How to install and configure Maria DB database on Fedora 28 Server OS
Pre-requisites –
Fedora 28 OS
Procedure –
Step1: Install Maria DB package
First let us search if the maria db package is available for download from the RHEL repositories that are configured.
[root@fedser28 ~]# dnf search mariadb
=================================================== Name Exactly Matched: mariadb ====================================================
mariadb.x86_64 : A community developed branch of MySQL
Lets install the above available package along with that we also need to install mariadb-server package.
The below command will install the mariadb package and along with it will also install the dependencies packages (i.e mariadb commons, connectors, config and some perl packages to name a few).
[root@fedser28 ~]# dnf install mariadb mariadb-server
Now, lets valiadate if the package has been installed or not
[root@fedser28 ~]# dnf list installed mariadb mariadb-server
Installed Packages
mariadb.x86_64 3:10.2.22-1.fc28 @updates
mariadb-server.x86_64 3:10.2.22-1.fc28 @updates
Step2: Start the Maria DB service and enable it to be started on reboot
[root@fedser28 ~]# systemctl start mariadb.service
[root@fedser28 ~]# systemctl enable mariadb.service
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@fedser28 ~]# systemctl status mariadb.service
● mariadb.service – MariaDB 10.2 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-04-27 15:54:28 IST; 1min 0s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 4687 (mysqld)
Status: “Taking your SQL requests now…”
Tasks: 30 (limit: 2330)
Memory: 73.2M
CGroup: /system.slice/mariadb.service
└─4687 /usr/libexec/mysqld –basedir=/usr
…
Apr 27 15:54:28 fedser28.stack.com systemd[1]: Started MariaDB 10.2 database server.
Step3: Connect to Maria DB database
The default installation of maria db can be connected using the root user without any password as shown below. (i.e the default password is empty)
[root@fedser28 ~]# mysql -u root
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 11
Server version: 10.2.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| performance_schema |
| test |
+——————–+
4 rows in set (0.00 sec)
Connecting to a database ‘test’
MariaDB [test]> connect mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Connection id: 15
Current database: mysql
Step4 : Secure the Database
The default mariadb installation has no password for root user, anonymous user can login and has test database. These things to be fixed by running the below command
[root@fedser28 ~]# mysql_secure_installation
…
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!
…
Remove anonymous users? [Y/n] Y
… Success!
…
Disallow root login remotely? [Y/n] Y
… Success!
…
Remove test database and access to it? [Y/n] Y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!
…
Reload privilege tables now? [Y/n] Y
… Success!
…
Cleaning up…
All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Step5: Connect to the Secured Maria DB instance
Now, if we try to connect without root password we will get access denied as below
[root@fedser28 ~]# mysql -u root
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)
Now, lets try connecting to mysql using the password set for root user
[root@fedser28 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 26
Server version: 10.2.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.
MariaDB [(none)]>
Connected…
MariaDB [(none)]> show databases
-> ;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| performance_schema |
+——————–+
3 rows in set (0.00 sec)
Also, as you can see the ‘test’ database is also removed as part of securing the installation
Step6 : Configure Maria db database to use a different Port
In order for Mariadb to listen on a different port we need to edit the below file as shown in mysqld part
[root@fedser28 my.cnf.d]# pwd
/etc/my.cnf.d
[root@fedser28 my.cnf.d]# grep -C 2 port mariadb-server.cnf
#
bind-address=192.168.91.135
port=2020
#
# Optional setting
Now, lets restart the mariadb using the new settings
[root@fedser28 ~]# systemctl stop mariadb.service
[root@fedser28 ~]# systemctl start mariadb.service
Job for mariadb.service failed because the control process exited with error code.
See “systemctl status mariadb.service” and “journalctl -xe” for details.
If we look into the error it seems its unable to bind to the port
Apr 27 17:06:36 fedser28.stack.com audit[6280]: AVC avc: denied { name_bind } for pid=6280 comm=”mysqld” src=2020 scontext=system_>
Apr 27 17:06:37 fedser28.stack.com systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Apr 27 17:06:37 fedser28.stack.com systemd[1]: mariadb.service: Failed with result ‘exit-code’.
Apr 27 17:06:37 fedser28.stack.com systemd[1]: Failed to start MariaDB 10.2 database server.
— Subject: Unit mariadb.service has failed
— Defined-By: systemd
— Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit mariadb.service has failed.
—
— The result is RESULT.
Apr 27 17:06:37 fedser28.stack.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s>
lines 2346-2383/2383 (END)
[root@fedser28 mariadb]# pwd
/var/log/mariadb
[root@fedser28 mariadb]# tail -f mariadb.log
2019-04-27 17:06:36 140041928911104 [Note] InnoDB: Waiting for purge to start
2019-04-27 17:06:36 140041928911104 [Note] InnoDB: 5.7.25 started; log sequence number 1620128
2019-04-27 17:06:36 140041300997888 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2019-04-27 17:06:36 140041300997888 [Note] InnoDB: Buffer pool(s) load completed at 190427 17:06:36
2019-04-27 17:06:36 140041928911104 [Note] Plugin ‘FEEDBACK’ is disabled.
2019-04-27 17:06:36 140041928911104 [Note] Server socket created on IP: ‘192.168.91.135’.
2019-04-27 17:06:36 140041928911104 [ERROR] Can’t start server: Bind on TCP/IP port. Got error: 13: Permission denied
2019-04-27 17:06:36 140041928911104 [ERROR] Do you already have another mysqld server running on port: 2020 ?
2019-04-27 17:06:36 140041928911104 [ERROR] Aborting
It looks like due to SELinux security enforcing, the process is unable to bind onto to port 2020
[root@fedser28 mariadb]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
We need to change the SELinux policy for ports by adding our port as below
The below package needs to be installed on Fedora 28 server where i tested for running the semanage
[root@fedser28 ~]# dnf install policycoreutils-python-utils-2.8-1.fc28.noarch
[root@fedser28 ~]# /usr/sbin/semanage port -a -t mysqld_port_t -p tcp 2020
[root@fedser28 ~]# systemctl start mariadb.service
[root@fedser28 ~]# tail -f /var/log/mariadb/mariadb.log
2019-04-27 17:35:24 139730113865984 [Note] InnoDB: Waiting for purge to start
2019-04-27 17:35:25 139730113865984 [Note] InnoDB: 5.7.25 started; log sequence number 1620166
2019-04-27 17:35:25 139729558112000 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2019-04-27 17:35:25 139729558112000 [Note] InnoDB: Buffer pool(s) load completed at 190427 17:35:25
2019-04-27 17:35:25 139730113865984 [Note] Plugin ‘FEEDBACK’ is disabled.
2019-04-27 17:35:25 139730113865984 [Note] Server socket created on IP: ‘192.168.91.135’.
2019-04-27 17:35:25 139730113865984 [Note] Reading of all Master_info entries succeded
2019-04-27 17:35:25 139730113865984 [Note] Added new Master_info ” to hash table
2019-04-27 17:35:25 139730113865984 [Note] /usr/libexec/mysqld: ready for connections.
Version: ‘10.2.22-MariaDB’ socket: ‘/var/lib/mysql/mysql.sock’ port: 2020 MariaDB Server
As we can see, now we are able to start the mariadb database on port 2020
Hope you enjoyed reading this article. Thank you.
Leave a Reply
You must be logged in to post a comment.