From b9fa674e4dd2335f8a6e5776bf9bc7c5ff755a02 Mon Sep 17 00:00:00 2001 From: VC Date: Fri, 5 Jul 2024 11:53:42 +0200 Subject: [PATCH] feat: reset MariaDB config file --- host_vars/web2.dmz.mateu.be.yml | 1 - roles/mariadb/defaults/main.yml | 1 - roles/mariadb/templates/50-server.cnf.j2 | 108 ++++++++++------------- 3 files changed, 49 insertions(+), 61 deletions(-) diff --git a/host_vars/web2.dmz.mateu.be.yml b/host_vars/web2.dmz.mateu.be.yml index 3d693eb..b4978e6 100644 --- a/host_vars/web2.dmz.mateu.be.yml +++ b/host_vars/web2.dmz.mateu.be.yml @@ -7,4 +7,3 @@ mariadb_root_pass: !vault | 39396636346563346135313431373630643536363838333964353636373437653166633761363664 3437653064323138310a663363373736623931336432376466316666616234356133383263373136 31343534663063663134306464306234366430323762656165653930333134326231 -# mariadb_query_cache_memory: 128 diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml index a0577f4..a598a8a 100644 --- a/roles/mariadb/defaults/main.yml +++ b/roles/mariadb/defaults/main.yml @@ -2,4 +2,3 @@ mariadb_backup_hour: 5 mariadb_backup_minute: 0 -mariadb_query_cache_memory: 64 diff --git a/roles/mariadb/templates/50-server.cnf.j2 b/roles/mariadb/templates/50-server.cnf.j2 index 37782e3..da52017 100644 --- a/roles/mariadb/templates/50-server.cnf.j2 +++ b/roles/mariadb/templates/50-server.cnf.j2 @@ -1,8 +1,6 @@ # # These groups are read by MariaDB server. # Use it for options that only the server (but not clients) should see -# -# See the examples of server my.cnf files in /usr/share/mysql # this is read by the standalone daemon and embedded servers [server] @@ -13,16 +11,18 @@ # # * Basic Settings # -user = mysql + +#user = mysql pid-file = /run/mysqld/mysqld.pid -socket = /run/mysqld/mysqld.sock -#port = 3306 basedir = /usr datadir = /srv/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql default-storage-engine = InnoDB -#skip-external-locking +#tmpdir = /tmp +performance_schema = ON + +# Broken reverse DNS slows down connections considerably and name resolve is +# safe to skip if there are no "host by domain name" access grants +#skip-name-resolve # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. @@ -31,98 +31,88 @@ bind-address = 127.0.0.1 # # * Fine Tuning # -key_buffer_size = 64K -max_allowed_packet = 64M -thread_stack = 256K -thread_cache_size = 8 + +table_definition_cache = 800 +join_buffer_size = 512K + +key_buffer_size = 10M +#max_allowed_packet = 1G +#thread_stack = 192K +#thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched -myisam_recover_options = BACKUP +#myisam_recover_options = BACKUP #max_connections = 100 #table_cache = 64 -#thread_concurrency = 10 - -# -# * Query Cache Configuration -# -query_cache_limit = 16M -query_cache_size = {{ mariadb_query_cache_memory }}M # # * Logging and Replication # + +# Note: The configured log file or its directory need to be created +# and be writable by the mysql user, e.g.: +# $ sudo mkdir -m 2750 /var/log/mysql +# $ sudo chown mysql /var/log/mysql + # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! +# Recommend only changing this at runtime for short testing periods if needed! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 -# -# Error log - should be very few entries. -# -log_error = /var/log/mysql/error.log -# + +# When running under systemd, error logging goes via stdout/stderr to journald +# and when running legacy init error logging goes to syslog due to +# /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf +# Enable this if you want to have error logging into a separate file +#log_error = /var/log/mysql/error.log # Enable the slow query log to see queries with especially long duration -#slow_query_log_file = /var/log/mysql/mariadb-slow.log -#long_query_time = 10 -#log_slow_rate_limit = 1000 -#log_slow_verbosity = query_plan +#log_slow_query_file = /var/log/mysql/mariadb-slow.log +#log_slow_query_time = 10 +#log_slow_verbosity = query_plan,explain #log-queries-not-using-indexes -# +#log_slow_min_examined_row_limit = 1000 + # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 -max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = exclude_database_name +#max_binlog_size = 100M # -# * Security Features -# -# Read the manual, too, if you want chroot! -#chroot = /srv/mysql/ -# -# For generating SSL certificates you can use for example the GUI tool "tinyca". +# * SSL/TLS # + +# For documentation, please read +# https://mariadb.com/kb/en/securing-connections-for-client-and-server/ #ssl-ca = /etc/mysql/cacert.pem #ssl-cert = /etc/mysql/server-cert.pem #ssl-key = /etc/mysql/server-key.pem -# -# Accept only connections using the latest and most secure TLS protocol version. -# ..when MariaDB is compiled with OpenSSL: -#ssl-cipher = TLSv1.2 -# ..when MariaDB is compiled with YaSSL (default in Debian): -#ssl = on +#require-secure-transport = on # # * Character sets # + # MySQL/MariaDB default is Latin1, but in Debian we rather default to the full # utf8 4-byte character set. See also client.cnf -# character-set-server = utf8mb4 collation-server = utf8mb4_general_ci # # * InnoDB # -# InnoDB is enabled by default with a 10MB datafile in /srv/mysql/. + +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! +# Most important is to give InnoDB 80 % of the system RAM for buffer use: +# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size +#innodb_buffer_pool_size = 8G innodb_file_per_table innodb_data_file_path=ibdata1:10M:autoextend -# -# * Unix socket authentication plugin is built-in since 10.0.22-6 -# -# Needed so the root database user can authenticate without a password but -# only when running as the unix root user. -# -# Also available for other users if required. -# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ - # this is only for embedded server [embedded] @@ -131,7 +121,7 @@ innodb_data_file_path=ibdata1:10M:autoextend # you can put MariaDB-only options here [mariadb] -# This group is only read by MariaDB-10.3 servers. +# This group is only read by MariaDB-10.11 servers. # If you use the same .cnf file for MariaDB of different versions, # use this group for options that older servers don't understand -[mariadb-10.3] +[mariadb-10.11]