MariaDB is one of the most popular open source database management systems. It is a community-developed fork of MySQL intended to remain free and open source while delivering professional capabilities for demanding workloads.
In this comprehensive guide, we will cover installing MariaDB on Ubuntu 20.04 and CentOS 7/8 servers. We‘ll also explore important security measures to lock down your database, as well as performance optimization best practices.
Whether you are deploying MariaDB for a small side project or mission-critical corporate workloads, these tips will help you run MariaDB reliably, efficiently and securely.
Overview of MariaDB
MariaDB offers some key benefits over other database options:
Drop-in Replacement for MySQL: MariaDB was specifically designed to serve as a seamless replacement for MySQL with complete compatibility. This allows easy migration from MySQL.
Advanced Engines: It incorporates modern engines like Aria, MyRocks and Spider for optimized workloads. The default InnoDB is focused on performance gains.
Community Innovation: New features, bug fixes and expert support available rapidly from the MariaDB community ecosystem.
Cloud Native: Integration of MaxScale transparent proxy allows easy scaling in cloud. Features like microsecond resolution help emerging workloads.
Business Critical Support: Optional commercial support subscriptions available from MariaDB Corporation for business critical needs.
So whether you need a free open source database or one fully backed by expert support, MariaDB can serve a wide range of use cases.
Step-by-Step Installation on Ubuntu & CentOS
MariaDB packages are available in the default repositories of most common Linux distributions like Ubuntu, CentOS, Debian etc. We will cover installation on Ubuntu 20.04 LTS and CentOS 7/8 using the standard packages.
Installing MariaDB on Ubuntu 20.04
On Ubuntu, we can directly install from the universe repository using APT:
sudo apt update
sudo apt install mariadb-serverThis will install the latest stable MariaDB version along with required dependencies and optimal configuration for Ubuntu systems.
The service can then be started and enabled on boot:
sudo systemctl start mariadb
sudo systemctl enable mariadbCheck status to confirm MariaDB is running:
sudo systemctl status mariadbThe key steps are hence adding the repositories, installing via APT, configuring systemd for automatic startup on boot, and validating. This installs MariaDB fully ready for usage.
Installing MariaDB on CentOS 7
CentOS 7 repositories only include the outdated MariaDB 5.5 version by default. We will leverage MariaDB‘s own official repositories to add the latest stable 10.5 release instead:
sudo yum install wget
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
sudo ./mariadb_repo_setupThis automatically configures YUM repositories for the 10.5 release. Now install the packages:
sudo yum install MariaDB-serverStart, enable and check status of services:
sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo systemctl status mariadbInstalling MariaDB on CentOS 8
CentOS 8 includes MariaDB 10.3 in AppStream allowing an easy one line installation:
sudo dnf install mariadb-server This installs the latest 10.3 release along with optimal dependencies. Manage the service same way as CentOS 7.
The alternative is still using mariadb_repo_setup to specifically install a targeted 10.5 release on CentOS 8 as well.
This covers getting MariaDB installed across Ubuntu LTS and CentOS using standard repositories.
Hardening MariaDB Security
By default, MariaDB deployment has several insecure default settings for convenience. We will harden security posture for production use cases by:
Securing Installation
The mysql_secure_installation script guides through several key steps:
sudo mysql_secure_installation- Set root password for admin access instead of empty
- Enforce socket auth for local root login only
- Remove anonymous user accounts
- Drop unused test database from disk
- Reload privileges to apply changes
It is highly recommended to run this post installation. Consider setting a strong root password as per your enterprise policies.
Creating Admin User
Create a separate user account with full privileges instead of using root for daily administration work:
CREATE USER ‘admin‘@‘localhost‘ IDENTIFIED BY ‘password‘;
GRANT ALL PRIVILEGES ON * . * TO ‘admin‘@‘localhost‘;Use these admin credentials for tools like mysql command line client etc.
Ongoing Security Maintenance
Some additional aspects to handle as part of Database Security Lifecycle:
- Track CVEs and upgrade to latest secure MariaDB release using repositories
- Monitor audit and slow logs for suspicious activity
- Rotate credentials periodically per security policy
- Take frequent backups tested for integrity
Staying up to date allows benefiting from latest security fixes. Beyond one time hardening, continuous processes must defend production data from attack vectors and insider risks over time.
Optimizing MariaDB Performance
Tuning Linux and databases correctly utilizes infrastructure efficiently while serving application needs.
Operating System Optimization
Some key OS parameters to tune for heavily loaded database servers:
IO Scheduler: Use noop or deadline algorithm instead of default cfq for faster disk access
File Limits: Database connections open thousands of socket handles – increase limits substantially
Swappiness: Lower to avoid slow memory swaps interfering serviceability
Filesystem Mounts: Use noatime etc favorable options on storage volumes
In-Depth Database Configuration
While OS determines overall memory, compute and hardware resource usage limits – databases have extensive options around caching, storage engine internals, concurrency limits and more.
The main configuration file is my.cnf generally at /etc/my.cnf. Specific files can also be created under /etc/my.cnf.d/ to override values.
For example, to optimize buffer pool usage by InnoDB storage engine:
[mysqld]
innodb_buffer_pool_size = 2G
innodb_buffer_pool_instances = 8Many such parameters exist around caches, IO capacity, worker threads etc. Tuning these to match infrastructure and application access patterns improves efficiency and throughput substantially.
Conclusion
We have explored how to get MariaDB running securely on Ubuntu 20.04 & CentOS 7/8 using standard repositories, lock it down properly for production use and tune for best performance.
Be sure to research specific versions to pick latest community or commercially supported releases. Consider multi-node clustering for scale and availability along with hot backups for disaster recovery. Proper dashboards combined with continuous monitoring will allow you to operate MariaDB clusters smoothly for business workloads.
