit;