MariaDB Database Configuration Lab
1. Install MariaDB
In this lab, you install a MariaDB database server.
You were asked to install a MariaDB database server on your server1.example.com machine. You need to secure the MariaDB service and configure it to accept connections only from local clients.
Reset your
server1.example.commachine.Install the
mariadbandmariadb-clientgroups.[root@server1 ~]# yum groupinstall mariadb mariadb-client -y
Start and enable the
mariadbservice.[root@server1 ~]# systemctl start mariadb
[root@server1 ~]# systemctl enable mariadb
Verify that MariaDB is listening on all interfaces.
[root@server1 ~]# ss -tulpn | grep mysql tcp LISTEN 0 50 *:3306 *:* users:"mysqld", 13611,13
Why
greponmysqlwhen you are running MariaDB?MariaDB is a fork of MySQL which is meant to act as a drop-in replacement.
Enable the
skip-networkingdirective.Open
/etc/my.cnfin a text editor, and in section[mysqld], add the line:skip-networking=1
Restart the
mariadbservice.[root@server1 ~]# systemctl restart mariadb
Verify that MariaDB is not listening on all interfaces.
[root@server1 ~]# ss -tulpn | grep mysql
This command should now return nothing.
Secure the Mariadb service using the
mysql_secure_installationtool. Set therootpassword toredhat, and answer Yes to all other questions.[root@server1 ~]# mysql_secure_installation In order to log in to MariaDB to secure it, you need the current password for the root user. If you just installed MariaDB, and you have not set the root password yet, the password is blank, so you should just press Enter here. Enter current password for root (Enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log in to the MariaDB root user without the proper authorization. Set root password? [Y/n] Y New password: redhat Re-enter new password: redhat Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log in to MariaDB without creating a user account for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables ensures that all changes made so far take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Verify that the
rootuser cannot log in without a password.[root@server1 ~]# mysql -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Verify that the
testdatabase is removed.[root@server1 ~]# mysql -u root -p Enter password: redhat MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.00 sec) MariaDB [(none)]> exit; Bye
2. Manage Database Users
In this lab, you install a MariaDB server.
You were asked to create two MariaDB users on your server1.example.com machine, according to the following requirements:
User | Accepts Connection From Host | Password | Privileges |
| localhost |
| Insert, update, delete, and select on all tables from inventory database |
| any host |
| Select on all tables from inventory database |
Do not reset your
server1.example.com system.Log in to and set up your
server1.example.comsystem asroot.Log in to and set up your
desktop1.example.comsystem as root.Set up MariaDB with user
root.In
/etc/my.cnf, comment outskip-networking=1and then restart the service.[root@server1 ~]# vi /etc/my.cnf [root@server1 ~]# systemctl restart mariadb
Open the firewall:
[root@server1 ~]# firewall-cmd --permanent --add-service=mysql [root@server1 ~]# firewall-cmd --reload
Connect to MariaDB and create a database:
[root@server1 ~]# mysql -u root -p Password: redhat MariaDB [(none)]> CREATE DATABASE
inventory; USE inventory; CREATE TABLEcategory(idint(11) DEFAULT NULL,namevarchar(30) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; LOCK TABLEScategoryWRITE; INSERT INTOcategoryVALUES (1,'Networking'),(2,'Servers'),(3,'Ssd'); UNLOCK TABLES;
Create the users
johnandsteve.Note the passwords are the value of "identified by".
MariaDB [(none)]> CREATE USER john@localhost identified by 'john_password'; MariaDB [(none)]> CREATE USER steve@% identified by 'steve_password';
Grant insert, update, delete, and select privileges to user
john.MariaDB [(none)]> GRANT INSERT, UPDATE, DELETE, SELECT on inventory.* to john@localhost;
Grant select privilege to user
steve.MariaDB [(none)]> GRANT SELECT on inventory.* to steve@%;
Flush the privileges.
MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit;
Connect with user
johnand verify his privileges.Connect to MariaDB.
[root@server1 ~]# mysql -u john -p
Select the inventory database.
MariaDB [(none)]> USE inventory;
Verify the select privilege.
MariaDB [(inventory)]> SELECT * FROM category; +----+------------+ | id | name | +----+------------+ | 1 | Networking | | 2 | Servers | | 3 | Ssd | +----+------------+ 3 rows in set (0.00 sec)
Verify the insert privilege.
MariaDB [(inventory)]> INSERT INTO category(name) VALUES('Memory'); Query OK, 1 row affected (0.00 sec)Verify the update privilege.
MariaDB [(inventory)]> UPDATE category SET name='Solid State Drive' where id = 3; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0
Verify the delete privilege.
MariaDB [(inventory)]> DELETE FROM category WHERE name LIKE 'Memory'; Query OK, 1 row affected (0.01 sec)
On your
desktop1.example.comsystem, connect with usersteveand verify his privileges.Make sure the MariaDB client is installed.
[root@desktop1 ~]# yum -y install mariadb
Connect to MariaDB.
[root@desktop1 ~]# mysql -u steve -h server1.example.com -p
Select the inventory database.
MariaDB [(none)]> USE inventory;
Verify the select privilege.
MariaDB [(inventory)]> SELECT * FROM category; +----+------------------+ | id | name | +----+------------------+ | 1 | Networking | | 2 | Servers | | 3 | Sold State Drive | +----+------------------+ 3 rows in set (0.00 sec)
Verify the insert privilege.
MariaDB [(inventory)]> INSERT INTO category(name) VALUES('Memory'); ERROR 1142 (42000): INSERT command denied to user 'steve'@'desktop1.example.com' for table 'category'
3. Restore a MariaDB Database From Backup
In this lab, you restore a database from a MariaDB logical backup.
Do not reset your
server1.example.comsystem.Log in to and set up your
server1.example.comsystem as root.Backup, destroy, and then restore from a logical backup.
Backup the inventory database to a file:
[root@server1 ~]# mysqldump -p inventory > /root/inventory.dump
Connect to MariaDB as user
rootand drop the old database.[root@server1 ~]# mysql -u root -p MariaDB [(none)]> drop database inventory; MariaDB [(none)]> use inventory; ERROR 1049 (42000): Unknown database 'inventory'
Create a new database called inventory.
MariaDB [(none)]> create database inventory; MariaDB [(none)]> exit;
Restore from the logical backup.
[root@server1 ~]# mysql -u root -p inventory < /root/inventory.dump
Verify restored data.
Connect again to MariaDB.
[root@server1 ~]# mysql -u root -p
Connect to the inventory database.
MariaDB [(none)]> use inventory;
Select all categories.
MariaDB [(inventory)]> SELECT * FROM category; +----+-------------------+ | id | name | +----+-------------------+ | 1 | Networking | | 2 | Servers | | 3 | Solid State Drive | +----+-------------------+ 3 rows in set (0.00 sec)