MDEV-35904/MDEV-37726/MDEV-15502 - systemd environment files for service, selinux fix + Deb #4329
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…EP_START_POSITION MDEV-35904 - backport MDEV-19210 to 10.11 as referenced by unset environment variables become warnings. We used to run `systemctl set-environment` to pass _WSREP_START_POSITION. This is bad because: * it clutter systemd's environment (yes, pid 1) * it requires root privileges * options (like LimitNOFILE=) are not applied Let's just create an environment file in ExecStartPre=, that is read before ExecStart= kicks in. We have _WSREP_START_POSITION around for the main process without any downsides.
…ory with wrong selinux permissions After moving the systemd service to using environment files instead of `systemctl set-environment` in 11.6 (MDEV-19210), they (wsrep-new-cluster and wsrep-start-position) are located in /var/lib/mysql along with the socket file in Fedora/RHEL-based distros. This causes them to have incorrect selinux permissions and therefore be not readable by systemd. A solution is to generate these files in the run directory, instead, which already has correct selinux label mysqld_var_run_t mysql-selinux-1.0.12. Dissociating these files and the socket in CMake configs can also prove useful for other things. This also corrects some of the duplicate code in the build scripts and made INSTALL_RUNDATADIR into a proper location and used this for the tmpfiles where the temporary files are created. Moved Debian's location from the /run/mysqld/ (previously based on INSTALL_UNIX_ADDRDIR), to /run/mariadb as its a temporary location controlled by tmpfiles.
With PermissionsStartOnly deprecated, remove this from the system service file. Replace Debian's ExecStartPre "install -d" with a tmpfile configuration directive creating the directory with this. Debian's ExecStartPost of the mariadb upgrade uses the ! special executable prefix added in systemd v231.
grooverdan
added
the
MariaDB Foundation
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
MDEV-35904 is backporting the MDEV-19210 as uninitialised systemd environment variables are now warnings in later systemd versions.
MDEV-37726, originally submitted as #4316, moves the galera information files of MDEV-35904 to
/run/mariadbso that selinux doesn't complain.With those in place, MDEV-15502, the tmpfiles for Debian becomes easy. Which incidently resolves MDEV-13985.
Release Notes
Per MDEVs
How can this PR be tested?
selinux changes covered by external manual testing in #4316.
environment usage of systemd galera previously tested as this is in 10.11+.
buildbot install/upgrade tests cover this adequtely (except the galera bit).
Basing the PR against the correct MariaDB version
mainbranch.PR quality check
Closes #4316.