MariaDB

Purpose

The system provides a central MariaDB database server for other CAcert infrastructure services.

Administration

System Administration

• Primary: Jan Dittberner

• Secondary: none

Application Administration

Application	Administrator(s)
mariadb	Jan Dittberner

Contact

• mariadb-admin@cacert.org

Basics

Physical Location

This system is located in an LXC container on physical machine Infra03.

Logical Location

IP Internal:

10.0.3.11

IPv6:

2001:7b8:616:162:3::11

MAC address:

00:ff:8f:bc:23:47 (eth0)

See also

See Network

Monitoring

internal checks:

Monitoring checks for mariadb.infra.cacert.org

DNS

Name	Type	Content
mariadb.cacert.org.	IN AAAA	2001:7b8:616:162:3::11
mariadb.infra.cacert.org.	IN A	10.0.3.11
mariadb.infra.cacert.org.	IN AAAA	2001:7b8:616:162:3::11
mariadb.cacert.org	IN SSHFP	1 1 ADAA9A3D2EFFFFAC9AE6DAD83848AD48C1386E02
mariadb.cacert.org	IN SSHFP	1 2 040A0A486739AE2E78FEEA6E3300802196D268EA801939CB3C06AF31C34EA110
mariadb.cacert.org	IN SSHFP	3 1 77FEDBFBA8727B84589E3FC3250F7C74C80C6B8D
mariadb.cacert.org	IN SSHFP	3 2 AB677F8F4814DBF6A409DA98CFAA35752E603F5821E89308E66B086DE47C9374
mariadb.cacert.org	IN SSHFP	4 1 57130AE9B976B7D9F7473A690784A22CD94F4D56
mariadb.cacert.org	IN SSHFP	4 2 EA3A52CEAB2728E37C5AB8229B399105E3213A3DB759F4C7741F4D87D142AF92

See also

See Wiki page SystemAdministration/Procedures/DNSChanges

Operating System

• Debian GNU/Linux 13 Trixie

Services

Listening services

Port	Service	Origin	Purpose
22/tcp	ssh	ANY	admin console access
25/tcp	smtp	local	mail delivery to local MTA
3306/tcp	mariadb	infra	mariadb database service
5665/tcp	icinga2	monitor	remote monitoring service

Running services

Service	Usage	Start mechanism
cron	job scheduler	systemd unit cron.service
dbus-daemon	System message bus	systemd unit dbus.service
Exim	SMTP server for local mail submission	systemd unit exim4.service
icinga2	Icinga2 monitoring agent	systemd unit icinga2.service
openssh server	ssh daemon for remote administration	systemd unit ssh.service
mariadb	MariaDB database server	systemd unit mariadb.service
Puppet agent	configuration management agent	systemd unit puppet.service

Connected Systems

• Monitor

• Nextcloud Nextcloud service

Outbound network connections

• DNS (53) resolver at 10.0.0.1 (Infra02)

• Emailout as SMTP relay

• Puppet (tcp/8140) as Puppet master

• Proxyout as HTTP proxy for APT

Security

SSH host keys

Algorithm	Fingerprints
RSA	SHA256:BAoKSGc5ri54/upuMwCAIZbSaOqAGTnLPAavMcNOoRA, MD5:36:fc:66:82:dc:94:3b:e3:50:97:83:fc:5a:5e:36:61
DSA	-
ECDSA	SHA256:q2d/j0gU2/akCdqYz6o1dS5gP1gh6JMI5msIbeR8k3Q, MD5:ea:64:f2:2e:6d:39:a0:61:6d:b2:07:ba:db:17:5c:81
ED25519	SHA256:6jpSzqsnKON8WrgimzmRBeMhOj23WfTHdB9Nh9FCr5I, MD5:04:1a:a8:a9:29:c4:67:8b:68:3d:40:55:fc:0d:7b:39

See also

SSH host key list

Non-distribution packages and modifications

Risk assessments on critical packages

Critical Configuration items

The system configuration is managed via Puppet profiles. There should be no configuration items outside of the CAcert Git repository cacert-puppet.

Todo

manage mariadb configuration in Puppet code

Tasks

Adding new databases

Database setup should be coordinated via mariadb-admin@cacert.org.

Changes

Nothing planned.

Additional documentation

See also

• Wiki page Exim4Configuration

• https://mariadb.com/kb/en/documentation/