# Step 3: Start and Configure Enterprise ColumnStore ## Overview This page details step 3 of a 5-step procedure for deploying [Single-Node Enterprise ColumnStore with Local storage](https://mariadb.com/docs/analytics/mariadb-columnstore/management/deployment/install-guide/singlenode-localstorage). This step starts and configures MariaDB Enterprise Server and MariaDB Enterprise ColumnStore. {% hint style="info" %} The instructions were tested against ColumnStore 23.10. {% endhint %} Interactive commands are detailed. Alternatively, the described operations can be performed using automation. ## Configure Enterprise ColumnStore Mandatory system variables and options for Single-Node Enterprise ColumnStore include:
ConnectorMariaDB Connector/R2DBC
character_set_serverSet this system variable to utf8
collation_serverSet this system variable to utf8_general_ci
loose-columnstore_use_import_for_batchinsertSet this system variable to ALWAYS to always use cpimport for LOAD DATA INFILE and INSERT...SELECT statements.
{% hint style="warning" %} The `loose-` prefix is required for ColumnStore system variables in the configuration file. Without it, MariaDB Server will fail to start if the ColumnStore plugin is not installed or has been removed. {% endhint %} ### Example Configuration ```ini [mariadb] log_error = mariadbd.err character_set_server = utf8 collation_server = utf8_general_ci ``` ## Start the Enterprise ColumnStore Services Start and enable the MariaDB Enterprise Server service, so that it starts automatically upon reboot: ```bash $ sudo systemctl start mariadb $ sudo systemctl enable mariadb ``` Start and enable the MariaDB Enterprise ColumnStore service, so that it starts automatically upon reboot: ```bash $ sudo systemctl start mariadb-columnstore $ sudo systemctl enable mariadb-columnstore ``` ## Create the Utility User Enterprise ColumnStore requires a mandatory utility user account. By default, it connects to the server using the root user with no password. MariaDB Enterprise Server 10.6 will reject this login attempt by default, so you will need to configure Enterprise ColumnStore to use a different user account and password and create this user account on Enterprise Server. 1. On the Enterprise ColumnStore node, create the user account with the [CREATE USER](https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/reference/sql-statements/account-management-sql-statements/create-user) statement: ```sql CREATE USER 'util_user'@'127.0.0.1' IDENTIFIED BY 'util_user_passwd'; ``` 2. On the Enterprise ColumnStore node, grant the user account SELECT privileges on all databases with the GRANT statement: ```sql GRANT SELECT, PROCESS ON *.* TO 'util_user'@'127.0.0.1'; ``` 3. Configure Enterprise ColumnStore to use the utility user: ```bash $ sudo mcsSetConfig CrossEngineSupport Host 127.0.0.1 $ sudo mcsSetConfig CrossEngineSupport Port 3306 $ sudo mcsSetConfig CrossEngineSupport User util_user ``` 4. Set the password: ```bash $ sudo mcsSetConfig CrossEngineSupport Password util_user_passwd ``` For details about how to encrypt the password, see "[Credentials Management for MariaDB Enterprise ColumnStore](https://mariadb.com/docs/analytics/mariadb-columnstore/security/enterprise-columnstore-credentials-management)". Passwords should meet your organization's password policies. If your MariaDB Enterprise Server instance has a password validation plugin installed, then the password should also meet the configured requirements. ## Configure Linux Security Modules (LSM) The specific steps to configure the security module depend on the operating system. ### Configure SELinux (CentOS, RHEL) Configure SELinux for Enterprise ColumnStore: 1. To configure SELinux, you have to install the packages required for audit2allow.\ On CentOS 7 and RHEL 7, install the following: ```bash $ sudo yum install policycoreutils policycoreutils-python ``` On RHEL 8, install the following: ```bash $ sudo yum install policycoreutils python3-policycoreutils policycoreutils-python-utils ``` 2. Allow the system to run under load for a while to generate SELinux audit events. 3. After the system has taken some load, generate an SELinux policy from the audit events using audit2allow: ```bash $ sudo grep mysqld /var/log/audit/audit.log | audit2allow -M mariadb_local ``` If no audit events were found, this will print the following: ```bash $ sudo grep mysqld /var/log/audit/audit.log | audit2allow -M mariadb_local Nothing to do ``` 4. If audit events were found, the new SELinux policy can be loaded using semodule: ```bash $ sudo semodule -i mariadb_local.pp ``` 5. Set SELinux to enforcing mode by setting SELINUX=enforcing in /etc/selinux/config. For example, the file will usually look like this after the change: ```editorconfig # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted ``` 6. Set SELinux to enforcing mode: ```bash $ sudo setenforce enforcing ``` ### Configure AppArmor (Ubuntu) For information on how to create a profile, see [How to create an AppArmor Profile](https://ubuntu.com/tutorials/beginning-apparmor-profile-development#1-overview) on ubuntu.com. ## Next Step Navigation in the Single-Node Enterprise ColumnStore topology with Local storage deployment procedure: This page was step 3 of 5. [Next: Step 4: Test MariaDB Enterprise ColumnStore.](https://mariadb.com/docs/analytics/mariadb-columnstore/management/deployment/install-guide/singlenode-localstorage/step-4-test-enterprise-columnstore) *This page is: Copyright © 2025 MariaDB. All rights reserved.* {% @marketo/form formId="4316" %}