I have recently done some work on improving the MariaDB 10.4 package that is part of the OmniOS extra package repository, to add more features and to make it easier to deploy. Part of that work involved adding support for socket authentication which makes the default installation more secure.

Here’s a walk-through of creating a sparse zone on OmniOS r151032, and then installing MariaDB within that. Commands that are issued within the global zone are shown with a prompt of gz#, and those within the sparse zone itself are prefixed with database#, which is the name of the zone.

Pre-requisites

Before you can create a sparse zone, the zone brand must be installed and you’ll need a ZFS dataset to act as a zone container. If you’ve used zones before, you might already have these in place.

gz# pkg install zones brand/sparse
gz# zfs create -o mountpoint=/zones rpool/zones

Zone creation

In this example I am attaching a VNIC for the zone to an Etherstub called switch10. If you just want to attach it to a global zone NIC, then you can specify global-nic=auto and it will usually do the right thing.

gz# zonecfg -z database
database: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:database> create -t sparse
zonecfg:database> set zonepath=/zones/database
zonecfg:database> add net
zonecfg:database:net> set physical=database0
zonecfg:database:net> set global-nic=switch10
zonecfg:database:net> set allowed-address=172.27.10.7/24
zonecfg:database:net> set defrouter=172.27.10.254
zonecfg:database:net> end
zonecfg:database> add attr
zonecfg:database:attr> set name=resolvers
zonecfg:database:attr> set type=string
zonecfg:database:attr> set value=1.1.1.1
zonecfg:database:attr> end
zonecfg:database> add attr
zonecfg:database:attr> set name=domain-name
zonecfg:database:attr> set type=string
zonecfg:database:attr> set value=omnios.org
zonecfg:database:attr> end
zonecfg:database> verify
zonecfg:database> exit

Zone installation

gz# zoneadm -z database install
A ZFS file system has been created for this zone.

       Image: Preparing at /zones/database/root.
Sanity Check: Looking for 'entire' incorporation.
   Publisher: Using omnios (https://pkg.omnios.org/r151032/core).
   Publisher: Using extra.omnios (https://pkg.omnios.org/r151032/extra/).
       Cache: Using /var/pkg/publisher.
  Installing: Packages (output follows)
Packages to install: 200
Mediators to change:   4
 Services to change:   6

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                            200/200     1476/1476      4.9/4.9  1.1k/s

PHASE                                          ITEMS
Installing new actions                     5869/5869
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done
 Postinstall: Copying SMF seed repository ... done.
        Done: Installation completed in 56.395 seconds.

Zone boot

gz# zoneadm -z database boot
gz# zlogin database

Wait for the initial boot to complete by checking the output of the svcs -x command. Once this command returns no output, the zone is fully up.

Check IP connectivity:

root@database:~# ipadm
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
database0/_a      from-gz  ok           172.27.10.7/24
lo0/v6            static   ok           ::1/128

root@database:~# ping google.com
google.com is alive

Mariadb installation

root@database:~# pkg list -a '*mariadb*'
NAME (PUBLISHER)                                  VERSION                    IFO
ooce/database/mariadb-103 (extra.omnios)          10.3.21-151032.0           ---
ooce/database/mariadb-104 (extra.omnios)          10.4.11-151032.0           ---
root@database:~# pkg install mariadb-104
           Packages to install:  2
           Mediators to change:  1
            Services to change:  3
       Create boot environment: No
Create backup boot environment: No

Release Notes:

  --------------------------
  MariaDB Installation Notes
  --------------------------

  When the mariadb service is started for the first time, an initial
  database will be set up and two all-privilege accounts will be created.

  One is root@localhost, it has no password, but you need to
  be system 'root' user to connect. Use, for example, 'sudo mysql'

  The second is mysql@localhost, it has no password either, but
  you need to be the system 'mysql' user to connect.

  You may wish to review the default configuration file at
  /etc/opt/ooce/mariadb-<version>/my.cnf before starting the service
  for the first time.

  --------------------------


DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                                2/2       694/694    52.0/52.0  5.8M/s

PHASE                                          ITEMS
Installing new actions                       991/991
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done
Updating package cache                           3/3

Start the database and connect

root@database:~# svcadm enable mariadb104
root@database:~# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.4.11-MariaDB OmniOS MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> select current_user() from dual;
+----------------+
| current_user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.000 sec)

Socket authentication is in use by default, which can be checked by verifying that root has an invalid (non-matchable) password hash.

MariaDB [(none)]> select user, password from mysql.user where user != '';
+-------+----------+
| User  | Password |
+-------+----------+
| root  | invalid  |
| mysql | invalid  |
+-------+----------+
2 rows in set (0.001 sec)