Primary MySQL server running inside an LXC container on proxmox1.
200prod-scentiadblocal-lvm:vm-200-disk-0)eth0 via vmbr0 (DHCP)
10.150.40.21mp0: /mnt/mysql-backups (bind-mounted from Proxmox host)8.0.43 (MySQL Community Server - GPL)3306Confirmed via SHOW VARIABLES:
innodb_buffer_pool_size = 21474836480 (20 GiB)innodb_log_file_size = 2147483648 (2 GiB)max_connections = 300innodb_flush_log_at_trx_commit = 2sync_binlog = 1tmp_table_size = 268435456 (256 MiB)max_heap_table_size = 268435456 (256 MiB)innodb_io_capacity = 4000innodb_io_capacity_max = 8000innodb_flush_method = O_DIRECTskip_name_resolve = ONslow_query_log = ON
slow_query_log_file = /var/log/mysql/slow.logAdditional tuning is stored in:
/etc/mysql/mysql.conf.d/zz-metabase-tuning.cnfThis file was added to separate performance tuning from default configs.
Backups are written to an NFS-backed location exposed to this container as:
/mnt/mysql-backups/backupsnobody:nogroup with 0777 on the backup directory so MySQL backups can write files without UID/GID mismatches.The Proxmox host bind-mounts its own backup directory into the container using:
mp0: /mnt/mysql-backups,mp=/mnt/mysql-backups
See also: MySQL Backup Strategy.
Known MySQL users:
root@% – full administrative user.backup@% – used for logical dumps via mysqldump.monitoring@% – monitoring / check_mk agent.zonksql@% – application/service account.Example confirmed grants for backup:
SHOW GRANTS FOR 'backup'@'%';
Returns (at minimum):
GRANT SELECT, RELOAD, PROCESS, LOCK TABLES ON *.* TO `backup`@`%`;
GRANT FLUSH_TABLES ON *.* TO `backup`@`%`;
Additional grants can be added if needed.
A root password reset was performed using the skip-grant-tables method:
systemctl stop mysql.mysqld_safe with --skip-grant-tables --skip-networking.authentication_string for root@%.root and set a new password and confirmed grants.The exact password is stored in your password manager and never recorded in this documentation.