Codership first released a version of MySQL 5.7 with the audit log plugin back when Galera Cluster for MySQL 5.7.30 was released back in June 2020. More recently, we also added the audit log plugin to Galera Cluster for MySQL 5.6.51 in April 2021, but I guess the most important was that we also started including it in Galera Cluster for MySQL 8.0.21 too. We also started supporting it across various distributions, including Debian. For today’s exercise, we will use Galera Cluster for MySQL 8.0.23 on CentOS 7 (compatible with Red Hat Enterprise Linux 7). …
[Read more]
Starting with the release of proxysql-admin 2.0.15, the
proxysql-admin
2.x series can now encrypt the
credentials needed to access proxysql and cluster nodes. This
only applies to the proxysql-admin
configuration,
this does not change the ProxySQL config, so
those credentials are still unencrypted.
The credentials file is the unencrypted file containing the usernames, passwords, hostnames, and ports needed to connect to ProxySQL and PXC (Percona XtraDB Cluster).
The proxysql-login-file
tool is used to encrypt the
credentials file. This encrypted file is known
as a login-file. This login-file can then be
used by the proxysql-admin
and
proxysql-status
scripts.
Note: This feature requires OpenSSL v1.1.1 and above (with the exception of Ubuntu 16.04). Please see the …
[Read more]When organizing things helps to simplify life.
In the previous article, we start to explore dynamic privileges and the interaction with static ones. We also saw how to remove SUPER privilege from a DBA account.
What we did was go by subtraction. But in real life, we should act differently. We should ADD only what is really needed for the account to work correctly.
Adding privilege one by one, and for each user is problematic given the level of interaction they may have, and also prone to mistakes.
Instead, we can use ROLES to group, assign, and revoke the correct privileges in a much easier way.
This is becoming even more important in MySQL with the advent of dynamic privileges.
What should we do to correctly use ROLES? Well first of all design. …
[Read more]
In this blog, we will discuss about how to setup MySQL NDB
Cluster replication in a more secure way with the help of binary
log and relay log encryption and a secure connection. These
measures protect binary log dat in transit and at rest.
Let’s create two MySQL NDB Clusters with the following
environment, Here, one will be termed as ‘source’ cluster and the
other one will be termed as ‘replica’ cluster.
- MySQL NDB Cluster version (Latest GA version)
- 1 Management node
- 4 Data nodes
- 1 MySQLDs
- Configuration slots for up to 4 additional API nodes
Step 1: Start both of the Clusters
Let’s start both the source cluster and replica cluster but do
not start the MySQLD servers from both the clusters as we want to
modify their configuration first.
…
MySQL Firewall is an enterprise security solution providing ease of mind while protecting your database from rogue queries. Sometimes granting wide-style access privileges may feel a bit too generous, and leaves you wondering whether you could do something more. Join us as we explore Firewall, and (in particular) using Group profiles.…
Facebook Twitter LinkedIn
In previous TAM Enterprise Experiences posts, we have outlined typical aspects of utilizing MySQL in an Enterprise environment. One thing we have not yet covered is the topic of database encryption, both from the standpoint of business requirements as well as some of the more technical aspects of encryption.
In this post, we will cover:
- Common enterprise compliance requirements
- Types of MySQL encryption
- Choosing the right encryption
- Vault
Common Compliance Requirements
Beyond the obvious security concerns with sensitive data, most enterprise businesses also need to meet various compliance requirements, with the compliance requirement(s) dependent on the country the business is located in, the type of business, and the type of data being stored. Note that in all cases, the onus is on the business to protect the data based on these compliance requirements. Some of …
[Read more]As you may know, MySQL 5.6 will reach EOL (“End of Life”) in February 2021. This means in about two months, there will be no more updates, and more importantly, no more security fixes for discovered vulnerabilities.
You may be well ahead of the curve and have already updated to MySQL 5.7 or MySQL 8.0, or even better, migrated to Percona Server for MySQL, or maybe not. Perhaps it takes more time than anticipated to adjust your application to be compatible with MySQL 5.7 or higher, or maybe you planned to decommission your application, but life got in the way. Now the EOL date is looming, and there is just no way to decommission your last MySQL 5.6 instance in time.
We have great news for our MySQL Luddites! Percona is pleased to …
[Read more]Getting MySQL working with self-signed SSL certificates is pretty simple. Having it working with a certificate signed by a trusted authority is also very simple, we just need to set the correct path and privileges to the file. The problem comes when we need to make MySQL validate the certificate signature against the authority public key.
I’ve searched on the internet but wasn’t able to find much information about it. There are a good number of posts on how to set up your own certificate authority and self-sign your certificates, but not much about how to use one signed by a public trusted authority.
I used a certificate signed by a Let’s Encrypt on my tests but the concepts and steps shared here should work for any public trusted authority. I also generated one certificate to be used by MySQL server and another one to be used by the client. It is possible to use the …
[Read more]Kata containers are containers that use hardware virtualization technologies for workload isolation almost without performance penalties. Top use cases are untrusted workloads and tenant isolation (for example in a shared Kubernetes cluster). This blog post describes how to run Percona Kubernetes Operator for Percona XtraDB Cluster (PXC Operator) using Kata containers.
Prepare Your Kubernetes Cluster
Setting up Kata containers and Kubernetes is well documented in the official github repo (cri-o, …
[Read more]Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 5.6, 5.7 and 8.0, consisting of MySQL-wsrep 5.6.49 (release notes, download), 5.7.31 (release notes, download), and 8.0.21 (release notes, download) with Galera Replication library …
[Read more]