Configure SQL Server on Linux with the mssql-conf tool

Applies to: SQL Server (all supported versions) - Linux

Usage tips

• For Always On Availability Groups and shared disk clusters, always make the same configuration changes on each node.

• For the shared disk cluster scenario, do not attempt to restart the mssql-server service to apply changes. SQL Server is running as an application. Instead, take the resource offline and then back online.

• These examples run mssql-conf by specifying the full path: /opt/mssql/bin/mssql-conf. If you choose to navigate to that path instead, run mssql-conf in the context of the current directory: ./mssql-conf.

Enable SQL Server Agent

The sqlagent.enabled setting enables SQL Server Agent. By default, SQL Server Agent is disabled. If sqlagent.enabled is not present in the mssql.conf settings file, then SQL Server internally assumes that SQL Server Agent is disabled.

To change this setting, use the following steps:

1. Enable the SQL Server Agent:

   sudo /opt/mssql/bin/mssql-conf set sqlagent.enabled true 
   

2. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

Set the default database mail profile for SQL Server on Linux

The sqlpagent.databasemailprofile allows you to set the default DB Mail profile for email alerts.

sudo /opt/mssql/bin/mssql-conf set sqlagent.databasemailprofile <profile_name>

SQL Agent error logs

The sqlpagent.errorlogfile and sqlpagent.errorlogginglevel settings allows you to set the SQL Agent log file path and logging level respectively.

sudo /opt/mssql/bin/mssql-conf set sqlagent.errorfile <path>

SQL Agent logging levels are bitmask values that equal:

• 1 = Errors
• 2 = Warnings
• 4 = Info

If you want to capture all levels, use 7 as the value.

sudo /opt/mssql/bin/mssql-conf set sqlagent.errorlogginglevel <level>

Change the SQL Server collation

The set-collation option changes the collation value to any of the supported collations.

1. First backup any user databases on your server.

2. Then use the sp_detach_db stored procedure to detach the user databases.

3. Run the set-collation option and follow the prompts:

   sudo /opt/mssql/bin/mssql-conf set-collation
   

4. The mssql-conf utility will attempt to change to the specified collation value and restart the service. If there are any errors, it rolls back the collation to the previous value.

5. Restore your user database backups.

For a list of supported collations, run the sys.fn_helpcollations function: SELECT Name from sys.fn_helpcollations().

Configure customer feedback

The telemetry.customerfeedback setting changes whether SQL Server sends feedback to Microsoft or not. By default, this value is set to true for all editions. To change the value, run the following commands:

1. Run the mssql-conf script as root with the set command for telemetry.customerfeedback. The following example turns off customer feedback by specifying false.

   sudo /opt/mssql/bin/mssql-conf set telemetry.customerfeedback false
   

2. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

For more information, see Customer Feedback for SQL Server on Linux and the SQL Server Privacy Statement.

Change the default data or log directory location

The filelocation.defaultdatadir and filelocation.defaultlogdir settings change the location where the new database and log files are created. By default, this location is /var/opt/mssql/data. To change these settings, use the following steps:

1. Create the target directory for new database data and log files. The following example creates a new /tmp/data directory:

   sudo mkdir /tmp/data
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/data
   sudo chgrp mssql /tmp/data
   

3. Use mssql-conf to change the default data directory with the set command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdatadir /tmp/data
   

4. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

5. Now all the database files for the new databases created will be stored in this new location. If you would like to change the location of the log (.ldf) files of the new databases, you can use the following "set" command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /tmp/log
   

6. This command also assumes that a /tmp/log directory exists, and that it is under the user and group mssql.

Change the default master database file directory location

The filelocation.masterdatafile and filelocation.masterlogfile setting changes the location where the SQL Server engine looks for the master database files. By default, this location is /var/opt/mssql/data.

To change these settings, use the following steps:

1. Create the target directory for new error log files. The following example creates a new /tmp/masterdatabasedir directory:

   sudo mkdir /tmp/masterdatabasedir
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/masterdatabasedir
   sudo chgrp mssql /tmp/masterdatabasedir
   

3. Use mssql-conf to change the default master database directory for the master data and log files with the set command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.masterdatafile /tmp/masterdatabasedir/master.mdf
   sudo /opt/mssql/bin/mssql-conf set filelocation.masterlogfile /tmp/masterdatabasedir/mastlog.ldf
   

   Note

   In addition to moving the master data and log files, this also moves the default location for all other system databases.

4. Stop the SQL Server service:

   sudo systemctl stop mssql-server
   

5. Move the master.mdf and masterlog.ldf:

   sudo mv /var/opt/mssql/data/master.mdf /tmp/masterdatabasedir/master.mdf 
   sudo mv /var/opt/mssql/data/mastlog.ldf /tmp/masterdatabasedir/mastlog.ldf
   

6. Start the SQL Server service:

   sudo systemctl start mssql-server
   

   Note

   If SQL Server cannot find master.mdf and mastlog.ldf files in the specified directory, a templated copy of the system databases will be automatically created in the specified directory, and SQL Server will successfully start up. However, metadata such as user databases, server logins, server certificates, encryption keys, SQL agent jobs, or old SA login password will not be updated in the new master database. You will have to stop SQL Server and move your old master.mdf and mastlog.ldf to the new specified location and start SQL Server to continue using the existing metadata.

Change the name of master database files

The filelocation.masterdatafile and filelocation.masterlogfile setting changes the location where the SQL Server engine looks for the master database files. You can also use this to change the name of the master database and log files.

To change these settings, use the following steps:

1. Stop the SQL Server service:

   sudo systemctl stop mssql-server
   

2. Use mssql-conf to change the expected master database names for the master data and log files with the set command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.masterdatafile /var/opt/mssql/data/masternew.mdf
   sudo /opt/mssql/bin/mssql-conf set filelocation.mastlogfile /var/opt/mssql/data/mastlognew.ldf
   

   Important

   You can only change the name of the master database and log files after SQL Server has started successfully. Before the initial run, SQL Server expects the files to be named master.mdf and mastlog.ldf.

3. Change the name of the master database data and log files

   sudo mv /var/opt/mssql/data/master.mdf /var/opt/mssql/data/masternew.mdf
   sudo mv /var/opt/mssql/data/mastlog.ldf /var/opt/mssql/data/mastlognew.ldf
   

4. Start the SQL Server service:

   sudo systemctl start mssql-server
   

Change the default dump directory location

The filelocation.defaultdumpdir setting changes the default location where the memory and SQL dumps are generated whenever there is a crash. By default, these files are generated in /var/opt/mssql/log.

To set up this new location, use the following commands:

1. Create the target directory for new dump files. The following example creates a new /tmp/dump directory:

   sudo mkdir /tmp/dump
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/dump
   sudo chgrp mssql /tmp/dump
   

3. Use mssql-conf to change the default data directory with the set command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdumpdir /tmp/dump
   

4. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

Change the default error log file directory location

The filelocation.errorlogfile setting changes the location where the new error log, default profiler trace, system health session XE and Hekaton session XE files are created. By default, this location is /var/opt/mssql/log. The directory in which SQL errorlog file is set becomes the default log directory for other logs.

To change these settings:

1. Create the target directory for new error log files. The following example creates a new /tmp/logs directory:

   sudo mkdir /tmp/logs
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/logs
   sudo chgrp mssql /tmp/logs
   

3. Use mssql-conf to change the default errorlog filename with the set command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.errorlogfile /tmp/logs/errorlog
   

4. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

The errorlog.numerrorlogs setting will allow you to specify the number of error logs maintained before cycling the log.

Change the default backup directory location

The filelocation.defaultbackupdir setting changes the default location where the backup files are generated. By default, these files are generated in /var/opt/mssql/data.

To set up this new location, use the following commands:

1. Create the target directory for new backup files. The following example creates a new /tmp/backup directory:

   sudo mkdir /tmp/backup
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/backup
   sudo chgrp mssql /tmp/backup
   

3. Use mssql-conf to change the default backup directory with the "set" command:

   sudo /opt/mssql/bin/mssql-conf set filelocation.defaultbackupdir /tmp/backup
   

4. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

Specify core dump settings

If an exception or crash occurs in one of the SQL Server processes, SQL Server creates a memory dump. Capturing a memory dump may take a long time and take up significant space. To save resources and avoid repeated memory dumps, there is a setting to disable automatic dump capture, coredump.disablecoredump.

sudo /opt/mssql/bin/mssql-conf set coredump.disablecoredump <true or false>

Users can still generate memory dumps manually when automatic core dump is disabled (coredump.disablecoredump set to true).

There are two options for controlling the type of memory dumps that SQL Server collects: coredump.coredumptype and coredump.captureminiandfull. These relate to the two phases of core dump capture.

The first phase capture is controlled by the coredump.coredumptype setting, which determines the type of dump file generated during an exception. The second phase is enabled when the coredump.captureminiandfull setting. If coredump.captureminiandfull is set to true, the dump file specified by coredump.coredumptype is generated and a second mini dump is also generated. Setting coredump.captureminiandfull to false disables the second capture attempt.

1. Decide whether to capture both mini and full dumps with the coredump.captureminiandfull setting.

   sudo /opt/mssql/bin/mssql-conf set coredump.captureminiandfull <true or false>
   

   Default: false

2. Specify the type of dump file with the coredump.coredumptype setting.

   sudo /opt/mssql/bin/mssql-conf set coredump.coredumptype <dump_type>
   

   Default: miniplus

   The following table lists the possible coredump.coredumptype values.

   Type	Description
   mini	Mini is the smallest dump file type. It uses the Linux system information to determine threads and modules in the process. The dump contains only the host environment thread stacks and modules. It does not contain indirect memory references or globals.
   miniplus	MiniPlus is similar to mini, but it includes additional memory. It understands the internals of SQLPAL and the host environment, adding the following memory regions to the dump: - Various globals - All memory above 64TB - All named regions found in /proc/$pid/maps - Indirect memory from threads and stacks - Thread information - Associated Teb's and Peb's - Module Information - VMM and VAD tree
   filtered	Filtered uses a subtraction-based design where all memory in the process is included unless specifically excluded. The design understands the internals of SQLPAL and the host environment, excluding certain regions from the dump.
   full	Full is a complete process dump that includes all regions located in /proc/$pid/maps. This is not controlled by coredump.captureminiandfull setting.

High Availability

The hadr.hadrenabled option enables availability groups on your SQL Server instance. The following command enables availability groups by setting hadr.hadrenabled to 1. You must restart SQL Server for the setting to take effect.

sudo /opt/mssql/bin/mssql-conf set hadr.hadrenabled  1
sudo systemctl restart mssql-server

For information on how this is used with availability groups, see the following two topics.

• Configure Always On Availability Group for SQL Server on Linux
• Configure read-scale availability group for SQL Server on Linux

Set local audit directory

The telemetry.userrequestedlocalauditdirectory setting enables Local Audit and lets you set the directory where the Local Audit logs are created.

1. Create a target directory for new Local Audit logs. The following example creates a new /tmp/audit directory:

   sudo mkdir /tmp/audit
   

2. Change the owner and group of the directory to the mssql user:

   sudo chown mssql /tmp/audit
   sudo chgrp mssql /tmp/audit
   

3. Run the mssql-conf script as root with the set command for telemetry.userrequestedlocalauditdirectory:

   sudo /opt/mssql/bin/mssql-conf set telemetry.userrequestedlocalauditdirectory /tmp/audit
   

4. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

For more information, see Customer Feedback for SQL Server on Linux.

Change the SQL Server locale

The language.lcid setting changes the SQL Server locale to any supported language identifier (LCID).

1. The following example changes the locale to French (1036):

   sudo /opt/mssql/bin/mssql-conf set language.lcid 1036
   

2. Restart the SQL Server service to apply the changes:

   sudo systemctl restart mssql-server
   

Set the memory limit

The memory.memorylimitmb setting controls the amount physical memory (in MB) available to SQL Server. The default is 80% of the physical memory.

1. Run the mssql-conf script as root with the set command for memory.memorylimitmb. The following example changes the memory available to SQL Server to 3.25 GB (3328 MB).

   sudo /opt/mssql/bin/mssql-conf set memory.memorylimitmb 3328
   

2. Restart the SQL Server service to apply the changes:

   sudo systemctl restart mssql-server
   

Additional memory settings

The following options are available to the memory settings.

Configure MSDTC

The network.rpcport and distributedtransaction.servertcpport settings are used to configure the Microsoft Distributed Transaction Coordinator (MSDTC). To change these settings, run the following commands:

1. Run the mssql-conf script as root with the set command for "network.rpcport":

   sudo /opt/mssql/bin/mssql-conf set network.rpcport <rcp_port>
   

2. Then set the "distributedtransaction.servertcpport" setting:

   sudo /opt/mssql/bin/mssql-conf set distributedtransaction.servertcpport <servertcpport_port>
   

In addition to setting these values, you must also configure routing and update the firewall for port 135. For more information on how to do this, see How to configure MSDTC on Linux.

There are several other settings for mssql-conf that you can use to monitor and troubleshoot MSDTC. The following table briefly describes these settings. For more information on their use, see the details in the Windows support article, How to enable diagnostic tracing for MS DTC.

# For all packages: database engine and mlservices
# Setup prompts for mlservices EULAs, which you need to accept
sudo /opt/mssql/bin/mssql-conf setup

# Add R or Python to an existing installation
sudo /opt/mssql/bin/mssql-conf setup accept-eula-ml

# Alternative valid syntax
# Adds the EULA section to the INI and sets acceptulam to yes
sudo /opt/mssql/bin/mssql-conf set EULA accepteulaml Y

# Rescind EULA acceptance and removes the setting
sudo /opt/mssql/bin/mssql-conf unset EULA accepteulaml

[EULA]
accepteula = Y
accepteulaml = Y

# Adds the extensibility section and property.
# Sets "outboundnetworkaccess" to true.
# This setting is required if you want to access data or operations off the server.
sudo /opt/mssql/bin/mssql-conf set extensibility outboundnetworkaccess 1

# Turns off network access but preserves the setting
sudo /opt/mssql/bin/mssql-conf set extensibility outboundnetworkaccess 0

# Removes the setting and rescinds network access
sudo /opt/mssql/bin/mssql-conf unset extensibility.outboundnetworkaccess

[extensibility]
outboundnetworkaccess = 1

Change the TCP port

The network.tcpport setting changes the TCP port where SQL Server listens for connections. By default, this port is set to 1433. To change the port, run the following commands:

1. Run the mssql-conf script as root with the "set" command for "network.tcpport":

   sudo /opt/mssql/bin/mssql-conf set network.tcpport <new_tcp_port>
   

2. Restart the SQL Server service:

   sudo systemctl restart mssql-server
   

3. When connecting to SQL Server now, you must specify the custom port with a comma (,) after the hostname or IP address. For example, to connect with SQLCMD, you would use the following command:

   sqlcmd -S localhost,<new_tcp_port> -U test -P test
   

Specify TLS settings

The following options configure TLS for an instance of SQL Server running on Linux.

For an example of using the TLS settings, see Encrypting Connections to SQL Server on Linux.

Network settings

See Tutorial: Use Active Directory authentication with SQL Server on Linux for comprehensive information on using AD authentication with SQL Server on Linux.

The following options are additional network settings configurable using mssql-conf.

Enable/Disable traceflags

This traceflag option enables or disables traceflags for the startup of the SQL Server service. To enable/disable a traceflag, use the following commands:

1. Enable a traceflag using the following command. For example, for Traceflag 1234:

   sudo /opt/mssql/bin/mssql-conf traceflag 1234 on
   

2. You can enable multiple traceflags by specifying them separately:

   sudo /opt/mssql/bin/mssql-conf traceflag 2345 3456 on
   

3. In a similar way, you can disable one or more enabled traceflags by specifying them and adding the off parameter:

   sudo /opt/mssql/bin/mssql-conf traceflag 1234 2345 3456 off
   

4. Restart the SQL Server service to apply the changes:

   sudo systemctl restart mssql-server
   

Remove a setting

To unset any setting made with mssql-conf set, call mssql-conf with the unset option and the name of the setting. This clears the setting, effectively returning it to its default value.

1. The following example clears the network.tcpport option.

   sudo /opt/mssql/bin/mssql-conf unset network.tcpport
   

2. Restart the SQL Server service.

   sudo systemctl restart mssql-server
   

View current settings

To view any configured settings, run the following command to output the contents of the mssql.conf file:

sudo cat /var/opt/mssql/mssql.conf

Any settings not shown in this file are using their default values. The next section provides a sample mssql.conf file.

mssql.conf format

The following /var/opt/mssql/mssql.conf file provides an example for each setting. You can use this format to manually make changes to the mssql.conf file as needed. If you do manually change the file, you must restart SQL Server before the changes are applied. To use the mssql.conf file with Docker, you must have Docker persist your data. First add a complete mssql.conf file to your host directory and then run the container. There is an example of this in Customer Feedback.

[EULA]
accepteula = Y

[coredump]
captureminiandfull = true
coredumptype = full

[filelocation]
defaultbackupdir = /var/opt/mssql/data/
defaultdatadir = /var/opt/mssql/data/
defaultdumpdir = /var/opt/mssql/data/
defaultlogdir = /var/opt/mssql/data/

[hadr]
hadrenabled = 0

[language]
lcid = 1033

[memory]
memorylimitmb = 4096

[network]
forceencryption = 0
ipaddress = 10.192.0.0
kerberoskeytabfile = /var/opt/mssql/secrets/mssql.keytab
tcpport = 1401
tlscert = /etc/ssl/certs/mssql.pem
tlsciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
tlskey = /etc/ssl/private/mssql.key
tlsprotocols = 1.2,1.1,1.0

[sqlagent]
databasemailprofile = default
errorlogfile = /var/opt/mssql/log/sqlagentlog.log
errorlogginglevel = 7

[telemetry]
customerfeedback = true
userrequestedlocalauditdirectory = /tmp/audit

[traceflag]
traceflag0 = 1204
traceflag1 = 2345
traceflag = 3456

[EULA]
accepteula = Y
accepteulaml = Y

[coredump]
captureminiandfull = true
coredumptype = full

[distributedtransaction]
servertcpport = 51999

[filelocation]
defaultbackupdir = /var/opt/mssql/data/
defaultdatadir = /var/opt/mssql/data/
defaultdumpdir = /var/opt/mssql/data/
defaultlogdir = /var/opt/mssql/data/

[hadr]
hadrenabled = 0

[language]
lcid = 1033

[memory]
memorylimitmb = 4096

[network]
forceencryption = 0
ipaddress = 10.192.0.0
kerberoskeytabfile = /var/opt/mssql/secrets/mssql.keytab
rpcport = 13500
tcpport = 1401
tlscert = /etc/ssl/certs/mssql.pem
tlsciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
tlskey = /etc/ssl/private/mssql.key
tlsprotocols = 1.2,1.1,1.0

[sqlagent]
databasemailprofile = default
errorlogfile = /var/opt/mssql/log/sqlagentlog.log
errorlogginglevel = 7

[telemetry]
customerfeedback = true
userrequestedlocalauditdirectory = /tmp/audit

[traceflag]
traceflag0 = 1204
traceflag1 = 2345
traceflag = 3456

Next steps

To instead use environment variables to make some of these configuration changes, see Configure SQL Server settings with environment variables.

For other management tools and scenarios, see Manage SQL Server on Linux.