How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04


ProxySQL is an MySQL that is open-source proxy, meaning it serves as an intermediary between a MySQL server and the applications that access its databases. ProxySQL can improve performance by distributing traffic among a pool of multiple database servers and also automatically improve availability by a deep failing up to a standby if a number of regarding the database servers fail.

In this guide, you certainly will arranged ProxySQL as lots balancer for numerous MySQL servers with automated failover. This tutorial uses a multi-primary replicated cluster of three MySQL servers, but you can use a similar approach with other cluster configurations as well.( as an example*****)


To follow this guide, you’ll need:

Step 1 — Installing ProxySQL

The designers of ProxySQL offer formal Ubuntu packages for many ProxySQL releases on the GitHub releases web page, therefore we will install the newest package variation after that and do the installation.

You will get the newest package regarding launch list. The naming meeting is proxysql_version-distribution.deb, in which version is a string like 1.4.4 for variation 1.4.4, and distribution is a sequence like ubuntu16_amd64 for 64-bit Ubuntu 16.04.

Download the newest package that is official which will be 1.4.4 during the time of writing, in to the /tmp directory.

  • cd /tmp
  • curl -OL

Install the package with dpkg, which will be always handle .deb software applications. The -i banner suggests we’d prefer to install from specified file.

At this time, you don't need the .deb file, it.( so you can remove*****)

Next, we will require a client that is mySQL to connect to the ProxySQL instance. This is because ProxySQL internally uses a interface that is mySQL-compatible administrative tasks. We are going to utilize may be the mysql demand line device, which will be area of the mysql-client package obtainable in the Ubuntu repositories.

Update your package repository to ensure that you're obtaining the latest version that is pre-bundled then install the mysql-client package.

  • sudo apt-get enhance
  • sudo apt-get install mysql-client

You will have every one of the needs to perform ProxySQL, nevertheless the solution does not immediately begin after installation, therefore manually start it now.

  • sudo systemctl begin proxysql

ProxySQL should now be operating having its standard setup set up. You should check making use of systemctl.

  • systemctl status proxysql

The production can look such as this:


● proxysql.service - LSB: High End Advanced Proxy for MySQL Loaded: loaded (/etc/init.d/proxysql; bad; merchant preset: enabled) Active: active (operating) since Thu 2017-12-21 19:19:20 UTC; 5s ago Docs: guy:systemd-sysv-generator(8) Procedure: 12350 ExecStart=/etc/init.d/proxysql begin (code=exited, status=0/SUCCESS) Tasks: 23 Memory: 30.9M CPU: 86ms CGroup: /system.slice/proxysql.service ├─12355 proxysql/etc/proxysql.cnf that is-c -D /var/lib/proxysql └─12356 proxysql/etc/proxysql.cnf that is-c -D /var/lib/proxysql

The active (operating) line means ProxySQL is set up and operating.

Next, we will increase safety by establishing the password always access ProxySQL's administrative program.

Step 2 — establishing the ProxySQL Administrator Password

The very first time you begin a fresh ProxySQL installation, it utilizes a package-provided setup file to initialize standard values for many of its setup factors. Following this initialization, ProxySQL shops its setup in a database which you are able to handle and alter through the demand line.

To set the administrator password in ProxySQL, we will hook up to that setup database and upgrade the variables that are appropriate

First, access the management program. You will end up prompted for password which, on a default installation, is admin.

  • mysql -u admin -p -h -P 6032 --prompt='ProxySQLAdmin> '
  • -u specifies an individual we should link as, which listed here is admin, the standard individual for administrative tasks like changing setup settings.
  • -h informs mysql for connecting toward regional ProxySQL example. We must determine this clearly because ProxySQL does not pay attention regarding socket file that mysql assumes automagically.
  • -P specifies the slot for connecting to. ProxySQL's admin program listens on 6032.
  • --prompt is an optional banner that modifications the standard prompt, which will be generally mysql>. Right here, we are changing it to to ProxySQLAdmin> making it clear we're linked to the ProxySQL management program. This is useful to avoid confusion down the road once we'll additionally be linking toward MySQL interfaces regarding database that is replicated..

Once you link, you'll see the ProxySQLAdmin> prompt:

ProxySQL management system prompt

Welcome toward MySQL monitor. Commands end with ; or g. Your MySQL connection id is 2 Server variation: 5.5.30 (ProxySQL Admin Module) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All legal rights reserved. Oracle is a trademark that is registered of Corporation and/or its affiliates. Other names can be trademarks of these particular owners. Type 'help;' or 'h' for assistance. Type 'c' to clear the input statement that is current. ProxySQLAdmin>

Change the account that is administrative by upgrading (UPDATE) the admin-admin_credentials setup adjustable in global_variables database. Be sure you alter password in demand below to a good password of one's option.

  • UPDATE global_variables SET variable_value='admin:password' WHEREIN variable_name='admin-admin_credentials';


Query okay, 1 line impacted (0.00 sec)

This modification wont simply take effect that is immediate of just how ProxySQL's setup system works. It is made of three split levels:

  • memory, which will be changed whenever modifications that are making the command-line program.
  • runtime, which will be utilized by ProxySQL since the configuration that is effective
  • disk, which will be always make a setup persist across restarts.

Right now, the alteration you made is in memory. To place the alteration into impact, you must duplicate the memory settings toward runtime world, then save your self them to disk to ensure they are continue.


These ADMIN commands handle just factors pertaining to the command-line interface that is administrative. ProxySQL exposes commands that are similar like MYSQL, to deal with other people areas of its setup. We are going to utilize these later on within guide.

Now that ProxySQL is set up and operating with a admin that is new, let us arranged the 3 MySQL nodes to ensure ProxySQL can monitor them. Keep consitently the ProxySQL program available, however, because we will put it to use down the road.

Step 3 — Configuring Monitoring in MySQL

ProxySQL must talk to the MySQL nodes to evaluate their condition. To achieve that, this has to hook up to each host with a user that is dedicated

right here, we shall configure the user that is necessary the MySQL nodes and install extra SQL functions that enable ProxySQL to query the team replication state.

Because MySQL team replication has already been operating, the next actions should be done just on a solitary person in the team.

In a terminal that is second log into a host with one of many MySQL nodes.

  • ssh sammy@your_mysql_server_ip_1

Download the SQL file containing some functions that are necessary ProxySQL team replication help to function.

  • curl -OL

Note: This file is given by ProxySQL writers, in an way that is ad-hoc it's a gist in a personal GitHub repository, which means it's possible that it will move or become out of date. In the future, it may be added as a file that is versioned the state ProxySQL repository.

You can read more in regards to the context for and articles with this file in writer's post about indigenous ProxySQL help for MySQL team replication.

You can see the articles regarding the file making use of less addition_to_sys.sql.

before you go, perform the commands in file. You will end up prompted the MySQL password that is administrative.

  • mysql -u root -p < addition_to_sys.sql

If the demand operates effectively, it's going to create no production. All MySQL nodes will now expose the necessary functions for ProxySQL to recognize group replication status.( in that case*****)

Next, we need to produce a user that is dedicated will likely to be utilized by ProxySQL observe wellness regarding the circumstances.

Open the MySQL prompt that is interactive that will prompt you the root password once again.

Then produce the user that is dedicated which we called monitor right here. Be sure to replace the password to a good one.

  • CREATE CONSUMER 'monitor'@'per cent' IDENTIFIED with 'monitorpassword';

Grant an individual privileges to query the MySQL host's condition toward monitor individual.

  • GRANT CHOOSE on sys.* to 'monitor'@'per cent';

Finally, use the modifications.

Because of team replication, when you have completed including an individual for wellness monitoring to 1 MySQL node, it will likely be completely configured on all three nodes.

Next, we must upgrade ProxySQL because of the information for that individual therefore it can access the MySQL nodes.

Step 4 — Configuring Monitoring in ProxySQL

To configure ProxySQL to make use of the user that is new when monitoring nodes, we'll UPDATE the appropriate configuration variable. This is very similar to the real method we set the admin password from action 2.

Back in ProxySQL admin program, upgrade the mysql-monitor_username adjustable toward username regarding the account that is new

  • UPDATE global_variables SET variable_value='monitor' WHERE variable_name='mysql-monitor_username';

Just like prior to, the setup just isn't immediately used, therefore migrate it into runtime and save your self to disk. Now, realize that we are making use of MYSQL as opposed to ADMIN to upgrade these factors because we are changing MySQL setup factors.


The monitoring account is configured on all ends, together with step that is next to inform ProxySQL in regards to the nodes on their own.

Step 5 — Incorporating MySQL Nodes toward ProxySQL Server Pool

To make ProxySQL alert to our three MySQL nodes, we must inform ProxySQL just how to circulate them across its host teams, that are designated sets of nodes. Each host team is identified by a number that is positive like 1 or 2. Host teams can route various SQL questions to various sets of hosts when working with ProxySQL question routing.

In fixed replication designs, host teams are set arbitrarily. But ProxySQL's team replication help immediately divides all nodes in a replication team into four rational states:

  • writers, that are MySQL nodes that will accept questions that modification information. ProxySQL makes certain to steadfastly keep up all nodes that are primary toward optimum defined quantity within team.
  • backup journalists, that are additionally nodes that are mySQL can accept questions that modification information. But those nodes aren't designated as authors; main nodes surpassing the defined level of maintained authors are held within team, and tend to be promoted to authors if one of many authors fails.
  • readers are MySQL nodes that cannot accept questions data that are changing should be used as read-only nodes. ProxySQL puts slave that is only right here.
  • offline, which will be for nodes which can be misbehaving considering dilemmas like not enough connectivity or traffic that is slow

Each of those four states have actually matching host teams, nevertheless the group that is numerical aren't assigned immediately.

Putting all of it together, we must inform ProxySQL which identifiers it will utilize for every state. Right here, we utilize 1 the offline host team, 2 the writer host team, 3 the reader host team, and 4 the backup journalist host team.

To set these identifiers, create a row that is new those factors and values in mysql_group_replication_hostgroups setup dining table.

  • INSERT TOWARDS mysql_group_replication_hostgroups (writer_hostgroup, backup_writer_hostgroup, reader_hostgroup, offline_hostgroup, active, max_writers, writer_is_also_reader, max_transactions_behind) VALUES (2, 4, 3, 1, 1, 3, 1, 100);

These will be the variables that are additional within line and just what every one does:

  • active set to 1 allows ProxySQL's tabs on these host teams.
  • max_writers defines just how nodes that are many act as writers. We used 3 here because In a configuration that is multi-primary all nodes are addressed equal, therefore right here we utilized 3 (the full total amount of nodes).
  • writer_is_also_reader set to 1 instructs ProxySQL to deal with authors as visitors also.
  • max_transactions_behind sets the number that is maximum of deals before a node is categorized as offline.

Note: Because our instance utilizes a topology that is multi-primary which all nodes can write to the database, we will balance all SQL queries across the writer host group. The division between writer (primary) nodes and reader (secondary) nodes can route read-only queries to different nodes/host groups than write queries on other topologies. ProxySQL will not immediately do that, you could arranged question routing rules that are using

Now that ProxySQL understands just how to circulate nodes across host teams, we could include our MySQL servers toward pool. The IP address and initial host group of each server into the mysql_servers table, which contains the list of servers ProxySQL can interact with.( to do so, we need to INSERT(*****)

Add all the three MySQL servers, making certain to change the instance internet protocol address details in commands below.

  • INSERT TOWARDS mysql_servers(hostgroup_id, hostname, slot) VALUES (2, '', 3306);
  • INSERT TOWARDS mysql_servers(hostgroup_id, hostname, slot) VALUES (2, '', 3306);
  • INSERT TOWARDS mysql_servers(hostgroup_id, hostname, slot) VALUES (2, '', 3306);

right here, the 2 value sets many of these nodes become authors at first, and 3306 sets the standard MySQL slot.

Just like prior to, migrate these modifications into runtime and save your self them to disk to place the modifications into impact.


ProxySQL should now circulate our nodes over the host teams as specified. Let us be sure by performing a SELECT question up against the runtim330e_mysql_servers dining table, which reveals the state that is current of servers ProxySQL is making use of.

  • SELECT hostgroup_id, hostname, status FROM runtime_mysql_servers;


+--------------+-------------+--------+ | hostgroup_id | hostname | status | +--------------+-------------+--------+ | 2 | | ONLINE | | 2 | | ONLINE | | 2 | | ONLINE | | 3 | | ONLINE | | 3 | | ONLINE | | 3 | | ONLINE | +--------------+-------------+--------+ 6 rows in set (0.01 sec)

In the outcomes dining table, each host is detailed two times: as soon as each for host team IDs 2 and 3, showing that three nodes are both authors and visitors. All nodes are marked ONLINE, meaning they are willing to be utilized.

However, them, we have to configure user credentials to access the MySQL databases on each node.( before we can use*****)

Step 6 — producing the MySQL customers

ProxySQL will act as lots balancer; customers hook up to ProxySQL, and ProxySQL passes the bond toward plumped for MySQL node subsequently. To get in touch to an node that is individual ProxySQL reuses the qualifications it absolutely was accessed with.

To enable use of the databases situated on the replication nodes, we must produce a person account because of the credentials that are same ProxySQL, and grant that individual the mandatory privileges.

Like in step three, the next actions should be done just on a solitary person in the team. You are able to select anybody user.

Create a user that is new playgrounduser identified because of the password playgroundpassword.

  • CREATE CONSUMER 'playgrounduser'@'per cent' IDENTIFIED with 'playgroundpassword';

Give it privileges to totally access the playground test database from initial team replication guide.

  • GRANT each PRIVILEGES on play ground.* to 'playgrounduser'@'per cent';

Then use the modifications and leave the prompt.

You can confirm your individual is correctly produced by attempting to the database because of the newly configured qualifications on the node.

Re-open the MySQL program because of the user that is new that will prompt you the password.

  • mysql -u playgrounduser -p

when you are logged in, perform a test question regarding playground database.

  • SHOW TABLES FROM playground;


+----------------------+ | Tables_in_playground | +----------------------+ | gear | +----------------------+ 1 line in set (0.00 sec)

The noticeable a number of tables in database showing the equipment dining table developed in replication that is original verifies your individual is developed properly regarding nodes.

You can disconnect from MySQL program now, but keep consitently the terminal because of the link with the host available. We are going to put it to use to perform tests in last step.

Now we must produce the user that is corresponding the ProxySQL host.

Step 7 — Creating the ProxySQL consumer

The last setup action would be to enable connections to ProxySQL because of the playgrounduser individual, and pass those connections until the nodes.

To do this, we must set setup factors in mysql_users dining table, which holds individual information that is credential. In ProxySQL program, include the username, password, and standard host team toward setup database (which will be 2, the writer host team)

  • INSERT TOWARDS mysql_users(username, password, default_hostgroup) VALUES ('playgrounduser', 'playgroundpassword', 2);

Migrate the setup into runtime and save your self to disk to place the configuration that is new impact.


To verify we can hook up to the database nodes making use of these qualifications, start another terminal screen and SSH toward ProxySQL host. We are going to nevertheless require the management prompt later on, therefore never shut it simply yet.

  • ssh sammy@your_proxysql_server_ip

ProxySQL listens on slot 6033 for incoming customer connections, so take to linking toward database that is realmaybe not the management program) making use of playgrounduser and slot 6033. You will end up prompted the password, that was playgroundpassword inside our instance.

  • mysql -u playgrounduser -p -h -P 6033 --prompt='ProxySQLClient> '

right here, we set the prompt to ProxySQLClient> from the administrative interface prompt so we can distinguish it. We'll use both in when test the configuration that is final

The prompt should start, and thus the qualifications happen accepted by ProxySQL it self.

ProxySQL customer prompt

  • Welcome toward MySQL monitor. Commands end with ; or g.
  • Your MySQL connection id is 31
  • Server variation: 5.5.30 (ProxySQL)
  • Copyright (c) 2000, 2017, Oracle and/or its affiliates. All legal rights reserved.
  • Oracle is a trademark that is registered of Corporation and/or its
  • affiliates. Other names can be trademarks of these particular
  • owners.
  • Type 'help;' or 'h' for assistance. Type 'c' to clear the input statement that is current.
  • ProxySQLClient>

Let's execute a statement that is simple verify if ProxySQL will connect to one of the nodes. This command queries the database for the hostname of the server it's running on and returns the server hostname as the output that is only

According to your setup, this question ought to be directed by ProxySQL to 1 of our three nodes assigned toward writer host team. The production should appear to be the next, in which member1 may be the hostname of just one regarding the MySQL nodes.


+------------+ | @@hostname | +------------+ | member1 | +------------+ 1 line in set (0.00 sec)

This completes the setup ProxySQL that is allowing to stability connections among the list of three MySQL nodes.

In the step that is final we will confirm that ProxySQL can perform look over and compose statements regarding database which it handles questions even though some nodes decrease.

Step 8 — confirming the ProxySQL Configuration

We understand that connectivity between ProxySQL together with MySQL nodes is working, and so the tests that are final to make sure that the database permissions enable both read and compose statements from ProxySQL, also to be sure that these statements it's still performed whenever a few of the nodes in team fail.

Execute a SELECT declaration in ProxySQL customer prompt to confirm we can see the information from playground database.

  • SELECT * FROM play;

The production ought to be like the following, containing the 3 things developed in team replication guide. This means we effectively read information from MySQL database via ProxySQL.


+----+--------+-------+--------+ | id | type | quant that is | +----+--------+-------+--------+ | 3 | slide | 2 | | 10 | move | 10 | yellowish | | 17 | seesaw | 3 | that is green +----+--------+-------+--------+ 3 rows in set (0.00 sec)

Next, take to composing by placing some data that are new the dining table representing 5 red drills.

  • INSERT TOWARDS play (type, quant, color) VALUES ("drill", 5, "red");

Then re-execute the prior SELECT demand to confirm your information is placed.

  • SELECT * FROM play;

The brand new drill line in production means we effectively penned information toward MySQL database via ProxySQL.


+----+--------+-------+--------+ | id | type | quant that is | +----+--------+-------+--------+ | 3 | slide | 2 | | 10 | move | 10 | yellowish | | 17 | seesaw | 3 | that is green | 24 | drill | 5 | red | +----+--------+-------+--------+ 4 rows in set (0.00 sec)

We understand ProxySQL can completely utilize the database now, but what are the results if a host fails?

From the demand distinct one of many MySQL servers, stop the process that is mySQL simulate failing.

After the database stops, take to querying information from equipment dining table once again from ProxySQL customer prompt.

  • SELECT * FROM play;

The production must not alter; you need to nevertheless understand gear list as prior to. This means ProxySQL has realized that one of many nodes switched and failed to another someone to perform the declaration.

We can be sure by querying the runtime_mysql_servers dining table from ProxySQL management prompt, like in action 5.

  • SELECT hostgroup_id, hostname, status FROM runtime_mysql_servers;

The production can look such as this:


+--------------+-------------+---------+ | hostgroup_id | hostname | status | +--------------+-------------+---------+ | 1 | | SHUNNED | | 2 | | ONLINE | | 2 | | ONLINE | | 3 | | ONLINE | | 3 | | ONLINE | +--------------+-------------+---------+ 6 rows in set (0.01 sec)

The node we stopped has become shunned, which means that it is temporarily considered inaccessible, therefore all traffic will likely to be distributed over the two staying nodes that are online

ProxySQL will constantly monitor hawaii with this node, and either take it back again to online if it surpasses the timeout threshold we set in Step 4.( if it behaves normally, or mark it offline*****)

Let's try out this monitoring. Change back again to the MySQL host and back bring the node up.

Wait an instant, then question the runtime_mysql_servers dining table from ProxySQL management prompt once again.

  • SELECT hostgroup_id, hostname, status FROM runtime_mysql_servers;

ProxySQL will begin to spot the node can be acquired once again and mark it as on line:


+--------------+-------------+--------+ | hostgroup_id | hostname | status | +--------------+-------------+--------+ | 2 | | ONLINE | | 2 | | ONLINE | | 2 | | ONLINE | | 3 | | ONLINE | | 3 | | ONLINE | | 3 | | ONLINE | +--------------+-------------+--------+ 6 rows in set (0.01 sec)

You can continue this test with another node (or two of these) to note that if a minumum of one node will likely to be up, it will be possible to easily make use of your database both for read-only and access that is read-write

In this guide, you configured ProxySQL to load stability SQL questions across numerous write-enabled MySQL nodes in a group replication topology that is multi-primary. This setup increases performance for hefty database usage by dispersing the strain across numerous servers. Additionally offer failover ability whenever one of many database servers goes offline.

However, we just covered one node topology for example right here. ProxySQL provides query that is robust, routing, and performance analysis for many other MySQL topologies as well. You can read more about ProxySQL's features and how to solve database that is different issues with them regarding formal ProxySQL weblog and ProxySQL wiki.

Finding a distinct segment and money that is making the WordPress Ecosystem

Previous article

Amazon splurges on Ring, hopes doorbells that are smart in-home deliveries

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in MySQL