Percona Live Talk by Daniël van Eeden: Protecting MySQL Network Traffic.
Warning: It is somewhat more complicated than this:
Check out the performance slide (#22), too.
Tl;Dr: You want a MySQL compiled against OpenSSL, because SSL Tickets and AES-NI support. YaSSL sucks, hard. With Tickets and hardware symmetric encryption, TLS support in MySQL is actually no longer slow.
Tl;DR 2: MariaDB is actually pretty well positioned here.
It is basically very slow RAM (or very fast flash), which is bit-adressable. So you are not, like with flash, erasing 64 KB sized pages, but you are doing things to individual bits and bytes.
It’s also faster than flash (but slower than DRAM), about 10x faster than old Commodore 64 memory.
And it’s persistent, so if you power off your machine, contents are not gone.
And it is very dense, denser even than the memory you currently use, because no transistors, so less space necessary per bit.
This is going to change a lot of things, but not right now. We need to rethink our approach to persistence.
A blog post over at Percona discusses better replication for MySQL and compares Galera and MySQL Group Replication.
Galera builds their own initial state transfer mechanism and their own transaction distribution mechanism, independently of MySQL replication (write set replication wsrep). wsrep is synchronous – on commit, the write set is shipped, applied and acknowledged (or not).
MySQL Group Replication strives to achive the same thing, but uses their own, “MySQL native” set of technologies to do this.
This is a replay of a much older blog post, which was available in German language in the old blog. It’s from 2012, and neither GTID nor Galera cluster or Group Replication existed back then.
Wonka> The http://www.toppoint.de probably will never have meaningful load, but I would like to know how one would make this highly available. Some kind of Redundant Array of Inexpensive Databases.
Lalufu> MySQL with replication? Or DRBD?
Isotopp> With DRBD. Not with replication.
Since 5.0, MySQL does allow natively encrypted connections to the database, and supposedly also does support client certs for user authentication. Supposedly, because I never tried.
MySQL as a database performs well with transient connections as they are prevalent in two-tier deployments (mod_php, mod_perl, mod_python to database), in which a database connection is made upon web request, and the connection is torn down at the end of the request. This model does not scale so well with encryption in the mix, as on connection a full TLS/SSL exchange must be made.
In this article, JF Gagne explains what happens when you ignore or silence warnings in MySQL instead of dealing with the root cause properly, and is having fun with INSERT IGNORE and other things.
Simon Mudd writes about Setting up MySQL Orchestrator in a production environment at Booking.com. He covers basics, failover, HA and Monitoring.
Following a great idea from their friends at GitLab, Soup.io loses all postings since 2015 because of malfunctioning backups. They write:
We had a big database crash, and the backups we had were corrupted.
The only working backup was from 2015.
Improving Recovery Procedures
9. Automated testing of recovering PostgreSQL database backups (#1102)
Does your database backup successfully restore? Are you sure? Are you testing this?
Remember these words of wisdom:
Nobody wants backup.
Everybody wants restore.
— Martin Seeger