© MariaDB Corporation Ab. 1 MariaDB 10.1 and Roadmap Rasmus Johansson VP Engineering, MariaDB Corporation
© MariaDB Corporation Ab. 1
MariaDB 10.1 and Roadmap
Rasmus JohanssonVP Engineering, MariaDB Corporation
© MariaDB Corporation Ab.
Agenda
• MariaDB 10.1 New Features
• MariaDB 10.1 Security Feature Set
• MariaDB 10.2
• Other interesting things
17/03/2016 2
© MariaDB Corporation Ab.
MariaDB 10.1 has been stable for 5 months
• First GA version 10.1.8 released Oct 17th, 2015
•Based on MariaDB 10.0
17/03/2016 3
© MariaDB Corporation Ab.
MariaDB 10.1 Themes
Security High Availability
Scalability
17/03/2016 4
© MariaDB Corporation Ab.17/03/2016 5
High Availability
© MariaDB Corporation Ab.
Galera Cluster integrated
• Full integration of Galera Cluster into MariaDB 10.1 — it is not a separate download
• Enable Galera Cluster when you need it
17/03/2016 6
© MariaDB Corporation Ab.
Galera Custer integrated
• Per default MariaDB 10.1 works like a vanilla MariaDB Server
• In order to use Galera Cluster you need to set the following:
• wrep_on = ON
• wsrep_provider
• wsrep_cluster_address
• binlog_format=ROW
• default_storage_engine=InnoDB
• innodb_autoinc_lock_mode=2
• innodb_doublewrite=1
• query_cache_size=017/03/2016 7
© MariaDB Corporation Ab.17/03/2016 8
Scalability
© MariaDB Corporation Ab.
Parallel Slave Replication (10.0)
• Multi-source replication from different masters (domains) executed in parallel
• Queries that are run in parallel on the master are run in parallel on the slave (based on group commit)
• Transactions modifying the same table can be updated in parallel on the slave!
• Supports both statement based and row based replication.
17/03/2016 9
© MariaDB Corporation Ab.
Optimistic Parallel Replication
• New replicaton mode in MariaDB 10.1
• Any INSERT, UPDATE or DELETE can be applied in parallel on the slave
• Even if it wasn't committed in parallell on the master
• Needs a 10.1 master
• Needs a transactional engine for rollback in case of a conflict
17/03/2016 10
© MariaDB Corporation Ab.
Optimistic Parallel Replication
• Enabled byslave-parallel-mode=optimistic
• Temporarily disable by variable@@skip_parallel_replication
• Server optimistically assumes that few conflicts will occur
• roll back and retry for conflicting transactions
17/03/2016 11
© MariaDB Corporation Ab.
Performance Improvements
• Especially for High-End Servers
•High processing power
•More cores
• Benchmark 10.1 on Linux Only POWER8
• „1 million SQL queries per second: GA MariaDB 10.1 on POWER8“
•https://blog.mariadb.org/10-1-mio-qps/
17/03/2016 12
© MariaDB Corporation Ab.
InnoDB Defragmentation
• Deleted records can create gaps on pages
• Defragmentation based on an implementation from Facebook and Kakao Corp.
• Neither new SQL literals nor server changes needed
• OPTIMIZE TABLE is used•innodb_defragment=1
17/03/2016 13
© MariaDB Corporation Ab.
MySQL Compatibility Feature
• MariaDB 10.1 can be a slave to MySQL 5.6
•Also when GTIDs are used
• Feature was requested by the Community
• To test MariaDB in a MySQL deployment
• For migrating to MariaDB
17/03/2016 14
© MariaDB Corporation Ab.17/03/2016 15
Security
© MariaDB Corporation Ab.
Security
Encryption
AuditingAuthentication
Validation
17/03/2016 16
© MariaDB Corporation Ab.
Security Features in MariaDB 10.1
Encryption
AuditingAuthentication
Validation
17/03/2016 17
• Data at Rest Encryption
• Password Validation Plugin
• PAM Authentication Plugin
• Audit Plugin
• SSL Connections
• Encryption functions
© MariaDB Corporation Ab.
Data at Rest Encryption
• New with MariaDB 10.1
• Originates from Google encryption patch
• Table space and table encryption
• Based on
• Encyption key
• Key id
• Key rotation
• Key version
17/03/2016 18
© MariaDB Corporation Ab.
Data at Rest Encyption
• Encryption for
• XtraDB/InnoDB tablespaces
• XtraDB/InnoDB log files
• Binary logs
• Aria tables
• Temporary files
• No Encryption for
• Metadata
• Memory
• Config-Files17/03/2016 19
© MariaDB Corporation Ab.
Data at Rest Encryption
• Last internal benchmarks on encryption overhead
•XtraDB/InnoDB encryption•<1% (ro)
•≈8-14% (rw)
• Temporary files encryption•≈7-10% (filesort)
•Binary log encryption: <4%
17/03/2016 20
© MariaDB Corporation Ab.
Deleted Data Encryption
• Scrubbing
•Background threads periodically scan tablespaces and logs and overwrite all data that should be deleted.
• More info:
•https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
17/03/2016 21
© MariaDB Corporation Ab.
Password Validation Plugins
• Password validation plugin API
• simple_password_check plugin
• Can enforce a minimum password length and guarantee that a password contains at least a specified number of upper and lowercase letters, digits, and punctuation characters
• cracklib_password_check plugin
• A widely used library
• Stop users from choosing easy to guess passwords. It includes checks for not allowing passwords based on the username or a dictionary word etc.
17/03/2016 22
© MariaDB Corporation Ab.
PAM Authentication Plugin
• Authentication using /etc/shadow
• Authentication using LDAP, SSH pass phrases, password expiration, username mapping, logging every login attempt, etc…
• INSTALL PLUGIN pam SONAME 'auth_pam.so';
• CREATE USER foo@host IDENTIFIED via pam;
• REMEMBER to configure PAM (/etc/pam.d or /etc/pam.conf)
17/03/2016 23
© MariaDB Corporation Ab.
Role-Based Access Control
Database
Tables
MariaDB 10
Role: DBA
Permissions:● Update Schema
● View Statistics
● Create DatabaseDBA
Developer
Sysadmin
© MariaDB Corporation Ab.
Roles
CREATE ROLE journalist;
GRANT SHOW DATABASES ON *.* TO journalist;
GRANT ALL ON db1.* TO journalist;
GRANT journalist to user1;
SET DEFAULT ROLE journalist;
https://mariadb.com/kb/en/mariadb/roles-overview/
© MariaDB Corporation Ab.
MariaDB Audit Plugin
• Auditing database access to
• File (comma delimited format)
• Syslog
• Modified Plugin API in MariaDB
•Audit Plugin compatible with MySQL Server
• Only MariaDB allows to monitor table level events
17/03/2016 26
© MariaDB Corporation Ab.
MariaDB Audit Plugin
17/03/2016 27
CONNECTION
QUERY
CONNECT
DDL
DISCONNECT
FAILED CONNECT
DML+TCL
OBJECT
DATABASE
TABLES
TIMESTAMP
HOST
USER
SESSION
DCL
© MariaDB Corporation Ab.
MariaDB Audit Plugin
• Password filtering included
17/03/2016 28
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test1"@"localhost"
IDENTIFIED BY *****',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test4"@"localhost"
IDENTIFIED BY PASSWORD *****',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES
(1,PASSWORD("mypwd"))',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =
PASSWORD("mynewpwd")',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES
(2,OLD_PASSWORD("mypwd2"))',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =
OLD_PASSWORD("mynewpwd2")',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'GRANT ALL ON *.* TO
"test5"@"localhost" IDENTIFIED BY *****',0
© MariaDB Corporation Ab.
SSL Connections
• Encrytion between client and server
• Disabled by default
• TLSv1.2 protocol
• SSL also available for replication
• Variables needed to use SSL
• ssl-ca=ca.pem
• ssl-cert=server-cert.pem
• ssl-key=server-key.pem
17/03/2016 29
© MariaDB Corporation Ab.
Encryption Functions
• Encrytion functions are used per column
• Available encryptions
•AES (Advanced Encryption Standard) algorithm
•DES (Data Encryption Standard) algorithm•Requires SSL to be configured
• String encryption via DECODE / ENCODE
17/03/2016 30
© MariaDB Corporation Ab.
Kerberos authentication plugin
KDC
Client MariaDB
Ticket
request1 -
Service
ticket2 -
Here is my service
ticket, authenticate me3 -
Client / Server session4 -
• GSS-API on Linux• Red Hat Directory Server
• OpenLDAP
• SSPI on Windows
• Active Directory
© MariaDB Corporation Ab.
MariaDB 10.2
17/03/2016 32
MariaDB Server 10.2
● Currently in development
○ Driven by the MariaDB Foundation on behalf of
the community
○ Dtrong direction provided by our company
experts
● Target Dates:
○ Beta in June 2016
○ Stable by end of 2016
10.2 Main Features
Area Feature
Analytics Window Functions
Connectors • COM_MULTI (protocol enhancement for supporting multiple
COM_ commands in one packet resulting a performance
benefit)
• Replace libmysqlclient with MariaDB Connector/C
• Binary protocol
MySQL 5.7 • InnoDB from 5.7
• Virtual column indexes
• JSON data type and functions
New APIs Pluggable Data Type API
Security • Password expiration
• Extend AES_ENCRYPT()
Replication No slave left behind (from Google)
Performance Speed up connection creation
Support for JSON in 10.2
• Create a JSON document store as part of MariaDB • Facilitates handling multiple data types on a single MariaDB platform
• JSON as a pluggable data type• Evaluating the format in MySQL 5.7
• Built-in JSON functions from MySQL and/or Facebook and/or SQL Standard
• Indexing of JSON
• Evaluating DocStore created by and used at Facebook
CREATE TABLE t1 (col1 JSON, col2 INT AS JSON_EXTRACT(col1, "$.id"), KEY(col2))
JSON_CONTAINS, JSON_EXTRACT, JSON_INSERT, JSON_APPEND, JSON_REMOVE,…
Better Support for Analytics in 10.2
SELECT
name, countrycode,
population *1.0 / sum(population)
OVER (PARTITION by countrycode)
FROM city
Returns the city, together with the fraction of the
country's population living in that city
Window Functions - Partitioning
Better Support for Analytics in 10.2
SELECT
AVG(close_price)
OVER (ORDER BY trade_date
ROWS BETWEEN 2 PRECEDING
AND CURRENT ROW)
FROM stock_prices WHERE symbol='IBM'
Returns the 3-day historical average
Ranges are also supported instead of rows
Window Functions – Averages, Smoothing
© MariaDB Corporation Ab. 38
Thank You
mariadb.com
"MySQL is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners. MariaDB is not affiliated with MySQL."