Summary
MariaDB is one of the popular relational database management systems (RDBMS), forked from MySQL by some of the original developers. It is open source licensed under GNU GPL 2, and ready for both community and enterprise use with long history and large knowledge to manage and maintain.
To Install it on OpenBSD, the solid and clean operating system, is easy thanks to the Package Management system (“ports”) maintained by the great project and the community.
This post shows how to do it.
Environment
Basic steps
Just a few !!
# pkg_add mariadb-server
# rcctl enable mysqld
# mysql_install_db
# rcctl start mysqld
# mysql_secure_installation
# # several questions will be given
All of the description is below.
Tutorial
Install the package
$ doas pkg_add mariadb-server
The result was:
quirks-6.122 signed on 2023-09-01T21:25:11Z
mariadb-server-10.9.4v1:(...): ok
mariadb-server-10.9.4v1: ok
The following new rcscripts were installed: /etc/rc.d/mysqld
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/mariadb-server
As above, the pkg-readme is brought as /usr/local/share/doc/pkg-readmes/mariadb-server
.
Activate daemon
$ doas rcctl enable mysqld
Run mysql_install_db
Create the default database:
$ doas mysql_install_db
The result was:
WARNING: The host '(...)' could not be looked up with /usr/local/bin/resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MariaDB version. The MariaDB daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MariaDB privileges !
Installing MariaDB/MySQL system tables in '/var/mysql' ...
OK
Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is _mysql@localhost, it has no password either, but
you need to be the system '_mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo
See the MariaDB Knowledgebase at https://mariadb.com/kb
You can start the MariaDB daemon with:
/etc/rc.d/mysqld start
Please report any problems at https://mariadb.org/jira
The latest information about MariaDB is available at https://mariadb.org/.
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
Start daemon
$ doas rcctl start mysqld
mysqld(ok)
Run mysql_secure_installation
$ doas mysql_secure_installation
Start (Before the questions)
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
Several questions given
Q1: Current root password
It must be none for the first time. Just push Enter.
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
At all the questions below, my choice is written down. Actually, they are up to your environment.
Q2: Use unix_socket authentication instead of root password
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
Q3: Set root password
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Q4: Remove anonymous users
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Q5: Disallow root login remotely
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
Q6: Remove test database
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Q7: Reload privilege tables
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
End (The rest)
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Conclusion
You may confirm your daemon is fine with:
$ doas rcctl check mysqld
mysqld(ok)
Well, let’s login to the server as client with root
, the superuser:
$ mysql -u root -p
After entering the password, you must be welcomed:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.9.4-MariaDB OpenBSD port: mariadb-server-10.9.4v1
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
The command line examples:
-- create database
CREATE DATABASE <database> \
CHARACTER SET utf8mb4 \
COLLATE utf8mb4_unicode_ci;
-- create user for it
GRANT ALL PRIVILEGES \
ON <database>.* \
TO <dbuser>@'localhost' \
IDENTIFIED BY '<dbpass>';
-- reload privileges
FLUSH PRIVILEGES;
🎵 🐬 Happy storing digitally 🐬 🎵