MariaDB 10.

1 and Roadmap
Rasmus Johansson
VP Engineering, MariaDB Corporation

MariaDB Corporation Ab.

Agenda
MariaDB 10.1 New Features
MariaDB 10.1 Security Feature Set
MariaDB 10.2
Other interesting things

17/03/2016

MariaDB Corporation Ab.

MariaDB 10.1 has been stable for 5

months
First GA version 10.1.8 released Oct 17th, 2015
Based on MariaDB 10.0

17/03/2016

MariaDB Corporation Ab.

MariaDB 10.1 Themes

Security

17/03/2016

High
Availability
MariaDB Corporation Ab.

Scalability

High
Availability

17/03/2016

MariaDB Corporation Ab.

Galera Cluster integrated

Full integration of Galera Cluster into MariaDB
10.1 it is not a separate download
Enable Galera Cluster when you need it

17/03/2016

MariaDB Corporation Ab.

Galera Custer integrated

Per default MariaDB 10.1 works like a vanilla MariaDB Server
In order to use Galera Cluster you need to set the following:

wrep_on = ON
wsrep_provider
wsrep_cluster_address
binlog_format=ROW
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
innodb_doublewrite=1
query_cache_size=0

17/03/2016

MariaDB Corporation Ab.

Scalability

17/03/2016

MariaDB Corporation Ab.

Parallel Slave Replication (10.0)

Multi-source replication from different masters
(domains) executed in parallel
Queries that are run in parallel on the master are run
in parallel on the slave (based on group commit)
Transactions modifying the same table can be updated in
parallel on the slave!

Supports both statement based and row based

replication.
17/03/2016

MariaDB Corporation Ab.

Optimistic Parallel Replication

New replicaton mode in MariaDB 10.1
Any INSERT, UPDATE or DELETE can be applied in
parallel on the slave
Even if it wasn't committed in parallell on the master

Needs a 10.1 master

Needs a transactional engine for rollback in case of a
conflict
17/03/2016

MariaDB Corporation Ab.

10

Optimistic Parallel Replication

Enabled by
slave-parallel-mode=optimistic
Temporarily disable by variable
@@skip_parallel_replication
Server optimistically assumes that few conflicts will
occur
roll back and retry for conflicting transactions

17/03/2016

MariaDB Corporation Ab.

11

Performance Improvements
Especially for High-End Servers
High processing power
More cores

Benchmark 10.1 on Linux Only POWER8

1 million SQL queries per second: GA MariaDB
10.1 on POWER8
https://blog.mariadb.org/10-1-mio-qps/
17/03/2016

MariaDB Corporation Ab.

12

InnoDB Defragmentation
Deleted records can create gaps on pages
Defragmentation based on an implementation
from Facebook and Kakao Corp.
Neither new SQL literals nor server changes
needed

OPTIMIZE TABLE is used

innodb_defragment=1
17/03/2016

MariaDB Corporation Ab.

13

MySQL Compatibility Feature

MariaDB 10.1 can be a slave to MySQL 5.6
Also when GTIDs are used

Feature was requested by the Community

To test MariaDB in a MySQL deployment
For migrating to MariaDB

17/03/2016

MariaDB Corporation Ab.

14

Security

17/03/2016

MariaDB Corporation Ab.

15

Security

17/03/2016

Validation

Encryption

Authentication

Auditing

MariaDB Corporation Ab.

16

Security Features in MariaDB 10.1

Validation

Encryption

Authentication

Auditing

17/03/2016

Data at Rest Encryption

Password Validation Plugin
PAM Authentication Plugin
Audit Plugin
SSL Connections
Encryption functions
MariaDB Corporation Ab.

17

Data at Rest Encryption

New with MariaDB 10.1
Originates from Google encryption patch
Table space and table encryption
Based on
Encyption key
Key id
Key rotation
Key version
17/03/2016

MariaDB Corporation Ab.

18

Data at Rest Encyption

Encryption for

XtraDB/InnoDB tablespaces
XtraDB/InnoDB log files
Binary logs
Aria tables
Temporary files

No Encryption for
Metadata
Memory
Config-Files
17/03/2016

MariaDB Corporation Ab.

19

Data at Rest Encryption

Last internal benchmarks on encryption
overhead
XtraDB/InnoDB encryption
<1% (ro)
8-14% (rw)

Temporary files encryption

7-10% (filesort)
Binary log encryption: <4%
17/03/2016

MariaDB Corporation Ab.

20

Deleted Data Encryption

Scrubbing
Background threads periodically scan tablespaces
and logs and overwrite all data that should be
deleted.

More info:
https://mariadb.com/kb/en/mariadb/xtradbinnodb-data-scrubbing/
17/03/2016

MariaDB Corporation Ab.

21

Password Validation Plugins

Password validation plugin API
simple_password_check plugin
Can enforce a minimum password length and guarantee that a
password contains at least a specified number of upper and lowercase
letters, digits, and punctuation characters

cracklib_password_check plugin
A widely used library
Stop users from choosing easy to guess passwords. It includes checks
for not allowing passwords based on the username or a dictionary
word etc.
17/03/2016

MariaDB Corporation Ab.

22

PAM Authentication Plugin

Authentication using /etc/shadow
Authentication using LDAP, SSH pass phrases, password
expiration, username mapping, logging every login attempt,
etc
INSTALL PLUGIN pam SONAME 'auth_pam.so';
CREATE USER foo@host IDENTIFIED via pam;
REMEMBER to configure PAM (/etc/pam.d or /etc/pam.conf)

17/03/2016

MariaDB Corporation Ab.

23

Role-Based Access Control

Role: DBA
Permissions:

DBA

Update Schema
View Statistics
Create Database

MariaDB 10
Developer

Sysadmin
MariaDB Corporation Ab.

Database
Tables

Roles
CREATE ROLE journalist;
GRANT SHOW DATABASES ON *.* TO journalist;
GRANT ALL ON db1.* TO journalist;
GRANT journalist to user1;

SET DEFAULT ROLE journalist;

https://mariadb.com/kb/en/mariadb/roles-overview/

MariaDB Corporation Ab.

MariaDB Audit Plugin

Auditing database access to
File (comma delimited format)
Syslog

Modified Plugin API in MariaDB

Audit Plugin compatible with MySQL Server

Only MariaDB allows to monitor table level

events
17/03/2016

MariaDB Corporation Ab.

26

MariaDB Audit Plugin

CONNECT
CONNECTION

DISCONNECT
FAILED CONNECT

DDL
QUERY

DML+TCL

TIMESTAMP
HOST
USER
SESSION

DCL
DATABASE

OBJECT
TABLES

17/03/2016

MariaDB Corporation Ab.

27

MariaDB Audit Plugin

Password filtering included
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test1"@"localhost"
IDENTIFIED BY *****',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'CREATE USER "test4"@"localhost"
IDENTIFIED BY PASSWORD *****',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES
(1,PASSWORD("mypwd"))',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =
PASSWORD("mynewpwd")',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'INSERT INTO t_pwdtest VALUES
(2,OLD_PASSWORD("mypwd2"))',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'UPDATE t_pwdtest SET mypwd =
OLD_PASSWORD("mynewpwd2")',0
20150117 23:40:56,MYSQL5530,root,localhost,1,1,QUERY,,'GRANT ALL ON *.* TO
"test5"@"localhost" IDENTIFIED BY *****',0

17/03/2016

MariaDB Corporation Ab.

28

SSL Connections
Encrytion between client and server
Disabled by default

TLSv1.2 protocol
SSL also available for replication
Variables needed to use SSL
ssl-ca=ca.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
17/03/2016

MariaDB Corporation Ab.

29

Encryption Functions
Encrytion functions are used per column
Available encryptions
AES (Advanced Encryption Standard) algorithm
DES (Data Encryption Standard) algorithm
Requires SSL to be configured

String encryption via DECODE / ENCODE

17/03/2016

MariaDB Corporation Ab.

30

Kerberos authentication plugin

KDC

GSS-API on Linux
Red Hat Directory Server

OpenLDAP

SSPI on Windows
Ticket
1request

Service
2ticket

Active Directory

3-

Client

Here is my service
ticket, authenticate me

4 - Client / Server session

MariaDB
MariaDB Corporation Ab.

MariaDB 10.2

17/03/2016

MariaDB Corporation Ab.

32

MariaDB Server 10.2

Currently in development
Driven by the MariaDB Foundation on behalf of
the community
Dtrong direction provided by our company
experts
Target Dates:
Beta in June 2016
Stable by end of 2016

10.2 Main Features

Area

Feature

Analytics

Window Functions

Connectors

COM_MULTI (protocol enhancement for supporting multiple

COM_ commands in one packet resulting a performance
benefit)
Replace libmysqlclient with MariaDB Connector/C
Binary protocol

MySQL 5.7

InnoDB from 5.7

Virtual column indexes
JSON data type and functions

New APIs

Pluggable Data Type API

Security

Replication

No slave left behind (from Google)

Performance

Speed up connection creation

Password expiration
Extend AES_ENCRYPT()

Support for JSON in 10.2

Create a JSON document store as part of MariaDB
Facilitates handling multiple data types on a single MariaDB platform
JSON as a pluggable data type
Evaluating the format in MySQL 5.7

Built-in JSON functions from MySQL and/or Facebook and/or SQL Standard
JSON_CONTAINS, JSON_EXTRACT, JSON_INSERT, JSON_APPEND, JSON_REMOVE,

Indexing of JSON
CREATE TABLE t1 (col1 JSON, col2 INT AS JSON_EXTRACT(col1, "$.id"), KEY(col2))

Evaluating DocStore created by and used at Facebook

Better Support for Analytics in 10.2

Window Functions - Partitioning
SELECT
name, countrycode,
population *1.0 / sum(population)
OVER (PARTITION by countrycode)
FROM city

Returns the city, together with the fraction of the

country's population living in that city

Better Support for Analytics in 10.2

Window Functions Averages, Smoothing
SELECT
AVG(close_price)
OVER (ORDER BY trade_date
ROWS BETWEEN 2 PRECEDING
AND CURRENT ROW)
FROM stock_prices WHERE symbol='IBM'

Returns the 3-day historical average

Ranges are also supported instead of rows

Thank You
mariadb.com
rasmus@mariadb.com

"MySQL is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners. MariaDB is not affiliated with MySQL."
MariaDB Corporation Ab.

38