Wikimedia Labs/Create shared sql service for all projects

There would be a dedicated server for Maria SQL running on dedicated hw for performance reasons which would be accessible from labs.

Access
Users can access server using LDAP and create unlimited number of databases.

Instances
There will be 2 instances of sql server, one for testing environment where people can have root access (mysql root) and one for production.

Firewall
Server should be accessible over network from labs, access from internet should be restricted. NRPE and ssh will be allowed too.

Backup
There should be online backup so that it's possible to restore any previous state (if this was too expensive we could just set up a simple incremental backup, like every week, etc)

Maintenance
Labs users will be able to connect to server with non root permissions to check the load of server and to control backups (a shell script which would allow users to restore their own databases). The SQL server would be maintained using puppet.