ports:db:mariadb

Installer un serveur MariaDB

C'est un serveur de base de données dont vous aurez certainement besoin pour alimenter vos sites web et applications.

Préparez databases/mariadb-server dans vos poudrières. Dans l'exemple qui suit popeye est l'hôte et maria est la jail.

Construisez une jail nommée maria dans /jails/mariadb pour accueillir votre serveur de bases de données.

Adaptez zfs au service de base de données:

zfs set primarycache=metadata zroot/JAILS/master/mariadb
zfs set sync=disabled zroot/JAILS/master/mariadb
zfs set atime=off zroot/JAILS/master/mariadb
zfs set recordsize=16k zroot/JAILS/master/mariadb

Adaptez la configuration de la jail maria :

mariadb/etc/rc.conf.local
hostname="mariadb"
/etc/jail.conf
maria {
        host.hostname = maria;           
        ip4.addr = "lo1|192.168.0.200";# Adresse IP à attribuer.
        path ="/jails/mariadb";            # où est-elle ?
        mount.devfs;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
root@popeye:# jail -c maria
root@popeye:# 
root@popeye:# pkg -j maria install databases/mariadb106-server
root@popeye:# sysrc -j maria mysql_enable=YES

Ainsi que la jail:

root@popeye:# sysrc jail_enable="YES"
root@popeye:# sysrc jail_list+="maria"

Depuis la jail, initialisez le serveur:

root@popeye:# jexec maria
root@mariadb:# service mysql-server start
root@mariadb:# /usr/local/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
 
Enter current password for root (enter for none): 
OK, successfully used password, moving on...
 
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
 
You already have your root account protected, so you can safely answer 'n'.
 
Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
 ... Success!
 
 
You already have your root account protected, so you can safely answer 'n'.
 
Change the root password? [Y/n] n
 ... skipping.
 
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
 
Remove anonymous users? [Y/n] y
 ... Success!
 
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
 
Disallow root login remotely? [Y/n] y
 ... Success!
 
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
 
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
 
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
 
Reload privilege tables now? [Y/n] y
 ... Success!
 
Cleaning up...
 
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
 
Thanks for using MariaDB!
root@mariadb:/ #

Un lien vers le serveur de base de données est disponible sous la socket /var/run/mysql/mysql.sock

Sous une jail, le serveur ne doit écouter que sous son adresse IP:

 sysrc mysql_args="--bind-address=192.168.jail.ip"

Est-ce que le serveur est à l'écoute ?

:~ jexec maria sockstat -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
mysql    mariadbd   6882  20 tcp4   192.168.0.200:3306    *:*
mysql    mariadbd   6882  21 stream /var/run/mysql/mysql.sock
root     sendmail   77254 3  tcp4   192.168.0.200:25      *:*
root     syslogd    64764 5  dgram  /var/run/log
root     syslogd    64764 6  dgram  /var/run/logpriv

Essayons, depuis l'hôte:

:~ telnet  192.168.0.200 3306 
Trying 192.168.0.200...
Connected to 192.168.0.200.
Escape character is '^]'.
HHost '192.168.0.200' is not allowed to connect to this MariaDB serverConnection closed by foreign host.

A l'aide du client:

root@popeye:#jexec maria 
root@mariadb:/ # mysql -u root
root@localhost [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.000 sec)
 
root@localhost [(none)]> 

Vous avez noté la ligne de sockstat(1):

mysql    mariadbd   6882  21 stream /var/run/mysql/mysql.sock

Cela signifie que vous pouvez communiquer avec la serveur via une socket(2) unix. Vous n'avez même pas besoin de configuration réseau pour communiquer avec cette jail:

root@mariadb:/ # mysql -u root -S /var/run/mysql/mysql.sock
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.6.10-MariaDB FreeBSD Ports
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
root@localhost [(none)]> bye;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'bye' at line 1
root@localhost [(none)]> quit
Bye
root@mariadb:/ # mysql -u root -S /var/run/mysql/mysql.sock -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.6.10-MariaDB FreeBSD Ports
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
root@localhost [(none)]> 
Dans ce cas, vous pouvez attribuer la valeur disable à ip4 et ip6 de votre jail et l'isoler ainsi complètement du réseau.
  • ports/db/mariadb.txt
  • Dernière modification : 2023/05/20 14:58
  • de david