在Debian 12中安装MariaDB
自从Oracle公司收购了Sun公司并获得了MySQL,开源社区已经重新fork出了采用纯粹GPL协议并承诺永远开源的MariaDB,并且由MySQL创始人(Michael "Monty" Widenius)管理开发。这意味着所有高级功能(包括高效的线程池、强大的各种存储引擎)在MariaDB中是完全免费且开源的。
事实上,自 Debian 9 开始,Debian 官方开源社区就已经把 MySQL 从默认软件仓库中彻底移除,并用 MariaDB 取而代之。也就是说,即使你使用 sudo apt install mysql-server 安装的其实还是MariaDB。
备注
虽然 MySQL 和 MariaDB基本SQL语法(CRUD,索引,触发器)完全一致,但是两个数据库还是有不同的分支差别:
MySQL 8.0/8.4 引入了一些独特的 JSON 增强函数、窗口函数(Window Functions)以及新的默认认证插件(caching_sha2_password)
MariaDB 则推出了自己特有的临时表(Temporal Tables)和更灵活的存储引擎(如 ColumnStore 列式存储、MyRocks 引擎)
安装
安装:
sudo apt install mariadb-server mariadb-client
mariadb-server 提供了数据库服务, mariadb-client 则提供 mariadb shell用于本地管理,远程登录,dump等管理。
备注
这里在一台主机上安装了服务和客户端,实际生产环境,两者可以完全独立分别安装。服务器上仅需要安装 mariadb-server ,可以通过 mariadb-client 远程管理。
检查安装版本:
mariadb --version
可以看到当前系统中安装的版本(10.11.14):
mariadb Ver 15.1 Distrib 10.11.14-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
注意,MariaDB的版本是10.11.14,在输出行中看到的 Ver 15.1 实际上是MariaDB从MySQL 5.5分支fork出时,为了避免和MySQL库文件命名冲图,将客户端协议主版本号强行定义为 15 ,这个数字一直以来都没有变过。
# mariadb-admin version
mariadb-admin Ver 10.0 Distrib 10.11.14-MariaDB, for debian-linux-gnu on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Server version 10.11.14-MariaDB-0+deb12u2
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /run/mysqld/mysqld.sock
Uptime: 5 min 20 sec
Threads: 1 Questions: 58 Slow queries: 0 Opens: 33 Open tables: 26 Queries per second avg: 0.181
安装完成后,默认会启动并激活mariadb服务,可以通过以下命令验证:
systemctl is-enabled mariadb && systemctl is-active mariadb
输出可以看到
enabled
active
如果没有激活或启动,则执行以下命令:
sudo systemctl enable mariadb --now
配置
执行以下交互命令来移出默认的不安全设置并刷新:
mariadb-secure-installation
这里有一些交互回答,通常按照默认回答就可以:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Enter current password for root (enter for none):由于用 apt 刚装好,默认没有任何密码。直接按回车(Enter) 即可。Switch to unix_socket authentication [Y/n]强烈推荐输入 y 确认:unix_socket(本地套接字认证) 是 MariaDB/MySQL 在 Linux 下的一项高级安全特性。如果你已经是 Linux 系统里的root用户(比如你通过sudo -i或在 Incus 里本来就是 root),当输入 mariadb 时,数据库会直接信任你的 Linux 系统身份,免密码直接让你登录。优点 : 极大地方便了系统运维自动化脚本(比如备份脚本),不再需要把数据库明文密码写在脚本里面,只要保护好Linux的root权限即可,非常安全
缺点 : 无法在远程使用这种免密方式,远程依然必须用密码
Change the root password? [Y/n]: 设置数据库传统的明文密码,该密码可以在 phpMyAdmin 这样的管理平台中使用,也可以通过网络访问数据库Remove anonymous users? [Y/n]: 输入y删除掉默认安装的匿名账号(方便新手测试)Disallow root login remotely? [Y/n]: 出于安全建议回答y避免远程root用户访问,对于本地root用户访问不受限,通常 phpMyAdmin 本地安装也没有影响Remove test database and access to it? [Y/n]: 建议回答y删除掉默认创建的test数据库Reload privilege tables now? [Y/n]: 回答y立即刷新权限表