Skip to content
GitLab
Commit f8096bd7 authored by Otto Kekäläinen's avatar Otto Kekäläinen
Browse files

Extend the server README to clarify common misunderstandings (Closes: #878215)

parent 7fdfb94b
Hide whitespace changes
Inline Side-by-side
debian/mariadb-server-10.1.README.Debian
View file @ f8096bd7
* MYSQL WON'T START OR STOP?: * MYSQL WON'T START OR STOP?:
============================= =============================
The most common reasons the server does not start are:
- AppArmor is enforced and something is wrong with the confinement profile.
- Process supervisor scripts (init, systemd etc) fail to execute normally.
- The configuration in /etc/mysql/... is wrong and prevents server from running.
First check the contents of syslog (or systemd journal) and then check the First check the contents of syslog (or systemd journal) and then check the
logs at /var/log/mysql/ for any hints of what might be wrong. logs at /var/log/mysql/ for any hints of what might be wrong.
Examples:
grep mysql /var/log/syslog
journalctl -u mariadb
* NATIVE SYSTEMD SERVICE INTRODUCED IN MARIADB 10.1 * NATIVE SYSTEMD SERVICE INTRODUCED IN MARIADB 10.1
=================================================== ===================================================
From MariaDB 10.1 onwards the upstream mariadb.service and mariadb@.service are From MariaDB 10.1 onwards the upstream mariadb.service and mariadb@.service are
used to provide the full systemd experience. Some features available in used to provide the full systemd experience. Some features available in
traditional /etc/init.d/mysql have been changed. For details see traditional /etc/init.d/mysql have been changed. For details see
...@@ -13,7 +21,6 @@ https://mariadb.com/kb/en/mariadb/systemd/ ...@@ -13,7 +21,6 @@ https://mariadb.com/kb/en/mariadb/systemd/
* MIXING PACKAGES FROM MARIAD.ORG AND OFFICIAL DEBIAN REPOSITORIES * MIXING PACKAGES FROM MARIAD.ORG AND OFFICIAL DEBIAN REPOSITORIES
================================================================== ==================================================================
Please note that the MariaDB packaging in official Debian repositories are of Please note that the MariaDB packaging in official Debian repositories are of
a completely new generation compared to the legacy packaging used in MariaDB.org a completely new generation compared to the legacy packaging used in MariaDB.org
repositories. You cannot mix and match MariaDB 10.1 packages from official repositories. You cannot mix and match MariaDB 10.1 packages from official
...@@ -27,7 +34,6 @@ revision string. ...@@ -27,7 +34,6 @@ revision string.
* ROOT USER AUTHENTICATION VIA UNIX SOCKET * ROOT USER AUTHENTICATION VIA UNIX SOCKET
========================================== ==========================================
On new installs no root password is set and no debian-sys-maint user is On new installs no root password is set and no debian-sys-maint user is
created anymore. Instead the MariaDB root account is set to be authenticated created anymore. Instead the MariaDB root account is set to be authenticated
using the unix socket, e.g. any mysqld invocation by root or via sudo will using the unix socket, e.g. any mysqld invocation by root or via sudo will
...@@ -41,7 +47,29 @@ The credentials in /etc/mysql/debian.cnf specify the user which is used by the ...@@ -41,7 +47,29 @@ The credentials in /etc/mysql/debian.cnf specify the user which is used by the
init scripts to stop the server and perform logrotation. This used to be the init scripts to stop the server and perform logrotation. This used to be the
debian-sys-maint user which is no longer used as root can run directly. debian-sys-maint user which is no longer used as root can run directly.
If you have start/stop problems make sure that the /etc/mysql/debian.cnf file specifies the root user and no password. If you have start/stop problems make sure that the /etc/mysql/debian.cnf file
specifies the root user and no password.
* MARIADB IS SECURE BY DEFAULT
==============================
MariaDB in Debian is secure by default, because:
- It only listens to the localhost socket and cannot be accessed remotely unless
the sysadmin changes the configurationin /etc/mysql to allow so.
- There is no debian-sys-maint with password in /etc/mysql/debian.cnf anymore.
- There is no root account with password anymore. The system admin needs to
create one themselves if they need it. With no password, all issues related
to password management and password leaking are gone. Sysadmins can access
the database without a password simply by running 'sudo mysql' thanks to
socket based authentication, which detects the system root user and allows
them to use the mysqld console as the mysql root user. For details see
https://www.slideshare.net/ottokekalainen/less-passwords-more-security-unix-socket-authentication-and-other-mariadb-hardening-tips
- There is no test database nor test accounts in the out-of-the-box Debian
installation.
Therefore there is also no need to run the 'mysql_secure_installation'. In fact
that script will try to do things that are already prevented, and might fail.
* WHAT TO DO AFTER UPGRADES: * WHAT TO DO AFTER UPGRADES:
============================ ============================
...@@ -49,12 +77,18 @@ The privilege tables are automatically updated so all there is left is read ...@@ -49,12 +77,18 @@ The privilege tables are automatically updated so all there is left is read
the release notes on https://mariadb.com/kb/en/release-notes/ to see if any the release notes on https://mariadb.com/kb/en/release-notes/ to see if any
changes affect custom apps. changes affect custom apps.
There should not be any need to run 'mysql_upgrade' manually, as the upgrade
scripts do that automatically.
* WHAT TO DO AFTER INSTALLATION: * WHAT TO DO AFTER INSTALLATION:
================================ ================================
The MySQL manual describes certain steps to do at this stage in a separate The MySQL manual describes certain steps to do at this stage in a separate
chapter. They are not necessary as the Debian packages does them chapter. They are not necessary as the Debian packages does them
automatically. automatically.
There should not be any need to run 'mysql_install_db' manually, as the install
scripts do that automatically.
The only thing that is left over for the admin is The only thing that is left over for the admin is
- creating new users and databases - creating new users and databases
- read the rest of this text - read the rest of this text
...@@ -107,7 +141,7 @@ scripts, that use /etc/mysql/debian.cnf, will use the username ...@@ -107,7 +141,7 @@ scripts, that use /etc/mysql/debian.cnf, will use the username
that every change you make in the /root/.my.cnf will affect the mysql cron that every change you make in the /root/.my.cnf will affect the mysql cron
script, too. script, too.
# an example of $HOME/.my.cnf # an example of $HOME/.my.cnf
[client] [client]
user = your-mysql-username user = your-mysql-username
password = enter-your-good-new-password-here password = enter-your-good-new-password-here
...@@ -130,7 +164,7 @@ You might get lucky downgrading a few minor versions without issued. Take a ...@@ -130,7 +164,7 @@ You might get lucky downgrading a few minor versions without issued. Take a
backup first. If you break it you get to keep both pieces. Do a restore from backup first. If you break it you get to keep both pieces. Do a restore from
backup or upgrade to the previous version. backup or upgrade to the previous version.
If doing a major version downgrade, take a mysqldump/mydumpber consistent If doing a major version downgrade, take a mysqldump/mariabackup consistent
backup using the current version and reload after downgrading and purging backup using the current version and reload after downgrading and purging
existing databases. existing databases.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment