Date post: | 21-Jan-2018 |
Category: |
Internet |
Upload: | ligaya-turmelle |
View: | 205 times |
Download: | 0 times |
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
MySQLAdministration101
LigayaTurmellePrincipalTechnicalSupportEngineer-MySQLligaya.turmelle@oracle.com@lig
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
MySQLAdministration101
LigayaTurmellePrincipalTechnicalSupportEngineer-MySQLligaya.turmelle@oracle.com@lig
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SafeHarborStatement
Thefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.
3
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
ProgramAgenda
AccessControl
DiagnosticData
LogFiles
Backups
1
2
3
4
4
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
AccessControl
5
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
AccessControl
• 2stage– Stage1-connecting• Whoareyou?– host– user
6
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
UserAccounts
• CREATE USER
• ALTER USER
7
mysql> CREATE USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY 'S3cr3t!' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 90 DAY; Query OK, 0 rows affected (0.01 sec)
mysql> ALTER USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY ‘T4D4h?' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 180 DAY; Query OK, 0 rows affected (0.01 sec)
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
AccessControl
• 2stage– Stage1-connecting• Whoareyou?– host– user
• Proveit!
8
(con’t)
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Passwords
• Expiration–Manually(5.6)andwithaPolicy(5.7)
• Hashing–Multipleauthenticationpluginsavailable
• Policy– Usepasswordvalidationplugin(validate_password)• Cleartextsuppliedpasswordcheckedagainstpasswordpolicy• 3levelsofpasswordcheckingwhichcanbemodified
9
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
AccessControl
• 2stage– Stage1-connecting• Whoareyou?– host– user
• Proveit!– Stage2-request• Foreachrequest–Whatareyoudoing?– Areyouallowedtodothat?
10
(con’t)
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
GRANT
• Definesprivilegesandaccountcharacteristics• Multipleprivileges– Ex:SUPER, CREATE, ALTER, SELECT, INSERT
• Multiplelevels– Ex:Global,Database,Table,Column
• Accountcharacteristics– Ex:REQUIRE SSL, WITH MAX_QUERIES_PER_HOUR
11
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
GRANTExamples
12
mysql> SHOW GRANTS;+---------------------------------------------------------------------+| Grants for root@localhost |+---------------------------------------------------------------------+| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION || GRANT ALL PRIVILEGES ON `mysql`.* TO 'root'@'localhost' || GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |+---------------------------------------------------------------------+3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR 'test'@'localhost';+--------------------------------------------------------+| Grants for test@localhost |+--------------------------------------------------------+| GRANT USAGE ON *.* TO 'test'@'localhost' || GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' |+--------------------------------------------------------+2 rows in set (0.00 sec)
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
REVOKE
• RemovestheprivilegesGRANTed– Doesnotextrapolate
• Doesnotremovetheuser• Ifnohostisgiven–%isused– Again-doesnotextrapolate
13
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
REVOKEExamples
14
mysql> SHOW GRANTS FOR 'test'@'localhost';+--------------------------------------------------------+| Grants for test@localhost |+--------------------------------------------------------+| GRANT USAGE ON *.* TO 'test'@'localhost' || GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' |+--------------------------------------------------------+2 rows in set (0.00 sec)
mysql> REVOKE DELETE ON test.t1 FROM 'test'@'localhost';ERROR 1147 (42000): There is no such grant defined for user 'test' on host 'localhost' on table 't1'
mysql> REVOKE USAGE ON *.* FROM 'test'@'localhost';Query OK, 0 rows affected (0.02 sec)
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
DiagnosticData
15
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SHOW
• MySQLspecificcommand• Commandsfor–Metadata– Statusinformation
• Metriccrap-ton
16
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Examples Metadata
SHOWDATABASES SHOWTRIGGERS SHOWPLUGINS
SHOWCREATEPROCEDURE SHOWENGINES SHOWGLOBALVARIABLES
SHOWINDEXES SHOWGRANTS SHOWBINARYLOGS
17
Status
SHOWSLAVESTATUS SHOWOPENTABLES SHOWTABLESTATUS
SHOWENGINEINNODBSTATUS SHOWFULLPROCESSLIST SHOWGLOBALSTATUS
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
INFORMATION_SCHEMA
• Mostlymetadata– PROCESSLIST– GLOBAL_VARIABLES / GLOBAL_STATUS– FILES / INNODB_SYS_TABLESPACES / INNODB_SYS_DATAFILES
• But– INNODB_TRX / INNODB_LOCKS / INNODB_LOCK_WAITS– INNODB_TEMP_TABLE_INFO
18
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SYSSchema
• Includedin5.7.7– Installedbydefaultwith--initialize
• Originallyknownasps_helper–OriginallycreatedbyMarkLeith– http://www.markleith.co.uk/ps_helper– Canworkwith5.6-downloadfromGitHub• https://github.com/mysql/mysql-sys
• Easy,humanreadableaccesstoP_SandI_Sinfofortypicalusecases
19
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SYSSchema
• Pairviews– Ex:host_summary_by_file_ioandx$host_summary_by_file_io
• Exampleviews– statements_with_full_table_scans– statements_with_runtimes_in_95th_percentile– io_by_thread_by_latency– memory_by_user_by_current_bytes– schema_redundent_indexes
(con’t)
20
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Workbench-SYSReports
21
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
PERFORMANCE_SCHEMA
• Monitorsatalowlevel• UsesPERFORMANCE_SCHEMAstorageengine• Available– Currentevents– Eventhistories/Eventsummations
• Configurationisdynamic• QueryusingSQL
22
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
PERFORMANCE_SCHEMA
• UsingthePERFORMANCE_SCHEMA–Manual• General-https://dev.mysql.com/doc/refman/5.7/en/performance-schema.html• DiagnoseProblems-https://dev.mysql.com/doc/en/performance-schema-examples.html• QueryProfiling–https://dev.mysql.com/doc/en/performance-schema-query-profiling.html
– Blogposts• MySQLServerBlog-http://mysqlserverteam.com/category/mysql/performance-schema/
–Manypresentations/Webinars• MySQLOnDemandWebinars-https://www.mysql.com/news-and-events/on-demand-webinars/
(con’t)
23
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
LogFiles
24
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
ErrorLog
• --log-error[=file_name]• Defaultlocation:host_name.errindatadir• Examplesofinformationlogged– Startandstops&Criticalerrors– CrashedMyISAMtablesthatneedtobecheckedandrepaired– SomeOS’s-stacktraceifmysqldcrashes
• (5.7)log_syslogtosendMySQLerrorlogtosyslog• (5.7)log_error_verbosity
25
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SlowQueryLog
• Firstlineofdefensefortuningqueries• Why?– Performanceusually
• Enableddynamicallyorwith--slow-query-log– Defaultfilelocation:host_name-slow.logindatadir– Canalsobeatable
• Multipleoptionsforcontrollingit• Usemsyqldumpslowutilitytoaggregatethedatainthelog
26
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
GeneralQueryLog
• Generalrecord• Why–Orderinisimportant– Exactquerythatcamein–Minimalauditofwhataconnectiondid
• Enabledynamicallyorwith—general-log– Defaultlocation:host-name.loginthedatadir
• Multipleoptionsforcontrollingit
27
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
BinaryLog
• Logsdatabasechangeevents• Why– Replication– Datarecovery
• Enablewith--log-bin• ALOTofoptions• “Read”withmysqlbinlog• Todisablebinaryloggingforthecurrentsession,usesql_log_bin
28
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Backups
29
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
BackupTypes
Logical
Physical
1
2
30
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
LogicalBackups
• Saved– Logicalstructure– Content
• Machineindependent• Slower• Serverup/warm• Fullgranularity
31
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
mysqldump
• Logical• Commandlineclient• Commonlyused• Generateseditabletextfiles• Veryflexible• Questionablescalability
32
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Workbench-DataExport
33
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
mysqlpump
• Logical• Similartomysqldump
• Alsocommandlineclient• Parallelprocessingtospeedupdumpprocess• DumpuseraccountswithCREATE USER / GRANT• Default:I_S, P_S, ndbinfoandSYSnotincluded• Reloading:fastersecondaryindexcreationinInnoDB
34
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
SELECT… INTO OUTFILEandLOAD DATA INFILE
• Logical• MySQLcommand• Dataonly• Becareful!Youwantaconsistentbackup• Columnandlineterminatorscanbespecified• LOTSofdetails-seethemanual
35
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
BackupTypes
Logical
Physical
1
2
36
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
PhysicalBackup
• Rawcopies• Fasterthenlogical(ordersofmagnitude)• Compact• Filebasedgranularity• Usuallyserverisdownandlocked
37
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
FilesystemSnapshot
• Physical• OSDependent• BasicSteps– FLUSH TABLES WITH READ LOCK– Takethesnapshot– UNLOCK TABLES– Copyfilesfromsnapshot
38
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
MySQLEnterpriseBackup
• Officialphysicalbackupsolution–MySQL5.0to5.7– CanhandleallofficialMySQLsupportedstorageengines
• Multi-platform• Commandlineclient• BinlogandRelaylogbackup(Optional)• Fastrecovery
39
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
MySQLEnterpriseBackup
• Features:– Partialandincrementalbackups– Streaming,directtotapeandsinglefilebackups– Throttlingandparallelbackupoperations– Compression– Encryption– Validation– SupportsTDE
(con’t)
40
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
WorkbenchandMEB
41
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Don’tForgetYourBinaryLogs
• Incrementalbackup– Holdschangessincethefullbackup-rollitforward
• Physicalfilecopy– RotatebinarylogwithFLUSH LOGS– Copythefile
• Logicalcopytoremoteserver– Staticorstreaming• mysqlbinlog --read-from-remote-server
42
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
Questions?
43
Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|
MySQLAdministration101
LigayaTurmellePrincipalTechnicalSupportEngineer-MySQLligaya.turmelle@oracle.com@lig