Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 1. Using MariaDB
MariaDB Server is a high-performance, open source relational database management system (RDBMS). Built on the MySQL technology, it offers a powerful SQL interface for data access and includes advanced features, such as support for multiple storage engines.
Learn how to install and configure MariaDB on a RHEL system, how to back up MariaDB data, how to migrate from an earlier MariaDB version, and how to replicate a database by using the MariaDB Galera Cluster.
1.1. Installing MariaDB
RHEL 10 provides MariaDB 10.11 as the initial version of the Application Stream, which you can install as an RPM package. Additional MariaDB versions are provided as modules with a shorter life cycle in minor releases of RHEL 10.
By design, you can install only one version (stream) of the same module and, because of conflicting RPM packages, you cannot install MariaDB and MySQL on the same host. As an alternative, you can run the database server services in a container. See Using containers to run multiple MariaDB and MySQL instances on a single host.
Procedure
- Install MariaDB server packages: - dnf install mariadb-server - # dnf install mariadb-server- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Enable and start the - mariadbservice:- systemctl enable --now mariadb.service - # systemctl enable --now mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.2. Using containers to run multiple MariaDB and MySQL instances on a single host
If you install MariaDB or MySQL from packages, you can only run one of these services and only a single version of it on the same host. As an alternative, you can run the services in a container.
You can configure the following scenarios:
- You want to run multiple instances of MariaDB or MySQL on the same host.
- You want to run both MariaDB and MySQL on the same host.
Prerequisites
- 
						The podmanpackage is installed.
Procedure
- Authenticate to the - registry.redhat.ioregistry by using your Red Hat Customer Portal account:- podman login registry.redhat.io - # podman login registry.redhat.io- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Skip this step if you are already logged in to the container registry. 
- Start the containers you want to use: - MariaDB 10.11: - podman run -d --name <container_name_1> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_1>:3306 rhel10/mariadb-1011 - $ podman run -d --name <container_name_1> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_1>:3306 rhel10/mariadb-1011- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For more information about the usage of this container image, see the Red Hat Ecosystem Catalog. 
- MySQL 8.4: - podman run -d --name <container_name_2> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_2>:3306 rhel10/mysql-84 - $ podman run -d --name <container_name_2> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_2>:3306 rhel10/mysql-84- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For more information about the usage of this container image, see the Red Hat Ecosystem Catalog. 
 Important- The container names and host ports of the two database servers must differ. 
- To ensure that clients can access the database server on the network, open the host ports in the firewall: - firewall-cmd --permanent --add-port={<host_port_1>/tcp,<host_port_2>/tcp,...} firewall-cmd --reload- # firewall-cmd --permanent --add-port={<host_port_1>/tcp,<host_port_2>/tcp,...} # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Connect to the database server and log in as root: - mysql -u root -p -h localhost -P <host_port> --protocol tcp - # mysql -u root -p -h localhost -P <host_port> --protocol tcp- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Display information about the running containers: - podman ps - $ podman ps- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.3. Configuring network access to MariaDB
You must configure MariaDB to listen on network interfaces and open firewall ports to allow remote client access to the database server.
Procedure
- Edit the - [mysqld]section of the- /etc/my.cnf.d/mariadb-server.cnffile. You can set the following configuration directives:- bind-address- is the address on which the server listens. Possible options are:- a host name
- an IPv4 address
- an IPv6 address
 
- skip-networking- controls whether the server listens for TCP/IP connections. Possible values are:- 0 - to listen for all clients
- 1 - to listen for local clients only
 
- 
								port- the port on which MariaDB listens for TCP/IP connections.
 
- To ensure that clients can access the database server on the network, open the port in the firewall: - firewall-cmd --permanent --add-service=mysql firewall-cmd --reload - # firewall-cmd --permanent --add-service=mysql # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - mariadbservice:- systemctl restart mariadb.service - # systemctl restart mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.4. Setting up TLS encryption on a MariaDB server
By default, MariaDB uses unencrypted connections. For secure connections, enable TLS support on the MariaDB server and configure your clients to establish encrypted connections.
1.4.1. Placing the CA certificate, server certificate, and private key on the MariaDB server
Before you can enable TLS encryption in the MariaDB server, store the certificate authority (CA) certificate, the server certificate, and the private key on the MariaDB server.
Prerequisites
- The following files in Privacy Enhanced Mail (PEM) format have been copied to the server: - 
									The private key of the server: server.example.com.key.pem
- 
									The server certificate: server.example.com.crt.pem
- 
									The Certificate Authority (CA) certificate: ca.crt.pem
 - For details about creating a private key and certificate signing request (CSR), as well as about requesting a certificate from a CA, see your CA’s documentation. 
- 
									The private key of the server: 
Procedure
- Store the CA and server certificates in the - /etc/pki/tls/certs/directory:- mv <path>/server.example.com.crt.pem /etc/pki/tls/certs/ mv <path>/ca.crt.pem /etc/pki/tls/certs/ - # mv <path>/server.example.com.crt.pem /etc/pki/tls/certs/ # mv <path>/ca.crt.pem /etc/pki/tls/certs/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Set permissions on the CA and server certificate that enable the MariaDB server to read the files: - chmod 644 /etc/pki/tls/certs/server.example.com.crt.pem /etc/pki/tls/certs/ca.crt.pem - # chmod 644 /etc/pki/tls/certs/server.example.com.crt.pem /etc/pki/tls/certs/ca.crt.pem- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Because certificates are part of the communication before a secure connection is established, any client can retrieve them without authentication. Therefore, you do not need to set strict permissions on the CA and server certificate files. 
- Store the server’s private key in the - /etc/pki/tls/private/directory:- mv <path>/server.example.com.key.pem /etc/pki/tls/private/ - # mv <path>/server.example.com.key.pem /etc/pki/tls/private/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Set secure permissions on the server’s private key: - chmod 640 /etc/pki/tls/private/server.example.com.key.pem chgrp mysql /etc/pki/tls/private/server.example.com.key.pem - # chmod 640 /etc/pki/tls/private/server.example.com.key.pem # chgrp mysql /etc/pki/tls/private/server.example.com.key.pem- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If unauthorized users have access to the private key, connections to the MariaDB server are no longer secure. 
- Restore the SELinux context: - restorecon -Rv /etc/pki/tls/ - # restorecon -Rv /etc/pki/tls/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.4.2. Configuring TLS encryption on a MariaDB server
By default, MariaDB uses unencrypted connections. For more secure connections, you can enable Transport Layer Security (TLS) support on the MariaDB server and configure your clients to establish encrypted connections.
Prerequisites
- You installed the MariaDB server.
- 
							The mariadbservice is running.
- The following files in Privacy Enhanced Mail (PEM) format exist on the server and are readable by the - mysqluser:- 
									The private key of the server: /etc/pki/tls/private/server.example.com.key.pem
- 
									The server certificate: /etc/pki/tls/certs/server.example.com.crt.pem
- 
									The Certificate Authority (CA) certificate /etc/pki/tls/certs/ca.crt.pem
 
- 
									The private key of the server: 
- The subject distinguished name (DN) or the subject alternative name (SAN) field in the server certificate matches the server’s host name.
- If the FIPS mode is enabled, clients must either support the Extended Master Secret (EMS) extension or use TLS 1.3. TLS 1.2 connections without EMS fail. For more information, see the Red Hat Knowledgebase solution TLS extension "Extended Master Secret" enforced enforced on RHEL 9.2 and later.
Procedure
- Create the - /etc/my.cnf.d/mariadb-server-tls.cnffile:- Add the following content to configure the paths to the private key, server and CA certificate: - [mariadb] ssl_key = /etc/pki/tls/private/server.example.com.key.pem ssl_cert = /etc/pki/tls/certs/server.example.com.crt.pem ssl_ca = /etc/pki/tls/certs/ca.crt.pem - [mariadb] ssl_key = /etc/pki/tls/private/server.example.com.key.pem ssl_cert = /etc/pki/tls/certs/server.example.com.crt.pem ssl_ca = /etc/pki/tls/certs/ca.crt.pem- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you have a Certificate Revocation List (CRL), configure the MariaDB server to use it: - ssl_crl = /etc/pki/tls/certs/example.crl.pem - ssl_crl = /etc/pki/tls/certs/example.crl.pem- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Reject connection attempts without encryption. To enable this feature, append: - require_secure_transport = on - require_secure_transport = on- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Set the TLS versions the server should support. For example, to support TLS 1.2 and TLS 1.3, append: - tls_version = TLSv1.2,TLSv1.3 - tls_version = TLSv1.2,TLSv1.3- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - By default, the server supports TLS 1.1, TLS 1.2, and TLS 1.3. 
 
- Restart the - mariadbservice:- systemctl restart mariadb - # systemctl restart mariadb- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
To simplify troubleshooting, perform the following steps on the MariaDB server before you configure the local client to use TLS encryption:
- Verify that MariaDB now has TLS encryption enabled: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If the - have_sslvariable is set to- yes, TLS encryption is enabled.
- If you configured the MariaDB service to only support specific TLS versions, display the - tls_versionvariable:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.4.3. Requiring TLS encrypted connections for specific user accounts on a MariaDB server
You can configure specific MariaDB user accounts to require TLS-encrypted connections to protect sensitive data transmission.
					If you cannot configure on the server that a secure transport is required for all connections (require_secure_transport = on), configure individual user accounts to require TLS encryption.
				
Prerequisites
- The MariaDB server has TLS support enabled.
- The user you configure to require secure transport exists.
Procedure
- Connect as an administrative user to the MariaDB server: - mysql -u root -p -h server.example.com - # mysql -u root -p -h server.example.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If your administrative user has no permissions to access the server remotely, perform the command on the MariaDB server and connect to - localhost.
- Use the - REQUIRE SSLclause to enforce that a user must connect by using a TLS-encrypted connection:- MariaDB [(none)]> ALTER USER 'example'@'%' REQUIRE SSL; - MariaDB [(none)]> ALTER USER 'example'@'%' REQUIRE SSL;- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Connect to the server as the - exampleuser by using TLS encryption:- mysql -u example -p -h server.example.com --ssl - # mysql -u example -p -h server.example.com --ssl ... MariaDB [(none)]>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If no error is shown and you have access to the interactive MariaDB console, the connection with TLS succeeds. 
- Attempt to connect as the - exampleuser with TLS disabled:- mysql -u example -p -h server.example.com --skip-ssl - # mysql -u example -p -h server.example.com --skip-ssl ERROR 1045 (28000): Access denied for user 'example'@'server.example.com' (using password: YES)- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The server rejected the login attempt because TLS is required for this user but disabled ( - --skip-ssl).
1.5. Configuring the MariaDB client to use TLS encryption by default
On RHEL, you can globally configure that the MariaDB client uses TLS encryption and verifies that the Common Name (CN) in the server certificate matches the hostname the user connects to. This prevents man-in-the-middle attacks.
Prerequisites
- The MariaDB server has TLS support enabled.
- If the certificate authority (CA) that issued the server’s certificate is not trusted by RHEL, the CA certificate has been copied to the client.
- If the FIPS mode is enabled, this client supports the Extended Master Secret (EMS) extension or uses TLS 1.3. TLS 1.2 connections without EMS fail. For more information, see the Red Hat Knowledgebase solution TLS extension "Extended Master Secret" enforced on RHEL 9.2 and later.
Procedure
- If RHEL does not trust the CA that issued the server’s certificate: - Copy the CA certificate to the - /etc/pki/ca-trust/source/anchors/directory:- cp <path>/ca.crt.pem /etc/pki/ca-trust/source/anchors/ - # cp <path>/ca.crt.pem /etc/pki/ca-trust/source/anchors/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Set permissions that enable all users to read the CA certificate file: - chmod 644 /etc/pki/ca-trust/source/anchors/ca.crt.pem - # chmod 644 /etc/pki/ca-trust/source/anchors/ca.crt.pem- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Rebuild the CA trust database: - update-ca-trust - # update-ca-trust- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Create the - /etc/my.cnf.d/mariadb-client-tls.cnffile with the following content:- [client-mariadb] ssl ssl-verify-server-cert - [client-mariadb] ssl ssl-verify-server-cert- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - These settings define that the MariaDB client uses TLS encryption ( - ssl) and that the client compares the hostname with the CN in the server certificate (- ssl-verify-server-cert).
Verification
- Connect to the server by using the hostname, and display the server status: - mysql -u root -p -h server.example.com -e status - # mysql -u root -p -h server.example.com -e status ... SSL: Cipher in use is TLS_AES_256_GCM_SHA384- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If the - SSLentry contains- Cipher in use is…, the connection is encrypted.- Note that the user you use in this command has permissions to authenticate remotely. - If the hostname you connect to does not match the hostname in the TLS certificate of the server, the - ssl-verify-server-certparameter causes the connection to fail. For example, if you connect to- localhost:- mysql -u root -p -h localhost -e status - # mysql -u root -p -h localhost -e status ERROR 2026 (HY000): SSL connection error: Validation of SSL server certificate failed- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.6. Backing up and restoring MariaDB data with logical dumps
A logical backup of MariaDB data consists of the SQL statements necessary to restore the data. The advantage of logical backup over physical backup is that the data can be restored on other hardware configurations and MariaDB versions.
1.6.1. Performing a logical backup by using mariadb-dump
					The mariadb-dump utility is a backup utility that can export one or more databases. The output of mariadb-dump typically consists of SQL statements to re-create the server table structure, populate it with data, or both.
				
					To perform the mariadb-dump backup, you can use one of the following options:
				
- Back up one or more selected databases
- Back up all databases
- Back up a subset of tables from one database
Procedure
- To dump a single database, run: - mariadb-dump [options] --databases db_name > backup-file.sql - # mariadb-dump [options] --databases db_name > backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To dump multiple databases at once, run: - mariadb-dump [options] --databases db_name1 [db_name2 ...] > backup-file.sql - # mariadb-dump [options] --databases db_name1 [db_name2 ...] > backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To dump all databases, run: - mariadb-dump [options] --all-databases > backup-file.sql - # mariadb-dump [options] --all-databases > backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To load one or more dumped full databases back into a server, run: - mariadb < backup-file.sql - # mariadb < backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To load a database to a remote MariaDB server, run: - mariadb --host=remote_host < backup-file.sql - # mariadb --host=remote_host < backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To dump a subset of tables from one database, add a list of the chosen tables at the end of the - mariadb-dumpcommand:- mariadb-dump [options] db_name [tbl_name ...] > backup-file.sql - # mariadb-dump [options] db_name [tbl_name ...] > backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To load a subset of tables dumped from one database, run: - mariadb db_name < backup-file.sql - # mariadb db_name < backup-file.sql- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- The db_name database must exist at this point. 
- To see a list of the options that mariadb-dump supports, run: - mariadb-dump --help - $ mariadb-dump --help- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.7. Backing up and restoring MariaDB data with physical copies
A physical backup of MariaDB data contains file and directories that store the content. This method is typically faster and smaller in size.
1.7.1. Performing a physical online backup by using mariabackup
					You can create physical online backups of your MariaDB server by using the mariabackup utility to backup InnoDB, Aria, and MyISAM tables while the server is running. The utility supports full backup capability for MariaDB server, which includes encrypted and compressed data.
				
Prerequisites
- 
							The mariadb-backuppackage is installed on the system:
- 
							You must provide mariabackupwith credentials for the user under which the backup will be run. You can provide the credentials either on the command line or by a configuration file.
- 
							Users of mariabackupmust have theRELOAD,LOCK TABLES, andREPLICATION CLIENTprivileges.
Procedure
- Use one of the following options to create a backup: - To create a backup while providing credentials on the command line, enter: - mariabackup --backup --target-dir <backup_directory> --user <backup_user> --password <backup_passwd> - $ mariabackup --backup --target-dir <backup_directory> --user <backup_user> --password <backup_passwd>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The - target-diroption defines the directory where the backup files are stored. If you want to perform a full backup, the target directory must be empty or not exist.- The - userand- passwordoptions allow you to configure the user name and the password.
- To create a backup with credentials set in a configuration file: - 
											Create a configuration file in the /etc/my.cnf.d/directory, for example,/etc/my.cnf.d/mariabackup.cnf.
- Add the following content to the file: - [mysqld] user=<backup_username> password=<password> - [mysqld] user=<backup_username> password=<password>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Perform the backup: - mariabackup --backup --target-dir <backup_directory> - $ mariabackup --backup --target-dir <backup_directory>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- 
											Create a configuration file in the 
 
1.7.2. Restoring data by using mariabackup
					If you have a MariaDB backup created by the mariabackup utility, you can use the same utility to restore the data.
				
Prerequisites
- 
							The mariadbservice is stopped.
- The data directory is empty.
- 
							Users of mariabackupmust have theRELOAD,LOCK TABLES, andREPLICATION CLIENTprivileges.
Procedure
- Use one of the following options to restore the data: - To restore data from the backup in the - /var/mariadb/backup/directory and keep the original backup files, enter:- mariabackup --copy-back --target-dir=/var/mariadb/backup/ - $ mariabackup --copy-back --target-dir=/var/mariadb/backup/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To restore data from the backup in the - /var/mariadb/backup/directory and remove the original backup files, enter:- mariabackup --move-back --target-dir=/var/mariadb/backup/ - $ mariabackup --move-back --target-dir=/var/mariadb/backup/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Fix the file permissions. For example, to recursively change ownership of the files to the - mysqluser and group, enter:- chown -R mysql:mysql /var/lib/mysql/ - # chown -R mysql:mysql /var/lib/mysql/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - When restoring a database, - mariabackuppreserves the file and directory privileges of the backup. However,- mariabackupwrites the files to disk as the user and group restoring the database. Therefore, after restoring a backup, you must adjust the owner of the data directory to match the user and group for the MariaDB server.
- Start the - mariadbservice:- systemctl start mariadb.service - # systemctl start mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.7.3. Performing a file system backup on a MariaDB server
You can create a file system backup of your MariaDB server by copying data files, configuration files, and log files to a backup location.
Procedure
- Stop the - mariadbservice:- systemctl stop mariadb.service - # systemctl stop mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Copy the data files: - cp -rp /var/lib/mysql/ /backup-location/data/ - # cp -rp /var/lib/mysql/ /backup-location/data/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Copy the configuration files: - cp -rp /etc/my.cnf /etc/my.cnf.d/ /backup-location/configuration/ - # cp -rp /etc/my.cnf /etc/my.cnf.d/ /backup-location/configuration/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Copy the log files: - cp -p /var/log/mariadb/* /backup-location/logs/ - # cp -p /var/log/mariadb/* /backup-location/logs/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Start the - mariadbservice:- systemctl start mariadb.service - # systemctl start mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- When loading the backed up data from the backup location to the - /var/lib/mysqldirectory, ensure that- mysql:mysqlis an owner of all data in- /var/lib/mysql:- chown -R mysql:mysql /var/lib/mysql/ - # chown -R mysql:mysql /var/lib/mysql/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
1.8. Replicating MariaDB with Galera
You can replicate a MariaDB database using the Galera solution to create a synchronous multi-source cluster for high availability and data consistency.
Replication itself is not a sufficient backup solution. Replication protects source servers against hardware failures, but it does not ensure protection against data loss.
1.8.1. Introduction to MariaDB Galera Cluster
MariaDB Galera Cluster provides synchronous multi-source replication that allows all nodes to be writable and ensures data consistency across the cluster.
The interface between Galera replication and a MariaDB database is defined by the write set replication API (wsrep API).
The main features of MariaDB Galera Cluster are:
- Synchronous replication
- Active-active multi-source topology
- Read and write to any cluster node
- Automatic membership control, failed nodes drop from the cluster
- Automatic node joining
- Parallel replication on row level
- Direct client connections: users can log on to the cluster nodes, and work with the nodes directly while the replication runs
Synchronous replication means that a server replicates a transaction at commit time by broadcasting the write set associated with the transaction to every node in the cluster. The client (user application) connects directly to the Database Management System (DBMS), and experiences behavior that is similar to native MariaDB.
Synchronous replication guarantees that a change that happened on one node in the cluster happens on other nodes in the cluster at the same time.
Therefore, synchronous replication has the following advantages over asynchronous replication:
- No delay in propagation of the changes between particular cluster nodes
- All cluster nodes are always consistent
- The latest changes are not lost if one of the cluster nodes crashes
- Transactions on all cluster nodes are executed in parallel
- Causality across the whole cluster
1.8.2. Components to build MariaDB Galera Cluster
Before deploying a functional, synchronously replicated MariaDB Galera Cluster, you must first install and understand the function of the core software components, specifically the MariaDB Server, the Galera Replication library, and the supporting Galera packages.
To build MariaDB Galera Cluster, you must install the following packages on your system:
- 
							mariadb-server-galera- contains support files and scripts for MariaDB Galera Cluster.
- 
							mariadb-server- is patched by MariaDB upstream to include the write set replication API (wsrep API). This API provides the interface between Galera replication and MariaDB.
- galera- is patched by MariaDB upstream to add full support for MariaDB. The- galerapackage contains the following:- Galera Replication Library provides the whole replication functionality.
- The Galera Arbitrator utility can be used as a cluster member that participates in voting in split-brain scenarios. However, Galera Arbitrator cannot participate in the actual replication.
- 
									Galera Systemd service and Galera wrapper script which are used for deploying the Galera Arbitrator utility. RHEL 10 provides the upstream version of these files, located at /usr/lib/systemd/system/garbd.serviceand/usr/sbin/garb-systemd.
 
1.8.3. Deploying MariaDB Galera Cluster
You can deploy MariaDB Galera Cluster by installing the required packages, configuring cluster settings, and bootstrapping the first node to create a new cluster.
Prerequisites
- All of the nodes in the cluster have TLS set up.
- All certificates on all nodes must have the - Extended Key Usagefield set to:- TLS Web Server Authentication, TLS Web Client Authentication - TLS Web Server Authentication, TLS Web Client Authentication- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Procedure
- Install the MariaDB Galera Cluster packages: - dnf install mariadb-server-galera - # dnf install mariadb-server-galera- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - As a result, the following packages are installed together with their dependencies: - 
									mariadb-server-galera
- 
									mariadb-server
- galera- For more information about these packages required to build MariaDB Galera Cluster, see Components to build MariaDB Cluster. 
 
- 
									
- Update the MariaDB server replication configuration before the system is added to a cluster for the first time. The default configuration is distributed in the - /etc/my.cnf.d/galera.cnffile. Before deploying MariaDB Galera Cluster, set the- wsrep_cluster_addressoption in the- /etc/my.cnf.d/galera.cnffile on all nodes to start with the following string:- gcomm:// - gcomm://- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For the initial node, it is possible to set - wsrep_cluster_addressas an empty list:- wsrep_cluster_address="gcomm://" - wsrep_cluster_address="gcomm://"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- For all other nodes, set - wsrep_cluster_addressto include an address to any node which is already a part of the running cluster. For example:- wsrep_cluster_address="gcomm://10.0.0.10" - wsrep_cluster_address="gcomm://10.0.0.10"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For more information about how to set Galera Cluster address, see Galera Cluster Address. 
 
- 
							Enable the wsrepAPI on every node by setting thewsrep_on=1option in the/etc/my.cnf.d/galera.cnfconfiguration file.
- Add the - wsrep_provider_optionsvariable to the Galera configuration file with the TLS keys and certificates. For example:- wsrep_provider_options="socket.ssl_cert=/etc/pki/tls/certs/source.crt;socket.ssl_key=/etc/pki/tls/private/source.key;socket.ssl_ca=/etc/pki/tls/certs/ca.crt” - wsrep_provider_options="socket.ssl_cert=/etc/pki/tls/certs/source.crt;socket.ssl_key=/etc/pki/tls/private/source.key;socket.ssl_ca=/etc/pki/tls/certs/ca.crt”- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Bootstrap a first node of a new cluster by running the following wrapper on that node: - galera_new_cluster - # galera_new_cluster- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - This wrapper ensures that the MariaDB server daemon ( - mariadbd) runs with the- --wsrep-new-clusteroption. This option provides the information that there is no existing cluster to connect to. Therefore, the node creates a new UUID to identify the new cluster.Note- The - mariadbservice supports a systemd method for interacting with multiple MariaDB server processes. Therefore, in cases with multiple running MariaDB servers, you can bootstrap a specific instance by specifying the instance name as a suffix:- galera_new_cluster mariadb@node1 - # galera_new_cluster mariadb@node1- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Connect other nodes to the cluster by running the following command on each of the nodes: - systemctl start mariadb - # systemctl start mariadb- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - As a result, the node connects to the cluster, and synchronizes itself with the state of the cluster. 
Verification
1.8.4. Checking the status of a MariaDB Galera cluster
It is important to monitor and ensure the health, performance, and synchronization of a MariaDB Galera cluster. For that, you can query status variables on each node to monitor the node and the cluster.
To check the status of a MariaDB Galera cluster, you can use the following queries:
- Display the number of nodes in the cluster: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Display the node’s cluster component status: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The value of the - wsrep_cluster_statusvariable indicates the status of the cluster component the current node belongs to. Possible values are:- 
									Primary: The cluster is functioning normally. A quorum is present. In a healthy cluster, all nodes reportPrimary.
- 
									Non-primary: The node has lost the connection to the primary component of the cluster and is no longer part of the active cluster. However, the node still can serve read queries but cannot process write operations.
- 
									Disconnected: The node is not connected to any cluster component. Consequently, it cannot accept queries and is not replicating any data.
 
- 
									
- Display the node’s status: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The following are frequent values of the - wsrep_local_state_commentvariable:- 
									Synced: The node is fully synchronized within the cluster and actively participating in replication.
- 
									Desynced: The node is still part of the cluster but it is primarily busy with the state transfer.
- 
									Joining: The node is in the process of joining a cluster.
- 
									Joined: The node has successfully joined a cluster. It can receive and apply write sets from the cluster.
- 
									Donor: The node currently provides a State Snapshot Transfer (SST) to a joining node. When a new node joins and requires a full state transfer, the cluster selects an existing node to send the necessary data.
 
- 
									
- Check whether the node accepts write sets from the cluster: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - When the - wsrep_readyvariable is- ON, the node has successfully initialized its components and is connected to a cluster. Additionally, the node is synchronized or has reached a state where it can serve queries.
- Check whether the node has network connectivity with other hosts: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The - ONvalue means that node has connectivity to at least one member in the cluster.
- Display the average size of the local received queue for write sets since the last - FLUSH STATUScommand or since the server started:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - A value near 0 is the ideal state and indicates that the node continues applying write sets as they are received. A persistently high or growing value can be an indicator of performance bottlenecks, such as slow disk I/O. 
- Display the flow control status: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - This variable represents the fraction of time a node has been paused and is unable to process new incoming transactions because its local receive queue was too full, triggering flow control. A value close to 0 indicates the node continues with the replication workload efficiently. A value approaching 1.0 means that the node frequently or constantly encounters difficulty in applying write sets and can be a bottleneck for the cluster. - If the node is frequently pausing, you can adjust the - wsrep_slave_threadsparameter in the- /etc/my.cnf.d/galera.cnffile.
- Display the average distance between the lowest and highest sequence numbers the node can apply in parallel: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - A higher value indicates a greater degree of parallelism. It is the optimal value you can use in the - wsrep_slave_threadsparameter in the- /etc/my.cnf.d/galera.cnffile.
1.8.5. Adding a new node to MariaDB Galera Cluster
You can add a new node to your MariaDB Galera Cluster or reconnect an existing one by configuring the cluster address in the node’s configuration file.
Procedure
- On the particular node, provide an address to one or more existing cluster members in the - wsrep_cluster_addressoption within the- [mariadb]section of the- /etc/my.cnf.d/galera.cnfconfiguration file :- [mariadb] wsrep_cluster_address="gcomm://192.168.0.1" - [mariadb] wsrep_cluster_address="gcomm://192.168.0.1"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - When a new node connects to one of the existing cluster nodes, it is able to see all nodes in the cluster. - However, preferably list all nodes of the cluster in - wsrep_cluster_address.- As a result, any node can join a cluster by connecting to any other cluster node, even if one or more cluster nodes are down. When all members agree on the membership, the cluster’s state is changed. If the new node’s state is different from the state of the cluster, the new node requests either an Incremental State Transfer (IST) or a State Snapshot Transfer (SST) to ensure consistency with the other nodes. 
1.8.6. Restarting MariaDB Galera Cluster
If you shut down all nodes at the same time, you stop the cluster, and the running cluster no longer exists. However, the cluster’s data still exist.
To restart the cluster, bootstrap a first node as described in Deploying MariaDB Galera Cluster
						If the cluster is not bootstrapped, and mariadb on the first node is started with only the systemctl start mariadb command, the node tries to connect to at least one of the nodes listed in the wsrep_cluster_address option in the /etc/my.cnf.d/galera.cnf file. If no nodes are currently running, the restart fails.
					
1.9. Migrating a MariaDB instance from a previous RHEL version to MariaDB 10.11 on RHEL 10
RHEL 10 provides MariaDB 10.11. If you run a MariaDB instance on a previous RHEL version, you can set up RHEL 10 on a new host and migrate the instance to it.
Prerequisites
- You set up RHEL 10 on a new host.
- You performed a file system backup of the MariaDB instance on the RHEL 8 or RHEL 9 host.
Procedure
- Install the - mariadb-serverpackage:- dnf install mariadb-server - # dnf install mariadb-server- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Stop the service if it is already running: - systemctl stop mariadb.service - # systemctl stop mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Copy the content of the /var/lib/mysql/directory from the previous host to the same location on the RHEL 10 host.
- 
						Copy the configuration files from the previous host to the /etc/my.cnf.d/directory, and ensure that the files includes only options valid for MariaDB 10.11. For details, see the upstream documentation.
- Restore the SELinux context: - restorecon -rv /var/lib/mysql/ restorecon -rv /etc/my.cnf.d/ - # restorecon -rv /var/lib/mysql/ # restorecon -rv /etc/my.cnf.d/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Ensure the correct ownership of - /var/lib/mysql/and its subdirectories:- chown -R mysql:mysql /var/lib/mysql/ - # chown -R mysql:mysql /var/lib/mysql/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Enable and start the - mariadbservice:- systemctl enable --now mariadb.service - # systemctl enable --now mariadb.service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - When the service starts, MariaDB automatically checks, repairs, and updates internal tables. 
Verification
- Establish a connection to the MariaDB server: - mysql -u root -p -h <hostname> - # mysql -u root -p -h <hostname>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow