MySQL runbook

MySQL (MariaDB) is an optional third-party database that can be used for Access Control List (ACL) storage in Deephaven. This is a legacy configuration; modern deployments use etcd for ACL storage. MySQL is only required if your installation has not yet migrated ACLs to etcd.

Impact of MySQL failure

LevelImpact
Sev 1 - CriticalThe Authentication Server, ACL Write Server, and Deephaven Clients will be impacted. Query workers will also be affected and unable to check effective user permissions.

Note

This severity only applies if using MySQL for ACL storage. If ACLs are stored in etcd, MySQL failure has no impact.

MySQL dependencies

MySQL has no dependencies on Deephaven services. It is a standalone database that must be running before Deephaven processes that use it can start.

Dependent Deephaven services:

  • Authentication Server — reads ACL data.
  • ACL Write Server — writes ACL data.
  • Worker processes — read permissions during authorization.

Checking MySQL status

Check MySQL service is running:

Expected output should show active (running).

Test MySQL connectivity:

Viewing MySQL logs

View MariaDB log:

Tail the log to follow in real-time:

View error log:

Restart procedure

Restart MySQL:

Warning

Restarting MySQL temporarily interrupts ACL access for all Deephaven services. This prevents new user logins and permission checks until MySQL is back online.

Verify the restart was successful:

Check database accessibility:

Deephaven MySQL connection configuration

Deephaven processes connect to the dbacl_iris database using the MysqlDbAclProvider properties. See ACL storage for full configuration details.

Backup and restore

Backup MySQL ACLs

See etcd and MySQL backup for the full backup and restore procedure, including the preferred Deephaven backup script approach.

Restore MySQL ACLs

Warning

Restoring overwrites all current ACL data. Ensure this is intentional.

MySQL user management

Verify Deephaven MySQL users

Reset Deephaven user password

Update the corresponding password files referenced by MysqlDbAclProvider.passwordFile and MysqlDbAclProvider.readWritePasswordFile, then restart the Authentication Server and ACL Write Server.

Grant permissions to Deephaven users

Migrating from MySQL to etcd

Modern Deephaven deployments use etcd for ACL storage. To migrate:

See Migrating ACLs to etcd for detailed procedure. The ACL storage page provides the step-by-step dhconfig acls commands for export and import.

Migration overview:

  1. Export ACLs from MySQL to XML.
  2. Configure Deephaven to use etcd for ACLs.
  3. Import ACLs to etcd.
  4. Restart Deephaven services.
  5. Verify ACLs work correctly.
  6. Decommission MySQL (optional).

Benefits of etcd-based ACLs:

  • Unified configuration storage.
  • Better consistency with cluster state.
  • No separate database to manage.
  • Simpler backup/restore.
  • Better integration with Deephaven tooling.

Configuration files and locations

System service: Managed by systemd

Service control: systemctl {start|stop|restart|status} mariadb

Configuration file: /etc/my.cnf

Data directory: /var/lib/mysql/

Log files:

  • /var/log/mariadb/mariadb.log
  • Error log location configured in /etc/my.cnf

Socket file: /var/lib/mysql/mysql.sock

ACL database: dbacl_iris