0    169    1


👉 本文共约8287个字,系统预计阅读时间或需32分钟。




Note: the description for this image is longer than the Hub length limit of 25000, so has been trimmed. The full description can be found at See also docker/hub-feedback#238 and docker/roadmap#475.

Quick reference

Also see the "Getting Help with MariaDB" article on the MariaDB Knowledge Base.

Supported tags and respective Dockerfile links

Quick reference (cont.)

What is MariaDB?

MariaDB Server is one of the most popular database servers in the world. It's made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow.

The intent is also to maintain high compatibility with MySQL, ensuring a library binary equivalency and exact matching with MySQL APIs and commands. MariaDB developers continue to develop new features and improve performance to better serve its users.


How to use this image

Start a mariadb server instance

Starting a MariaDB instance with the latest version is simple:


... where some-network is a newly created network (other than bridge as the default network), some-mariadb is the name you want to assign to your container, my-secret-pw is the password to be set for the MariaDB root user. See the list above for relevant tags to match your needs and environment.

Connect to MariaDB from the MySQL/MariaDB command line client

The following command starts another mariadb container instance and runs the mariadb command line client against your original mariadb container, allowing you to execute SQL statements against your database instance:

... where some-mariadb is the name of your original mariadb container (connected to the some-network Docker network).

This image can also be used as a client for non-Docker or remote instances:

That will give you a standard MariaDB prompt. You can test it with:

... which should give you the version. You can then use exit to leave the MariaDB command line client and the client container.

More information about the MariaDB command-line client can be found in the MariaDB Knowledge Base

... via docker-compose or docker stack deploy

Example docker-compose.yml for mariadb:


Run docker stack deploy -c stack.yml mariadb (or docker-compose -f stack.yml up), wait for it to initialize completely, and visit http://swarm-ip:8080, http://localhost:8080, or http://host-ip:8080 (as appropriate).

Container shell access and viewing MariaDB logs

The docker exec command allows you to run commands inside a Docker container. The following command line will give you a bash shell inside your mariadb container:

The log is available through Docker's container log:

Using a custom MariaDB configuration file

Custom configuration files should end in .cnf and be mounted at the directory /etc/mysql/conf.d. These files should contain the minimal changes from the MariaDB workload required for your application/environment. A MariaDB configuration file will have a [mariadb] group followed by variable = value settings per Setting Server System Variables or option-prefix-variable.

The mariadb image configuration contains the Ubuntu MariaDB variables with two custom changes for the container:

These disable the authentication of user@hostname users. To re-enable the skip-name-resolve use disable-skip-name-resolve as variable or arguement. When enabled, the host-cache-size should be sufficient for the number of containers connecting to the mariadb.

To view the resulting configuration of your mariadb container:

Configuration without a cnf file

Many configuration options can be passed as flags to mariadbd. This will give you the flexibility to customize the container without needing a cnf file. For example, if you want to run on port 3808 just run the following:

If you would like to see a complete list of available options, just run:

Environment Variables

When you start the mariadb image, you can adjust the initialization of the MariaDB instance by passing one or more environment variables on the docker run command line. Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup.

From tag 10.2.38, 10.3.29, 10.4.19, 10.5.10 onwards, and all 10.6 and later tags, the MARIADB_* equivalent variables are provided. MARIADB_* variants will always be used in preference to MYSQL_* variants.

One of MARIADB_RANDOM_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ROOT_PASSWORD or MARIADB_ALLOW_EMPTY_ROOT_PASSWORD (or equivalents, including *_FILE), is required. The other environment variables are optional.


This specifies the password that will be set for the MariaDB root superuser account. In the above example, it was set to my-secret-pw.

In order to have no plaintext secret in the deployment, MARIADB_ROOT_PASSWORD_HASH can be used as it is just the hash of the password. The hash can be generated with SELECT PASSWORD('thepassword') as a SQL query.


Set to a non-empty value, like yes, to allow the container to be started with a blank password for the root user. NOTE: Setting this variable to yes is not recommended unless you really know what you are doing, since this will leave your MariaDB instance completely unprotected, allowing anyone to gain complete superuser access.


Set to a non-empty value, like yes, to generate a random initial password for the root user. The generated root password will be printed to stdout (GENERATED ROOT PASSWORD: .....).


This is the hostname part of the root user created. By default this is %, however it can be set to any default MariaDB allowed hostname component. Setting this to localhost will prevent any root user being accessible except via the unix socket.


Set MARIADB_MYSQL_LOCALHOST_USER to a non-empty value to create the mysql@locahost database user. This user is especially useful for a variety of health checks and backup scripts.

The mysql@localhost user gets USAGE privileges by default. If more access is required, additional global privileges in the form of a comma separated list can be provided. If you are sharing a volume containing MariaDB's unix socket (/var/run/mysqld by default), privileges beyond USAGE can result in confidentiality, integrity and availability risks, so use a minimal set. See the example below on using Mariabackup. The script also documents the required privileges for each health check test.


This variable allows you to specify the name of a database to be created on image startup.


These are used in conjunction to create a new user and to set that user's password. Both user and password variables are required for a user to be created. This user will be granted all access (corresponding to GRANT ALL) to the MARIADB_DATABASE database.

See MARIADB_ROOT_PASSWORD_HASH above for how to get a password hash for MARIADB_PASSWORD_HASH.

Do note that there is no need to use this mechanism to create the root superuser, that user gets created by default with the password specified by the MARIADB_ROOT_PASSWORD* variable.


By default, the entrypoint script automatically loads the timezone data needed for the CONVERT_TZ() function. If it is not needed, any non-empty value disables timezone loading.


Set MARIADB_AUTO_UPGRADE to a non-empty value to have the entrypoint check whether mysql_upgrade/mariadb-upgrade needs to run, and if so, run the upgrade before starting the MariaDB server.

Before the upgrade, a backup of the system database is created in the top of the datadir with the name system_mysql_backup_*.sql.zst. This backup process can be disabled with by setting MARIADB_DISABLE_UPGRADE_BACKUP to a non-empty value.

Docker Secrets

As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files. For example:


Initializing a fresh instance

When a container is started for the first time, a new database with the specified name will be created and initialized with the provided configuration variables. Furthermore, it will execute files with extensions .sh, .sql, .sql.gz, .sql.xz and .sql.zst that are found in /docker-entrypoint-initdb.d. Files will be executed in alphabetical order. .sh files without file execute permission are sourced rather than executed. You can easily populate your mariadb services by mounting a SQL dump into that directory and provide custom images with contributed data. SQL files will be imported by default to the database specified by the MARIADB_DATABASE / MYSQL_DATABASE variable.


Where to Store Data

Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the mariadb images to familiarize themselves with the options available, including:

  • Let Docker manage the storage of your database data by writing the database files to disk on the host system using its own internal volume management. This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers.
  • Create a data directory on the host system (outside the container) and mount this to a directory visible from inside the container. This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that e.g. directory permissions and other security mechanisms on the host system are set up correctly.

The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:

  1. Create a data directory on a suitable volume on your host system, e.g. /my/own/datadir.

  2. Start your mariadb container like this:

The -v /my/own/datadir:/var/lib/mysql part of the command mounts the /my/own/datadir directory from the underlying host system as /var/lib/mysql inside the container, where MariaDB by default will write its data files.

No connections until MariaDB init completes

If there is no database initialized when the container starts, then a default database will be created. While this is the expected behavior, this means that it will not accept incoming connections until such initialization completes. This may cause issues when using automation tools, such as docker-compose, which start several containers simultaneously.

Health/Liveness/Readiness Checking

See the "Official Images" FAQ for why there is no default HEALTHCHECK directive. However, you can use the /usr/local/bin/ script to choose from a (non-exhaustive) list of tests to check for whatever you consider health/liveness/readiness. Refer to the script's sources to learn about how to use it and which exact tests are provided.

Usage against an existing database

If you start your mariadb container instance with a data directory that already contains a database (specifically, a mysql subdirectory), no environment variables that control initialization will be needed or examined, and no pre-existing databases will be changed. The only exception is the non-default MARIADB_AUTO_UPGRADE environment variable, that might cause mysql_upgrade/mariadb-upgrade to run, which might change the system tables.

Creating database dumps

Most of the normal tools will work, although their usage might be a little convoluted in some cases to ensure they have access to the mysqld server. A simple way to ensure this is to use docker exec and run the tool from the same container, similar to the following:

Restoring data from dump files

For restoring data. You can use the docker exec command with the -i flag, similar to the following:

If one or more databases, but neither --all-databases nor the mysql database, were dumped, these databases can be restored by placing the resulting sql file in the /docker-entrypoint-initdb.d directory.

Creating backups with Mariabackup

To perform a backup using Mariabackup, a second container is started that shares the original container's data directory. An additional volume for the backup needs to be included in the second backup instance. Authentication against the MariaDB database instance is required to successfully complete the backup. In the example below a mysql@localhost user is used with the MariaDB server's unix socket shared with the backup container.

Note: Privileges listed here are for 10.5+. For an exact list, see the Knowledge Base documentation for Mariabackup: Authentication and Privileges.

Mariabackup will run as the mysql user in the container, so the permissions on /backup will need to ensure that it can be written to by this user:

To perform the backup:

Restore backups with Mariabackup

These steps restore the backup made with Mariabackup.

At some point before doing the restore, the backup needs to be prepared. Perform the prepare like this:

Now that the image is prepared, start the container with both the data and the backup volumes and restore the backup:

With /my/new/datadir containing the restored backup, start normally as this is an initialized data directory:

For further information on Mariabackup, see the Mariabackup Knowledge Base.



Avatar photo





  • 18509239930
  • 个人微信

  • 麦老师QQ聊天
  • 个人邮箱
  • 点击加入QQ群
  • 个人微店

  • 回到顶部