Mariadb – Native MariaDb encryption and clustering

encryptionhigh-availabilitymariadb

Is native (table/Column/tablespace) database encryption possible in a clustered environment. The success criteria would be:

Encrypted Logs
Encryption in transit for all data protocols
Native DB encryption
High availability for 2 sites with ~30 ms latency between each
1-2 local copies at each site for Backups/reporting etc
Sub 30 minute site failover time
Minimal application re-engineering
Assume AWS or Vault KMS

I just need a yes or a no at this stage.
Thanks

Best Answer

Encrypted Logs: You can encrypt the InnoDB redo log and binary log. See the limitations on which types of logs are not encrypted.
Encryption in transit for all data protocols: You can enable secure communications, see e.g. Securing Communications in Galera Cluster
Native DB encryption: Yes, assuming you're using the InnoDB storage engine, you can encrypt all tablespaces, individual tables, or everything excluding individual tables.
High availability for 2 sites with ~30 ms latency between each: You can have a Galera cluster on each site, and have asynchronous master-slave or master-master replication between them. The latency depends on the link between the sites.
1-2 local copies at each site for Backups/reporting etc: Galera cluster has a full copy of the databases in each node.
Sub 30 minute site failover time: Failover can be automated with a database proxy such as MariaDB MaxScale or ProxySQL, or a more general proxy like haproxy.
Minimal application re-engineering: MariDB Galera cluster works much like a single MariaDB server instance from the application's point of view, but note that every table must have a primary key (a single or compound key), and that only the InnoDB storage engine is supported. Also note that unless you're only ever writing to a single node at a time (e.g. read-write splitting which can be configured e.g. with MaxScale), your application needs to take into account that transactions can fail both on individual statements within the transaction and after the commit - see Galera’s big gotcha for MySQL users for details.
Assume AWS or Vault KMS: I don't know.

You may want to look into a solution such as SeveralNines' ClusterControl which I believe can automate a lot of this.

Related Solutions

MariaDB High Availability – Setting Up MariaDB Spider HA

I found my mistake. I realized that spider_link_mon_servers table must contain spider nodes, not backend nodes. And my spider nodes are not running on the same instance as backends. Spider tables run on port 3307.

So I need to configure monitoring servers like this (let's call them "proxy"):

CREATE SERVER server_main_proxy
 FOREIGN DATA WRAPPER mysql
OPTIONS(
 HOST '10.2.0.1',
 PORT 3307,
 DATABASE 'db01',
 USER 'spider',
 PASSWORD '123456'
);

CREATE SERVER server_backup_proxy
 FOREIGN DATA WRAPPER mysql
OPTIONS(
 HOST '10.2.0.2',
 PORT 3307,
 DATABASE 'db01',
 USER 'spider',
 PASSWORD '123456'
);

TRUNCATE mysql.spider_link_mon_servers;
INSERT INTO mysql.spider_link_mon_servers 
(db_name, table_name, link_id, sid, server) 
VALUES
('%', '%', '%', 100, 'server_main_proxy'),
('%', '%', '%', 101, 'server_backup_proxy');

SELECT spider_flush_table_mon_cache();

Now, if I stop "main" instance (3306 one), spider detects it and access only backup node.

There is still one feature I have not been able to operate: use only main backend if it is alive, and use backup backend only if the main backend dies...

EDIT 11/02/2014 :

The parameter "alc" (active_link_count) set to 1 is what I need in order to use second backend as a failover backend only. So something like this did the trick:

ALTER TABLE np ENGINE=SPIDER COMMENT='wrapper "mysql", srv "server_main server_backup", database "db01", table "np", mbk "2", mkd "2", alc "1", msi "100 101", link_status "0 0"';

Mariadb – Does MariaDB support native JSON column data type

JSON support will come to MariaDB 10.2. See the official MariaDB blog post from 28.02.2017. There are some example SQL statements and validation.

JSON is fast becoming the standard format for data interchange and for unstructured data, and MariaDB 10.2 adds a range on JSON supporting functions, even though a JSON datatype isn't implemented yet. There are some reasons why there isn't a JSON datatype, but one is that there are actually not that many advantages to that as JSON is a text-based format. This blog post aims to describe JSON and the use cases for it, as well as to describe the MariaDB 10.2 JSON functions and uses for these, as well as showing some other additions to MariaDB 10.2 that are useful for JSON processing.

Best Answer

Related Solutions

MariaDB High Availability – Setting Up MariaDB Spider HA

Mariadb – Does MariaDB support native JSON column data type

Related Question