Chapter 2. Using MariaDB

The MariaDB server is an open source fast and robust database server that is based on the MySQL technology. This part describes how to install and configure MariaDB on a RHEL system, how to back up MariaDB data, how to migrate from an earlier MariaDB version, and how to replicate a database using the MariaDB Galera Cluster.

2.1. Getting started with MariaDB

MariaDB is a relational database that converts data into structured information and provides an SQL interface for accessing data. It includes multiple storage engines and plug-ins, as well as geographic information system (GIS) and JavaScript Object Notation (JSON) features.

For Red Hat Enterprise Linux 9 this part describes:

2.2. Installing MariaDB

RHEL 9.0 provides MariaDB 10.5 as the initial version of this Application Stream, which can be installed easily as an RPM package. Additional MariaDB versions will be provided as modules with a shorter life cycle in future minor releases of RHEL 9.

To install MariaDB, use the following procedure.


  1. Install MariaDB server packages:

    # dnf install mariadb-server
  2. Start the mariadb service:

    # systemctl start mariadb.service
  3. Enable the mariadb service to start at boot:

    # systemctl enable mariadb.service

The MariaDB and MySQL database servers cannot be installed in parallel in RHEL 9 due to conflicting RPM packages. In RHEL 9, different versions of database servers can be used in containers.

2.3. Configuring MariaDB

To configure the MariaDB server for networking, use the following procedure.


  1. Edit the [mysqld] section of the /etc/my.cnf.d/mariadb-server.cnf file. You can set the following configuration directives:

    • bind-address - is the address on which the server listens. Possible options are:

      • a host name
      • an IPv4 address
      • an IPv6 address
    • skip-networking - controls whether the server listens for TCP/IP connections. Possible values are:

      • 0 - to listen for all clients
      • 1 - to listen for local clients only
    • port - the port on which MariaDB listens for TCP/IP connections.
  2. Restart the mariadb service:

    # systemctl restart mariadb.service

2.4. Setting up TLS encryption on a MariaDB server

By default, MariaDB uses unencrypted connections. For secure connections, enable TLS support on the MariaDB server and configure your clients to establish encrypted connections.

2.4.1. Placing the CA certificate, server certificate, and private key on the MariaDB server

Before you can enable TLS encryption in the MariaDB server, store the certificate authority (CA) certificate, the server certificate, and the private key on the MariaDB server.


  • The following files in Privacy Enhanced Mail (PEM) format have been copied to the server:

    • The private key of the server:
    • The server certificate:
    • The Certificate Authority (CA) certificate: ca.crt.pem

    For details about creating a private key and certificate signing request (CSR), as well as about requesting a certificate from a CA, see your CA’s documentation.


  1. Store the CA and server certificates in the /etc/pki/tls/certs/ directory:

    # mv <path>/ /etc/pki/tls/certs/
    # mv <path>/ca.crt.pem /etc/pki/tls/certs/
  2. Set permissions on the CA and server certificate that enable the MariaDB server to read the files:

    # chmod 644 /etc/pki/tls/certs/ /etc/pki/tls/certs/ca.crt.pem

    Because certificates are part of the communication before a secure connection is established, any client can retrieve them without authentication. Therefore, you do not need to set strict permissions on the CA and server certificate files.

  3. Store the server’s private key in the /etc/pki/tls/private/ directory:

    # mv <path>/ /etc/pki/tls/private/
  4. Set secure permissions on the server’s private key:

    # chmod 640 /etc/pki/tls/private/
    # chgrp mysql /etc/pki/tls/private/

    If unauthorized users have access to the private key, connections to the MariaDB server are no longer secure.

  5. Restore the SELinux context:

    #  restorecon -Rv /etc/pki/tls/

2.4.2. Configuring TLS on a MariaDB server

To improve security, enable TLS support on the MariaDB server. As a result, clients can transmit data with the server using TLS encryption.


  • You installed the MariaDB server.
  • The mariadb service is running.
  • The following files in Privacy Enhanced Mail (PEM) format exist on the server and are readable by the mysql user:

    • The private key of the server: /etc/pki/tls/private/
    • The server certificate: /etc/pki/tls/certs/
    • The Certificate Authority (CA) certificate /etc/pki/tls/certs/ca.crt.pem
  • The subject distinguished name (DN) or the subject alternative name (SAN) field in the server certificate matches the server’s host name.


  1. Create the /etc/my.cnf.d/mariadb-server-tls.cnf file:

    1. Add the following content to configure the paths to the private key, server and CA certificate:

      ssl_key = /etc/pki/tls/private/
      ssl_cert = /etc/pki/tls/certs/
      ssl_ca = /etc/pki/tls/certs/ca.crt.pem
    2. If you have a Certificate Revocation List (CRL), configure the MariaDB server to use it:

      ssl_crl = /etc/pki/tls/certs/example.crl.pem
    3. Optional: Reject connection attempts without encryption. To enable this feature, append:

      require_secure_transport = on
    4. Optional: Set the TLS versions the server should support. For example, to support TLS 1.2 and TLS 1.3, append:

      tls_version = TLSv1.2,TLSv1.3

      By default, the server supports TLS 1.1, TLS 1.2, and TLS 1.3.

  2. Restart the mariadb service:

    # systemctl restart mariadb


To simplify troubleshooting, perform the following steps on the MariaDB server before you configure the local client to use TLS encryption:

  1. Verify that MariaDB now has TLS encryption enabled:

    # mysql -u root -p -e "SHOW GLOBAL VARIABLES LIKE 'have_ssl';"
    | Variable_name | Value           |
    | have_ssl      | YES             |

    If the have_ssl variable is set to yes, TLS encryption is enabled.

  2. If you configured the MariaDB service to only support specific TLS versions, display the tls_version variable:

    # mysql -u root -p -e "SHOW GLOBAL VARIABLES LIKE 'tls_version';"
    | Variable_name | Value           |
    | tls_version   | TLSv1.2,TLSv1.3 |

2.4.3. Requiring TLS encrypted connections for specific user accounts

Users that have access to sensitive data should always use a TLS-encrypted connection to avoid sending data unencrypted over the network.

If you cannot configure on the server that a secure transport is required for all connections (require_secure_transport = on), configure individual user accounts to require TLS encryption.


  • The MariaDB server has TLS support enabled.
  • The user you configure to require secure transport exists.


  1. Connect as an administrative user to the MariaDB server:

    # mysql -u root -p -h

    If your administrative user has no permissions to access the server remotely, perform the command on the MariaDB server and connect to localhost.

  2. Use the REQUIRE SSL clause to enforce that a user must connect using a TLS-encrypted connection:

    MariaDB [(none)]> ALTER USER 'example'@'%' REQUIRE SSL;


  1. Connect to the server as the example user using TLS encryption:

    # mysql -u example -p -h --ssl
    MariaDB [(none)]>

    If no error is shown and you have access to the interactive MariaDB console, the connection with TLS succeeds.

  2. Attempt to connect as the example user with TLS disabled:

    # mysql -u example -p -h --skip-ssl
    ERROR 1045 (28000): Access denied for user 'example'@'' (using password: YES)

    The server rejected the login attempt, because TLS is required for this user, but disabled (--skip-ssl).

2.5. Globally enabling TLS encryption in MariaDB clients

If your MariaDB server supports TLS encryption, configure your clients to establish only secure connections and to verify the server certificate. This procedure describes how to enable TLS support for all users on the server.

2.5.1. Configuring the MariaDB client to use TLS encryption by default

On RHEL, you can globally configure that the MariaDB client uses TLS encryption and verifies that the Common Name (CN) in the server certificate matches the hostname the user connects to. This prevents man-in-the-middle attacks.


  • The MariaDB server has TLS support enabled.
  • If the certificate authority (CA) that issued the server’s certificate is not trusted by RHEL, the CA certificate has been copied to the client.
  • If the MariaDB server runs RHEL 9.2 or later and the FIPS mode is enabled, this client supports the Extended Master Secret (EMS) extension or uses TLS 1.3. TLS 1.2 connections without EMS fail. For more information, see the TLS extension "Extended Master Secret" enforced Knowledgebase article.


  1. If RHEL does not trust the CA that issued the server’s certificate:

    1. Copy the CA certificate to the /etc/pki/ca-trust/source/anchors/ directory:

      # cp <path>/ca.crt.pem /etc/pki/ca-trust/source/anchors/
    2. Set permissions that enable all users to read the CA certificate file:

      # chmod 644 /etc/pki/ca-trust/source/anchors/ca.crt.pem
    3. Rebuild the CA trust database:

      # update-ca-trust
  2. Create the /etc/my.cnf.d/mariadb-client-tls.cnf file with the following content:


    These settings define that the MariaDB client uses TLS encryption (ssl) and that the client compares the hostname with the CN in the server certificate (ssl-verify-server-cert).


  • Connect to the server using the hostname, and display the server status:

    # mysql -u root -p -h -e status
    SSL:        Cipher in use is TLS_AES_256_GCM_SHA384

    If the SSL entry contains Cipher in use is…​, the connection is encrypted.

    Note that the user you use in this command has permissions to authenticate remotely.

    If the hostname you connect to does not match the hostname in the TLS certificate of the server, the ssl-verify-server-cert parameter causes the connection to fail. For example, if you connect to localhost:

    # mysql -u root -p -h localhost -e status
    ERROR 2026 (HY000): SSL connection error: Validation of SSL server certificate failed

Additional resources

  • The --ssl* parameter descriptions in the mysql(1) man page.

2.6. Backing up MariaDB data

There are two main ways to back up data from a MariaDB database in Red Hat Enterprise Linux 9:

  • Logical backup
  • Physical backup

Logical backup consists of the SQL statements necessary to restore the data. This type of backup exports information and records in plain text files.

The main advantage of logical backup over physical backup is portability and flexibility. The data can be restored on other hardware configurations, MariaDB versions or Database Management System (DBMS), which is not possible with physical backups.

Note that logical backup can be performed if the mariadb.service is running. Logical backup does not include log and configuration files.

Physical backup consists of copies of files and directories that store the content.

Physical backup has the following advantages compared to logical backup:

  • Output is more compact.
  • Backup is smaller in size.
  • Backup and restore are faster.
  • Backup includes log and configuration files.

Note that physical backup must be performed when the mariadb.service is not running or all tables in the database are locked to prevent changes during the backup.

You can use one of the following MariaDB backup approaches to back up data from a MariaDB database:

  • Logical backup with mariadb-dump
  • Physical online backup using the Mariabackup utility
  • File system backup
  • Replication as a backup solution

2.6.1. Performing logical backup with mariadb-dump

The mariadb-dump client is a backup utility, which can be used to dump a database or a collection of databases for the purpose of a backup or transfer to another database server. The output of mariadb-dump typically consists of SQL statements to re-create the server table structure, populate it with data, or both. mariadb-dump can also generate files in other formats, including XML and delimited text formats, such as CSV.

To perform the mariadb-dump backup, you can use one of the following options:

  • Back up one or more selected databases
  • Back up all databases
  • Back up a subset of tables from one database


  • To dump a single database, run:

    # mariadb-dump [options] --databases db_name > backup-file.sql
  • To dump multiple databases at once, run:

    # mariadb-dump [options] --databases db_name1 [db_name2 ...] > backup-file.sql
  • To dump all databases, run:

    # mariadb-dump [options] --all-databases > backup-file.sql
  • To load one or more dumped full databases back into a server, run:

    # mariadb < backup-file.sql
  • To load a database to a remote MariaDB server, run:

    # mariadb --host=remote_host < backup-file.sql
  • To dump a subset of tables from one database, add a list of the chosen tables at the end of the mariadb-dump command:

    # mariadb-dump [options] db_name [tbl_name ...​] > backup-file.sql
  • To load a subset of tables dumped from one database, run:

    # mariadb db_name < backup-file.sql

    The db_name database must exist at this point.

  • To see a list of the options that mariadb-dump supports, run:

    $ mariadb-dump --help

2.6.2. Performing physical online backup using the Mariabackup utility

Mariabackup is a utility based on the Percona XtraBackup technology, which enables performing physical online backups of InnoDB, Aria, and MyISAM tables. This utility is provided by the mariadb-backup package from the AppStream repository.

Mariabackup supports full backup capability for MariaDB server, which includes encrypted and compressed data.


  • The mariadb-backup package is installed on the system:

    # dnf install mariadb-backup
  • You must provide Mariabackup with credentials for the user under which the backup will be run. You can provide the credentials either on the command line or by a configuration file.
  • Users of Mariabackup must have the RELOAD, LOCK TABLES, and REPLICATION CLIENT privileges.

To create a backup of a database using Mariabackup, use the following procedure.


  • To create a backup while providing credentials on the command line, run:

    $ mariabackup --backup --target-dir <backup_directory> --user <backup_user> --password <backup_passwd>

    The target-dir option defines the directory where the backup files are stored. If you want to perform a full backup, the target directory must be empty or not exist.

    The user and password options allow you to configure the user name and the password.

  • To create a backup with credentials set in a configuration file:

    1. Create a configuration file in the /etc/my.cnf.d/ directory, for example, /etc/my.cnf.d/mariabackup.cnf.
    2. Add the following lines into the [xtrabackup] or [mysqld] section of the new file:

    3. Perform the backup:

      $ mariabackup --backup --target-dir <backup_directory>

Mariabackup does not read options in the [mariadb] section of configuration files. If a non-default data directory is specified on a MariaDB server, you must specify this directory in the [xtrabackup] or [mysqld] sections of configuration files so that Mariabackup is able to find the data directory.

To specify a non-default data directory, include the following line in the [xtrabackup] or [mysqld] sections of MariaDB configuration files:


2.6.3. Restoring data using the Mariabackup utility

When the backup is complete, you can restore the data from the backup by using the mariabackup command with one of the following options:

  • --copy-back allows you to keep the original backup files.
  • --move-back moves the backup files to the data directory and removes the original backup files.

To restore data using the Mariabackup utility, use the following procedure.


  • Verify that the mariadb service is not running:

    # systemctl stop mariadb.service
  • Verify that the data directory is empty.
  • Users of Mariabackup must have the RELOAD, LOCK TABLES, and REPLICATION CLIENT privileges.


  1. Run the mariabackup command:

    • To restore data and keep the original backup files, use the --copy-back option:

      $ mariabackup --copy-back --target-dir=/var/mariadb/backup/
    • To restore data and remove the original backup files, use the --move-back option:

      $ mariabackup --move-back --target-dir=/var/mariadb/backup/
  2. Fix the file permissions.

    When restoring a database, Mariabackup preserves the file and directory privileges of the backup. However, Mariabackup writes the files to disk as the user and group restoring the database. After restoring a backup, you may need to adjust the owner of the data directory to match the user and group for the MariaDB server, typically mysql for both.

    For example, to recursively change ownership of the files to the mysql user and group:

    # chown -R mysql:mysql /var/lib/mysql/
  3. Start the mariadb service:

    # systemctl start mariadb.service

2.6.4. Performing file system backup

To create a file system backup of MariaDB data files, copy the content of the MariaDB data directory to your backup location.

To back up also your current configuration or the log files, use the optional steps of the following procedure.


  1. Stop the mariadb service:

    # systemctl stop mariadb.service
  2. Copy the data files to the required location:

    # cp -r /var/lib/mysql /backup-location
  3. Optionally, copy the configuration files to the required location:

    # cp -r /etc/my.cnf /etc/my.cnf.d /backup-location/configuration
  4. Optionally, copy the log files to the required location:

    # cp /var/log/mariadb/ /backup-location/logs*
  5. Start the mariadb service:

    # systemctl start mariadb.service
  6. When loading the backed up data from the backup location to the /var/lib/mysql directory, ensure that mysql:mysql is an owner of all data in /var/lib/mysql:

    # chown -R mysql:mysql /var/lib/mysql

2.6.5. Replication as a backup solution

Replication is an alternative backup solution for source servers. If a source server replicates to a replica server, backups can be run on the replica without any impact on the source. The source can still run while you shut down the replica and back the data up from the replica.


Replication itself is not a sufficient backup solution. Replication protects source servers against hardware failures, but it does not ensure protection against data loss. It is recommended that you use any other backup solution on the replica together with this method.

2.7. Migrating to MariaDB 10.5

In RHEL 8, the MariaDB server is available in versions 10.3 and 10.5, each provided by a separate module stream. RHEL 9 provides MariaDB 10.5 and MySQL 8.0. This part describes migration from a RHEL 8 version of MariaDB 10.3 to RHEL 9 version of MariaDB 10.5.

2.7.1. Notable differences between MariaDB 10.3 and MariaDB 10.5

Significant changes between MariaDB 10.3 and MariaDB 10.5 include:

  • MariaDB now uses the unix_socket authentication plug-in by default. The plug-in enables users to use operating system credentials when connecting to MariaDB through the local UNIX socket file.
  • MariaDB adds mariadb-* named binaries and mysql* symbolic links pointing to the mariadb-* binaires. For example, the mysqladmin, mysqlaccess, and mysqlshow symlinks point to the mariadb-admin, mariadb-access, and mariadb-show binaries, respectively.
  • The SUPER privilege has been split into several privileges to better align with each user role. As a result, certain statements have changed required privileges.
  • In parallel replication, the slave_parallel_mode now defaults to optimistic.
  • In the InnoDB storage engine, defaults of the following variables have been changed: innodb_adaptive_hash_index to OFF and innodb_checksum_algorithm to full_crc32.
  • MariaDB now uses the libedit implementation of the underlying software managing the MariaDB command history (the .mysql_history file) instead of the previously used readline library. This change impacts users working directly with the .mysql_history file. Note that .mysql_history is a file managed by the MariaDB or MySQL applications, and users should not work with the file directly. The human-readable appearance is coincidental.


    To increase security, you can consider not maintaining a history file. To disable the command history recording:

    1. Remove the .mysql_history file if it exists.
    2. Use either of the following approaches:

      • Set the MYSQL_HISTFILE variable to /dev/null and include this setting in any of your shell’s startup files.
      • Change the .mysql_history file to a symbolic link to /dev/null:

        $ ln -s /dev/null $HOME/.mysql_history

MariaDB Galera Cluster has been upgraded to version 4 with the following notable changes:

  • Galera adds a new streaming replication feature, which supports replicating transactions of unlimited size. During an execution of streaming replication, a cluster replicates a transaction in small fragments.
  • Galera now fully supports Global Transaction ID (GTID).
  • The default value for the wsrep_on option in the /etc/my.cnf.d/galera.cnf file has changed from 1 to 0 to prevent end users from starting wsrep replication without configuring required additional options.

Changes to the PAM plug-in in MariaDB 10.5 include:

  • MariaDB 10.5 adds a new version of the Pluggable Authentication Modules (PAM) plug-in. The PAM plug-in version 2.0 performs PAM authentication using a separate setuid root helper binary, which enables MariaDB to use additional PAM modules.
  • The helper binary can be executed only by users in the mysql group. By default, the group contains only the mysql user. Red Hat recommends that administrators do not add more users to the mysql group to prevent password-guessing attacks without throttling or logging through this helper utility.
  • In MariaDB 10.5, the Pluggable Authentication Modules (PAM) plug-in and its related files have been moved to a new package, mariadb-pam. As a result, no new setuid root binary is introduced on systems that do not use PAM authentication for MariaDB.
  • The mariadb-pam package contains both PAM plug-in versions: version 2.0 is the default, and version 1.0 is available as the auth_pam_v1 shared object library.
  • The mariadb-pam package is not installed by default with the MariaDB server. To make the PAM authentication plug-in available in MariaDB 10.5, install the mariadb-pam package manually.

2.7.2. Migrating from a RHEL 8 version of MariaDB 10.3 to a RHEL 9 version of MariaDB 10.5

This procedure describes migrating from the MariaDB 10.3 to the MariaDB 10.5 using the mariadb-upgrade utility.

The mariadb-upgrade utility is provided by the mariadb-server-utils subpackage, which is installed as a dependency of the mariadb-server package.


  • Before performing the upgrade, back up all your data stored in the MariaDB databases.


  1. Ensure that the mariadb-server package is installed on the RHEL 9 system:

    # dnf install mariadb-server
  2. Ensure that the mariadb service is not running on either of the source and target systems at the time of copying data:

    # systemctl stop mariadb.service
  3. Copy the data from the source location to the /var/lib/mysql/ directory on the RHEL 9 target system.
  4. Set the appropriate permissions and SELinux context for copied files on the target system:

    # restorecon -vr /var/lib/mysql
  5. Ensure that mysql:mysql is owner of all data in the /var/lib/mysql directory:

    # chown -R mysql:mysql /var/lib/mysql
  6. Adjust configuration so that option files located in /etc/my.cnf.d/ include only options valid for MariaDB 10.5. For details, see upstream documentation for MariaDB 10.4 and MariaDB 10.5.
  7. Start the MariaDB server on the target system.

    • When upgrading a database running standalone:

      # systemctl start mariadb.service
    • When upgrading a Galera cluster node:

      # galera_new_cluster

      The mariadb service will be started automatically.

  8. Execute the mariadb-upgrade utility to check and repair internal tables.

    • When upgrading a database running standalone:

      $ mariadb-upgrade
    • When upgrading a Galera cluster node:

      $ mariadb-upgrade --skip-write-binlog

There are certain risks and known problems related to an in-place upgrade. For example, some queries might not work or they will be run in different order than before the upgrade. For more information about these risks and problems, and for general information about an in-place upgrade, see MariaDB 10.5 Release Notes.

2.8. Replicating MariaDB with Galera

This section describes how to replicate a MariaDB database using the Galera solution on Red Hat Enterprise Linux 9.

2.8.1. Introduction to MariaDB Galera Cluster

Galera replication is based on the creation of a synchronous multi-source MariaDB Galera Cluster consisting of multiple MariaDB servers. Unlike the traditional primary/replica setup where replicas are usually read-only, nodes in the MariaDB Galera Cluster can be all writable.

The interface between Galera replication and a MariaDB database is defined by the write set replication API (wsrep API).

The main features of MariaDB Galera Cluster are:

  • Synchronous replication
  • Active-active multi-source topology
  • Read and write to any cluster node
  • Automatic membership control, failed nodes drop from the cluster
  • Automatic node joining
  • Parallel replication on row level
  • Direct client connections: users can log on to the cluster nodes, and work with the nodes directly while the replication runs

Synchronous replication means that a server replicates a transaction at commit time by broadcasting the write set associated with the transaction to every node in the cluster. The client (user application) connects directly to the Database Management System (DBMS), and experiences behavior that is similar to native MariaDB.

Synchronous replication guarantees that a change that happened on one node in the cluster happens on other nodes in the cluster at the same time.

Therefore, synchronous replication has the following advantages over asynchronous replication:

  • No delay in propagation of the changes between particular cluster nodes
  • All cluster nodes are always consistent
  • The latest changes are not lost if one of the cluster nodes crashes
  • Transactions on all cluster nodes are executed in parallel
  • Causality across the whole cluster

2.8.2. Components to build MariaDB Galera Cluster

To build MariaDB Galera Cluster, you must install the following packages on your system:

  • mariadb-server-galera - contains support files and scripts for MariaDB Galera Cluster.
  • mariadb-server - is patched by MariaDB upstream to include the write set replication API (wsrep API). This API provides the interface between Galera replication and MariaDB.
  • galera - is patched by MariaDB upstream to add full support for MariaDB. The galera package contains the following:

    • Galera Replication Library provides the whole replication functionality.
    • The Galera Arbitrator utility can be used as a cluster member that participates in voting in split-brain scenarios. However, Galera Arbitrator cannot participate in the actual replication.
    • Galera Systemd service and Galera wrapper script which are used for deploying the Galera Arbitrator utility. RHEL 9 provides the upstream version of these files, located at /usr/lib/systemd/system/garbd.service and /usr/sbin/garb-systemd.

2.8.3. Deploying MariaDB Galera Cluster

You can deploy the MariaDB Galera Cluster packages and update the configuration. To form a new cluster, you must bootstrap the first node of the cluster.


  • Install the MariaDB Galera Cluster packages:

    # dnf install mariadb-server-galera

    As a result, the following packages are installed together with their dependencies:

  • The MariaDB server replication configuration must be updated before the system is added to a cluster for the first time.

    The default configuration is distributed in the /etc/my.cnf.d/galera.cnf file.

    Before deploying MariaDB Galera Cluster, set the wsrep_cluster_address option in the /etc/my.cnf.d/galera.cnf file on all nodes to start with the following string:

    • For the initial node, it is possible to set wsrep_cluster_address as an empty list:

    • For all other nodes, set wsrep_cluster_address to include an address to any node which is already a part of the running cluster. For example:


      For more information about how to set Galera Cluster address, see Galera Cluster Address.


  1. Bootstrap a first node of a new cluster by running the following wrapper on that node:

    # galera_new_cluster

    This wrapper ensures that the MariaDB server daemon (mariadbd) runs with the --wsrep-new-cluster option. This option provides the information that there is no existing cluster to connect to. Therefore, the node creates a new UUID to identify the new cluster.


    The mariadb service supports a systemd method for interacting with multiple MariaDB server processes. Therefore, in cases with multiple running MariaDB servers, you can bootstrap a specific instance by specifying the instance name as a suffix:

    # galera_new_cluster mariadb@node1
  2. Connect other nodes to the cluster by running the following command on each of the nodes:

    # systemctl start mariadb

    As a result, the node connects to the cluster, and synchronizes itself with the state of the cluster.

2.8.4. Adding a new node to MariaDB Galera Cluster

To add a new node to MariaDB Galera Cluster, use the following procedure.

Note that you can also use this procedure to reconnect an already existing node.


  • On the particular node, provide an address to one or more existing cluster members in the wsrep_cluster_address option within the [mariadb] section of the /etc/my.cnf.d/galera.cnf configuration file :


    When a new node connects to one of the existing cluster nodes, it is able to see all nodes in the cluster.

    However, preferably list all nodes of the cluster in wsrep_cluster_address.

    As a result, any node can join a cluster by connecting to any other cluster node, even if one or more cluster nodes are down. When all members agree on the membership, the cluster’s state is changed. If the new node’s state is different from the state of the cluster, the new node requests either an Incremental State Transfer (IST) or a State Snapshot Transfer (SST) to ensure consistency with the other nodes.

2.8.5. Restarting MariaDB Galera Cluster

If you shut down all nodes at the same time, you stop the cluster, and the running cluster no longer exists. However, the cluster’s data still exist.

To restart the cluster, bootstrap a first node as described in Configuring MariaDB Galera cluster.


If the cluster is not bootstrapped, and mariadbd on the first node is started with only the systemctl start mariadb command, the node tries to connect to at least one of the nodes listed in the wsrep_cluster_address option in the /etc/my.cnf.d/galera.cnf file. If no nodes are currently running, the restart fails.