Add MariaDB documentation to Pukki

docs/cloud/dbaas/advanced.md

@@ -14,11 +14,11 @@ engine. The configuration groups can be modified from the web-GUI as well as the
 ### Example how to create a configuration group with the CLI
 
 1. Figure out which datastore, datastore-version and what values you want to create a configuration
-group for. In this example we will use datastore `postgresql` and datastore-version `14.4`.
+group for. In this example we will use datastore `postgresql` and datastore-version `17.0`.
 2. Figure out which parameters can be modified:
 
     ```bash
-    openstack database configuration parameter list --datastore postgresql 14.4
+    openstack database configuration parameter list --datastore postgresql 17.0
     ```
 
     Note that some parameters require restarting the database instance.
@@ -28,7 +28,7 @@ group for. In this example we will use datastore `postgresql` and datastore-vers
 
     ```
     openstack database configuration create group-name --datastore postgresql \
-        --datastore-version 14.4 '{"max_connections": 234 }'
+        --datastore-version 17.0 '{"max_connections": 234 }'
     ```
 
 4. You can see the configuration group with:

docs/cloud/dbaas/backups.md

@@ -6,6 +6,7 @@ after the last backup. All backups are stored for 90 days after which they get a
 deleted, backups can not be manually deleted by the user.
 
 The backups are stored encrypted in Allas.
+<!-- TODO I would like our documentation to mention how the backup works in the background e.g. -->
 
 The web interface is currently only showing the latest 20 backups. If you want to see all your
 backups you need to use the CLI-tool.

docs/cloud/dbaas/cli.md

@@ -50,7 +50,7 @@ Remember that you can use the help command as `openstack help database` and the
 		openstack datastore list
 		```
 
-	* `datastore version`. This depends on the datastore you have chosen and you should usually choose the latest. If you use PostgreSQL you can probably use `14.5`. You can find out the available datastore versions with:
+	* `datastore version`. This optional flag depends on the datastore you have chosen. You can safely omit it if you're fine with the default datastore version, which should always be the latest one available. You can find out the available datastore versions with:
 
 		```sh
 		openstack datastore version list postgresql
@@ -68,7 +68,7 @@ Remember that you can use the help command as `openstack help database` and the
 	--databases my_first_database \
 	--users databaseuser:myPassword568 \
 	--datastore postgresql \
-	--datastore-version 14.5 \
+	--datastore-version 17.0 \
 	--is-public \
 	--size 1 \
 	--allowed-cidr ${MY_IP}/32

docs/cloud/dbaas/databases.md

@@ -1,6 +1,7 @@
 # Databases
 
-Currently Pukki only supports PostgreSQL. If you think that Pukki should support some specific
+Currently Pukki supports PostgreSQL and MariaDB. If you think that Pukki should support some specific
 database type please [contact us](../../support/contact.md) with your suggestions.
 
 * [PostgreSQL](postgresql.md)
+* [MariaDB](mariadb.md)

docs/cloud/dbaas/mariadb-accessing.md

@@ -0,0 +1,184 @@
+# Accessing your MariaDB instance
+!!! warning "MariaDB in Pukki is still in beta"
+    This means that it hasn't been tested as extensively as PostgreSQL, and there might still be
+    large changes to how Pukki manages MariaDB database instances. We hope to move out of beta in
+    March 2025.
+
+## Graphical user interface
+You can find a non-comprehensive list of different graphical interfaces for using MariaDB on
+[MariaDB's homepage](https://mariadb.com/kb/en/graphical-and-enhanced-clients/).
+
+
+## Command-line client mariadb and mysql
+[MariaDB's documentation client](https://mariadb.com/kb/en/mariadb-command-line-client/)
+
+The recommended CLI client to use is `mariadb`. The `mysql` client does still work, but is
+usually a symbolic link to `mariadb`.
+
+Example commands for accessing your database:
+
+```
+mariadb --ssl --password --host ${PUBLIC_IP} --user ${DATABASE_USER} ${DATABASE_NAME}
+```
+
+or
+
+```
+mysql --ssl --password --host ${PUBLIC_IP} --user ${DATABASE_USER} ${DATABASE_NAME}
+```
+
+  * `--ssl` means the MariaDB client connects using SSL. This is necessary as
+Pukki database instances enforce encrypted connections.
+  * `--password` means the client prompts for a password. You can specify one
+on the command line (like `--password=password`), but that is considered insecure.
+  * `--host` specifies the host address to connect to. In Pukki this is almost
+always your database instance's public IP address.
+  * `--user` specifies which user to connect to the database as.
+  * `${DATABASE_NAME}` specifies which database on the server to connect to.
+
+
+### Using command line with .my.cnf
+
+If you are frequently connecting to the same database, it might be worthwhile to set up a
+`.my.cnf` configuration file in your home directory to store the necessary flags and options.
+
+1. Create an empty `.my.cnf` file in your home directory, and restrict its access permissions:
+
+```
+touch ~/.my.cnf; chmod 600 ~/.my.cnf
+```
+
+2. Edit the configuration file with your favorite editor and add the following options:
+```
+[client]
+user = your_username
+password = your_password
+host = your_host
+database = your_database
+ssl
+```
+
+As storing the password in a plaintext file isn't recommended, you can leave it empty to
+always prompt for the password when connecting:
+
+```
+[client]
+user = your_user
+host = your_database_public_ip
+database = your_database
+ssl
+password
+```
+
+
+### Common issues with CLI connections
+
+```
+ERROR 2002 (HY000): Can't connect to MySQL server on '${PUBLIC_IP}' (115)
+```
+
+If a password prompt appears, but the client is afterwards stuck connecting for a long time, you should
+double-check that the `host` argument is correct, and that the firewall allows connections from your client's
+address.
+
+```
+ERROR 3159 (08004): Connections using insecure transport are prohibited while --require_secure_transport=ON.
+```
+
+You tried to connect to the database without `--ssl`.
+
+```
+ERROR 1045 (28000): Access denied for user 'username'@'yourhostname' (using password: YES)
+```
+
+Either your password or your username is wrong.
+
+```
+ERROR 1044 (42000): Access denied for user 'username'@'%' to database 'databasename'
+```
+
+Either the database specified does not exist, or the username specified has no access to it.
+
+
+### Accessing your Pukki MariaDB database from Puhti
+
+1. Ensure your database instance allows [network traffic from Puhti.](firewalls.md#puhti)
+2. `ssh` onto Puhti and load the `mariadb` module
+```
+module load mariadb
+```
+3. Now you can connect to the database with the mariadb-client
+
+<!-- ### Basic Puhti batch job example using mysql
+// I'm too lacy to verify the same example as in postgres-accessing.md
+
+1. This requires that you have configured `~/.my.cnf` correctly in the previous section.
+2. Create a file named `my-first-mariadb-batch-job.bash`:
+   ```bash title="my-first-mariadb-batch-job.bash"
+   #!/bin/bash -l
+   #SBATCH --job-name=mariadb_job
+   #SBATCH --output=output_%j.txt
+   #SBATCH --error=errors_%j.txt
+   #SBATCH --time=00:01:00
+   #SBATCH --account=$PROJECT_NUMBER
+   #SBATCH --ntasks=1
+   #SBATCH --partition=test
+   #SBATCH --mem-per-cpu=1024
+
+   module load mariadb
+   mariadb -c 'SELECT 1' >> mariadb-results.txt
+   ```
+   Make sure that you have updated the following variables:
+      * `$PROJECT_NUMBER` – your CSC project ID (e.g. project_2001234)
+      * `$DB_USER_NAME` – your database username (same as in `~/.my.cnf`)
+      * `$DB_IP_ADDRESS` – the public IP-address of your database
+      * `$DATABASE_NAME` – name of your database
+3. Once you are happy with the batch script, you can submit the job by running:
+   ```
+   sbatch my-first-mariadb-batch-job.bash
+   ```
+-->
+
+##  Some useful SQL commands
+
+List databases
+```sql
+SHOW DATABASES;
+```
+
+List tables
+```sql
+SHOW TABLES;
+```
+
+Show table descriptions
+```sql
+DESCRIBE $table_name;
+```
+
+Change database
+```sql
+USE DATABASE $database_name;
+```
+
+Example query
+```sql
+SELECT * FROM $table_name LIMIT 1;
+```
+
+Show all database settings
+```sql
+SHOW VARIABLES;
+```
+
+or if you want to show a subset you can use `LIKE`
+```sql
+SHOW VARIABLES LIKE 'innodb%';
+```
+Note that `%` here indicates a wildcard - this lists all variables that begin with `innodb`.
+
+<!--- Extended display --->
+Import database dump
+```
+cat your_database_dump.sql | mariadb
+```

docs/cloud/dbaas/mariadb-permissions.md

@@ -0,0 +1,64 @@
+# MariaDB permissions and privileges
+!!! warning "MariaDB in Pukki is still in beta"
+    This means that it hasn't been tested as extensively as PostgreSQL, and there might still be
+    large changes to how Pukki manages MariaDB database instances. We hope to move out of beta in
+    March 2025.
+
+
+## About privileges
+
+When creating a user through the web interface or via openstack cli, you can define which databases
+it has access to. By default, a freshly created user doesn't have access to any databases.
+
+When creating a new user:
+```sql
+openstack database user create $INSTANCE_ID my_user my_password --databases my_database
+```
+
+When updating an existing user:
+```sql
+openstack database user grant access $INSTANCE_ID my_user my_database
+```
+You can either specify a single database or a list of databases to these commands. The commands
+also accept the database instance's name in place of the ID.
+
+Giving a user access to a database via openstack cli or the web interface means it gets
+`ALL PRIVILEGES` to that database.
+
+If you want more control over a user's privileges, you have to enable root access (through
+the web interface, or with `openstack database enable root` with the CLI client) and manually
+modify user privileges.
+
+
+## Example of giving a user read-only access to a database
+
+1. Enable the root user:
+```sh
+openstack database root enable $DATABASE_ID
+```
+
+2. Access the database using the root user and password.
+
+3. Grant `SELECT` privileges on a database to a user:
+```sql
+GRANT SELECT ON database_name.* TO 'reader'@'%';
+FLUSH PRIVILEGES;
+```
+
+You can view the grant with:
+```
+SHOW GRANTS FOR 'reader'@'%';
++-------------------------------------------------------------------------------------------------------+
+| Grants for reader@%                                                                                   |
++-------------------------------------------------------------------------------------------------------+
+| GRANT USAGE ON *.* TO `reader`@`%` IDENTIFIED BY PASSWORD 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' |
+| GRANT SELECT ON `database_name`.* TO `reader`@`%`                                                     |
++-------------------------------------------------------------------------------------------------------+
+```
+
+You can also grant table-specific access:
+```sql
+GRANT SELECT ON database_name.table_name TO 'reader'@'%';
+```
+
+Be aware that the openstack cli tool or the the web interface will not display grants given through root access. For more information on MariaDB's grants, refer to [the official MariaDB documentation](https://mariadb.com/kb/en/grant/).

docs/cloud/dbaas/mariadb.md

@@ -0,0 +1,22 @@
+# MariaDB
+!!! warning "MariaDB in Pukki is still in beta"
+    This means that it hasn't been tested as extensively as PostgreSQL, and there might still be
+    large changes to how Pukki manages MariaDB database instances. We hope to move out of beta in
+    March 2025.
+
+
+
+* [How to access your MariaDB database](mariadb-accessing.md)
+* [How to create database users and modify user permissions](mariadb-permissions.md)
+
+# Database engine and backups
+
+MariaDB database instances on Pukki use InnoDB by default, as most testing has been done using it.
+Changing to other engines such as Aria might cause issues with backups, so one should carefully
+consider how necessary it is before switching from InnoDB.
+More information on database engines can be found in the
+[official MariaDB documentation](https://mariadb.com/kb/en/storage-engines/).
+
+## Useful links when using MariaDB
+  * [MariaDB client](https://mariadb.com/kb/en/mariadb-client/)
+  * [MariaDB SQL statement structure](https://mariadb.com/kb/en/sql-statements-structure/)

docs/cloud/dbaas/web-interface.md

@@ -10,7 +10,8 @@ Now you can define what settings you want for your database:
 1. `Instance name` - What ever you want to name the instance.
 2. `Volume size` - How much disk space you will need for your database. If you just want to test the DBaaS then 1 GiB is probably enough. To increase the disk size later, downtime is required for the database. If you already know how much data you will use then it is easy to estimate how large volume you need.
 3. `Volume type` - This can be left empty.
-4. `Datastore` - What type of database you want. It is recommend to use the latest version of your preferred database, if you don't have a specific reason for using an older version. PostgreSQL is the only available database at the moment.
+4. `Datastore` - What type of database you want. It is recommend to use the latest version of your preferred database, if you don't have a specific reason for using an older version. 
+Currently Pukki supports [PostgreSQL](postgresql.md) and [MariaDB](mariadb.md).
 5. `Flavor` - How large database instances you want. For small use cases the `standard.small` is probably enough. If you later find out that it is not large enough you can always change it later. Changing flavor will require downtime.
 6. `Locality` - Is not needed. In the future DBaaS will support clustered databases and at that point anti-affinity should be the preferred option in most cases.
 
@@ -33,6 +34,7 @@ On the fourth page `Advanced`:
 15.  Now you can go to the database specific documentation to find out further instructions on how to use the database:
 
 	* [PostgreSQL](postgresql.md)
+	* [MariaDB](mariadb.md)
 
 ## Modify user accounts in the database instance
 

docs/support/wn/cloud-new.md

@@ -1,5 +1,11 @@
 # Cloud services
 
+## Pukki now supports MariaDB, 7.1.2025
+Pukki now supports MariaDB as well as PostgreSQL. The MariaDB version we are support in Pukki is
+MariaDB 11.4. More information can be found in the
+[Pukki MariaDB documentation](../../cloud/dbaas/mariadb.md)
+
+
 ## Pukki now supports PostgreSQL 17, 9.10.2024
 The default database in Pukki is now PostgreSQL 17 instead of the previous PostgreSQL 14. You can
 still use PostgreSQL 14 but we recommend that if you are creating a new database you start using

mkdocs.yml

@@ -338,6 +338,11 @@ nav:
                   - PostgreSQL version differences: cloud/dbaas/postgres-versions.md
                   - Extensions and parameters: cloud/dbaas/postgres-extensions.md
                   - Permissions: cloud/dbaas/postgres-permissions.md
+              - MariaDB:
+                  - cloud/dbaas/mariadb.md
+                  - Accessing your database: cloud/dbaas/mariadb-accessing.md
+                  - Permissions: cloud/dbaas/mariadb-permissions.md
+
           - More advanced features: cloud/dbaas/advanced.md
           - Resizing database instance volume: cloud/dbaas/resize-volume.md
       - Rahti 2: