====== Network Services Overview: Database Services ======

**General Information**

This page covers the Network Services objectives, specifically for MariaDB. 

**Network Services Objectives**
  * Install the packages needed to provide the service
  * Configure SELinux to support the service
  * Use SELinux port labeling to allow services to use non-standard ports
  * Configure the service to start when the system is booted
  * Configure the service for basic operation
  * Configure host-based and user-based security for the service

----

====== Lab Setup ======

The following virtual machines will be used:
  * server1.example.com (192.168.1.150) -> Perform any client testing here
  * server2.example.com (192.168.1.151) -> Install the database here

----

====== Install the packages needed to provide the service ======

Install the service
<code bash>
yum install mariadb mariadb-server
</code>
  * mariadb -> the client
  * mariadb-server -> the server

\\
Documentation (what can go in the /etc/my.cnf config)
<code bash>
/usr/libexec/mysqld --verbose --help | less

# then search for 'Variables'
/Variables    <enter>
</code>

----

====== Configure SELinux to support the service ======

  * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].

----

====== Use SELinux port labeling to allow services to use non-standard ports ======

Configuring the mariadb service with a non standard port and allowing port access with selinux.

  * Examples: "man semanage-port" has examples for allowing non-standard ports
  * Tip: To see current port labels<code bash>semanage port -l | grep mysql</code>

\\
Edit the main config file
<code bash>
vim /etc/my.cnf

port = 5502
</code>
  * port number selected randomly

\\
Open the firewall to the new port
<code bash>
firewall-cmd --permanent --add-port=5502/tcp
firewall-cmd --reload
</code>

\\
SELinux: Allow mariadb to use the new port
<code bash>
semanage port -a -t mysqld_port_t -p tcp 5502
</code>

\\
Restart the service
<code bash>
systemctl restart mariadb
</code>

\\
Remote clients would need to connect like this example (specifying a port)<code bash>mysql -h 192.168.1.151 --port=5502 -u root -p</code>
  * -h 192.168.1.151  -> Remote hostname to connect to (can be an IP)
  * --port=5502  -> Use this remote port
  * -u root  -> Database username
  * -p  -> Prompt for password

----

====== Configure the service to start when the system is booted ======

Check Current Service Status
<code bash>
systemctl status mariadb
</code>
  * Also displays if the service is enabled or disabled

\\
Enabling a service to start on boot
<code bash>
systemctl enable mariadb
</code>

----

====== Configure the service for basic operation ======

Enable and Start the service
<code bash>
systemctl enable mariadb
systemctl start mariadb
</code>

----

====== Configure host-based and user-based security for the service ======

===== Firewall =====

Allow access through the firewall
<code bash>
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
</code>

===== Host Based =====


===== User Based =====

----