2020-12-20 23:29:29 +02:00
|
|
|
* MYSQL WON'T START OR STOP?
|
|
|
|
============================
|
|
|
|
|
|
|
|
The most common reasons the server does not start are:
|
|
|
|
- AppArmor is enforced and something is wrong with the confinement profile.
|
|
|
|
- Process supervisor scripts (init, systemd etc) fail to execute normally.
|
|
|
|
- The configuration in /etc/mysql/... is wrong and prevents server from running.
|
|
|
|
|
|
|
|
First check the contents of syslog (or systemd journal) and then check the
|
|
|
|
logs at /var/log/mysql/ for any hints of what might be wrong.
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
grep mysql /var/log/syslog
|
|
|
|
journalctl -u mariadb
|
|
|
|
|
|
|
|
|
|
|
|
* NEW SERVICE NAME, PROCESS AND BINARY NAMES IN MARIADB 10.5
|
|
|
|
============================================================
|
|
|
|
|
|
|
|
Starting form MariaDB 10.5, the default SysV init service name is 'mariadb',
|
|
|
|
and can be accessed at path /etc/init.d/mariadb. The alias 'mysql' is only
|
|
|
|
created on upgrades.
|
|
|
|
|
|
|
|
On systemd services both 'mariadb' and alias 'mysql' are available all the time.
|
|
|
|
|
|
|
|
Note that the new daemon name is 'mariadbd' instead of 'mysqld' and also most
|
|
|
|
of the binaries have been renamed to mariadb-something, yet the old mysql-something
|
|
|
|
name has been kept as a symbolic link to the new name for backwards compatibility.
|
|
|
|
|
|
|
|
|
|
|
|
* NATIVE SYSTEMD SERVICE INTRODUCED IN MARIADB 10.1
|
|
|
|
===================================================
|
|
|
|
|
2021-05-06 12:08:38 -07:00
|
|
|
From MariaDB 10.1 onward the upstream mariadb.service and mariadb@.service are
|
2020-12-20 23:29:29 +02:00
|
|
|
used to provide the full systemd experience. Some features available in
|
|
|
|
traditional /etc/init.d/mysql have been changed. For details see
|
|
|
|
https://mariadb.com/kb/en/mariadb/systemd/
|
|
|
|
|
|
|
|
|
2021-05-06 12:08:38 -07:00
|
|
|
* MIXING PACKAGES FROM MARIADB.ORG AND OFFICIAL DEBIAN REPOSITORIES
|
2020-12-20 23:29:29 +02:00
|
|
|
==================================================================
|
|
|
|
|
|
|
|
Please note that the MariaDB packaging in official Debian repositories are of
|
|
|
|
a completely new generation compared to the legacy packaging used in MariaDB.org
|
|
|
|
repositories. You cannot mix and match MariaDB 10.1 packages from official
|
|
|
|
Debian (or Ubuntu) repositories with packages from MariaDB.org repositories.
|
|
|
|
Packages from the MariaDB.org repositories include the revision string '+maria'.
|
|
|
|
|
|
|
|
If a MariaDB.org repository is enabled, learn to use apt pinning properly.
|
|
|
|
|
|
|
|
Please do not file bugs in Debian regarding packages with '+maria' in the
|
|
|
|
revision string.
|
|
|
|
|
|
|
|
|
|
|
|
* ROOT USER AUTHENTICATION VIA UNIX SOCKET
|
|
|
|
==========================================
|
|
|
|
|
|
|
|
On new installs no root password is set and no debian-sys-maint user is
|
|
|
|
created anymore. Instead the MariaDB root account is set to be authenticated
|
2021-05-06 12:08:38 -07:00
|
|
|
using the Unix socket, e.g. any mysqld invocation by root or via sudo will
|
2020-12-20 23:29:29 +02:00
|
|
|
let the user see the mysqld prompt.
|
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
You may never ever delete the mysql user "root". Although it has no password
|
|
|
|
is set, the unix_auth plugin ensure that it can only be run locally as the root
|
2019-02-20 16:39:48 +01:00
|
|
|
user.
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
The credentials in /etc/mysql/debian.cnf specify the user which is used by the
|
2021-05-06 12:08:38 -07:00
|
|
|
init scripts to stop the server and perform log rotation. This used to be the
|
2020-12-20 23:29:29 +02:00
|
|
|
debian-sys-maint user which is no longer used as root can run directly.
|
|
|
|
|
|
|
|
If you have start/stop problems make sure that the /etc/mysql/debian.cnf file
|
|
|
|
specifies the root user and no password. In the long run please stop using that
|
|
|
|
file as is has been obsoleted.
|
|
|
|
|
|
|
|
|
|
|
|
* MARIADB IS SECURE BY DEFAULT
|
|
|
|
==============================
|
|
|
|
|
|
|
|
MariaDB in Debian is secure by default, because:
|
|
|
|
|
|
|
|
- It only listens to the localhost socket and cannot be accessed remotely unless
|
2021-05-06 12:08:38 -07:00
|
|
|
the sysadmin changes the configuration in /etc/mysql to allow so.
|
2020-12-20 23:29:29 +02:00
|
|
|
- There is no debian-sys-maint with password in /etc/mysql/debian.cnf anymore.
|
|
|
|
- There is no root account with password anymore. The system admin needs to
|
|
|
|
create one themselves if they need it. With no password, all issues related
|
|
|
|
to password management and password leaking are gone. Sysadmins can access
|
|
|
|
the database without a password simply by running 'sudo mysql' thanks to
|
|
|
|
socket based authentication, which detects the system root user and allows
|
|
|
|
them to use the mysqld console as the mysql root user. For details see
|
|
|
|
https://www.slideshare.net/ottokekalainen/less-passwords-more-security-unix-socket-authentication-and-other-mariadb-hardening-tips
|
|
|
|
- There is no test database nor test accounts in the out-of-the-box Debian
|
|
|
|
installation.
|
|
|
|
|
|
|
|
Therefore there is also no need to run the 'mysql_secure_installation'. In fact
|
|
|
|
that script will try to do things that are already prevented, and might fail.
|
|
|
|
|
|
|
|
|
|
|
|
* WHAT TO DO AFTER UPGRADES
|
|
|
|
===========================
|
|
|
|
|
2012-01-23 12:20:16 +01:00
|
|
|
The privilege tables are automatically updated so all there is left is read
|
2015-07-22 00:24:29 +03:00
|
|
|
the release notes on https://mariadb.com/kb/en/release-notes/ to see if any
|
|
|
|
changes affect custom apps.
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
There should not be any need to run 'mysql_upgrade' manually, as the upgrade
|
|
|
|
scripts do that automatically.
|
|
|
|
|
|
|
|
|
|
|
|
* WHAT TO DO AFTER INSTALLATION
|
|
|
|
===============================
|
|
|
|
|
2012-01-23 12:20:16 +01:00
|
|
|
The MySQL manual describes certain steps to do at this stage in a separate
|
2020-12-20 23:29:29 +02:00
|
|
|
chapter. They are not necessary as the Debian packages does them
|
2012-01-23 12:20:16 +01:00
|
|
|
automatically.
|
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
There should not be any need to run 'mysql_install_db' manually, as the install
|
|
|
|
scripts do that automatically.
|
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
The only thing that is left over for the admin is
|
2012-01-23 12:20:16 +01:00
|
|
|
- creating new users and databases
|
|
|
|
- read the rest of this text
|
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
|
|
|
|
* NETWORKING
|
|
|
|
============
|
|
|
|
|
2012-01-23 12:20:16 +01:00
|
|
|
For security reasons, the Debian package has enabled networking only on the
|
|
|
|
loop-back device using "bind-address" in /etc/mysql/my.cnf. Check with
|
|
|
|
"netstat -tlnp" where it is listening. If your connection is aborted
|
2015-07-22 00:24:29 +03:00
|
|
|
immediately check your firewall rules or network routes.
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
* WHERE IS THE DOCUMENTATION?
|
|
|
|
=============================
|
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
https://mariadb.com/kb
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
|
|
|
|
* PASSWORDS
|
|
|
|
===========
|
|
|
|
|
|
|
|
It is recommended you create additional admin users for your database
|
|
|
|
administration needs in addition to the default root user.
|
2015-07-22 00:24:29 +03:00
|
|
|
|
2021-05-06 12:08:38 -07:00
|
|
|
If your local Unix account is the one you want to have local super user
|
2015-07-22 00:24:29 +03:00
|
|
|
access on your database with you can create the following account that will
|
2021-05-06 12:08:38 -07:00
|
|
|
only work for the local Unix user connecting to the database locally.
|
2015-07-22 00:24:29 +03:00
|
|
|
|
|
|
|
sudo /usr/bin/mysql -e "GRANT ALL ON *.* TO '$USER'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION"
|
|
|
|
|
|
|
|
To create a local machine account username=USERNAME with a password:
|
|
|
|
|
|
|
|
sudo /usr/bin/mysql -e "GRANT ALL ON *.* TO 'USERNAME'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION"
|
|
|
|
|
|
|
|
To create a USERNAME user with password 'password' admin user that can access
|
|
|
|
the DB server over the network:
|
|
|
|
|
|
|
|
sudo /usr/bin/mysql -e "GRANT ALL ON *.* TO 'USERNAME'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION"
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
Scripts should run as a user who have the required grants and be identified via unix_socket.
|
2019-02-20 16:39:48 +01:00
|
|
|
|
|
|
|
It is wise to run scripts as the "mysql" system user. Like root,
|
|
|
|
mysql@localhost is created by default to have all privileges in MariaDB
|
|
|
|
and to use unix_socket authentication. But scripts running under "mysql"
|
|
|
|
won't have system-wide root so they won't be able to corrupt your system.
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
If you are too tired to type the password in every time and unix_socket auth
|
|
|
|
doesn't suit your needs, you can store it in the file $HOME/.my.cnf. It should
|
2018-01-11 20:27:40 +00:00
|
|
|
be chmod 0600 (-rw------- username usergroup .my.cnf) to ensure that nobody else
|
2015-07-22 00:24:29 +03:00
|
|
|
can read it. Every other configuration parameter can be stored there, too.
|
2012-01-23 12:20:16 +01:00
|
|
|
|
2018-01-11 20:27:40 +00:00
|
|
|
For more information in the MariaDB manual in/usr/share/doc/mariadb-doc or
|
2015-07-22 00:24:29 +03:00
|
|
|
https://mariadb.com/kb/en/configuring-mariadb-with-mycnf/.
|
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
|
2012-01-23 12:20:16 +01:00
|
|
|
* FURTHER NOTES ON REPLICATION
|
2020-12-20 23:29:29 +02:00
|
|
|
==============================
|
|
|
|
|
2012-01-23 12:20:16 +01:00
|
|
|
If the MySQL server is acting as a replication slave, you should not
|
2021-05-06 12:08:38 -07:00
|
|
|
set --tmpdir to point to a directory on a memory-based file system or to
|
2012-01-23 12:20:16 +01:00
|
|
|
a directory that is cleared when the server host restarts. A replication
|
|
|
|
slave needs some of its temporary files to survive a machine restart so
|
|
|
|
that it can replicate temporary tables or LOAD DATA INFILE operations. If
|
|
|
|
files in the temporary file directory are lost when the server restarts,
|
|
|
|
replication fails.
|
2015-07-22 00:24:29 +03:00
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
* DOWNGRADING
|
2020-12-20 23:29:29 +02:00
|
|
|
=============
|
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
Unsupported. Period.
|
|
|
|
|
|
|
|
You might get lucky downgrading a few minor versions without issued. Take a
|
|
|
|
backup first. If you break it you get to keep both pieces. Do a restore from
|
|
|
|
backup or upgrade to the previous version.
|
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
If doing a major version downgrade, take a mysqldump/maria-backup consistent
|
2015-07-22 00:24:29 +03:00
|
|
|
backup using the current version and reload after downgrading and purging
|
|
|
|
existing databases.
|
|
|
|
|
2020-12-20 23:29:29 +02:00
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
* BACKUPS
|
2020-12-20 23:29:29 +02:00
|
|
|
=========
|
|
|
|
|
2015-07-22 00:24:29 +03:00
|
|
|
Backups save jobs. Don't get caught without one.
|