Rootconf admin101

Copyright©2017,Oracleand/oritsaffiliates.Allrightsreserved.|

MySQLAdministration101

LigayaTurmellePrincipalTechnicalSupportEngineer-MySQLligaya.turmelle@oracle.com@lig





SafeHarborStatement

Thefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.

3


ProgramAgenda

AccessControl

DiagnosticData

LogFiles

Backups

1

2

3

4

4


AccessControl

5


AccessControl

• 2stage– Stage1-connecting• Whoareyou?– host– user

6


UserAccounts

• CREATE USER

• ALTER USER

7

mysql> CREATE USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY 'S3cr3t!' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 90 DAY; Query OK, 0 rows affected (0.01 sec)

mysql> ALTER USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY ‘T4D4h?' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 180 DAY; Query OK, 0 rows affected (0.01 sec)


AccessControl


• Proveit!

8

(con’t)


Passwords

• Expiration–Manually(5.6)andwithaPolicy(5.7)

• Hashing–Multipleauthenticationpluginsavailable

• Policy– Usepasswordvalidationplugin(validate_password)• Cleartextsuppliedpasswordcheckedagainstpasswordpolicy• 3levelsofpasswordcheckingwhichcanbemodified

9


AccessControl


• Proveit!– Stage2-request• Foreachrequest–Whatareyoudoing?– Areyouallowedtodothat?

10

(con’t)


GRANT

• Definesprivilegesandaccountcharacteristics• Multipleprivileges– Ex:SUPER, CREATE, ALTER, SELECT, INSERT

• Multiplelevels– Ex:Global,Database,Table,Column

• Accountcharacteristics– Ex:REQUIRE SSL, WITH MAX_QUERIES_PER_HOUR

11


GRANTExamples

12

mysql> SHOW GRANTS;+---------------------------------------------------------------------+| Grants for root@localhost |+---------------------------------------------------------------------+| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION || GRANT ALL PRIVILEGES ON `mysql`.* TO 'root'@'localhost' || GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |+---------------------------------------------------------------------+3 rows in set (0.00 sec)

mysql> SHOW GRANTS FOR 'test'@'localhost';+--------------------------------------------------------+| Grants for test@localhost |+--------------------------------------------------------+| GRANT USAGE ON *.* TO 'test'@'localhost' || GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' |+--------------------------------------------------------+2 rows in set (0.00 sec)


REVOKE

• RemovestheprivilegesGRANTed– Doesnotextrapolate

• Doesnotremovetheuser• Ifnohostisgiven–%isused– Again-doesnotextrapolate

13


REVOKEExamples

14

mysql> SHOW GRANTS FOR 'test'@'localhost';+--------------------------------------------------------+| Grants for test@localhost |+--------------------------------------------------------+| GRANT USAGE ON *.* TO 'test'@'localhost' || GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' |+--------------------------------------------------------+2 rows in set (0.00 sec)

mysql> REVOKE DELETE ON test.t1 FROM 'test'@'localhost';ERROR 1147 (42000): There is no such grant defined for user 'test' on host 'localhost' on table 't1'

mysql> REVOKE USAGE ON *.* FROM 'test'@'localhost';Query OK, 0 rows affected (0.02 sec)


DiagnosticData

15


SHOW

• MySQLspecificcommand• Commandsfor–Metadata– Statusinformation

• Metriccrap-ton

16


Examples Metadata

SHOWDATABASES SHOWTRIGGERS SHOWPLUGINS

SHOWCREATEPROCEDURE SHOWENGINES SHOWGLOBALVARIABLES

SHOWINDEXES SHOWGRANTS SHOWBINARYLOGS

17

Status

SHOWSLAVESTATUS SHOWOPENTABLES SHOWTABLESTATUS

SHOWENGINEINNODBSTATUS SHOWFULLPROCESSLIST SHOWGLOBALSTATUS


INFORMATION_SCHEMA

• Mostlymetadata– PROCESSLIST– GLOBAL_VARIABLES / GLOBAL_STATUS– FILES / INNODB_SYS_TABLESPACES / INNODB_SYS_DATAFILES

• But– INNODB_TRX / INNODB_LOCKS / INNODB_LOCK_WAITS– INNODB_TEMP_TABLE_INFO

18


SYSSchema

• Includedin5.7.7– Installedbydefaultwith--initialize

• Originallyknownasps_helper–OriginallycreatedbyMarkLeith– http://www.markleith.co.uk/ps_helper– Canworkwith5.6-downloadfromGitHub• https://github.com/mysql/mysql-sys

• Easy,humanreadableaccesstoP_SandI_Sinfofortypicalusecases

19


SYSSchema

• Pairviews– Ex:host_summary_by_file_ioandx$host_summary_by_file_io

• Exampleviews– statements_with_full_table_scans– statements_with_runtimes_in_95th_percentile– io_by_thread_by_latency– memory_by_user_by_current_bytes– schema_redundent_indexes

(con’t)

20


Workbench-SYSReports

21


PERFORMANCE_SCHEMA

• Monitorsatalowlevel• UsesPERFORMANCE_SCHEMAstorageengine• Available– Currentevents– Eventhistories/Eventsummations

• Configurationisdynamic• QueryusingSQL

22


PERFORMANCE_SCHEMA

• UsingthePERFORMANCE_SCHEMA–Manual• General-https://dev.mysql.com/doc/refman/5.7/en/performance-schema.html• DiagnoseProblems-https://dev.mysql.com/doc/en/performance-schema-examples.html• QueryProfiling–https://dev.mysql.com/doc/en/performance-schema-query-profiling.html

– Blogposts• MySQLServerBlog-http://mysqlserverteam.com/category/mysql/performance-schema/

–Manypresentations/Webinars• MySQLOnDemandWebinars-https://www.mysql.com/news-and-events/on-demand-webinars/

(con’t)

23


LogFiles

24


ErrorLog

• --log-error[=file_name]• Defaultlocation:host_name.errindatadir• Examplesofinformationlogged– Startandstops&Criticalerrors– CrashedMyISAMtablesthatneedtobecheckedandrepaired– SomeOS’s-stacktraceifmysqldcrashes

• (5.7)log_syslogtosendMySQLerrorlogtosyslog• (5.7)log_error_verbosity

25


SlowQueryLog

• Firstlineofdefensefortuningqueries• Why?– Performanceusually

• Enableddynamicallyorwith--slow-query-log– Defaultfilelocation:host_name-slow.logindatadir– Canalsobeatable

• Multipleoptionsforcontrollingit• Usemsyqldumpslowutilitytoaggregatethedatainthelog

26


GeneralQueryLog

• Generalrecord• Why–Orderinisimportant– Exactquerythatcamein–Minimalauditofwhataconnectiondid

• Enabledynamicallyorwith—general-log– Defaultlocation:host-name.loginthedatadir

• Multipleoptionsforcontrollingit

27


BinaryLog

• Logsdatabasechangeevents• Why– Replication– Datarecovery

• Enablewith--log-bin• ALOTofoptions• “Read”withmysqlbinlog• Todisablebinaryloggingforthecurrentsession,usesql_log_bin

28


Backups

29


BackupTypes

Logical

Physical

1

2

30


LogicalBackups

• Saved– Logicalstructure– Content

• Machineindependent• Slower• Serverup/warm• Fullgranularity

31


mysqldump

• Logical• Commandlineclient• Commonlyused• Generateseditabletextfiles• Veryflexible• Questionablescalability

32


Workbench-DataExport

33


mysqlpump

• Logical• Similartomysqldump

• Alsocommandlineclient• Parallelprocessingtospeedupdumpprocess• DumpuseraccountswithCREATE USER / GRANT• Default:I_S, P_S, ndbinfoandSYSnotincluded• Reloading:fastersecondaryindexcreationinInnoDB

34


SELECT… INTO OUTFILEandLOAD DATA INFILE

• Logical• MySQLcommand• Dataonly• Becareful!Youwantaconsistentbackup• Columnandlineterminatorscanbespecified• LOTSofdetails-seethemanual

35


BackupTypes

Logical

Physical

1

2

36


PhysicalBackup

• Rawcopies• Fasterthenlogical(ordersofmagnitude)• Compact• Filebasedgranularity• Usuallyserverisdownandlocked

37


FilesystemSnapshot

• Physical• OSDependent• BasicSteps– FLUSH TABLES WITH READ LOCK– Takethesnapshot– UNLOCK TABLES– Copyfilesfromsnapshot

38


MySQLEnterpriseBackup

• Officialphysicalbackupsolution–MySQL5.0to5.7– CanhandleallofficialMySQLsupportedstorageengines

• Multi-platform• Commandlineclient• BinlogandRelaylogbackup(Optional)• Fastrecovery

39


MySQLEnterpriseBackup

• Features:– Partialandincrementalbackups– Streaming,directtotapeandsinglefilebackups– Throttlingandparallelbackupoperations– Compression– Encryption– Validation– SupportsTDE

(con’t)

40


WorkbenchandMEB

41


Don’tForgetYourBinaryLogs

• Incrementalbackup– Holdschangessincethefullbackup-rollitforward

• Physicalfilecopy– RotatebinarylogwithFLUSH LOGS– Copythefile

• Logicalcopytoremoteserver– Staticorstreaming• mysqlbinlog --read-from-remote-server

42


Questions?

43




Date post:	21-Jan-2018
Category:	Internet
Upload:	ligaya-turmelle
View:	205 times
Download:	0 times

Rootconf admin101

Internet