From 8043a7d83f1e2e2c9c1e2acdaddb4d21b8e3546e Mon Sep 17 00:00:00 2001 From: sspencerwire Date: Thu, 27 Jun 2024 12:48:58 -0500 Subject: [PATCH] Editing web book part 2 `03-application-servers.md` and `04-database-servers.md` * Sentence simplification * replace conjunctions with words * remove passive voice as much as possible * replace we with the recommended "you" * strip out errant spacing and tabs * Fix duplicate heading issues (feels like these should be sub-chapters to avoid this issue) --- .../web_services/03-application-servers.md | 327 +++++++++--------- .../web_services/04-databases-servers.md | 326 +++++++++-------- 2 files changed, 324 insertions(+), 329 deletions(-) diff --git a/docs/books/web_services/03-application-servers.md b/docs/books/web_services/03-application-servers.md index 22f56afee3..842e53a22e 100644 --- a/docs/books/web_services/03-application-servers.md +++ b/docs/books/web_services/03-application-servers.md @@ -14,7 +14,7 @@ tags: In this chapter, you will learn about PHP and PHP-FPM. -**PHP** (**P**HP **H**ypertext **P**reprocessor) is a source scripting language specially designed for web application development. In 2024, PHP represented a little less than 80% of the web pages generated in the world. PHP is open-source and is the core of the most famous CMS (WordPress, Drupal, Joomla!, Magento, ...). +**PHP** (**P**HP **H**ypertext **P**reprocessor) is a source scripting language specially designed for web application development. In 2024, PHP represented a little less than 80% of the web pages generated in the world. PHP is open-source and is the core of the most famous CMS (WordPress, Drupal, Joomla!, Magento, and others.). **PHP-FPM** (**F**astCGI **P**rocess **M**anager) is integrated to PHP since its version 5.3.3. The FastCGI version of PHP brings additional functionalities. @@ -22,14 +22,14 @@ In this chapter, you will learn about PHP and PHP-FPM. **Objectives**: In this chapter, you will learn how to: -:heavy_check_mark: install a PHP application serveur -:heavy_check_mark: configure PHP-FPM pool -:heavy_check_mark: optimize a PHP-FPM application serveur +:heavy_check_mark: install a PHP application server +:heavy_check_mark: configure PHP-FPM pool +:heavy_check_mark: optimize a PHP-FPM application server :checkered_flag: **PHP**, **PHP-FPM**, **Application server** -**Knowledge**: :star: :star: :star: -**Complexity**: :star: :star: :star: +**Knowledge**: :star: :star: :star: +**Complexity**: :star: :star: :star: **Reading time**: 30 minutes @@ -37,7 +37,7 @@ In this chapter, you will learn about PHP and PHP-FPM. ### Generalities -**CGI** (**C**ommon **G**ateway **I**nterface) and **FastCGI** allow communication between the web server (Apache, Nginx, ...) and a development language (PHP, Python, Java): +**CGI** (**C**ommon **G**ateway **I**nterface) and **FastCGI** allow communication between the web server (Apache or Nginx) and a development language (PHP, Python, Java): * In the case of **CGI**, each request creates a **new process**, which is less efficient in performance. * **FastCGI** relies on a **certain number of processes** to treat its client requests. @@ -61,84 +61,84 @@ To obtain a list of available versions, enter the following command: === "9.3 PHP module list" - ```bash - $ sudo dnf module list php + ```bash + $ sudo dnf module list php - Rocky Linux 9 - AppStream - Name Stream Profiles Summary - php 8.1 [d] common [d], devel, minimal + Rocky Linux 9 - AppStream + Name Stream Profiles Summary + php 8.1 [d] common [d], devel, minimal - Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled - ``` + Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled + ``` - The Remi repository offers more recent releases of PHP than the Appstream repository, including versions 8.2 and 8.3. + The Remi repository offers more recent releases of PHP than the Appstream repository, including versions 8.2 and 8.3. - To install the Remi repository, run the following command: + To install the Remi repository, run the following command: - ```bash - sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm - ``` + ```bash + sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm + ``` - Once the Remi repository is installed, enable it by running the following command. + Enable the Remi repository by running the following command: - ```bash - sudo dnf config-manager --set-enabled remi - ``` + ```bash + sudo dnf config-manager --set-enabled remi + ``` - You can now activate a newer module (PHP 8.3) by entering the following command: + You can now activate a newer module (PHP 8.3) by entering the following command: - ```bash - sudo dnf module enable php:remi-8.3 - ``` + ```bash + sudo dnf module enable php:remi-8.3 + ``` === "8.9 PHP module list" - ```bash - $ sudo dnf module list php + ```bash + $ sudo dnf module list php - Rocky Linux 8 - AppStream - Name Stream Profiles Summary - php 7.2 [d] common [d], devel, minimal PHP scripting language - php 7.3 common [d], devel, minimal PHP scripting language - php 7.4 common [d], devel, minimal PHP scripting language - php 8.0 common [d], devel, minimal PHP scripting language + Rocky Linux 8 - AppStream + Name Stream Profiles Summary + php 7.2 [d] common [d], devel, minimal PHP scripting language + php 7.3 common [d], devel, minimal PHP scripting language + php 7.4 common [d], devel, minimal PHP scripting language + php 8.0 common [d], devel, minimal PHP scripting language - Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled - ``` + Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled + ``` - Rocky provides different PHP modules from its AppStream repository. + Rocky provides different PHP modules from its AppStream repository. - You will note that the default version of a Rocky 8.9 is 7.2 that has already reached its end of life at the time of writing. + You will note that the default version of a Rocky 8.9 is 7.2 that has already reached its end of life at the time of writing. - You can activate a newer module by entering the following command: + You can activate a newer module by entering the following command: - ```bash - sudo dnf module enable php:8.0 - ============================================================================================== - Package Architecture Version Repository Size - ============================================================================================== - Enabling module streams: - httpd 2.4 - nginx 1.14 - php 8.0 + ```bash + sudo dnf module enable php:8.0 + ============================================================================================== + Package Architecture Version Repository Size + ============================================================================================== + Enabling module streams: + httpd 2.4 + nginx 1.14 + php 8.0 - Transaction Summary - ============================================================================================== + Transaction Summary + ============================================================================================== - Is this ok [y/N]: + Is this ok [y/N]: - Transaction Summary - ============================================================================================== + Transaction Summary + ============================================================================================== - Is this ok [y/N]: y - Complete! - ``` + Is this ok [y/N]: y + Complete! + ``` You can now proceed to the installation of the PHP engine. ### Installation of the PHP cgi mode -First, let's see how to install and use PHP in CGI mode. We can only make it work with the Apache web server and its `mod_php` module. We will see, later in this document, in the FastCGI part (php-fpm) how to integrate PHP in Nginx (but also Apache). +First, install and use PHP in CGI mode. You can only make it work with the Apache web server and its `mod_php` module. You will see in the FastCGI part (php-fpm) of this document, how to integrate PHP in Nginx (but also Apache). The installation of PHP is relatively trivial since it consists of installing the main package and the few modules you will need. @@ -146,62 +146,62 @@ The example below installs PHP with the modules usually installed with it. === "9.3 install PHP" - ```bash - sudo dnf install php php-cli php-gd php-curl php-zip php-mbstring - ``` - - You will be prompted to import GPG keys for the epel9 (Extra Packages for Enterprise Linux 9) and Remi repositories during installation. Enter y to import the keys: - - ```bash - Extra Packages for Enterprise Linux 9 - x86_64 - Importing GPG key 0x3228467C: - Userid : "Fedora (epel9) " - Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C - From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 - Is this ok [y/N]: y - Key imported successfully - Remi's RPM repository for Enterprise Linux 9 - x86_64 - Importing GPG key 0x478F8947: - Userid : "Remi's RPM repository (https://rpms.remirepo.net/) " - Fingerprint: B1AB F71E 14C9 D748 97E1 98A8 B195 27F1 478F 8947 - From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 - Is this ok [y/N]: y - Key imported successfully - Running transaction check - Transaction check succeeded. - Running transaction test - Transaction test succeeded. - - Complete! - ``` + ```bash + sudo dnf install php php-cli php-gd php-curl php-zip php-mbstring + ``` + + You will be prompted to import GPG keys for the epel9 (Extra Packages for Enterprise Linux 9) and Remi repositories during installation. Enter y to import the keys: + + ```bash + Extra Packages for Enterprise Linux 9 - x86_64 + Importing GPG key 0x3228467C: + Userid : "Fedora (epel9) " + Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C + From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 + Is this ok [y/N]: y + Key imported successfully + Remi's RPM repository for Enterprise Linux 9 - x86_64 + Importing GPG key 0x478F8947: + Userid : "Remi's RPM repository (https://rpms.remirepo.net/) " + Fingerprint: B1AB F71E 14C9 D748 97E1 98A8 B195 27F1 478F 8947 + From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 + Is this ok [y/N]: y + Key imported successfully + Running transaction check + Transaction check succeeded. + Running transaction test + Transaction test succeeded. + + Complete! + ``` === "8.9 install PHP" - ```bash - sudo dnf install php php-cli php-gd php-curl php-zip php-mbstring - ``` + ```bash + sudo dnf install php php-cli php-gd php-curl php-zip php-mbstring + ``` You can check that the installed version corresponds to the expected one: === "9.3 check PHP version" - ```bash - $ php -v - PHP 8.3.2 (cli) (built: Jan 16 2024 13:46:41) (NTS gcc x86_64) - Copyright (c) The PHP Group - Zend Engine v4.3.2, Copyright (c) Zend Technologies - with Zend OPcache v8.3.2, Copyright (c), by Zend Technologies - ``` + ```bash + $ php -v + PHP 8.3.2 (cli) (built: Jan 16 2024 13:46:41) (NTS gcc x86_64) + Copyright (c) The PHP Group + Zend Engine v4.3.2, Copyright (c) Zend Technologies + with Zend OPcache v8.3.2, Copyright (c), by Zend Technologies + ``` === "8.9 check PHP version" - ```bash - $ php -v - PHP 7.4.19 (cli) (built: May 4 2021 11:06:37) ( NTS ) - Copyright (c) The PHP Group - Zend Engine v3.4.0, Copyright (c) Zend Technologies - with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies - ``` + ```bash + $ php -v + PHP 7.4.19 (cli) (built: May 4 2021 11:06:37) ( NTS ) + Copyright (c) The PHP Group + Zend Engine v3.4.0, Copyright (c) Zend Technologies + with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies + ``` ### Apache Integration @@ -209,25 +209,25 @@ To serve PHP pages in CGI mode, you must install the Apache server, configure it * Installation: - ```bash - sudo dnf install httpd - ``` + ```bash + sudo dnf install httpd + ``` - * Activation: + activation: - ```bash - sudo systemctl enable --now httpd - sudo systemctl status httpd - ``` + ```bash + sudo systemctl enable --now httpd + sudo systemctl status httpd + ``` -* Don't forget to configure the firewall: +* Do not forget to configure the firewall: - ```bash - sudo firewall-cmd --add-service=http --permanent - sudo firewall-cmd --reload - ``` + ```bash + sudo firewall-cmd --add-service=http --permanent + sudo firewall-cmd --reload + ``` -The default vhost should work out of the box. PHP provides a `phpinfo()` function that generates a summary table of its configuration. It's very useful to test the good working of PHP. However, be careful not to leave such test files on your servers. They represent a huge security risk for your infrastructure. +The default vhost should work out of the box. PHP provides a `phpinfo()` function that generates a summary table of its configuration. It is useful to test the good working of PHP. However, be careful not to leave such test files on your servers. They represent a huge security risk for your infrastructure. Create the file `/var/www/html/info.php` (`/var/www/html` being the default vhost directory of the default Apache configuration): @@ -241,19 +241,19 @@ Use a web browser to check that the server works properly by going to the page [ !!! Warning - Do not leave the info.php file on your server! + Do not leave the `info.php` file on your server! -### Installation of the PHP cgi mode +### Installation of the PHP cgi mode (PHP-FPM) -As we highlighted earlier in this document, there are many advantages to switching web hosting to PHP-FPM mode. +Noted earlier, many advantages exist for switching web hosting to PHP-FPM mode. -The installation is limited to the php-fpm package: +The installation entails only the php-fpm package: ```bash sudo dnf install php-fpm ``` -As php-fpm is a service from a system point of view, it must be activated and started: +As php-fpm is a service from a system point of view, you must activate and start it: ```bash sudo systemctl enable --now php-fpm @@ -262,7 +262,7 @@ sudo systemctl status php-fpm #### Configuration of the PHP cgi mode -The main configuration file is stored under `/etc/php-fpm.conf`. +The main configuration file is `/etc/php-fpm.conf`. ```bash include=/etc/php-fpm.d/*.conf @@ -278,7 +278,7 @@ daemonize = yes As you can see, the files in the `/etc/php-fpm.d/` directory with the `.conf` extension are always included. -By default, a PHP process pool, named `www`, is declared in `/etc/php-fpm.d/www.conf`. +By default, a PHP process pool declaration named `www`, is in `/etc/php-fpm.d/www.conf`. ```bash [www] @@ -311,13 +311,13 @@ php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache #### Configuring the way to access php-fpm processes -There are 2 ways to connect. +Two ways exist for connecting. -Via an inet interface such as: +With an `inet-interface` such as: `listen = 127.0.0.1:9000`. -Or via a Unix socket: +Or with a UNIX socket: `listen = /run/php-fpm/www.sock`. @@ -325,26 +325,26 @@ Or via a Unix socket: Using a socket when the web server and PHP server are on the same machine removes the TCP/IP layer and optimizes the performance. -When working via an interface, you have to configure `listen.owner`, `listen.group`, `listen.mode` to specify the owner, the owner group and the rights of the Unix socket. **Warning:** Both servers (web and PHP) must have access rights on the socket. +When working with an interface, you have to configure `listen.owner`, `listen.group`, `listen.mode` to specify the owner, the owner group, and the rights of the UNIX socket. **Warning:** Both servers (web and PHP) must have access rights on the socket. -When working via a socket, you must configure `listen.allowed_clients` to restrict access to the PHP server to certain IP addresses. +When working with a socket, you must configure `listen.allowed_clients` to restrict access to the PHP server to certain IP addresses. Example: `listen.allowed_clients = 127.0.0.1` #### Static or dynamic configuration -The processes of PHP-FPM can be managed statically or dynamically. +You can manage PHP-FPM processes statically or dynamically. -In static mode, the number of child processes is set by the value of `pm.max_children`; +In static mode, `pm.max_children` sets a limit to the number of child processes: ```bash pm = static pm.max_children = 10 ``` -This configuration will launch 10 processes. +This configuration starts 10 processes. -In dynamic mode, PHP-FPM will launch at most the number of processes specified by the value of `pm.max_children`, starting by launching some processes corresponding to `pm.start_servers`, and keeping at least the value of `pm.min_spare_servers` of inactive processes and at `most pm.max_spare_servers` inactive processes. +In dynamic mode, PHP-FPM starts at *most* the number of processes specified by the value of `pm.max_children`. It first starts some processes corresponding to `pm.start_servers`, keeping at least the value of `pm.min_spare_servers` of inactive processes and at most `pm.max_spare_servers` of inactive processes. Example: @@ -358,9 +358,9 @@ pm.max_spare_servers = 3 PHP-FPM will create a new process to replace one that has processed several requests equivalent to `pm.max_requests`. -By default, `pm.max_requests` is set to 0, meaning processes are never recycled. Using the `pm.max_requests` option can be interesting for applications with memory leaks. +By default the value of `pm.max_requests` is 0, meaning processes are never recycled. Using the `pm.max_requests` option can be interesting for applications with memory leaks. -There is a third mode of operation, the `ondemand` mode. This mode only starts a process when it receives a request. It is not an optimal mode for sites with strong influences and is to be reserved for specific needs (sites with very weak requests, management backend, etc.). +A third mode of operation is the `ondemand` mode. This mode only starts a process when it receives a request. It is not an optimal mode for sites with strong influences and is reserved for specific needs (sites with very weak requests, management backend, and so on.). !!! Note @@ -370,7 +370,7 @@ There is a third mode of operation, the `ondemand` mode. This mode only starts a PHP-FPM offers, like Apache and its `mod_status` module, a page indicating the status of the process. -To activate the page, set its access path via the `pm.status_path` directive: +To activate the page, set its access path with the `pm.status_path` directive: ```bash pm.status_path = /status @@ -396,7 +396,7 @@ slow requests: 0 #### Logging long requests -The slowlog directive specifies the file that receives logging of requests that are too long (i.e., whose time exceeds the value of the `request_slowlog_timeout` directive). +The `slowlog` directive specifies the file that receives logging requests that are too long (for instance, whose time exceeds the value of the `request_slowlog_timeout` directive). The default location of the generated file is `/var/log/php-fpm/www-slow.log`. @@ -411,7 +411,7 @@ A value of 0 for `request_slowlog_timeout` disables logging. The default setting of nginx already includes the necessary configuration to make PHP work with PHP-FPM. -The configuration file `fastcgi.conf` (or `fastcgi_params`) is located under `/etc/nginx/`: +The configuration file `fastcgi.conf` (or `fastcgi_params`) is under `/etc/nginx/`: ```bash fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; @@ -441,7 +441,7 @@ fastcgi_param SERVER_NAME $server_name; fastcgi_param REDIRECT_STATUS 200; ``` -For nginx to process `.php` files, the following directives must be added to the site configuration file: +For nginx to process `.php` files, add the following directives to the site configuration file: If PHP-FPM is listening on port 9000: @@ -452,7 +452,7 @@ location ~ \.php$ { } ``` -If php-fpm is listening on a unix socket: +If php-fpm is listening on a UNIX socket: ```bash location ~ \.php$ { @@ -483,23 +483,23 @@ The configuration of Apache to use a PHP pool is quite simple. You have to use t ### Solid configuration of PHP pools -It is essential to optimize the number of requests that will be able to be served and to analyze the memory used by the PHP scripts, to optimize the maximum amount of launched threads. +Optimizing the number of requests served and analyzing the memory used by the PHP scripts, is necessary to optimize the maximum amount of launched threads. -First of all, we need to know the average amount of memory used by a PHP process with the command: +First of all, you need to know the average amount of memory used by a PHP process with the command: ```bash while true; do ps --no-headers -o "rss,cmd" -C php-fpm | grep "pool www" | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"Mb") }' >> avg_php_proc; sleep 60; done ``` -After a while, this should give us a pretty accurate idea of the average memory footprint of a PHP process on this server. +This will give you a pretty accurate idea of the average memory footprint of a PHP process on this server. The result of the rest of this document is a memory footprint of 120MB per process at full load. On a server with 8Gb of RAM, keeping 1Gb for the system and 1Gb for the OPCache (see the rest of this document), is 6Gb left to process PHP requests from clients. -We can easily conclude that this server can accept at most **50 threads** `((6*1024) / 120)`. +You can conclude that this server can accept at most **50 threads** `((6*1024) / 120)`. -A good configuration of `php-fpm` specific to this use case would be: +A good configuration of `php-fpm` specific to this use case is: ```bash pm = dynamic @@ -518,11 +518,11 @@ with: ### Opcache configuration -The `opcache` (Optimizer Plus Cache) is the first level of cache on which we can influence. +The `opcache` (Optimizer Plus Cache) is the first level of cache that you can influence. It keeps the compiled PHP scripts in memory, which strongly impacts the execution of the web pages (removes the reading of the script on disk + the compilation time). -To configure it, we must work on: +To configure it, you must work on: * The size of the memory dedicated to the opcache according to the hit ratio, configuring it correctly * The number of PHP scripts to cache (number of keys + maximum number of scripts) @@ -542,9 +542,9 @@ opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 ``` -where: +Where: -* `opcache.memory_consumption` corresponds to the amount of memory needed for the opcache (to be increased until a correct hit ratio is obtained). +* `opcache.memory_consumption` corresponds to the amount of memory needed for the opcache (increase this until obtaining a correct hit ratio). * `opcache.interned_strings_buffer` the amount of strings to cache. * `opcache.max_accelerated_files` is near to the result of the `find ./ -iname "*.php"|wc -l` command. @@ -556,8 +556,7 @@ You can refer to an `info.php` page (including the `phpinfo();`) to configure th !!! Note - Don't underestimate the speed gain that can be achieved by setting up and configuring the opcache correctly. - + Do not underestimate the speed gain that can be achieved by setting up and configuring the opcache correctly. \ No newline at end of file +--> diff --git a/docs/books/web_services/04-databases-servers.md b/docs/books/web_services/04-databases-servers.md index da84963c6a..47100436e4 100644 --- a/docs/books/web_services/04-databases-servers.md +++ b/docs/books/web_services/04-databases-servers.md @@ -19,13 +19,13 @@ In this chapter, you will learn about the RDBMS MariaDB and MySQL. **Objectives**: In this chapter, you will learn how to: -:heavy_check_mark: install, configure and secure MariaDB server and MySQL server; -:heavy_check_mark: perform some administrative actions on databases and users. +:heavy_check_mark: install, configure, and secure MariaDB server and MySQL server; +:heavy_check_mark: perform some administrative actions on databases and users. :checkered_flag: **RDBMS**, **database**, **MariaDB**, **MySQL** -**Knowledge**: :star: :star: :star: -**Complexity**: :star: :star: :star: +**Knowledge**: :star: :star: :star: +**Complexity**: :star: :star: :star: **Reading time**: 30 minutes @@ -33,23 +33,23 @@ In this chapter, you will learn about the RDBMS MariaDB and MySQL. ### Generalities -MySQL was developed by Michael "Monty" Widenius (a Finnish computer scientist), who founded MySQL AB in 1995. MySQL AB was acquired by SUN in 2008, which in turn was acquired by Oracle in 2009, which still owns the MySQL software and distributes it under a dual GPL and proprietary license. +MySQL was developed by Michael "Monty" Widenius (a Finnish computer scientist) who founded MySQL AB in 1995. MySQL AB was acquired by SUN in 2008, which in turn was acquired by Oracle in 2009, which still owns the MySQL software and distributes it under a dual GPL and proprietary license. In 2009, Michael Widenius left SUN, founded Monty Program AB and launched the development of his community fork of MySQL : MariaDB under GPL license. Governance of the project is entrusted to the MariaDB Foundation, which ensures that the project remains free. -It wasn't long before the majority of Linux distributions offered MariaDB packages instead of MySQL ones, and major accounts such as Wikipedia and Google also adopted the community fork. +It was not long before the majority of Linux distributions offered MariaDB packages instead of MySQL ones, and major accounts such as Wikipedia and Google also adopted the community fork. MySQL and MariaDB are among the world's most widely used RDBMSs (professionally and by the general public), particularly for web applications (**LAMP**: Linux + Apache + Mysql-MariaDB + Php). -Mysql-MariaDB's main competitors are : +Mysql-MariaDB's main competitors are: * PostgreSQL, * OracleDB, * Microsoft SQL Server. -Databases services are multi-threaded and multi-user, run on most operating systems (Linux, Unix, BSD, Mac OSx, Windows) and are accessible from many programming languages (Php, Java, Python, C, C++, Perl, ...). +Databases services are multi-threaded and multi-user, run on most operating systems (Linux, Unix, BSD, Mac OSx, Windows), and are accessible from many programming languages (Php, Java, Python, C, C++, Perl, others). -Several engines are supported, enabling different engines to be assigned to different tables within the same database, depending on requirements: +Support is offered for several engines, enabling the assignment of different engines to different tables within the same database, depending on requirements: MyISAM : the simplest, but does not support transactions or foreign keys. It is an indexed sequential engine. MyISAM is now deprecated. @@ -63,13 +63,11 @@ Memory Archive : data compression on insertion saves disk space, but slows down search queries (cold data). -... - -It's a matter of adopting an engine according to need: Archive for log storage, Memory for temporary data, etc. +It is a matter of adopting an engine according to need: Archive for log storage, Memory for temporary data, and so on. MariaDB/MySQL uses port 3306/tcp for network communication. -As the default version supplied with Rocky is the MariaDB community version of the database, this chapter will deal with this version. Only the differences between MySQL and MariaDB will be dealt with specifically. +As the default version supplied with Rocky is the MariaDB community version of the database, this chapter will deal with this version. Only the differences between MySQL and MariaDB are specifically dealt with. ### Installation @@ -111,7 +109,7 @@ If you have not yet installed the mariadb server, activating the desired module $ sudo dnf module enable mariadb:10.11 Last metadata expiration check: 0:02:23 ago on Thu Jun 20 11:39:10 2024. Dependencies resolved. -============================================================================================================================================= Package Architecture Version Repository Size +============================================================================================================================================= Package Architecture Version Repository Size ============================================================================================================================================= Enabling module streams: mariadb 10.11 @@ -122,7 +120,7 @@ Is this ok [y/N]: y Complete! ``` -You can now install the package as previously, the desired version will be automatically installed: +You can now install the package. The desired version will be automatically installed: ```bash sudo dnf install -y mariadb-server @@ -145,7 +143,7 @@ mariadb-prepare-db-dir[6599]: able to connect as any of these users with a passw ### Configuration -Configuration files can be found at `/etc/my.cnf` and `/etc/my.cnf.d/`. +Configuration files can are in `/etc/my.cnf` and `/etc/my.cnf.d/`. Some important default options have been setup in the `/etc/my.cnf.d/mariadb-server.cnf`: @@ -160,11 +158,11 @@ pid-file=/run/mariadb/mariadb.pid ... ``` -As you can see, data are stored in the `/var/lib/mysql` per default. This folder can require a lot of storage space and recurring volume increases. It is therefore advisable to mount this folder on a dedicated partition. +As you can see, data is in the `/var/lib/mysql` per default. This folder can require a lot of storage space and recurring volume increases. It is therefore advisable to mount this folder on a dedicated partition. ### Security -MariaDB and Mysql includes a script to help you secure your server. It remove for example remote root logins and sample users, that remains the less secure default options. +MariaDB and Mysql includes a script to help you secure your server. It remove for example remote root logins and sample users, the less-secure default options. Use the `mariadb-secure-installation` and secure your server: @@ -172,14 +170,14 @@ Use the `mariadb-secure-installation` and secure your server: sudo mariadb-secure-installation ``` -You will be asked to provide a password for your root user. +The script will prompt you to provide a password for your root user. !!! NOTE The `mysql_secure_installation` command is now a symlink to the `mariadb-secure-installation` command: ```bash - $ ll /usr/bin/mysql_secure_installation + $ ll /usr/bin/mysql_secure_installation lrwxrwxrwx. 1 root root 27 Oct 12 2023 /usr/bin/mysql_secure_installation -> mariadb-secure-installation ``` @@ -191,7 +189,7 @@ user="root" password="#######" ``` -Ensure the permissions are restrictives enought to only allow the current user can access: +Ensure the permissions are restrictive enough to only allow the current user can access: ```bash chmod 600 ~/.my.cnf @@ -199,9 +197,9 @@ chmod 600 ~/.my.cnf !!! WARNING - This is not the best way to do, there are another solutions more secure than storing password in plain text. Since MySQL 5.6.6, it's now possible to store your credentials in an encrypted login `.mylogin.cnf`, thanks to the `mysql_config_editor` command. + This is not the best way. There is another solution more secure than storing a password in plain text. Since MySQL 5.6.6, it is now possible to store your credentials in an encrypted login `.mylogin.cnf`, thanks to the `mysql_config_editor` command. -If your server is protected by a firewall (which is a good thing), you may need to consider opening it, but only if your service is to be accessed from the outside. +If your server runs a firewall (which is a good thing), you might need to consider opening it, but only if you need your service accessible from the outside. ```bash sudo firewall-cmd --zone=public --add-service=mysql @@ -210,7 +208,7 @@ sudo firewall-cmd --reload !!! NOTE - The best security is not to open your database server to the outside world (if the application server is hosted on the same server), or to restrict access to authorized IPs only. + The best security is not to open your database server to the outside world (if the application server is hosted on the same server), or to restrict access to authorized IPs only. ### Administration @@ -274,7 +272,7 @@ mariadb-admin -u user -p command | `-p` | Asks for a password. | | `command` | A command to execute. | -The `mariadb-admin` provides several commands as `version`, `variables`, `stop-slave` or `start-slaves`, `create databasename`, etc. +The `mariadb-admin` provides several commands as `version`, `variables`, `stop-slave` or `start-slaves`, `create databasename`, and so on. Example: @@ -338,19 +336,19 @@ Sort types can be : ### About backup -As with any RDBMS, a database must be backed up while the data is not being modified. This can be done : +As with any RDBMS, backing up a database is done while the data modification is off-line. You can do this by: -* when the service is stopped: this is an offline backup; -* while the service is running, but a lock has been set (to temporarily suspend all modifications): this is an online backup. -* using a snapshot of the LVM file system, enabling data to be backed up with a cold file system. +* stopping the service, known as an offline backup; +* while the service is running, buy temporarily locking out updates (suspending all modifications). This is an online backup. +* using a snapshot of the LVM file system, enabling the backing up of data with a cold file system. The backup format can be an ASCII (text) file, representing the state of the database and its data in the form of SQL commands, or a binary file, corresponding to MySQL storage files. -While a binary file can be backed up using common utilities such as tar or cpio, an ASCII file requires a utility such as `mariadb-dump`. +While you can back up a binary file using common utilities such as tar or cpio, an ASCII file requires a utility such as `mariadb-dump`. The `mariadb-dump` command can perform a dump of your database. -During the process, some data access can be locked. +During the process, locking of some data access occurs. ```bash mariadb-dump -u root -p DATABASE_NAME > backup.sql @@ -358,15 +356,15 @@ mariadb-dump -u root -p DATABASE_NAME > backup.sql !!! NOTE - Don't forget that after restoring a full backup, restoring the binary files (binlogs) completes the reconstitution of the data. + Do not forget that after restoring a full backup, restoring the binary files (binlogs) completes the reconstitution of the data. -The resulting file can be used to restore the database data (the database must still exist or have been recreated beforehand!): +The resulting file is usable to restore the database data. The database must still exist or you must have recreated it beforehand!: ```bash mariadb -u root -p DATABASE_NAME < backup.sql ``` -### Graphical Tools +### Graphical tools Graphical tools exist to facilitate the administration and management of database data. Here are a few examples: @@ -374,7 +372,7 @@ Graphical tools exist to facilitate the administration and management of databas ### Workshop -In this workshop, you'll install, configure and secure your mariadb server. +In this workshop, you will install, configure, and secure your mariadb server. #### Task 1 : Installation @@ -384,15 +382,15 @@ Install the mariadb-server package: $ sudo dnf install mariadb-server Last metadata expiration check: 0:10:05 ago on Thu Jun 20 11:26:03 2024. Dependencies resolved. -============================================================================================================================================= Package Architecture Version Repository Size +============================================================================================================================================= Package Architecture Version Repository Size ============================================================================================================================================= Installing: - mariadb-server x86_64 3:10.5.22-1.el9_2 appstream 9.6 M + mariadb-server x86_64 3:10.5.22-1.el9_2 appstream 9.6 M Installing dependencies: ... ``` -Installation adds a `mysql` user to the system, with `/var/lib/mysql` as homedirectory: +Installation adds a `mysql` user to the system, with `/var/lib/mysql` as home directory: ```bash $ cat /etc/passwd @@ -432,8 +430,8 @@ $ sudo systemctl status mariadb Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: The second is mysql@localhost, it has no password either, but Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: you need to be the system 'mysql' user to connect. -Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: After connecting you can set the password, if you would need to be -Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: able to connect as any of these users with a password and without sudo +Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: After connecting you can set the password, if you would need to be +Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: able to connect as any of these users with a password and without sudo Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: See the MariaDB Knowledgebase at https://mariadb.com/kb Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: Please report any problems at https://mariadb.org/jira Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: The latest information about MariaDB is available at https://mariadb.org>Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: Consider joining MariaDB's strong and vibrant community: @@ -441,7 +439,7 @@ Jun 20 11:48:56 localhost.localdomain mariadb-prepare-db-dir[6599]: https://mari Jun 20 11:48:56 localhost.localdomain systemd[1]: Started MariaDB 10.5 database server. ``` -Try to connect to the server: +Try connecting to the server: ```bash $ sudo mariadb @@ -481,7 +479,7 @@ Uptime: 7 min 24 sec Threads: 1 Questions: 9 Slow queries: 0 Opens: 17 Open tables: 10 Queries per second avg: 0.020 ``` -As you can see, the `root` user doesn't need to provide any password. We will correct that during the next task. +As you can see, the `root` user does not need to provide a password. You will correct that during the next task. #### Task 2 : Secure your server @@ -514,7 +512,7 @@ Reloading privilege tables.. You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] y -New password: +New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. @@ -560,14 +558,14 @@ installation should now be secure. Thanks for using MariaDB! ``` -Try now to connect with and without password to your server: +Try connecting again, with and without password to your server: ```bash $ mariadb -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) $ mariadb -u root -p -Enter password: +Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.5.22-MariaDB MariaDB Server @@ -576,7 +574,7 @@ Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. -MariaDB [(none)]> +MariaDB [(none)]> ``` Configure your firewall: @@ -592,7 +590,7 @@ Verify your installation : ```bash $ mysqladmin -u root -p version -Enter password: +Enter password: mysqladmin Ver 9.1 Distrib 10.5.22-MariaDB, for Linux on x86_64 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. @@ -621,7 +619,7 @@ Create a new user and give him all rights on all table of that database: MariaDB [(none)]> grant all privileges on NEW_DATABASE_NAME.* TO 'NEW_USER_NAME'@'localhost' identified by 'PASSWORD'; ``` -Replace `localhost` per `%` if you want to grant access from everywhere or replace per IP adresses if you can. +Replace `localhost` per `%` if you want to grant access from everywhere or replace per IP addresses if you can. You can restrict the priveleges granted. There are different types of permissions to offer users: @@ -635,7 +633,7 @@ You can restrict the priveleges granted. There are different types of permission * **ALL PRIVILEGES**: all rights * **GRANT OPTION**: give or remove rights to other users -Don't forget to reload apply the new rights: +Do not forget to reload apply the new rights: ```sql MariaDB [(none)]> flush privileges; @@ -645,7 +643,7 @@ Check: ```bash $ mariadb -u NEW_USER_NAME -p -Enter password: +Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 8 Server version: 10.5.22-MariaDB MariaDB Server @@ -665,7 +663,7 @@ MariaDB [(none)]> show databases; ``` -Add sample datas into your database: +Add sample data into your database: ```bash $ mariadb -u NEW_USER_NAME -p NEW_DATABASE_NAME @@ -683,7 +681,7 @@ Query OK, 1 row affected (0.004 sec) #### Task 5 : Create a remote user -In this task, we will create a new user, granted access from remote, and test a connexion with him. +In this task, you will create a new user, grant access from remote, and test a connection with that user. ```bash MariaDB [(none)]> grant all privileges on NEW_DATABASE_NAME.* TO 'NEW_USER_NAME'@'%' identified by 'PASSWORD'; @@ -693,14 +691,14 @@ MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.004 sec) ``` -Use this user and the `-h` option to connect remotly to your server: +Use this user and the `-h` option to connect remotely to your server: ```bash $ mariadb -h YOUR_SERVER_IP -u NEW_USER_NAME -p NEW_DATABASE_NAME -Enter password: +Enter password: ... -MariaDB [NEW_DATABASE_NAME]> +MariaDB [NEW_DATABASE_NAME]> ``` #### Task 6 : Perform an upgrade @@ -709,10 +707,10 @@ Enable the module needed: ```bash $ sudo dnf module enable mariadb:10.11 -[sudo] password for antoine: +[sudo] password for antoine: Last metadata expiration check: 2:00:16 ago on Thu Jun 20 11:50:27 2024. Dependencies resolved. -============================================================================================================================================= Package Architecture Version Repository Size +============================================================================================================================================= Package Architecture Version Repository Size =============================================================================================================================================Enabling module streams: mariadb 10.11 @@ -728,16 +726,16 @@ Upgrade the packages: $ sudo dnf update mariadb Last metadata expiration check: 2:00:28 ago on Thu Jun 20 11:50:27 2024. Dependencies resolved. -============================================================================================================================================= Package Architecture Version Repository Size +============================================================================================================================================= Package Architecture Version Repository Size ============================================================================================================================================= Upgrading: - mariadb x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 1.7 M - mariadb-backup x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 6.7 M - mariadb-common x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 28 k - mariadb-errmsg x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 254 k - mariadb-gssapi-server x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 15 k - mariadb-server x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 10 M - mariadb-server-utils x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 261 k + mariadb x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 1.7 M + mariadb-backup x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 6.7 M + mariadb-common x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 28 k + mariadb-errmsg x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 254 k + mariadb-gssapi-server x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 15 k + mariadb-server x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 10 M + mariadb-server-utils x86_64 3:10.11.6-1.module+el9.4.0+20012+a68bdff7 appstream 261 k Transaction Summary ============================================================================================================================================= @@ -746,15 +744,15 @@ Upgrade 7 Packages Total download size: 19 M Is this ok [y/N]: y Downloading Packages: -(1/7): mariadb-gssapi-server-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 99 kB/s | 15 kB 00:00 -(2/7): mariadb-server-utils-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 1.1 MB/s | 261 kB 00:00 -(3/7): mariadb-errmsg-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 2.5 MB/s | 254 kB 00:00 -(4/7): mariadb-common-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 797 kB/s | 28 kB 00:00 -(5/7): mariadb-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 5.7 MB/s | 1.7 MB 00:00 -(6/7): mariadb-server-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 9.5 MB/s | 10 MB 00:01 -(7/7): mariadb-backup-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 7.7 MB/s | 6.7 MB 00:00 +(1/7): mariadb-gssapi-server-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 99 kB/s | 15 kB 00:00 +(2/7): mariadb-server-utils-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 1.1 MB/s | 261 kB 00:00 +(3/7): mariadb-errmsg-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 2.5 MB/s | 254 kB 00:00 +(4/7): mariadb-common-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 797 kB/s | 28 kB 00:00 +(5/7): mariadb-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 5.7 MB/s | 1.7 MB 00:00 +(6/7): mariadb-server-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 9.5 MB/s | 10 MB 00:01 +(7/7): mariadb-backup-10.11.6-1.module+el9.4.0+20012+a68bdff7.x86_64.rpm 7.7 MB/s | 6.7 MB 00:00 --------------------------------------------------------------------------------------------------------------------------------------------- -Total 13 MB/s | 19 MB 00:01 +Total 13 MB/s | 19 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test @@ -766,7 +764,7 @@ Running transaction Complete! ``` -Now your databases need to be upgraded (check your `/var/log/messages` as the service complains): +Your databases now need upgrading (check your `/var/log/messages` as the service complains): ```text mariadb-check-upgrade[8832]: The datadir located at /var/lib/mysql needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps: @@ -777,7 +775,7 @@ mariadb-check-upgrade[8832]: Read more about 'mariadb-upgrade' usage at: mariadb-check-upgrade[8832]: https://mariadb.com/kb/en/mysql_upgrade/ ``` -Don't forget to execute the upgrade script provided by MariaDB: +Do not forget to execute the upgrade script provided by MariaDB: ```bash sudo mariadb-upgrade @@ -862,19 +860,19 @@ UNLOCK TABLES; ### Check your Knowledge -:heavy_check_mark: Which database version is installed by default? +:heavy_check_mark: Which database version installs by default? -* [ ] MySQL 5.5 -* [ ] MariaDB 10.5 -* [ ] MariaDB 11.11 -* [ ] Mysql 8 +* [ ] MySQL 5.5 +* [ ] MariaDB 10.5 +* [ ] MariaDB 11.11 +* [ ] Mysql 8 -:heavy_check_mark: Which command is used to apply rights changes? +:heavy_check_mark: Which command do you use to apply rights changes? -* [ ] flush rights -* [ ] flush privileges -* [ ] mariadb reload -* [ ] apply +* [ ] flush rights +* [ ] flush privileges +* [ ] mariadb reload +* [ ] apply ### Conclusion @@ -882,30 +880,30 @@ In this chapter, you have installed and secured a MariaDB database server, creat These skills are a prerequisite for the administration of your databases. -In the next chapter, we will see how to install the MySQL database instead of the MariaDB fork. +In the next section, you will see how to install the MySQL database instead of the MariaDB fork. ## Mysql In this chapter, you will learn how to install MySQL server. -We're only going to cover the notable differences between the MariaDB and MySQL versions. +Only notable differences between the MariaDB and MySQL versions are included. **** **Objectives**: In this chapter, you will learn how to: -:heavy_check_mark: install, configure and secure MariaDB server and MySQL server; +:heavy_check_mark: install, configure and secure MariaDB server and MySQL server; :checkered_flag: **RDBMS**, **database**, **MariaDB**, **MySQL** -**Knowledge**: :star: :star: :star: -**Complexity**: :star: :star: :star: +**Knowledge**: :star: :star: :star: +**Complexity**: :star: :star: :star: **Reading time**: 10 minutes **** -### Installation +### Installation of MySQL By default, the installed version of MySQL is version 8.0. @@ -928,9 +926,9 @@ You can now follow the previous chapter replacing the following commands: * `mariadb-dump` => `mysql_dump` * `mariadb-secure-installation` => `mysql_secure_installation` -To install the latest version of mysql-server, you will have to install a new repo. +To install the latest version of mysql-server, you will have to install a different repository. -Please visit this page: https://dev.mysql.com/downloads/repo/yum/ and catch the repo URL. +Visit this page: https://dev.mysql.com/downloads/repo/yum/ and copy the repository URL. For example: @@ -938,21 +936,21 @@ For example: sudo dnf install -y https://dev.mysql.com/get/mysql84-community-release-el9-1.noarch.rpm ``` -Once the new repo is installed, you can perform the `dnf update`: +When completed, you can perform the `dnf update`: ```bash $ dnf update Error: This command has to be run with superuser privileges (under the root user on most systems). [antoine@localhost ~]$ sudo dnf update -MySQL 8.4 LTS Community Server 377 kB/s | 226 kB 00:00 -MySQL Connectors Community 110 kB/s | 53 kB 00:00 -MySQL Tools 8.4 LTS Community 170 kB/s | 97 kB 00:00 +MySQL 8.4 LTS Community Server 377 kB/s | 226 kB 00:00 +MySQL Connectors Community 110 kB/s | 53 kB 00:00 +MySQL Tools 8.4 LTS Community 170 kB/s | 97 kB 00:00 Dependencies resolved. -============================================================================================================================================= Package Architecture Version Repository Size +============================================================================================================================================= Package Architecture Version Repository Size =============================================================================================================================================Installing: - mysql-community-client x86_64 8.4.0-1.el9 mysql-8.4-lts-community 3.1 M + mysql-community-client x86_64 8.4.0-1.el9 mysql-8.4-lts-community 3.1 M replacing mysql.x86_64 8.0.36-1.el9_3 - mysql-community-server x86_64 8.4.0-1.el9 mysql-8.4-lts-community 50 M + mysql-community-server x86_64 8.4.0-1.el9 mysql-8.4-lts-community 50 M replacing mariadb-connector-c-config.noarch 3.2.6-1.el9_0 replacing mysql-server.x86_64 8.0.36-1.el9_3 Installing dependencies: @@ -964,15 +962,15 @@ Transaction Summary Total download size: 59 M Is this ok [y/N]: y Downloading Packages: -(1/7): mysql-community-client-plugins-8.4.0-1.el9.x86_64.rpm 3.4 MB/s | 1.4 MB 00:00 -(2/7): mysql-community-common-8.4.0-1.el9.x86_64.rpm 1.3 MB/s | 576 kB 00:00 -(3/7): mysql-community-icu-data-files-8.4.0-1.el9.x86_64.rpm 30 MB/s | 2.3 MB 00:00 -(4/7): mysql-community-client-8.4.0-1.el9.x86_64.rpm 5.8 MB/s | 3.1 MB 00:00 -(5/7): mysql-community-libs-8.4.0-1.el9.x86_64.rpm 6.8 MB/s | 1.5 MB 00:00 -(6/7): net-tools-2.0-0.62.20160912git.el9.x86_64.rpm 1.1 MB/s | 292 kB 00:00 -(7/7): mysql-community-server-8.4.0-1.el9.x86_64.rpm 48 MB/s | 50 MB 00:01 ----------------------------------------------------------------------------------------------------------------------------------------------Total 30 MB/s | 59 MB 00:01 -MySQL 8.4 LTS Community Server 3.0 MB/s | 3.1 kB 00:00 +(1/7): mysql-community-client-plugins-8.4.0-1.el9.x86_64.rpm 3.4 MB/s | 1.4 MB 00:00 +(2/7): mysql-community-common-8.4.0-1.el9.x86_64.rpm 1.3 MB/s | 576 kB 00:00 +(3/7): mysql-community-icu-data-files-8.4.0-1.el9.x86_64.rpm 30 MB/s | 2.3 MB 00:00 +(4/7): mysql-community-client-8.4.0-1.el9.x86_64.rpm 5.8 MB/s | 3.1 MB 00:00 +(5/7): mysql-community-libs-8.4.0-1.el9.x86_64.rpm 6.8 MB/s | 1.5 MB 00:00 +(6/7): net-tools-2.0-0.62.20160912git.el9.x86_64.rpm 1.1 MB/s | 292 kB 00:00 +(7/7): mysql-community-server-8.4.0-1.el9.x86_64.rpm 48 MB/s | 50 MB 00:01 +---------------------------------------------------------------------------------------------------------------------------------------------Total 30 MB/s | 59 MB 00:01 +MySQL 8.4 LTS Community Server 3.0 MB/s | 3.1 kB 00:00 Importing GPG key 0xA8D3785C: Userid : "MySQL Release Engineering " Fingerprint: BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C @@ -993,20 +991,20 @@ Installed: Complete! ``` -Don't forget to re-enable and restart your server: +Do not forget to re-enable and restart your server: ```bash sudo systemctl enable mysqld.service --now ``` -### Check your Knowledge +### Check your Knowledge MySQL :heavy_check_mark: Which MySQL database version is installed by default? -* [ ] MySQL 5.5 -* [ ] MariaDB 10.5 -* [ ] MariaDB 11.11 -* [ ] Mysql 8 +* [ ] MySQL 5.5 +* [ ] MariaDB 10.5 +* [ ] MariaDB 11.11 +* [ ] Mysql 8 ## Secondary server with MariaDB @@ -1016,34 +1014,34 @@ In this chapter, you will learn how to configure a Primary/Secondary system serv **Objectives**: In this chapter, you will learn how to: -:heavy_check_mark: activate the binlogs in your servers; -:heavy_check_mark: setup a secondary server to replicate data from primary server. +:heavy_check_mark: activate the binlogs in your servers; +:heavy_check_mark: setup a secondary server to replicate data from primary server. :checkered_flag: **MariaDB**, **Replication**, **Primary**, **Secondary** -**Knowledge**: :star: :star: -**Complexity**: :star: :star: :star: +**Knowledge**: :star: :star: +**Complexity**: :star: :star: :star: **Reading time**: 10 minutes **** -### Generalities +### Generalities secondary server with MariaDB -As soon as you start using your database more intensively, you'll need to replicate your data on several servers. +As soon as you start using your database more intensively, you will need to replicate your data on several servers. This can be done in several ways: * Distribute write requests to the primary server and read requests to the secondary server. * Perform database backups on the secondary server, which avoids blocking writes to the primary server for the duration of the backups. -If your usage becomes even more demanding, you may consider switching to a primary/primary system: replications are then made crosswise, but beware of the risk of blocking the uniqueness of primary keys. Otherwise, you'll need to switch to a more advanced clustering system. +If your usage becomes even more demanding, you may consider switching to a primary/primary system: replications are then made crosswise, but beware of the risk of blocking the uniqueness of primary keys. Otherwise, you will need to switch to a more advanced clustering system. -### Configuration +### Configuration secondary server with MariaDB #### How to activate the binlogs -This action must be performed on the primary and secondary servers: +Perform this action on the primary and secondary servers: Add the following options to your `/etc/my.cnf.d/mariadb-server.cnf` file, under the `[mariadb]` key: @@ -1065,7 +1063,7 @@ log-basename=server2 binlog-format=mixed ``` -The `server_id` option must be unique on each server in the cluster, while the `log-basename` option allows you to specify a prefix to the binlog files. If you don't do this, you won't be able to rename your server in the future. +The `server_id` option must be unique on each server in the cluster, while the `log-basename` option allows you to specify a prefix to the binlog files. If you do not do this, you will not be able to rename your server in the future. You can now restart the mariadb service on both servers: @@ -1089,7 +1087,7 @@ srwxrwxrwx. 1 mysql mysql 0 Jun 21 11:16 mysql.sock #### How to configure the replication -First of all, on the primary, you'll need to create users authorized to replicate data (be careful to restrict the IPs authorized): +First of all, on the primary, you will need to create users authorized to replicate data (be careful to restrict the IPs authorized): ```bash $ sudo mariadb @@ -1097,7 +1095,7 @@ $ sudo mariadb MariaDB [(none)]> CREATE USER 'replication'@'%' IDENTIFIED BY 'PASSWORD'; Query OK, 0 rows affected (0.002 sec) -MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'%'; +MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'%'; Query OK, 0 rows affected (0.002 sec) ``` @@ -1109,11 +1107,11 @@ $ sudo mariadb MariaDB [(none)]> CREATE USER 'replication'@'192.168.1.101' IDENTIFIED BY 'PASSWORD'; Query OK, 0 rows affected (0.002 sec) -MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'192.168.1.101'; +MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'192.168.1.101'; Query OK, 0 rows affected (0.002 sec) ``` -If your primary server already contains data, you'll need to lock new transactions while data is being exported/imported to the secondary server(s), and tell the secondary servers when to start replication. If your server does not yet contain any data, the procedure is greatly simplified. +If your primary server already contains data, you will need to lock new transactions while the exporting or importing of data occurs to the secondary server(s), and tell the secondary servers when to start replication. If your server does not yet contain any data, the procedure is greatly simplified. Prevent any changes to the data while you view the binary log position: @@ -1135,12 +1133,11 @@ MariaDB [(none)]> SHOW MASTER STATUS; Do not quit your session to keep the lock. -Record the File and Position details. +Record the File and Position details. -If your server contains data, it's time to create a backup and import it onto your secondary server(s). The lock must be kept for the duration of the backup, and can be released as soon as it's complete, reducing downtime (the time it takes to copy and import the data on the secondary servers). - -You can remove now the lock: +If your server contains data, it is time to create a backup and import it onto your secondary server(s). Keep the lock for the duration of the backup, and release it as soon as the backup is complete. This reduces downtime (the time it takes to copy and import the data on the secondary servers). +You can remove the lock now: ```bash $ sudo mariadb @@ -1166,7 +1163,7 @@ MariaDB [(none)]> START SLAVE; Query OK, 0 rows affected (0.001 sec) ``` -Of course, replace the primary server IP with yours and the `MASTER_LOG_FILE` and `MASTER_LOG_POS` values with those you previously registered. +Replace the primary server IP with yours and the `MASTER_LOG_FILE` and `MASTER_LOG_POS` values with those you previously registered. Check if the replication is ok: @@ -1185,13 +1182,13 @@ MariaDB [(none)]> SHOW SLAVE STATUS \G 1 row in set (0.001 sec) ``` -The `Seconds_Behind_Master` is an interessing values to monitor as he can help you see if there is a replication issue. +The `Seconds_Behind_Master` is an interesting value to monitor as it can help you see if there is a replication issue. -### Workshop +### Workshop secondary server using MariaDB -For this workshop, you'll need two servers with MariaDB services installed, configured and secured as described in the previous chapters. +For this workshop, you will need two servers with MariaDB services installed, configured and secured as described in the previous chapters. -You'll configure replication on the secondary server, then create a new database, insert data into it and check that the data is accessible on the secondary server. +You will configure replication on the secondary server, then create a new database, insert data into it and check that the data is accessible on the secondary server. Our two servers have the following IP addresses: @@ -1200,7 +1197,7 @@ Our two servers have the following IP addresses: Remember to replace these values with your own. -#### Task 1: Create a dedicated replication user. +#### Task 1: Create a dedicated replication user On the primary server: @@ -1210,7 +1207,7 @@ $ sudo mariadb MariaDB [(none)]> CREATE USER 'replication'@'192.168.1.101' IDENTIFIED BY 'PASSWORD'; Query OK, 0 rows affected (0.002 sec) -MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'192.168.1.101'; +MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'192.168.1.101'; Query OK, 0 rows affected (0.002 sec) ``` @@ -1282,7 +1279,7 @@ MariaDB [(none)]> grant all privileges on NEW_DATABASE_NAME.* TO 'NEW_USER_NAME' Query OK, 0 rows affected (0.004 sec) ``` -On the secondary, check if database is created: +On the secondary, check for creation of the database: ```bash MariaDB [(none)]> show databases; @@ -1299,11 +1296,11 @@ MariaDB [(none)]> show databases; Magic ! -On the secondary, try to connect with the new user created on the primary: +On the secondary, try connecting the new user created on the primary: ```bash $ mariadb -u NEW_USER_NAME -p -Enter password: +Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. MariaDB [(none)]> show databases; @@ -1316,9 +1313,9 @@ MariaDB [(none)]> show databases; 2 rows in set (0.000 sec) ``` -#### Task 5: Insert new datas +#### Task 5: Insert new data -Insert new datas on the primary server: +Insert new data on the primary server: ```bash MariaDB [(none)]> use NEW_DATABASE_NAME @@ -1336,7 +1333,7 @@ Query OK, 1 row affected (0.004 sec) ``` -On the secondary, check that data are well replicated: +On the secondary, check that data are replicated: ```bash MariaDB [(none)]> use NEW_DATABASE_NAME @@ -1359,30 +1356,29 @@ MariaDB [NEW_DATABASE_NAME]> SELECT * FROM users; 1 row in set (0.000 sec) ``` -### Check your Knowledge +### Check your Knowledge secondary server with MariaDB :heavy_check_mark: Each server must have the same id within a cluster? -* [ ] True -* [ ] False +* [ ] True +* [ ] False :heavy_check_mark: Binary logs must be enabled before replication is activated.? -* [ ] True -* [ ] False -* [ ] It depends +* [ ] True +* [ ] False +* [ ] It depends -### Conclusion +### Conclusion secondary server with MariaDB As you can see, creating one or more secondary servers is a relatively easy action, but it does require service interruption on the main server. -It does, however, offer a number of advantages: high data availability, load balancing and simplified backup. +It does, however, offer many advantages: high data availability, load balancing, and simplified backup. -It goes without saying that, in the event of a main server crash, one of the secondary servers can be promoted to main server. +It goes without saying that, in the event of a main server crash, promotion of one of the secondary servers to main server can occur. \ No newline at end of file +-->