twjug august, mysql jdbc driver "connector/j"
TRANSCRIPT
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 1
MySQL with Java Ryusuke Kajiyama MySQL Sales Consulting Senior Manager, Asia Pacific & Japan
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2
“Connector/J” JDBC Driver of MySQL
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 3
Connector/J
§ Supports Java 5/6/7/8 § Supports MySQL 5.0/5.1/5.5/5.6/5.7 § Stable & mature 5.1 branch
– Maintenance updates released approximately quarterly § Supports MySQL Fabric
– Supports high-availability configurations – Load-balancing, failover, (multi-)master/slave replication
§ JMX-administration § Extensible § Much more!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 4
Installation § One platform-independent download § The latest GA release
– http://www.mysql.com/downloads/connector/j/ § Deflate and extract the tar.gz or zip file § Add the library’s JAR file to your CLASSPATH
environment variable – For example
export set CLASSPATH=/opt/java/mysql-connector-java-5.1.36-bin.jar:$CLASSPATH
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 14
Quick Load Balancer/Failover History Lesson
§ jdbc:mysql://primary,failover - since 3.0.2 (2002!) – From 5.1.13, this is a special case of jdbc:mysql://loadbalance under the
hood
§ jdbc:mysql:replication:// - since 3.1.11 (2005) – since 5.1.11, the slaves are a jdbc:mysql:loadbalance:// under the hood
§ jdbc:mysql:loadbalance:// - since 5.0.5 (2007)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15
Load-balancing/Failover Use Cases
§ Directly (jdbc:mysql:loadbalance:// URL prefix): – Clustered (NDB) or Multi-Master Replication deployment where both
read and write operations are distributed across all hosts.
§ Indirectly: – Replication deployments where read-only load can be distributed to
slaves (jdbc:mysql:replication://) – Deployments requiring strong server affinity for specific server, failing
over only when primary host is unavailable (jdbc:mysql://primary,failover-1,failover-2...)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 16
Fault Tolerance - Load Balancing/Failover
§ Load-balancing, failover is manageable – loadBalanceConnectionGroup=“name” – JMX – loadBalanceEnableJMX=true – In-VM via com.mysql.jdbc.ConnectionGroupManager – Add/remove hosts (gracefully or forcefully) – Get active hosts – Get inactive hosts – Get transaction counts
§ For more details: http://dev.mysql.com/doc/connector-j/en/connector-j-multi-host-connections.html
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 17
Controlling load-balance fail-over
§ Standard component – Communication exceptions – SQLState starting with “08” – User-defined SQLState list match – User-defined Class list match
§ Custom component – Implement LoadBalanceExceptionChecker interface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 18
StandardLoadBalanceExceptionChecker properties
§ LoadBalanceSQLStateFailover – Comma-delimited list of SQLState values – Will match with trailing wildcard
§ “08” will match “08000” and “08S01” § loadBalanceSQLExceptionSubclassFailover
– Comma-delimited list of fully-qualified class/interface names – Comparison using Class.isInstance(Exception)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 19
Custom Exception Checker § Must implement LoadBalanceExceptionChecker
– shouldExceptionTriggerFailover(SQLException ex) method – NDBLoadBalanceExceptionChecker example:
public class NdbLoadBalanceExceptionChecker extendsStandardLoadBalanceExceptionChecker {
public boolean shouldExceptionTriggerFailover(SQLException ex) {return super.shouldExceptionTriggerFailover(ex) || checkNdbException(ex);}
private boolean checkNdbException(SQLException ex) {// Have to parse the message since most NDB errors are mapped to the same DEMC, sadly.
return (ex.getMessage().startsWith("Lock wait timeout exceeded") || (ex.getMessage().startsWith("Got temporary error")&& ex.getMessage().endsWith("from NDB")));}}
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 20
Security with SSL and Pluggable Authentication
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 21
SSL in MySQL § MySQL Community built with yaSSL § MySQL Enterprise built with OpenSSL § MySQL 5.7 includes SSL improvements
– Automatic SSL configuration with OpenSSL § Previous versions require manual configuration
– Increased requirements for Diffie-Hellman key exchange § Key size minimum increased from 512 to 2048
– Command line client requires SSL when --ssl is given – New mysql_ssl_rsa_setup utility
§ Requires OpenSSL to be installed
§ TLS 1.0
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 22
SSL Access Control § Any user can connect with SSL § MySQL 5.7 moves REQUIRE SSL et al to CREATE USER and ALTER USER statements
– Previously included with GRANT
§ Users created with REQUIRE SSL will be denied access when connecting without SSL
§ Additional constraints available – REQUIRE X509
– AND ISSUER ‘issuer’
– AND SUBJECT ‘subject’
– AND CIPHER ‘cipher’
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 23
SSL in Connector/J § Encrypted communications § Establish identity of server § Allow server to establish identity of client § Required for regulatory and corporate policy compliance
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 24
SSL Options in Connector/J
§ useSSL§ requireSSL§ verifyServerCertificate§ clientCertificateKeyStoreUrl§ clientCertificateKeyStoreType§ clientCertificateKeyStorePassword§ trustCertificateKeyStoreUrl§ trustCertificateKeyStoreType§ trustCertificateKeyStorePassword§ enabledSSLCipherSuites
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 25
Keys Used in SSL § Server public key in truststore
– Can be specified as connection properties or Java system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword
– Used to verify the server identity – Not needed if verifyServerCertificate=false
§ Client keypair in keystore – Can be specified as connection properties or Java system properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword
– Used to prove client identity to the server – Client identity is not verified by default, use REQUIRE X509
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
Making SSL Connections
§ useSSL & requireSSL– useSSL enables SSL connections – requireSSL causes connections to abort if SSL is not supported
§ Importing keys with Java keytool – Check manual for tutorial:
§ Connector/J Reference § “Connecting Securely Using SSL”
– keytool -import -alias mysqlServerCACert -file cacert.pem -keystore keystore
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 28
Java 7 & MySQL 5.7 Community § MySQL 5.7 community uses Diffie-Hellman key exchange by default § Java 7 doesn’t support MySQL 5.7’s required 2048 bit key size for DH
key exchange § Exception will be thrown giving instructions § Force RSA key exchange with:
– enabledSSLCipherSuites=
TLS_RSA_WITH_AES_128_CBC_SHA
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 29
Pluggable Authentication § New feature in MySQL 5.5 § Supports traditional MySQL authentication and improved SHA-256
password hashing § Allows additional methods to be added with server plugins § Fully supported including extensible interfaces in Connector/J
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 33
Bandwidth Considerations
§ Use fine-grained queries and avoid fetching unnecessary fields and rows
§ Run tests with useUsageAdvisor=true to warn for inefficiencies – Reports on unused columns – Reports on result sets which were closed without reading all rows
§ Cache server configuration by setting cacheServerConfiguration=true
– Avoids additional querying during connection initialization
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
Buffered vs Streaming Results § Buffered results read entire result set into memory
– Ala mysql_store_result()– Faster local access – Additional memory required – Best for OLTP applications – Fully scrollable cursors
§ Streaming results read individual rows as used – Ala mysql_use_result()– Access may be slowed while waiting for network reads – Reduced memory requirements – Best for very large results – Forward only scrollability
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 35
Enable Streaming Results § com.mysql.jdbc.Statement
– Vender extension interface
§ Cast statement instances § Call enableStreamingResults()§ Call disableStreamingResults()§ Optionally set clobberStreamingResults=true
– Result sets automatically closed when new statements are executed on the same connections
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 62
• Use MySQL with Java http://dev.mysql.com/usingmysql/java/
• Read Connector/J User Manual http://dev.mysql.com/doc/refman/5.5/en/connector-j.html
• Visit MySQL “JDBC and Java” Forum http://forums.mysql.com/list.php?39
• View MySQL Essentials Webinars (Part 1 – Part 5) http://mysql.com/news-and-events/web-seminars/mysql-essentials.html
• Download MySQL 5.5 http://www.mysql.com/downloads/mysql/
• Download Free MySQL White Papers http://dev.mysql.com/why-mysql/white-papers/
Learn More: Resources
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 63
5.6 MySQL Server - GA The best release ever with high quality and performance InnoDB NoSQL API and improved replication durability
MySQL Cluster - GA 200 Million NoSQL Reads/Second Faster reboot operations and more detailed logs
7.4
5.7 MySQL Server - RC Refactoring and adding more pluggable components Faster performance and new NoSQL Features