Config
Environment variables
Config files
/etc/my.cnf
/etc/my.cnf.d/*Root password
-
Default
rootpassword is empty -
Setting
rootpassword immediately after installationmysqladmin -u root password $new_password
Admin
Create a new user
CREATE USER 'username'@'host_ip_addr' IDENTIFIED BY 'password';Grant privileges to a user
GRANT ALL PRIVILEGES ON *.* TO 'username'@'host_ip_addr' WITH GRANT OPTION;List all users
SELECT user, host FROM mysql.user;Delete a user
DROP USER 'username'@'host_ip_addr';Logging
-
Server log
/var/log/mysql/mysqld.log -
Binary log
/var/lib/mysql/mysql-bin.*
Cheatsheet - CLI - mysql
Client host connection (not using socket)
mysql -u $mysql_username -p'$mysql_password' -h $host -P $port
# Any command will need to be authenticated.- There's no space after
-p - Using localhost will use socket instead of TCP
Run a SQL script
Use -v -v -v to show the execution details
# No specified database
mysql -v -v -v < $sql_script
# Specified database
mysql -v -v -v $database < $sql_scriptGet server version
mysql -e "select @@version, @@version_comment"Cheatsheet - CLI - mysqladmin
Help page
mysqladmin Ver 8.0.41 for Linux on x86_64 (Source distribution)
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Administration program for the mysqld daemon.
Usage: mysqladmin [OPTIONS] command command....
--bind-address=name IP address to bind to.
-c, --count=# Number of iterations to make. This works with -i
(--sleep) only.
-#, --debug[=#] This is a non-debug version. Catch this and exit.
--debug-check This is a non-debug version. Catch this and exit.
--debug-info This is a non-debug version. Catch this and exit.
-f, --force Don't ask for confirmation on drop database; with
multiple commands, continue even if an error occurs.
-C, --compress Use compression in server/client protocol.
--character-sets-dir=name
Directory for character set files.
--default-character-set=name
Set the default character set.
-?, --help Display this help and exit.
-h, --host=name Connect to host.
-b, --no-beep Turn off beep on error.
-p, --password[=name]
Password to use when connecting to server. If password is
not given it's asked from the tty.
-,, --password1[=name]
Password for first factor authentication plugin.
-,, --password2[=name]
Password for second factor authentication plugin.
-,, --password3[=name]
Password for third factor authentication plugin.
-P, --port=# Port number to use for connection or 0 for default to, in
order of preference, my.cnf, $MYSQL_TCP_PORT,
/etc/services, built-in default (3306).
--protocol=name The protocol to use for connection (tcp, socket, pipe,
memory).
-r, --relative Show difference between current and previous values when
used with -i. Currently only works with extended-status.
-s, --silent Silently exit if one can't connect to server.
-S, --socket=name The socket file to use for connection.
-i, --sleep=# Execute commands repeatedly with a sleep between.
--ssl-mode=name SSL connection mode.
--ssl-ca=name CA file in PEM format.
--ssl-capath=name CA directory.
--ssl-cert=name X509 cert in PEM format.
--ssl-cipher=name SSL cipher to use.
--ssl-key=name X509 key in PEM format.
--ssl-crl=name Certificate revocation list.
--ssl-crlpath=name Certificate revocation list path.
--tls-version=name TLS version to use, permitted values are: TLSv1.2,
TLSv1.3
--ssl-fips-mode=name
SSL FIPS mode (applies only for OpenSSL); permitted
values are: OFF, ON, STRICT
--tls-ciphersuites=name
TLS v1.3 cipher to use.
--ssl-session-data=name
Session data file to use to enable ssl session reuse
--ssl-session-data-continue-on-failed-reuse
If set to ON, this option will allow connection to
succeed even if session data cannot be reused.
--server-public-key-path=name
File path to the server public RSA key in PEM format.
--get-server-public-key
Get server public key
-u, --user=name User for login if not current user.
-v, --verbose Write more information.
-V, --version Output version information and exit.
-E, --vertical Print output vertically. Is similar to --relative, but
prints output vertically.
-w, --wait[=#] Wait and retry if connection is down.
--connect-timeout=#
--shutdown-timeout=#
--plugin-dir=name Directory for client-side plugins.
--default-auth=name Default authentication client-side plugin to use.
--enable-cleartext-plugin
Enable/disable the clear text authentication plugin.
--show-warnings Show warnings after execution
--compression-algorithms=name
Use compression algorithm in server/client protocol.
Valid values are any combination of
'zstd','zlib','uncompressed'.
--zstd-compression-level=#
Use this compression level in the client/server protocol,
in case --compression-algorithms=zstd. Valid range is
between 1 and 22, inclusive. Default is 3.
Variables (--variable-name=value)
and boolean options {FALSE|TRUE} Value (after reading options)
----------------------------------------- --------------------------------
bind-address (No default value)
count 0
force FALSE
compress FALSE
character-sets-dir (No default value)
default-character-set auto
host (No default value)
no-beep FALSE
port 0
relative FALSE
socket (No default value)
sleep 0
ssl-ca (No default value)
ssl-capath (No default value)
ssl-cert (No default value)
ssl-cipher (No default value)
ssl-key (No default value)
ssl-crl (No default value)
ssl-crlpath (No default value)
tls-version (No default value)
tls-ciphersuites (No default value)
ssl-session-data (No default value)
ssl-session-data-continue-on-failed-reuse FALSE
server-public-key-path (No default value)
get-server-public-key FALSE
user (No default value)
verbose FALSE
vertical FALSE
connect-timeout 43200
shutdown-timeout 3600
plugin-dir (No default value)
default-auth (No default value)
enable-cleartext-plugin FALSE
show-warnings FALSE
compression-algorithms (No default value)
zstd-compression-level 3
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf
The following groups are read: mysqladmin client
The following options may be given as the first argument:
--print-defaults Print the program argument list and exit.
--no-defaults Don't read default options from any option file,
except for login file.
--defaults-file=# Only read default options from the given file #.
--defaults-extra-file=# Read this file after the global files are read.
--defaults-group-suffix=#
Also read groups with concat(group, suffix)
--login-path=# Read this path from the login file.
Where command is a one or more of: (Commands may be shortened)
create databasename Create a new database
debug Instruct server to write debug information to log
drop databasename Delete a database and all its tables
extended-status Gives an extended status message from the server
flush-hosts Flush all cached hosts
flush-logs Flush all logs
flush-status Clear status variables
flush-tables Flush all tables
flush-threads Flush the thread cache
flush-privileges Reload grant tables (same as reload)
kill id,id,... Kill mysql threads
password [new-password] Change old password to new-password in current format
ping Check if mysqld is alive
processlist Show list of active threads in server
reload Reload grant tables
refresh Flush all tables and close and open logfiles
shutdown Take server down
status Gives a short status message from the server
start-replica Start replication
start-slave Deprecated: use start-replica instead
stop-replica Stop replication
stop-slave Deprecated: use stop-replica instead
variables Prints variables available
version Get version info from serverCheck server health
$ mysqladmin ping -h${MYSQL_HOST} -u root -p${MYSQL_ROOT_PASSWORD}
> mysqld is aliveBackup
-
Considerations
- Must be incremental, only back up the difference to reduce storage usage.
- Cannot affect master performance.
- Initially must be synchronous as part of the transaction to guarantee data consistency as there is scarce traffic.
- Only happens when a change is made, therefore relying on binlog CDC.
- RTO and RPO need to be measured after implementation for risk control.
-
Resources
-
Tooling
-
Backup and Recovery Types
-
Physical backup
- Physical backups consist of raw copies of the directories and files that store database contents. This type of backup is suitable for large, important databases that need to be recovered quickly when problems occur.
-
Logical backup (
mysqldump)- Logical backups save information represented as logical database structure (CREATE DATABASE, CREATE TABLE statements) and content (INSERT statements or delimited-text files). This type of backup is suitable for smaller amounts of data where you might edit the data values or table structure, or recreate the data on a different machine architecture.
-
Cheatsheet - CLI - mysqlsh
-
Key points
- Use
zstdby default for compression - Better performance than old CLI utilities like
mysqldumpandmysqlpump
- Use
-
References
-
Resources
Connect to a server
mysqlsh -h $host -u $user -p'$password'Get server info and status
mysqlsh -h $host -u $user -p'$password' -e 'shell.status()'Cheatsheet - CLI - mysqldump
Make a full backup
dump() {
local username=root
local password=somewordpress
local host=127.0.0.1
local db_name=wordpress
local result_file=$db_name-$(date -u +"%Y%m%dT%H%M%SZ").sql
mysqldump -u $username \
-p'$password' \
-h $host \
-v -v -v \
--flush-logs \
--source-data=2 \
--single-transaction \
--dump-date \
--result-file $result_file \
$db_name
zstd -c $result_file > $result_file.zst
rm $result_file
}Prevent \n characters from being converted to \r\n on Windows
- Use
--result-file=file_name, -r file_nameinstead of redirecting output to a file
Dump a single database with no locks
- For
InnoDBtables, it is possible to perform an online backup that takes no locks on tables using the--single-transaction
Dump a single database and start a new binary log file
- Use
--flush-logsto flush the server's binary log files before dumping the data, causing the next binary log file to be used after the flush is complete.
Cheatsheet - CLI - mysqlbinlog
- MySQL :: MySQL 8.0 Reference Manual :: 4.6.9 mysqlbinlog — Utility for Processing Binary Log Files (opens in a new tab)
- MySQL :: MySQL 8.0 Reference Manual :: 7.5.1 Point-in-Time Recovery Using Binary Log (opens in a new tab)
Making Incremental Backups by Enabling the Binary Log
- To allow a server to be restored to a point-in-time, binary logging must be enabled on it, which is the default setting for MySQL 8.0
Display the contents of binary log files in SQL format
mysqlbinlog -u $user -p'$password' -h $host $binlog_file1, $binlog_file2 ...Convert binary log files to SQL files
mysqlbinlog -u $user -p'$password' -h $host -r $sql_file $binlog_file1, $binlog_file2 ...Flush binary logs and start a new binary log file
- While the server is running, you can also tell it to close the current binary log file and begin a new one manually by issuing a
FLUSH LOGSSQL statement or with amysqladmin flush-logscommand.