Difference between revisions of "MySQL"
(Wrong path for expand-template () |
|||
(15 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Languages}} | {{Languages}} | ||
− | SME Server runs MySQL as a database server. | + | SME Server up to and including version 9.x runs MySQL as a database server. |
+ | |||
+ | SME Server 10 uses MariaDB to provide this function. | ||
A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default. | A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default. | ||
− | * MySQL website: http://www.mysql.com <br /> | + | *MySQL website: http://www.mysql.com <br /> |
− | * MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/ | + | *MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/<br /> |
+ | *MariaDB documentation: https://mariadb.org/documentation/ | ||
==General== | ==General== | ||
− | + | {{warning box|Koozali SME Server Version 10: MySQL is provided by MariaDB. You can check the version in the usual way, e.g. at the time of writing version 5.5.}} | |
− | You can upgrade | + | The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MariaDB installed on SME Server is version 5.5.68.You can upgrade MariaDB, using their rpms, to a higher version but you are advised not to do so, as this might break your SME Server configuration. The Horde webmail interface relies on MariaDB. Upgrading to version 10.x has potential to break stuff like webmail. If you insist on upgrading MariaDB you may be able to find instructions in the forum, but be advised that no support can be expected from the developers and all bugs reported in the |
bugtracker will not be taken into account. | bugtracker will not be taken into account. | ||
− | MySQL on SME Server runs on a socket instead of on a port which you might be accustomed to. | + | Alternatively you can rely on contribs and Red-Hat Software collection to add [[Mysql57|MySQL 5.7]] and MariaDB [[Mariadb101|10.1]] [[Mariadb102|10.2]] [[Mariadb103|10.3]] or [[Mariadb105|10.5]] as secondary SQL service to satisfy your needs. |
+ | |||
+ | MariaDB on SME Server runs on a socket instead of on a port which you might be accustomed to. | ||
This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below). | This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below). | ||
− | ==MySQL root password== | + | {{Note box|All MariaDB services provided by core or contribs shares the same /etc/my.cnf file as configuration file. Please respect the sections inside the file when adding some new template-custom depending if you want this be seen by all running version or a specific version. You can refer to MariaDB manual for more information. |
+ | While MySQL supports this kind of configuration, for backward compatibility of the contrib MySQL57 we kept a separate config file.}} | ||
+ | |||
+ | [mysqld] | ||
+ | [mysqld_safe] | ||
+ | [mysql-5.7] | ||
+ | [mariadb-10.1] | ||
+ | [mariadb-10.2] | ||
+ | [mariadb-10.3] | ||
+ | [mariadb-10.5] | ||
+ | |||
+ | == Access to MariaDB/MySQL from my application == | ||
+ | As stated above on SME Server you have to use socket, this is more secure than using port. By default the service only listen on the server using socket, so trying to connect with any port will result in a failure. | ||
+ | |||
+ | Most application will have to define a string to access the socket, as below pointing to localhost (not 127.0.0.1, nor the LAN ip) and the full path to the socket. In some situation you will have to define the socket path and the host (localhost again and not 127.0.0.1) in variables. | ||
+ | define( 'DB_HOST', 'localhost:/var/lib/mysql/mysql.sock' ); | ||
+ | |||
+ | ==MariaDB/MySQL root password== | ||
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password. | There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password. | ||
Line 26: | Line 48: | ||
To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user. | To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user. | ||
− | For SME | + | <tabs container style="display: inline-block;"><tab name="For SME 10"> |
+ | systemctl stop mariadb | ||
+ | expand-template /root/.my.cnf | ||
+ | expand-template /var/lib/mysql/set.password | ||
+ | /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables < /var/lib/mysql/set.password | ||
+ | exit | ||
+ | systemctl start mariadb | ||
+ | </tab><tab name="For SME 7.3 and up to SME 9.2"> | ||
+ | |||
cd /var/service/mysqld | cd /var/service/mysqld | ||
sv d . | sv d . | ||
Line 33: | Line 63: | ||
/usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password | /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password | ||
sv u . | sv u . | ||
− | + | </tab><tab name="For SME 7.2 and earlier"> | |
For SME Server 7.2 and earlier releases do the following (they use the runsvctrl command instead of the sv command): | For SME Server 7.2 and earlier releases do the following (they use the runsvctrl command instead of the sv command): | ||
Line 42: | Line 72: | ||
/usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password | /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password | ||
runsvctrl u . | runsvctrl u . | ||
+ | </tab> | ||
+ | </tabs> | ||
− | ===Restoring | + | ===Restoring accidentally deleted MySQL root user=== |
+ | <tabs container style="display: inline-block;"><tab name="For SME 10"> | ||
+ | mariadb 5.5 and up to 10.5 | ||
+ | systemctl stop mariadb | ||
+ | echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">/var/lib/mysql/set.rootuser | ||
+ | echo "GRANT PROXY ON ''@'' TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser | ||
+ | echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser | ||
+ | echo "GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser | ||
+ | expand-template /root/.my.cnf | ||
+ | expand-template /var/lib/mysql/set.password | ||
+ | /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables <( cat /var/lib/mysql/set.rootuser /var/lib/mysql/set.password) | ||
+ | exit | ||
+ | systemctl start mariadb | ||
+ | </tab><tab name="For SME 8 and up to 9"> | ||
+ | for MySQL 5.1.73 | ||
+ | cd /var/service/mysqld | ||
+ | sv d . | ||
+ | echo 'use mysql;'>set.rootuser | ||
+ | echo "INSERT INTO `user` VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);">>set.rootuser | ||
+ | expand-template /root/.my.cnf | ||
+ | expand-template /var/service/mysqld/set.password | ||
+ | /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser | ||
+ | /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password | ||
+ | sv u . | ||
+ | </tab><tab name="For SME 7.3"> | ||
Note: The following is only applicable on SME 7.3 and MySQL 4.1 | Note: The following is only applicable on SME 7.3 and MySQL 4.1 | ||
cd /var/service/mysqld | cd /var/service/mysqld | ||
Line 55: | Line 111: | ||
/usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password | /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password | ||
sv u . | sv u . | ||
+ | </tab> | ||
+ | </tabs> | ||
+ | |||
+ | ==MariaDB/MySQL fails to start== | ||
+ | you need to investigate the cause by inspecting two logs : | ||
+ | * service log | ||
+ | journalctl -u mariadb | ||
+ | |||
+ | * mariadb log | ||
+ | tail -f /var/log/mariadb/mariadb.log | ||
+ | |||
+ | ===Corrupted user table=== | ||
+ | Your error in mariadb log will include | ||
+ | ERROR: 130 Incorrect file format 'user' | ||
+ | |||
+ | This could mostly occurs after a power outage. mysql.user table is a MYSIAM type | ||
+ | # ll /var/lib/mysql/mysql/user.* | ||
+ | -rw-rw---- 1 mysql mysql 10630 3 jui 21:08 /var/lib/mysql/mysql/user.frm | ||
+ | -rw-rw---- 1 mysql mysql 488 3 jui 21:08 /var/lib/mysql/mysql/user.MYD | ||
+ | -rw-rw---- 1 mysql mysql 2048 3 jui 21:08 /var/lib/mysql/mysql/user.MYI | ||
+ | In this case you might see user.MYD or user.MYI with 0 byte size. If the issue is on MYI this is the index you should be able to rebuild, if it is on the MYD, this is the data, you will need a backup to restore from. | ||
+ | |||
+ | as root, first start mariadb without grant table | ||
+ | systemctl stop mariadb | ||
+ | /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --skip-grant-tables | ||
+ | {{warning box| be careful that mariadb will be running without any user auth, if it is open to outside of your server, then you might want to close this access first, and keep this session as short as possible }} | ||
+ | then use mysql command line | ||
+ | mysqlcheck mysql | ||
+ | if wound any error try | ||
+ | mysqlcheck mysql --repair | ||
+ | if it fails then you needs to do a restore. You might have a dump in /home/e-smith/db/mysql/mysql.dump. Wishing it is up to date. I suggest you to copy it and just extract the part for the table you are missing. | ||
+ | You need what is under | ||
+ | -- | ||
+ | -- Table structure for table `user` | ||
+ | -- | ||
+ | and | ||
+ | -- | ||
+ | -- Dumping data for table `user` | ||
+ | -- | ||
+ | |||
+ | Considering your table dump is now in a file called /home/e-smith/db/mysql/mysql.user.dump, do | ||
+ | mysql mysql < /home/e-smith/db/mysql/mysql.user.dump | ||
+ | expand-template /var/lib/mysql/set.password | ||
+ | mysql mysql < /var/lib/mysql/set.password | ||
+ | mysqladmin shutdown | ||
+ | systemctl start mariadb | ||
+ | |||
+ | {{warning box| the line dumping the table mysql.user to the mariadb server will delete any existing entries in the table if you are using the default SME dump as it has a DROP TABLE IF EXISTS line. So do this only if you know what you are doing.}} | ||
− | ==Access MySQL from the local network== | + | ==Access MariaDB/MySQL using port from the localhost and local network== |
− | MySQL on SME Server | + | MariaDB/MySQL on SME Server runs on a socket instead of on a port. |
− | MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet. | + | MariaDB/MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet. |
− | If you wish to enable local network access, execute the following commands on a SME Server shell as root: | + | If you wish to enable local network access, execute the following commands on a SME Server shell as root (note access private is not needed as this is the default, and TCPPort 3306 neither as all ports are open to the LAN by default): |
+ | {{Warning box|Keep in mind that by default MariaDB/MySQL is not using any kind of encryption unless you did work on that yourself, so any access to the port from the LAN will be as clear text and anyone on the LAN will be able to access to the password and all the data transferred between your server and the client. Refers to the manual of your database version.}} | ||
+ | |||
+ | <tabs container style="display: inline-block;"><tab name="For SME 10"> | ||
+ | config setprop mariadb LocalNetworkingOnly no | ||
+ | expand-template /etc/my.cnf | ||
+ | systemctl restart /service/mysqld | ||
+ | </tab><tab name="For SME 9.2 and before"> | ||
config setprop mysqld LocalNetworkingOnly no | config setprop mysqld LocalNetworkingOnly no | ||
expand-template /etc/my.cnf | expand-template /etc/my.cnf | ||
sv t /service/mysqld | sv t /service/mysqld | ||
+ | </tab> | ||
+ | </tabs> | ||
==Access MySQL from a remote network== | ==Access MySQL from a remote network== | ||
− | If you wish to enable access to MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands: | + | If you wish to enable access to MariaDB/MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands: |
+ | <tabs container style="display: inline-block;"><tab name="For SME 10"> | ||
+ | config set mariadb service access public status enabled TCPPort 3306 | ||
+ | signal-event remoteaccess-update | ||
+ | signal-event smeserver-mysql-update | ||
+ | </tab><tab name="For SME 9 and below"> | ||
config set mysqld service access public status enabled TCPPort 3306 | config set mysqld service access public status enabled TCPPort 3306 | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
signal-event reboot | signal-event reboot | ||
+ | </tab> | ||
+ | </tabs> | ||
− | Keep in mind this enables access to your MySQL database for ANYONE, so make sure you have strong passwords on ALL your MySQL databases. | + | Keep in mind this enables access to your MariaDB/MySQL database for ANYONE, so make sure you have strong passwords on ALL your MariaDB/MySQL databases. |
Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command. | Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command. | ||
− | + | {{Warning box|Keep in mind that by default MariaDB/MySQL is not using any kind of encryption unless you did work on that yourself, so any access to the port from the WAN will be as clear text and anyone on the Internet will be able to access to the password and all the data transferred between your server and the client. Refers to the manual of your database version.}} | |
− | |||
− | If you want to access a | + | ==Create MariaDB/MySQL user(s) with access from other computers== |
+ | SME Server's default MariaDB/MySQL database users, and most of the database examples in the wiki, allow login only from ''localhost''. | ||
+ | |||
+ | If you want to access a MariaDB/MySQL database on your SME server from other computers, you must not only make the configuration changes described above, you must also create a user who is allowed to login from those systems (see [http://dev.mysql.com/doc/refman/4.1/en/connection-access.html 5.5.4. Access Control, Stage 1: Connection Verification] for more detail). | ||
===Allow mysql login from any LAN workstation=== | ===Allow mysql login from any LAN workstation=== | ||
− | Assuming your local network is 192.168. | + | Assuming your local network is 192.168.1.0, you can create a user with MariaDB/MySQL access from any LAN workstation (or VPN client) using the command shown below (courtesy of [http://forums.contribs.org/index.php/topic,32270.msg136322.html#msg136322 DarkMirage]). |
{{Tip box|The suggestion here is to assign privileges based on IP number (using a wild card if desired), the same can also be done for hostnames. In some cases, like dynamicaly assgned IP addresses, this might be a more suitable and robust solution.}} | {{Tip box|The suggestion here is to assign privileges based on IP number (using a wild card if desired), the same can also be done for hostnames. In some cases, like dynamicaly assgned IP addresses, this might be a more suitable and robust solution.}} | ||
You probably want to change: | You probably want to change: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | *the database name ('''MyDB''') | |
− | + | *the user name ('''MyUser''') | |
+ | *the password ('''MyPW''') and | ||
+ | *the allowed computers ('''192.168.1.%''') | ||
− | If you have remote users who need access to your | + | ## In the command below, \ escapes a linebreak. |
+ | ## Either include them, or place the entire command on one line | ||
+ | mysql -e "\ | ||
+ | create database MyDB; \ | ||
+ | GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,ALTER \ | ||
+ | ON *.* \ | ||
+ | TO 'MyUser'@'192.168.1.%' \ | ||
+ | IDENTIFIED BY 'MyPW'; \ | ||
+ | FLUSH PRIVILEGES;" | ||
+ | |||
+ | ===Security Implications of allowing remote MariaDB/MySQL login=== | ||
+ | It is technically possible to combine the above techniques to allow remote MariaDB/MySQL login from any host on the Internet (allow network login, open the firewall, then set the network address to '%'). This would be a bad idea. | ||
+ | |||
+ | If you have remote users who need access to your MariaDB/MySQL database(s), encourage them to use a VPN connection, or an SSH tunnel, or (at a minimum), restrict the allowed login hosts to their internet IP address. On top of that, you are encouraged to enforce encrypted connection at the level of you MariaDB/MySQL service to avoid any clear text exchange on the LAN or worse on the Internet. | ||
==Enable InnoDB engine== | ==Enable InnoDB engine== | ||
Line 123: | Line 247: | ||
===Create a new database=== | ===Create a new database=== | ||
− | * See the developers guide if you wish to automate the creation of a database within an rpm | + | |
+ | *See the developers guide if you wish to automate the creation of a database within an rpm | ||
+ | |||
or | or | ||
− | * Get access to the SME Server shell and issue the following commands: | + | |
+ | *Get access to the SME Server shell and issue the following commands: | ||
mysqladmin create 'dbname' --default-character-set=utf8 | mysqladmin create 'dbname' --default-character-set=utf8 | ||
Line 131: | Line 258: | ||
This will create an empty database called dbname. | This will create an empty database called dbname. | ||
− | {{Warning box|The 'root' user should not be permitted to access the database except from localhost. Each application should have its own database and its own user to access that database. | + | {{Warning box|The 'root' user should not be permitted to access the database except from localhost. Each application should have its own database and its own user to access that database.}} |
− | }} | ||
===Creating MySQL user(s)=== | ===Creating MySQL user(s)=== | ||
− | Decide which permissions you will have to give to the user on what database. Details about this can be found in the MySQL Manual found at the MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server: | + | Decide which permissions you will have to give to the user on what database. Details about this can be found in the MariaDB/MySQL Manual found at the MariaDB/MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server: |
mysql | mysql | ||
Line 143: | Line 269: | ||
GRANT SELECT ON test.* TO 'user'@'host' IDENTIFIED BY 'password'; | GRANT SELECT ON test.* TO 'user'@'host' IDENTIFIED BY 'password'; | ||
− | In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MySQL server (don't forget the single quotes). More information can be found in the MySQL Server Manual at the MySQL website linked here. | + | In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MariaDB/MySQL server (don't forget the single quotes). More information can be found in the MariaDB/MySQL Server Manual at the MariaDB/MySQL website linked here. |
===Listing available databases=== | ===Listing available databases=== | ||
− | To view a list of available databases on the system you can issue the following command while logged in in MySQL: | + | To view a list of available databases on the system you can issue the following command while logged in in MariaDB/MySQL: |
show databases; | show databases; | ||
===Remove a database=== | ===Remove a database=== | ||
− | Get access to the SME Server shell and MySQL and issue the following command: | + | Get access to the SME Server shell and MariaDB/MySQL and issue the following command: |
drop database databasename; | drop database databasename; | ||
Line 158: | Line 284: | ||
===Remove a user=== | ===Remove a user=== | ||
− | Get access to the SME Server shell and MySQL and issue the following command: | + | Get access to the SME Server shell and MariaDB/MySQL and issue the following command: |
USE mysql; | USE mysql; | ||
Line 168: | Line 294: | ||
{{Tip box|mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.}} | {{Tip box|mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.}} | ||
− | ==Optimizing | + | == Optimizing MariaDB/MySQL default settings for SME 10 == |
+ | Here are the available settings from the configuration database to tweak you MariaDB service. If no default value indicated, please refers the the manual of your database version for its own default value: | ||
+ | {| class="wikitable" | ||
+ | !key | ||
+ | !default | ||
+ | !Role | ||
+ | |- | ||
+ | |innodb_file_format | ||
+ | |barracuda | ||
+ | | | ||
+ | |- | ||
+ | |innodb_file_per_table | ||
+ | |1 | ||
+ | | | ||
+ | |- | ||
+ | |LocalNetworkingOnly | ||
+ | |no | ||
+ | | | ||
+ | |- | ||
+ | |OpenFilesLimit | ||
+ | |0 | ||
+ | | | ||
+ | |- | ||
+ | |MaxConnections | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |WaitTimeout | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |QueryCacheLimit | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |QueryCacheSize | ||
+ | |1M | ||
+ | | | ||
+ | |- | ||
+ | |QueryCacheType | ||
+ | |1 | ||
+ | | | ||
+ | |- | ||
+ | |SortBufferSize | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |ReadRndBufferSize | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |TableOpenCache | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |TableOpenCacheInstances | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |TmpTableSize | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |MaxHeapTableSize | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |ThreadCacheSize | ||
+ | |256 | ||
+ | | | ||
+ | |- | ||
+ | |KeyBufferSize | ||
+ | | | ||
+ | |key_buffer_size | ||
+ | |- | ||
+ | |MyisamSortBufferSize | ||
+ | | | ||
+ | |myisam_sort_buffer_size | ||
+ | |- | ||
+ | |JoinBufferSize | ||
+ | |262144 | ||
+ | | | ||
+ | |- | ||
+ | |ReadBufferSize | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |MaxConnectErrors | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | |ConnectTimeout | ||
+ | |100 | ||
+ | | | ||
+ | |- | ||
+ | |MaxAllowedPacket | ||
+ | |16M | ||
+ | | | ||
+ | |- | ||
+ | |SlowQueries | ||
+ | | | ||
+ | | | ||
+ | |} | ||
+ | |||
+ | |||
+ | to alter a value, just do | ||
+ | config set mariadb KeyBufferSize 18M MyisamSortBufferSize 8M | ||
+ | expand-template /etc/my.cnf | ||
+ | systemctl restart mariadb | ||
+ | if your needed option is not available then create a dedicated template custom. '''Be careful to use a name starting with a number between 016 and 039'''. | ||
+ | mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ | ||
+ | vim /etc/e-smith/templates-custom/etc/my.cnf/017myvalues | ||
+ | expand-template /etc/my.cnf | ||
+ | systemctl restart mariadb | ||
+ | |||
+ | ==Optimizing MariaDB/MySQL default settings for up to SME9== | ||
− | SME Server uses | + | SME Server uses MariaDB/MySQL for the webmail package, and the default configuration is optimized for that. |
− | If you are using the SME server to provide | + | If you are using the SME server to provide MariaDB/MySQL databases for functions running on workstations, you may need to adjust some of the default MariaDB/MySQL parameters. Keep in mind it is difficult to optimize MYSQL for a number of different applications, as default values that are suitable for one application may not be suitable for another. In determining appropriate settings for MariaDB/MySQL, you will also need to consider the system resources & general specification of the server that MariaDB/MySQL is running on. |
Pointers for tuning and optimizing the databases can be found at http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/ and http://lists.mysql.com/mysql/214398 and specifically re key_buffer_size at http://lists.mysql.com/mysql/214398 | Pointers for tuning and optimizing the databases can be found at http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/ and http://lists.mysql.com/mysql/214398 and specifically re key_buffer_size at http://lists.mysql.com/mysql/214398 | ||
Line 184: | Line 425: | ||
Create a custom template fragment & edit it to include your required parameters | Create a custom template fragment & edit it to include your required parameters | ||
mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ | mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ | ||
− | + | vim /etc/e-smith/templates-custom/etc/my.cnf/016mysetup | |
Save & Exit | Save & Exit | ||
Ctrl o | Ctrl o | ||
Line 196: | Line 437: | ||
---- | ---- | ||
[[Category:Howto]] | [[Category:Howto]] | ||
− | [[Category:Administration]]</noinclude> | + | [[Category:Administration]] |
+ | </noinclude> |
Latest revision as of 13:10, 21 June 2023
SME Server up to and including version 9.x runs MySQL as a database server.
SME Server 10 uses MariaDB to provide this function. A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default.
- MySQL website: http://www.mysql.com
- MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/
- MariaDB documentation: https://mariadb.org/documentation/
General
The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MariaDB installed on SME Server is version 5.5.68.You can upgrade MariaDB, using their rpms, to a higher version but you are advised not to do so, as this might break your SME Server configuration. The Horde webmail interface relies on MariaDB. Upgrading to version 10.x has potential to break stuff like webmail. If you insist on upgrading MariaDB you may be able to find instructions in the forum, but be advised that no support can be expected from the developers and all bugs reported in the bugtracker will not be taken into account.
Alternatively you can rely on contribs and Red-Hat Software collection to add MySQL 5.7 and MariaDB 10.1 10.2 10.3 or 10.5 as secondary SQL service to satisfy your needs.
MariaDB on SME Server runs on a socket instead of on a port which you might be accustomed to. This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below).
[mysqld] [mysqld_safe] [mysql-5.7] [mariadb-10.1] [mariadb-10.2] [mariadb-10.3] [mariadb-10.5]
Access to MariaDB/MySQL from my application
As stated above on SME Server you have to use socket, this is more secure than using port. By default the service only listen on the server using socket, so trying to connect with any port will result in a failure.
Most application will have to define a string to access the socket, as below pointing to localhost (not 127.0.0.1, nor the LAN ip) and the full path to the socket. In some situation you will have to define the socket path and the host (localhost again and not 127.0.0.1) in variables.
define( 'DB_HOST', 'localhost:/var/lib/mysql/mysql.sock' );
MariaDB/MySQL root password
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.
The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.
Login as MySQL root user
To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.
Resetting the MySQL root password
To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user.
systemctl stop mariadb expand-template /root/.my.cnf expand-template /var/lib/mysql/set.password /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables < /var/lib/mysql/set.password exit systemctl start mariadb
cd /var/service/mysqld sv d . expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password sv u .
For SME Server 7.2 and earlier releases do the following (they use the runsvctrl command instead of the sv command):
cd /var/service/mysqld runsvctrl d . expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password runsvctrl u .
Restoring accidentally deleted MySQL root user
mariadb 5.5 and up to 10.5 systemctl stop mariadb echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">/var/lib/mysql/set.rootuser echo "GRANT PROXY ON @ TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser echo "GRANT PROXY ON @ TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser expand-template /root/.my.cnf expand-template /var/lib/mysql/set.password /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables <( cat /var/lib/mysql/set.rootuser /var/lib/mysql/set.password) exit systemctl start mariadb
for MySQL 5.1.73
cd /var/service/mysqld sv d . echo 'use mysql;'>set.rootuser echo "INSERT INTO `user` VALUES ('localhost','root',,'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',,,,,0,0,0,0);">>set.rootuser expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password sv u .
Note: The following is only applicable on SME 7.3 and MySQL 4.1
cd /var/service/mysqld sv d . echo 'use mysql;'>set.rootuser echo -n 'INSERT INTO user VALUES("localhost","root","",'>>set.rootuser echo '"Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","","","","",0,0,0);'>>set.rootuser expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password sv u .
MariaDB/MySQL fails to start
you need to investigate the cause by inspecting two logs :
- service log
journalctl -u mariadb
- mariadb log
tail -f /var/log/mariadb/mariadb.log
Corrupted user table
Your error in mariadb log will include
ERROR: 130 Incorrect file format 'user'
This could mostly occurs after a power outage. mysql.user table is a MYSIAM type
# ll /var/lib/mysql/mysql/user.* -rw-rw---- 1 mysql mysql 10630 3 jui 21:08 /var/lib/mysql/mysql/user.frm -rw-rw---- 1 mysql mysql 488 3 jui 21:08 /var/lib/mysql/mysql/user.MYD -rw-rw---- 1 mysql mysql 2048 3 jui 21:08 /var/lib/mysql/mysql/user.MYI
In this case you might see user.MYD or user.MYI with 0 byte size. If the issue is on MYI this is the index you should be able to rebuild, if it is on the MYD, this is the data, you will need a backup to restore from.
as root, first start mariadb without grant table
systemctl stop mariadb /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --skip-grant-tables
then use mysql command line
mysqlcheck mysql
if wound any error try
mysqlcheck mysql --repair
if it fails then you needs to do a restore. You might have a dump in /home/e-smith/db/mysql/mysql.dump. Wishing it is up to date. I suggest you to copy it and just extract the part for the table you are missing. You need what is under
-- -- Table structure for table `user` --
and
-- -- Dumping data for table `user` --
Considering your table dump is now in a file called /home/e-smith/db/mysql/mysql.user.dump, do
mysql mysql < /home/e-smith/db/mysql/mysql.user.dump expand-template /var/lib/mysql/set.password mysql mysql < /var/lib/mysql/set.password mysqladmin shutdown systemctl start mariadb
Access MariaDB/MySQL using port from the localhost and local network
MariaDB/MySQL on SME Server runs on a socket instead of on a port. MariaDB/MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet. If you wish to enable local network access, execute the following commands on a SME Server shell as root (note access private is not needed as this is the default, and TCPPort 3306 neither as all ports are open to the LAN by default):
config setprop mariadb LocalNetworkingOnly no expand-template /etc/my.cnf systemctl restart /service/mysqld
config setprop mysqld LocalNetworkingOnly no expand-template /etc/my.cnf sv t /service/mysqld
Access MySQL from a remote network
If you wish to enable access to MariaDB/MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands:
config set mariadb service access public status enabled TCPPort 3306 signal-event remoteaccess-update signal-event smeserver-mysql-update
config set mysqld service access public status enabled TCPPort 3306 signal-event remoteaccess-update signal-event reboot
Keep in mind this enables access to your MariaDB/MySQL database for ANYONE, so make sure you have strong passwords on ALL your MariaDB/MySQL databases. Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command.
Create MariaDB/MySQL user(s) with access from other computers
SME Server's default MariaDB/MySQL database users, and most of the database examples in the wiki, allow login only from localhost.
If you want to access a MariaDB/MySQL database on your SME server from other computers, you must not only make the configuration changes described above, you must also create a user who is allowed to login from those systems (see 5.5.4. Access Control, Stage 1: Connection Verification for more detail).
Allow mysql login from any LAN workstation
Assuming your local network is 192.168.1.0, you can create a user with MariaDB/MySQL access from any LAN workstation (or VPN client) using the command shown below (courtesy of DarkMirage).
You probably want to change:
- the database name (MyDB)
- the user name (MyUser)
- the password (MyPW) and
- the allowed computers (192.168.1.%)
## In the command below, \ escapes a linebreak. ## Either include them, or place the entire command on one line mysql -e "\ create database MyDB; \ GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,ALTER \ ON *.* \ TO 'MyUser'@'192.168.1.%' \ IDENTIFIED BY 'MyPW'; \ FLUSH PRIVILEGES;"
Security Implications of allowing remote MariaDB/MySQL login
It is technically possible to combine the above techniques to allow remote MariaDB/MySQL login from any host on the Internet (allow network login, open the firewall, then set the network address to '%'). This would be a bad idea.
If you have remote users who need access to your MariaDB/MySQL database(s), encourage them to use a VPN connection, or an SSH tunnel, or (at a minimum), restrict the allowed login hosts to their internet IP address. On top of that, you are encouraged to enforce encrypted connection at the level of you MariaDB/MySQL service to avoid any clear text exchange on the LAN or worse on the Internet.
Enable InnoDB engine
To enable the InnoDB engine, run the following commands:
db configuration setprop mysqld InnoDB enabled expand-template /etc/my.cnf sv t /service/mysqld
To disable the InnoDB engine, run the following commands:
db configuration setprop mysqld InnoDB disabled expand-template /etc/my.cnf sv t /service/mysqld
Administration
Information about user managament can be found in the MySQL User Account Management section of the MySQL manual, which holds a lot of useful information, a small section is listed here for convenience.
Create a new database
- See the developers guide if you wish to automate the creation of a database within an rpm
or
- Get access to the SME Server shell and issue the following commands:
mysqladmin create 'dbname' --default-character-set=utf8
This will create an empty database called dbname.
Creating MySQL user(s)
Decide which permissions you will have to give to the user on what database. Details about this can be found in the MariaDB/MySQL Manual found at the MariaDB/MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server:
mysql
Suppose we want to create a user which has read-only access on all tables in the database called 'test':
GRANT SELECT ON test.* TO 'user'@'host' IDENTIFIED BY 'password';
In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MariaDB/MySQL server (don't forget the single quotes). More information can be found in the MariaDB/MySQL Server Manual at the MariaDB/MySQL website linked here.
Listing available databases
To view a list of available databases on the system you can issue the following command while logged in in MariaDB/MySQL:
show databases;
Remove a database
Get access to the SME Server shell and MariaDB/MySQL and issue the following command:
drop database databasename;
Replace databasename with the name of the database.
Remove a user
Get access to the SME Server shell and MariaDB/MySQL and issue the following command:
USE mysql; DELETE FROM user WHERE user = 'username'; FLUSH PRIVILEGES;
Replace username with the username you wish to delete.
Optimizing MariaDB/MySQL default settings for SME 10
Here are the available settings from the configuration database to tweak you MariaDB service. If no default value indicated, please refers the the manual of your database version for its own default value:
key | default | Role |
---|---|---|
innodb_file_format | barracuda | |
innodb_file_per_table | 1 | |
LocalNetworkingOnly | no | |
OpenFilesLimit | 0 | |
MaxConnections | ||
WaitTimeout | ||
QueryCacheLimit | ||
QueryCacheSize | 1M | |
QueryCacheType | 1 | |
SortBufferSize | ||
ReadRndBufferSize | ||
TableOpenCache | ||
TableOpenCacheInstances | ||
TmpTableSize | ||
MaxHeapTableSize | ||
ThreadCacheSize | 256 | |
KeyBufferSize | key_buffer_size | |
MyisamSortBufferSize | myisam_sort_buffer_size | |
JoinBufferSize | 262144 | |
ReadBufferSize | ||
MaxConnectErrors | ||
ConnectTimeout | 100 | |
MaxAllowedPacket | 16M | |
SlowQueries |
to alter a value, just do
config set mariadb KeyBufferSize 18M MyisamSortBufferSize 8M expand-template /etc/my.cnf systemctl restart mariadb
if your needed option is not available then create a dedicated template custom. Be careful to use a name starting with a number between 016 and 039.
mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ vim /etc/e-smith/templates-custom/etc/my.cnf/017myvalues expand-template /etc/my.cnf systemctl restart mariadb
Optimizing MariaDB/MySQL default settings for up to SME9
SME Server uses MariaDB/MySQL for the webmail package, and the default configuration is optimized for that.
If you are using the SME server to provide MariaDB/MySQL databases for functions running on workstations, you may need to adjust some of the default MariaDB/MySQL parameters. Keep in mind it is difficult to optimize MYSQL for a number of different applications, as default values that are suitable for one application may not be suitable for another. In determining appropriate settings for MariaDB/MySQL, you will also need to consider the system resources & general specification of the server that MariaDB/MySQL is running on.
Pointers for tuning and optimizing the databases can be found at http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/ and http://lists.mysql.com/mysql/214398 and specifically re key_buffer_size at http://lists.mysql.com/mysql/214398
The following example comes from this forum thread http://forums.contribs.org/index.php/topic,46694.0.html and refers to this bug report http://bugs.contribs.org/show_bug.cgi?id=6287
To change the following parameters
key_buffer_size=18M myisam_sort_buffer_size=8M
Create a custom template fragment & edit it to include your required parameters
mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ vim /etc/e-smith/templates-custom/etc/my.cnf/016mysetup
Save & Exit
Ctrl o Ctrl x
Expand the changes & restart mysql
expand-template /etc/my.cnf sv t /service/mysqld
Check /etc/my.cnf to see that the changes are reflected.