RHEL 8 / CentOS 8 で MariaDB Package Repository を設定
RHEL 8 は2019年5月7日,CentOS 8 は2019年9月24日にリリースされています。
“MariaDB Package Repository Setup and Usage” で解説されている,MariaDB Community Server/MaxScale/Tools yum レポジトリ設定用 1ライナーは,RHEL 8 / CentOS 8 はサポートされていませんでしたが,先日から RHEL 8 / CentOS 8 もサポートされています。
今回は tarball をダウンロード,インストールするのではなく,1ライナーで yum レポジトリを設定し,MariaDB Community Server 10.4 をインストールします。
mariadb_repo_setup による yum レポジトリ設定
mariadb_repo_setup をダウンロードしスクリプトを確認すると,2019年12月4日付で更新されていることがわかります。
# Notes: # 2019-12-04 - add RHEL 8, and CentOS 8
実際にスクリプトを実行してみます。
$ cat /etc/centos-release CentOS Linux release 8.0.1905 (Core) $ curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash [info] Repository file successfully written to /etc/yum.repos.d/mariadb.repo. [info] Adding trusted package signing keys... [info] Successfully added trusted package signing keys.
正常に実行されたようです。/etc/yum.repos.d/mariadb.repo を確認します。
# cat /etc/yum.repos.d/mariadb.repo [mariadb-main] name = MariaDB Server baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.4/yum/rhel/$releasever/$basearch gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Server-GPG-KEY gpgcheck = 1 enabled = 1 [mariadb-maxscale] # To use the latest stable release of MaxScale, use "latest" as the version # To use the latest beta (or stable if no current beta) release of MaxScale, use "beta" as the version name = MariaDB MaxScale baseurl = https://downloads.mariadb.com/MaxScale/2.4/centos/$releasever/$basearch gpgkey = file:///etc/pki/rpm-gpg/MariaDB-MaxScale-GPG-KEY gpgcheck = 1 enabled = 1 [mariadb-tools] name = MariaDB Tools baseurl = https://downloads.mariadb.com/Tools/rhel/$releasever/$basearch gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Enterprise-GPG-KEY gpgcheck = 1 enabled = 1
正常に以下の3レポジトリが設定されています。
- MariaDB Server(mariadb-main)
- MariaDB MaxScale(mariadb-maxscale)
- MariaDB Tools(mariadb-tools)
dnf search でインストール可能な RPM パッケージを確認します。
$ sudo dnf --repo=mariadb-main search MariaDB Last metadata expiration check: 3:02:23 ago on Thu 12 Dec 2019 08:10:25 PM JST. ======================================== Summary & Name Matched: MariaDB ======================================== MariaDB.src : MariaDB: a very fast and robust SQL database server MariaDB-shared.x86_64 : LGPL MariaDB client library MariaDB-test.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-devel.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-test-debuginfo.x86_64 : Debug information for package MariaDB-test MariaDB-backup.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-client.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-common.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-server.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-devel-debuginfo.x86_64 : Debug information for package MariaDB-devel MariaDB-backup-debuginfo.x86_64 : Debug information for package MariaDB-backup MariaDB-client-debuginfo.x86_64 : Debug information for package MariaDB-client MariaDB-common-debuginfo.x86_64 : Debug information for package MariaDB-common MariaDB-server-debuginfo.x86_64 : Debug information for package MariaDB-server MariaDB-shared-debuginfo.x86_64 : Debug information for package MariaDB-shared MariaDB-gssapi-server.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-tokudb-engine.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-connect-engine.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-rocksdb-engine.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-cracklib-password-check.x86_64 : MariaDB: a very fast and robust SQL database server MariaDB-gssapi-server-debuginfo.x86_64 : Debug information for package MariaDB-gssapi-server MariaDB-tokudb-engine-debuginfo.x86_64 : Debug information for package MariaDB-tokudb-engine MariaDB-connect-engine-debuginfo.x86_64 : Debug information for package MariaDB-connect-engine MariaDB-rocksdb-engine-debuginfo.x86_64 : Debug information for package MariaDB-rocksdb-engine MariaDB-cracklib-password-check-debuginfo.x86_64 : Debug information for package MariaDB-cracklib-password-check
なお,sudo dnf search mariadb --verbose
で確認できますが,小文字の mariadb- で始まるパッケージは OS 標準の MariaDB 10.3.x パッケージですので留意願います。上記の 1ライナーのデフォルトで設定されるレポジトリは MariaDB Community Server 10.4 のレポジトリとなります(2019-12-12時点)。
MariaDB Community Server をインストール
dnf コマンドで MariaDB Community Server をインストールします。
sudo dnf -y install perl-DBI libaio libsepol lsof boost-program-options rsync sudo dnf -y install --repo=mariadb-main MariaDB-server
--repo=mariadb-main
オプションを指定しませんと,標準でバンドルされる mariadb-server パッケージと競合し,MariaDB-server パッケージがインストールできませんので留意願います。
MariaDB Community Server を起動
systemctl で mariadb service を有効化,起動します。
sudo systemctl enable mariadb sudo systemctl start mariadb
MariaDB monitor で MariaDB Community Server に接続
バージョン 10.4 以降,mysql* コマンドから mariadb* コマンドへシンボリックリンクがはられており,従来のmysql* コマンドは,mariadb* コマンドでも利用可能となっています。
https://staging-mdb.com/ja/resources/blog/mariadb-named-commands/
mariadb コマンド(MariaDB monitor) で MariaDB Community Server に接続してみます。
$ sudo mariadb Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15 Server version: 10.4.11-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
正常に MariaDB Server 10.4.11 に接続できました。
セキュリティレベルの強化
mariadb-secure-installation コマンドでrootユーザのパスワード設定,匿名ユーザの削除,test データベースの削除等を行うことが可能です。
sudo mariadb-secure-installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] n ... skipping. You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
mysql.global_priv テーブルのユーザを確認してみます。
MariaDB [(none)]> SELECT CONCAT(user, '@', host, ' => ', json_detailed(priv)) FROM mysql.global_priv \G *************************** 1. row *************************** CONCAT(user, '@', host, ' => ', json_detailed(priv)): root@localhost => { "access": 18446744073709551615, "plugin": "mysql_native_password", "authentication_string": "invalid", "auth_or": [ { }, { "plugin": "unix_socket" } ] } *************************** 2. row *************************** CONCAT(user, '@', host, ' => ', json_detailed(priv)): mysql@localhost => { "access": 18446744073709551615, "plugin": "mysql_native_password", "authentication_string": "invalid", "auth_or": [ { }, { "plugin": "unix_socket" } ] }
なお,10.4 以降ユーザ管理テーブルは mysql.global_priv に変更されていますが,過去のバージョンとの互換性のため,mysql.user が VIEW として定義されています。
MariaDB [(none)]> SELECT user,host,password FROM mysql.user; +-------+-----------+----------+ | User | Host | Password | +-------+-----------+----------+ | root | localhost | invalid | | mysql | localhost | invalid | +-------+-----------+----------+
まとめ
先日 RHEL 8 / CentOS 8 用に更新された mariadb_repo_setup スクリプトを用いて最新版(10.4.11)の MariaDB Community Server をインストールしました。dnf install
実行の際には --repo=mariadb-main
オプションを忘れないよう留意願います。