Step 3: Start and Configure Enterprise ColumnStore 23.10
This page is part of MariaDB's Documentation.
The parent of this page is: Deploy Single-Node Enterprise ColumnStore 23.10 with Local Storage
Topics on this page:
Overview
This page details step 3 of a 5-step procedure for deploying Single-Node Enterprise ColumnStore 23.10 with Local storage.
This step starts and configures MariaDB Enterprise Server 10.6 and MariaDB Enterprise ColumnStore 23.10.
Interactive commands are detailed. Alternatively, the described operations can be performed using automation.
Configure Enterprise ColumnStore
Mandatory system variables and options for Single-Node Enterprise ColumnStore include:
System Variable/Option | Description |
---|---|
Set this system variable to | |
Set this system variable to | |
Set this system variable to |
Example Configuration
[mariadb]
log_error = mariadbd.err
character_set_server = utf8
collation_server = utf8_general_ci
Start the Enterprise ColumnStore Services
Start and enable the MariaDB Enterprise Server service, so that it starts automatically upon reboot:
$ sudo systemctl restart mariadb
$ sudo systemctl enable mariadb
Start and enable the MariaDB Enterprise ColumnStore service, so that it starts automatically upon reboot:
$ sudo systemctl restart mariadb-columnstore
$ sudo systemctl enable mariadb-columnstore
Create the Utility User
Enterprise ColumnStore requires a mandatory utility user account to perform cross-engine joins and similar operations.
Create the user account with the CREATE USER statement:
CREATE USER 'util_user'@'127.0.0.1' IDENTIFIED BY 'util_user_passwd';
Grant the user account
SELECT
privileges on all databases with the GRANT statement:GRANT SELECT, PROCESS ON *.* TO 'util_user'@'127.0.0.1';
Configure the utility user:
$ sudo mcsSetConfig CrossEngineSupport Host 127.0.0.1
$ sudo mcsSetConfig CrossEngineSupport Port 3306
$ sudo mcsSetConfig CrossEngineSupport User util_user
Set the password:
$ sudo mcsSetConfig CrossEngineSupport Password util_user_passwd
For details about how to encrypt the password, see "Credentials Management for MariaDB Enterprise ColumnStore".
Passwords should meet your organization's password policies. If your MariaDB Enterprise Server instance has a password validation plugin installed, then the password should also meet the configured requirements.
Configure Linux Security Modules (LSM)
The specific steps to configure the security module depend on the operating system.
Configure SELinux (CentOS, RHEL)
Configure SELinux for Enterprise ColumnStore:
To configure SELinux, you have to install the packages required for
audit2allow
.On RHEL 7 and CentOS 7, install the following:
$ sudo yum install policycoreutils policycoreutils-python
On RHEL 8, install the following:
$ sudo yum install policycoreutils python3-policycoreutils policycoreutils-python-utils
Allow the system to run under load for a while to generate SELinux audit events.
After the system has taken some load, generate an SELinux policy from the audit events using
audit2allow
:$ sudo grep mysqld /var/log/audit/audit.log | audit2allow -M mariadb_local
If no audit events were found, this will print the following:
$ sudo grep mysqld /var/log/audit/audit.log | audit2allow -M mariadb_local
Nothing to do
If audit events were found, the new SELinux policy can be loaded using
semodule
:$ sudo semodule -i mariadb_local.pp
Set SELinux to enforcing mode by setting
SELINUX=enforcing
in/etc/selinux/config
.For example, the file will usually look like this after the change:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Set SELinux to enforcing mode:
$ sudo setenforce enforcing
Configure AppArmor (Ubuntu)
For information on how to create a profile, see How to create an AppArmor Profile on ubuntu.com.
Next Step
Navigation in the Single-Node Enterprise ColumnStore topology with Local storage deployment procedure:
This page was step 3 of 5.