Network Services Overview: Database Services
General Information
This page covers the Network Services objectives, specifically for MariaDB.
Network Services Objectives
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
Lab Setup
The following virtual machines will be used:
- server1.example.com (192.168.1.150) → Perform any client testing here
- server2.example.com (192.168.1.151) → Install the database here
Install the packages needed to provide the service
Install the service
yum install mariadb mariadb-server
- mariadb → the client
- mariadb-server → the server
Documentation (what can go in the /etc/my.cnf config)
/usr/libexec/mysqld --verbose --help | less # then search for 'Variables' /Variables <enter>
Configure SELinux to support the service
- Service agnostic → Ensure SELinux is running and enabled (RHCSA objective).
Use SELinux port labeling to allow services to use non-standard ports
Configuring the mariadb service with a non standard port and allowing port access with selinux.
- Examples: “man semanage-port” has examples for allowing non-standard ports
- Tip: To see current port labels
semanage port -l | grep mysql
Edit the main config file
vim /etc/my.cnf port = 5502
- port number selected randomly
Open the firewall to the new port
firewall-cmd --permanent --add-port=5502/tcp firewall-cmd --reload
SELinux: Allow mariadb to use the new port
semanage port -a -t mysqld_port_t -p tcp 5502
Restart the service
systemctl restart mariadb
Remote clients would need to connect like this example (specifying a port)
mysql -h 192.168.1.151 --port=5502 -u root -p
- -h 192.168.1.151 → Remote hostname to connect to (can be an IP)
- –port=5502 → Use this remote port
- -u root → Database username
- -p → Prompt for password
Configure the service to start when the system is booted
Check Current Service Status
systemctl status mariadb
- Also displays if the service is enabled or disabled
Enabling a service to start on boot
systemctl enable mariadb
Configure the service for basic operation
Enable and Start the service
systemctl enable mariadb
systemctl start mariadb
Configure host-based and user-based security for the service
Firewall
Allow access through the firewall
firewall-cmd --permanent --add-service=mysql firewall-cmd --reload