Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rootconf admin101

376 views

Published on

MySQL Administration 101

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Rootconf admin101

  1. 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL Administration 101 Ligaya Turmelle Principal Technical Support Engineer - MySQL ligaya.turmelle@oracle.com @lig
  2. 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL Administration 101 Ligaya Turmelle Principal Technical Support Engineer - MySQL ligaya.turmelle@oracle.com @lig
  3. 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
  4. 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Program Agenda Access Control Diagnostic Data Log Files Backups 1 2 3 4 4
  5. 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Access Control 5
  6. 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Access Control • 2 stage – Stage 1 - connecting • Who are you? – host – user 6
  7. 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | User Accounts • CREATE USER • ALTER USER 7 mysql> CREATE USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY 'S3cr3t!' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 90 DAY; Query OK, 0 rows affected (0.01 sec) mysql> ALTER USER 'sha256'@'localhost' -> IDENTIFIED WITH sha256_password BY ‘T4D4h?' -> REQUIRE SSL -> PASSWORD EXPIRE INTERVAL 180 DAY; Query OK, 0 rows affected (0.01 sec)
  8. 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Access Control • 2 stage – Stage 1 - connecting • Who are you? – host – user • Prove it! 8 (con’t)
  9. 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Passwords • Expiration – Manually (5.6) and with a Policy (5.7) • Hashing – Multiple authentication plugins available • Policy – Use password validation plugin (validate_password) • Cleartext supplied password checked against password policy • 3 levels of password checking which can be modified 9
  10. 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Access Control • 2 stage – Stage 1 - connecting • Who are you? – host – user • Prove it! – Stage 2 - request • For each request – What are you doing? – Are you allowed to do that? 10 (con’t)
  11. 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | GRANT • Defines privileges and account characteristics • Multiple privileges – Ex: SUPER, CREATE, ALTER, SELECT, INSERT • Multiple levels – Ex: Global, Database, Table, Column • Account characteristics – Ex: REQUIRE SSL, WITH MAX_QUERIES_PER_HOUR 11
  12. 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | GRANT Examples 12 mysql> SHOW GRANTS; +---------------------------------------------------------------------+ | Grants for root@localhost                                           | +---------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | | GRANT ALL PRIVILEGES ON `mysql`.* TO 'root'@'localhost'             | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        | +---------------------------------------------------------------------+ 3 rows in set (0.00 sec) mysql> SHOW GRANTS FOR 'test'@'localhost'; +--------------------------------------------------------+ | Grants for test@localhost                              | +--------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test'@'localhost'               | | GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' | +--------------------------------------------------------+ 2 rows in set (0.00 sec)
  13. 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | REVOKE • Removes the privileges GRANTed – Does not extrapolate • Does not remove the user • If no host is given – % is used – Again - does not extrapolate 13
  14. 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | REVOKE Examples 14 mysql> SHOW GRANTS FOR 'test'@'localhost'; +--------------------------------------------------------+ | Grants for test@localhost                              | +--------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test'@'localhost'               | | GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'localhost' | +--------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> REVOKE DELETE ON test.t1 FROM 'test'@'localhost'; ERROR 1147 (42000): There is no such grant defined for user 'test' on host 'localhost' on table 't1' mysql> REVOKE USAGE ON *.* FROM 'test'@'localhost'; Query OK, 0 rows affected (0.02 sec)
  15. 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Diagnostic Data 15
  16. 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SHOW • MySQL specific command • Commands for – Metadata – Status information • Metric crap-ton 16
  17. 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Examples Metadata SHOW DATABASES SHOW TRIGGERS SHOW PLUGINS SHOW CREATE PROCEDURE SHOW ENGINES SHOW GLOBAL VARIABLES SHOW INDEXES SHOW GRANTS SHOW BINARY LOGS 17 Status SHOW SLAVE STATUS SHOW OPEN TABLES SHOW TABLE STATUS SHOW ENGINE INNODB STATUS SHOW FULL PROCESSLIST SHOW GLOBAL STATUS
  18. 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | INFORMATION_SCHEMA • Mostly metadata – PROCESSLIST – GLOBAL_VARIABLES / GLOBAL_STATUS – FILES / INNODB_SYS_TABLESPACES / INNODB_SYS_DATAFILES • But – INNODB_TRX / INNODB_LOCKS / INNODB_LOCK_WAITS – INNODB_TEMP_TABLE_INFO 18
  19. 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SYS Schema • Included in 5.7.7 – Installed by default with --initialize • Originally known as ps_helper – Originally created by Mark Leith – http://www.markleith.co.uk/ps_helper – Can work with 5.6 - download from GitHub • https://github.com/mysql/mysql-sys • Easy, human readable access to P_S and I_S info for typical use cases 19
  20. 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SYS Schema • Pair views – Ex: host_summary_by_file_io and x$host_summary_by_file_io • Example views – statements_with_full_table_scans – statements_with_runtimes_in_95th_percentile – io_by_thread_by_latency – memory_by_user_by_current_bytes – schema_redundent_indexes (con’t) 20
  21. 21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Workbench -SYS Reports 21
  22. 22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | PERFORMANCE_SCHEMA • Monitors at a low level • Uses PERFORMANCE_SCHEMA storage engine • Available – Current events – Event histories / Event summations • Configuration is dynamic • Query using SQL 22
  23. 23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | PERFORMANCE_SCHEMA • Using the PERFORMANCE_SCHEMA – Manual • General - https://dev.mysql.com/doc/refman/5.7/en/performance-schema.html • Diagnose Problems - https://dev.mysql.com/doc/en/performance-schema-examples.html • Query Profiling – https://dev.mysql.com/doc/en/performance-schema-query-profiling.html – Blog posts • MySQL Server Blog - http://mysqlserverteam.com/category/mysql/performance-schema/ – Many presentations /Webinars • MySQL On Demand Webinars - https://www.mysql.com/news-and-events/on-demand-webinars/ (con’t) 23
  24. 24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Log Files 24
  25. 25. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Error Log • --log-error[=file_name] • Default location: host_name.err in datadir • Examples of information logged – Start and stops & Critical errors – Crashed MyISAM tables that need to be checked and repaired – Some OS’s - stack trace if mysqld crashes • (5.7) log_syslog to send MySQL error log to syslog • (5.7) log_error_verbosity 25
  26. 26. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Slow Query Log • First line of defense for tuning queries • Why? – Performance usually • Enabled dynamically or with --slow-query-log – Default file location: host_name-slow.log in datadir – Can also be a table • Multiple options for controlling it • Use msyqldumpslow utility to aggregate the data in the log 26
  27. 27. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | General Query Log • General record • Why – Order in is important – Exact query that came in – Minimal audit of what a connection did • Enable dynamically or with —general-log – Default location: host-name.log in the datadir • Multiple options for controlling it 27
  28. 28. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Binary Log • Logs database change events • Why – Replication – Data recovery • Enable with --log-bin • A LOT of options • “Read” with mysqlbinlog • To disable binary logging for the current session, use sql_log_bin 28
  29. 29. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Backups 29
  30. 30. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Backup Types Logical Physical 1 2 30
  31. 31. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Logical Backups • Saved – Logical structure – Content • Machine independent • Slower • Server up/warm • Full granularity 31
  32. 32. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | mysqldump • Logical • Command line client • Commonly used • Generates editable text files • Very flexible • Questionable scalability 32
  33. 33. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Workbench - Data Export 33
  34. 34. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | mysqlpump • Logical • Similar to mysqldump • Also command line client • Parallel processing to speed up dump process • Dump user accounts with CREATE USER / GRANT • Default: I_S, P_S, ndbinfo and SYS not included • Reloading: faster secondary index creation in InnoDB 34
  35. 35. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | SELECT… INTO OUTFILE and LOAD DATA INFILE • Logical • MySQL command • Data only • Be careful! You want a consistent backup • Column and line terminators can be specified • LOTS of details - see the manual 35
  36. 36. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Backup Types Logical Physical 1 2 36
  37. 37. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Physical Backup • Raw copies • Faster then logical (orders of magnitude) • Compact • File based granularity • Usually server is down and locked 37
  38. 38. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Filesystem Snapshot • Physical • OS Dependent • Basic Steps – FLUSH TABLES WITH READ LOCK – Take the snapshot – UNLOCK TABLES – Copy files from snapshot 38
  39. 39. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Official physical backup solution – MySQL 5.0 to 5.7 – Can handle all official MySQL supported storage engines • Multi-platform • Command line client • Binlog and Relay log backup (Optional) • Fast recovery 39
  40. 40. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Features: – Partial and incremental backups – Streaming, direct to tape and single file backups – Throttling and parallel backup operations – Compression – Encryption – Validation – Supports TDE (con’t) 40
  41. 41. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Workbench and MEB 41
  42. 42. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Don’t Forget Your Binary Logs • Incremental backup – Holds changes since the full backup - roll it forward • Physical file copy – Rotate binary log with FLUSH LOGS – Copy the file • Logical copy to remote server – Static or streaming • mysqlbinlog --read-from-remote-server 42
  43. 43. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Questions? 43
  44. 44. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL Administration 101 Ligaya Turmelle Principal Technical Support Engineer - MySQL ligaya.turmelle@oracle.com @lig

×