MariaDB 10.1 and Roadmap

© MariaDB Corporation Ab. 1

MariaDB 10.1 and Roadmap

Rasmus JohanssonVP Engineering, MariaDB Corporation

© MariaDB Corporation Ab.

Agenda

• MariaDB 10.1 New Features

• MariaDB 10.1 Security Feature Set

• MariaDB 10.2

• Other interesting things

17/03/2016 2


MariaDB 10.1 has been stable for 5 months

• First GA version 10.1.8 released Oct 17th, 2015

•Based on MariaDB 10.0

17/03/2016 3


MariaDB 10.1 Themes

Security High Availability

Scalability

17/03/2016 4

© MariaDB Corporation Ab.17/03/2016 5

High Availability


Galera Cluster integrated

• Full integration of Galera Cluster into MariaDB 10.1 — it is not a separate download

• Enable Galera Cluster when you need it

17/03/2016 6


Galera Custer integrated

• Per default MariaDB 10.1 works like a vanilla MariaDB Server

• In order to use Galera Cluster you need to set the following:

• wrep_on = ON

• wsrep_provider

• wsrep_cluster_address

• binlog_format=ROW

• default_storage_engine=InnoDB

• innodb_autoinc_lock_mode=2

• innodb_doublewrite=1

• query_cache_size=017/03/2016 7


Scalability


Parallel Slave Replication (10.0)

• Multi-source replication from different masters (domains) executed in parallel

• Queries that are run in parallel on the master are run in parallel on the slave (based on group commit)

• Transactions modifying the same table can be updated in parallel on the slave!

• Supports both statement based and row based replication.

17/03/2016 9


Optimistic Parallel Replication

• New replicaton mode in MariaDB 10.1

• Any INSERT, UPDATE or DELETE can be applied in parallel on the slave

• Even if it wasn't committed in parallell on the master

• Needs a 10.1 master

• Needs a transactional engine for rollback in case of a conflict

17/03/2016 10


Optimistic Parallel Replication

• Enabled byslave-parallel-mode=optimistic

• Temporarily disable by variable@@skip_parallel_replication

• Server optimistically assumes that few conflicts will occur

• roll back and retry for conflicting transactions

17/03/2016 11


Performance Improvements

• Especially for High-End Servers

•High processing power

•More cores

• Benchmark 10.1 on Linux Only POWER8

• „1 million SQL queries per second: GA MariaDB 10.1 on POWER8“

•https://blog.mariadb.org/10-1-mio-qps/

17/03/2016 12

https://blog.mariadb.org/10-1-mio-qps/


InnoDB Defragmentation

• Deleted records can create gaps on pages

• Defragmentation based on an implementation from Facebook and Kakao Corp.

• Neither new SQL literals nor server changes needed

• OPTIMIZE TABLE is used•innodb_defragment=1

17/03/2016 13


MySQL Compatibility Feature

• MariaDB 10.1 can be a slave to MySQL 5.6

•Also when GTIDs are used

• Feature was requested by the Community

• To test MariaDB in a MySQL deployment

• For migrating to MariaDB

17/03/2016 14


Security


Security

Encryption

AuditingAuthentication

Validation

17/03/2016 16


Security Features in MariaDB 10.1

Encryption

AuditingAuthentication

Validation

17/03/2016 17

• Data at Rest Encryption

• Password Validation Plugin

• PAM Authentication Plugin

• Audit Plugin

• SSL Connections

• Encryption functions


Data at Rest Encryption

• New with MariaDB 10.1

• Originates from Google encryption patch

• Table space and table encryption

• Based on

• Encyption key

• Key id

• Key rotation

• Key version

17/03/2016 18


Data at Rest Encyption

• Encryption for

• XtraDB/InnoDB tablespaces

• XtraDB/InnoDB log files

• Binary logs

• Aria tables

• Temporary files

• No Encryption for

• Metadata

• Memory

• Config-Files17/03/2016 19


Data at Rest Encryption

• Last internal benchmarks on encryption overhead

•XtraDB/InnoDB encryption•<1% (ro)

•≈8-14% (rw)

• Temporary files encryption•≈7-10% (filesort)

•Binary log encryption: <4%

17/03/2016 20


Deleted Data Encryption

• Scrubbing

•Background threads periodically scan tablespaces and logs and overwrite all data that should be deleted.

• More info:

•https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/

17/03/2016 21

https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/


Password Validation Plugins

• Password validation plugin API

• simple_password_check plugin

• Can enforce a minimum password length and guarantee that a password contains at least a specified number of upper and lowercase letters, digits, and punctuation characters

• cracklib_password_check plugin

• A widely used library

• Stop users from choosing easy to guess passwords. It includes checks for not allowing passwords based on the username or a dictionary word etc.

17/03/2016 22


PAM Authentication Plugin

• Authentication using /etc/shadow

• Authentication using LDAP, SSH pass phrases, password expiration, username mapping, logging every login attempt, etc…

• INSTALL PLUGIN pam SONAME 'auth_pam.so';

• CREATE USER foo@host IDENTIFIED via pam;

• REMEMBER to configure PAM (/etc/pam.d or /etc/pam.conf)

17/03/2016 23


Role-Based Access Control

Database

Tables

MariaDB 10

Role: DBA

Permissions:● Update Schema

● View Statistics

● Create DatabaseDBA

Developer

Sysadmin


Roles

CREATE ROLE journalist;

GRANT SHOW DATABASES ON *.* TO journalist;

GRANT ALL ON db1.* TO journalist;

GRANT journalist to user1;

SET DEFAULT ROLE journalist;

https://mariadb.com/kb/en/mariadb/roles-overview/

https://mariadb.com/kb/en/mariadb/roles-overview/


MariaDB Audit Plugin

• Auditing database access to

• File (comma delimited format)

• Syslog

• Modified Plugin API in MariaDB

•Audit Plugin compatible with MySQL Server

• Only MariaDB allows to monitor table level events

17/03/2016 26



17/03/2016 27

CONNECTION

QUERY

CONNECT

DDL

DISCONNECT

FAILED CONNECT

DML+TCL

OBJECT

DATABASE

TABLES

TIMESTAMP

HOST

USER

SESSION

DCL



• Password filtering included

17/03/2016 28

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test1"@"localhost"

IDENTIFIED BY *****',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test4"@"localhost"

IDENTIFIED BY PASSWORD *****',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES

(1,PASSWORD("mypwd"))',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =

PASSWORD("mynewpwd")',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES

(2,OLD_PASSWORD("mypwd2"))',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =

OLD_PASSWORD("mynewpwd2")',0

20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'GRANT ALL ON *.* TO

"test5"@"localhost" IDENTIFIED BY *****',0


SSL Connections

• Encrytion between client and server

• Disabled by default

• TLSv1.2 protocol

• SSL also available for replication

• Variables needed to use SSL

• ssl-ca=ca.pem

• ssl-cert=server-cert.pem

• ssl-key=server-key.pem

17/03/2016 29


Encryption Functions

• Encrytion functions are used per column

• Available encryptions

•AES (Advanced Encryption Standard) algorithm

•DES (Data Encryption Standard) algorithm•Requires SSL to be configured

• String encryption via DECODE / ENCODE

17/03/2016 30


Kerberos authentication plugin

KDC

Client MariaDB

Ticket

request1 -

Service

ticket2 -

Here is my service

ticket, authenticate me3 -

Client / Server session4 -

• GSS-API on Linux• Red Hat Directory Server

• OpenLDAP

• SSPI on Windows

• Active Directory


MariaDB 10.2

17/03/2016 32

MariaDB Server 10.2

● Currently in development

○ Driven by the MariaDB Foundation on behalf of

the community

○ Dtrong direction provided by our company

experts

● Target Dates:

○ Beta in June 2016

○ Stable by end of 2016

10.2 Main Features

Area Feature

Analytics Window Functions

Connectors • COM_MULTI (protocol enhancement for supporting multiple

COM_ commands in one packet resulting a performance

benefit)

• Replace libmysqlclient with MariaDB Connector/C

• Binary protocol

MySQL 5.7 • InnoDB from 5.7

• Virtual column indexes

• JSON data type and functions

New APIs Pluggable Data Type API

Security • Password expiration

• Extend AES_ENCRYPT()

Replication No slave left behind (from Google)

Performance Speed up connection creation

Support for JSON in 10.2

• Create a JSON document store as part of MariaDB • Facilitates handling multiple data types on a single MariaDB platform

• JSON as a pluggable data type• Evaluating the format in MySQL 5.7

• Built-in JSON functions from MySQL and/or Facebook and/or SQL Standard

• Indexing of JSON

• Evaluating DocStore created by and used at Facebook

CREATE TABLE t1 (col1 JSON, col2 INT AS JSON_EXTRACT(col1, "$.id"), KEY(col2))

JSON_CONTAINS, JSON_EXTRACT, JSON_INSERT, JSON_APPEND, JSON_REMOVE,…

Better Support for Analytics in 10.2

SELECT

name, countrycode,

population *1.0 / sum(population)

OVER (PARTITION by countrycode)

FROM city

Returns the city, together with the fraction of the

country's population living in that city

Window Functions - Partitioning

Better Support for Analytics in 10.2

SELECT

AVG(close_price)

OVER (ORDER BY trade_date

ROWS BETWEEN 2 PRECEDING

AND CURRENT ROW)

FROM stock_prices WHERE symbol='IBM'

Returns the 3-day historical average

Ranges are also supported instead of rows

Window Functions – Averages, Smoothing

© MariaDB Corporation Ab. 38

Thank You

mariadb.com

[email protected]

"MySQL is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks

of their respective owners. MariaDB is not affiliated with MySQL."

MariaDB 10.1 and Roadmap

Software