Summary
MariaDB is one of the popular relational database management systems (RDBMS), forked from MySQL by some of the original developers. It is open source licensed under GNU GPL 2, and ready for both community and enterprise use with long history and large knowledge to manage and maintain.
To Install it on OpenBSD, the solid and clean operating system, is easy thanks to the Package Management system (“ports”) maintained by the great project and the community.
This post shows how to do it.
Environment
Basic steps
Just a few !!
# pkg_add mariadb-server # rcctl enable mysqld # mysql_install_db # rcctl start mysqld # mysql_secure_installation # # several questions will be given All of the description is below.
Tutorial
Install the package
$ doas pkg_add mariadb-server The result was:
quirks-6.122 signed on 2023-09-01T21:25:11Z mariadb-server-10.9.4v1:(...): ok mariadb-server-10.9.4v1: ok The following new rcscripts were installed: /etc/rc.d/mysqld See rcctl(8) for details. New and changed readme(s): /usr/local/share/doc/pkg-readmes/mariadb-server As above, the pkg-readme is brought as /usr/local/share/doc/pkg-readmes/mariadb-server.
Activate daemon
$ doas rcctl enable mysqld Run mysql_install_db
Create the default database:
$ doas mysql_install_db The result was:
WARNING: The host '(...)' could not be looked up with /usr/local/bin/resolveip. This probably means that your libc libraries are not 100 % compatible with this binary MariaDB version. The MariaDB daemon, mysqld, should work normally with the exception that host name resolving will not work. This means that you should use IP addresses instead of hostnames when specifying MariaDB privileges ! Installing MariaDB/MySQL system tables in '/var/mysql' ... OK Two all-privilege accounts were created. One is root@localhost, it has no password, but you need to be system 'root' user to connect. Use, for example, sudo mysql The second is _mysql@localhost, it has no password either, but you need to be the system '_mysql' user to connect. After connecting you can set the password, if you would need to be able to connect as any of these users with a password and without sudo See the MariaDB Knowledgebase at https://mariadb.com/kb You can start the MariaDB daemon with: /etc/rc.d/mysqld start Please report any problems at https://mariadb.org/jira The latest information about MariaDB is available at https://mariadb.org/. Consider joining MariaDB's strong and vibrant community: https://mariadb.org/get-involved/ Start daemon
$ doas rcctl start mysqld mysqld(ok) Run mysql_secure_installation
$ doas mysql_secure_installation Start (Before the questions)
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! Several questions given
Q1: Current root password
It must be none for the first time. Just push Enter.
In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... At all the questions below, my choice is written down. Actually, they are up to your environment.
Q2: Use unix_socket authentication instead of root password
Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] n ... skipping. Q3: Set root password
You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Q4: Remove anonymous users
By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Q5: Disallow root login remotely
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! Q6: Remove test database
By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Q7: Reload privilege tables
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! End (The rest)
Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! Conclusion
You may confirm your daemon is fine with:
$ doas rcctl check mysqld mysqld(ok) Well, let’s login to the server as client with root, the superuser:
$ mysql -u root -p After entering the password, you must be welcomed:
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 11 Server version: 10.9.4-MariaDB OpenBSD port: mariadb-server-10.9.4v1 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> The command line examples:
-- create database CREATE DATABASE <database> \ CHARACTER SET utf8mb4 \ COLLATE utf8mb4_unicode_ci; -- create user for it GRANT ALL PRIVILEGES \ ON <database>.* \ TO <dbuser>@'localhost' \ IDENTIFIED BY '<dbpass>'; -- reload privileges FLUSH PRIVILEGES; 🎵 🐬 Happy storing digitally 🐬 🎵