c8-stream-10.5
imports/c8-stream-10.5/mariadb-10.5.16-2.module+el8.6.0+15639+405b7427
commit
a758ecf608
@ -0,0 +1 @@
|
|||||||
|
SOURCES/mariadb-10.5.16-downstream_modified.tar.gz
|
@ -0,0 +1 @@
|
|||||||
|
10c51d806a5eba0abce079a1965a487ff104a9a1 SOURCES/mariadb-10.5.16-downstream_modified.tar.gz
|
@ -0,0 +1,27 @@
|
|||||||
|
Copyright (c) 2012-2014, Olaf van Zandwijk
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer in the documentation
|
||||||
|
and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
3. Neither the name of the copyright holder nor the names of its contributors
|
||||||
|
may be used to endorse or promote products derived from this software without
|
||||||
|
specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||||
|
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||||
|
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||||
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||||
|
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@ -0,0 +1,4 @@
|
|||||||
|
The official MySQL documentation is not freely redistributable, so we cannot
|
||||||
|
include it in RHEL or Fedora. You can find it on-line at
|
||||||
|
|
||||||
|
http://dev.mysql.com/doc/
|
@ -0,0 +1,9 @@
|
|||||||
|
MySQL is distributed under GPL v2, but there are some licensing exceptions
|
||||||
|
that allow the client libraries to be linked with a non-GPL application,
|
||||||
|
so long as the application is under a license approved by Oracle.
|
||||||
|
For details see
|
||||||
|
|
||||||
|
http://www.mysql.com/about/legal/licensing/foss-exception/
|
||||||
|
|
||||||
|
Some innobase code from Percona and Google is under BSD license.
|
||||||
|
Some code related to test-suite is under LGPLv2.
|
@ -0,0 +1,132 @@
|
|||||||
|
socat tunnel for encrypted rsync SST
|
||||||
|
====================================
|
||||||
|
|
||||||
|
`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer)
|
||||||
|
implementation that ships with mariadb. Its purpose is to encrypt
|
||||||
|
communication between the donor and the joiner during an SST.
|
||||||
|
|
||||||
|
Encryption is implemented by means of a socat tunnel, using OPENSSL
|
||||||
|
addresses. It can be configured via the regular openssl flags exposed
|
||||||
|
by socat.
|
||||||
|
|
||||||
|
|
||||||
|
## How to configure the script
|
||||||
|
|
||||||
|
This SST script can configured by setting a few keys in your favorite
|
||||||
|
mariadb option file in addition to the usual galera settings.
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
...
|
||||||
|
bind_address=<node-name>
|
||||||
|
wsrep_sst_method=rsync_tunnel
|
||||||
|
...
|
||||||
|
|
||||||
|
[sst]
|
||||||
|
tca=/path/to/your/ca-file.crt
|
||||||
|
tcert=/path/to/node/certificate.crt
|
||||||
|
tkey=/path/to/node/key.key
|
||||||
|
sockopt=<openssl-address-options-as-per-socat-manual>
|
||||||
|
|
||||||
|
When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses
|
||||||
|
socat to listen to incoming SSL connections on port 4444 in lieu of
|
||||||
|
the original rsync daemon. Received data will be forwarded to the
|
||||||
|
rscynd daemon started locally to replicate the database.
|
||||||
|
|
||||||
|
When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes
|
||||||
|
a series of rsync calls that target a locally started socat daemon.
|
||||||
|
The daemon tunnels all rsync traffic into an encrypted SSL connection
|
||||||
|
that targets the joiner's end of the socat tunnel.
|
||||||
|
|
||||||
|
Encryption parameters are specified under the `[sst]` group in the
|
||||||
|
mariadb option file, where `tkey` and `tcert` are respectively the key
|
||||||
|
and the certificate that are used by both sides of the socat tunnel.
|
||||||
|
Each node typically has a different key and cert. Both key and
|
||||||
|
certificate can be combined into a single PEM file and referenced by
|
||||||
|
`tcert`. Option `tca` holds a list of the trusted signing
|
||||||
|
certificates.
|
||||||
|
|
||||||
|
In case you need to tweak the creation of the SSL connection, you can
|
||||||
|
pass valid socat options (as per socat manual) via the `sockopt` key.
|
||||||
|
For debugging purpose, the exact socat command that is being executed
|
||||||
|
shows up in the mariadb log file.
|
||||||
|
|
||||||
|
Note that socat verifies that the certificate's commonName matches
|
||||||
|
that of the host that is being targeted. The target name comes from
|
||||||
|
the value configured in `bind_address`, so it's important that it
|
||||||
|
matches the certificate's commonName. An IP address can be used for
|
||||||
|
`bind_address`, but you may get into trouble in case different
|
||||||
|
hostnames resolve to the same IP (e.g. multiple networks per host).
|
||||||
|
|
||||||
|
|
||||||
|
## Examples of use
|
||||||
|
|
||||||
|
Suppose you're running a 3-node galera cluster
|
||||||
|
`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`.
|
||||||
|
|
||||||
|
### Scenario: using self-signed certificates
|
||||||
|
|
||||||
|
On each node, create a key and a certificate, and bundle them into a
|
||||||
|
single PEM file. For instance on `node1.my.cluster`:
|
||||||
|
|
||||||
|
openssl genrsa -out /tls/mysql-$(hostname -f).key 2048
|
||||||
|
openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch
|
||||||
|
cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem
|
||||||
|
|
||||||
|
Then, on each node, create a cafile that will contain all the certs to
|
||||||
|
trust:
|
||||||
|
|
||||||
|
for n in node1.my.cluster node2.my.cluster node3.my.cluster; do
|
||||||
|
ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt
|
||||||
|
done
|
||||||
|
|
||||||
|
Once you have those two files on each host, you can configure the SST
|
||||||
|
appropriately. For instance from `/etc/my.cnf.d/galera.cnf`:
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
...
|
||||||
|
|
||||||
|
[sst]
|
||||||
|
tca=/tls/all-mysql.crt
|
||||||
|
tcert=/tls/mysql.pem
|
||||||
|
|
||||||
|
### Scenario: using self-signed certificates, without verification
|
||||||
|
|
||||||
|
By default, when socat tries to establish a SSL connection to a peer,
|
||||||
|
it also verifies that it can trust the peer's certificate. If for some
|
||||||
|
reason you need to disable that feature, you can amend the previous
|
||||||
|
configuration with a sockopt option:
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
...
|
||||||
|
|
||||||
|
[sst]
|
||||||
|
tca=/tls/all-mysql.crt
|
||||||
|
tcert=/tls/mysql.pem
|
||||||
|
sockopt="verify=0"
|
||||||
|
|
||||||
|
The associated sockopt value is passed to socat when
|
||||||
|
the donor or the joiner configures his part of the tunnel.
|
||||||
|
|
||||||
|
Note: please do not do so in production, this is inherently insecure
|
||||||
|
as you will not verify the identity of the peer you're connecting to!
|
||||||
|
|
||||||
|
### Scenario: using certificates from a CA
|
||||||
|
|
||||||
|
Suppose you have a FreeIPA service which generated a key file and a
|
||||||
|
certificate file for the three galera nodes, respectively located at
|
||||||
|
/tls/mysql.key and /tls/mysql.crt.
|
||||||
|
|
||||||
|
Assuming that the certificate for the FreeIPA server is available at
|
||||||
|
/etc/ipa/ca.crt, you can configure you galera servers as follows:
|
||||||
|
|
||||||
|
[sst]
|
||||||
|
tca=/etc/ipa/ca.crt
|
||||||
|
tcert=/tls/mysql.crt
|
||||||
|
tkey=/tls/mysql.key
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin).
|
||||||
|
This work is derived from the original `wsrep_rsync_sst`, copyright
|
||||||
|
© 2010-2014 [Codership Oy](https://github.com/codership).
|
||||||
|
Released under the GNU GPLv2.
|
@ -0,0 +1,89 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Script to make a proxy (ie HAProxy) capable of monitoring Galera cluster nodes properly
|
||||||
|
#
|
||||||
|
# Author: Olaf van Zandwijk <olaf.vanzandwijk@nedap.com>
|
||||||
|
# Author: Raghavendra Prabhu <raghavendra.prabhu@percona.com>
|
||||||
|
# Author: Ryan O'Hara <rohara@redhat.com>
|
||||||
|
#
|
||||||
|
# Documentation and download: https://github.com/olafz/percona-clustercheck
|
||||||
|
#
|
||||||
|
# Based on the original script from Unai Rodriguez
|
||||||
|
#
|
||||||
|
|
||||||
|
if [ -f @INSTALL_SYSCONFDIR@/sysconfig/clustercheck ]; then
|
||||||
|
. @INSTALL_SYSCONFDIR@/sysconfig/clustercheck
|
||||||
|
fi
|
||||||
|
|
||||||
|
MYSQL_USERNAME="${MYSQL_USERNAME-clustercheckuser}"
|
||||||
|
MYSQL_PASSWORD="${MYSQL_PASSWORD-clustercheckpassword!}"
|
||||||
|
MYSQL_HOST="${MYSQL_HOST:-127.0.0.1}"
|
||||||
|
MYSQL_PORT="${MYSQL_PORT:-3306}"
|
||||||
|
ERR_FILE="${ERR_FILE:-/dev/null}"
|
||||||
|
AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-0}
|
||||||
|
AVAILABLE_WHEN_READONLY=${AVAILABLE_WHEN_READONLY:-1}
|
||||||
|
DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-@INSTALL_SYSCONFDIR@/my.cnf}
|
||||||
|
|
||||||
|
#Timeout exists for instances where mysqld may be hung
|
||||||
|
TIMEOUT=10
|
||||||
|
|
||||||
|
if [[ -r $DEFAULTS_EXTRA_FILE ]];then
|
||||||
|
MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE \
|
||||||
|
--connect-timeout=$TIMEOUT \
|
||||||
|
--user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
|
||||||
|
--host=${MYSQL_HOST} --port=${MYSQL_PORT}"
|
||||||
|
else
|
||||||
|
MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT \
|
||||||
|
--user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
|
||||||
|
--host=${MYSQL_HOST} --port=${MYSQL_PORT}"
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
# Perform the query to check the wsrep_local_state
|
||||||
|
#
|
||||||
|
WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \
|
||||||
|
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
|
||||||
|
|
||||||
|
if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]]
|
||||||
|
then
|
||||||
|
# Check only when set to 0 to avoid latency in response.
|
||||||
|
if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then
|
||||||
|
READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \
|
||||||
|
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
|
||||||
|
|
||||||
|
if [[ "${READ_ONLY}" == "ON" ]];then
|
||||||
|
# Galera cluster node local state is 'Synced', but it is in
|
||||||
|
# read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0.
|
||||||
|
# => return HTTP 503
|
||||||
|
# Shell return-code is 1
|
||||||
|
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
|
||||||
|
echo -en "Content-Type: text/plain\r\n"
|
||||||
|
echo -en "Connection: close\r\n"
|
||||||
|
echo -en "Content-Length: 35\r\n"
|
||||||
|
echo -en "\r\n"
|
||||||
|
echo -en "Galera cluster node is read-only.\r\n"
|
||||||
|
sleep 0.1
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Galera cluster node local state is 'Synced' => return HTTP 200
|
||||||
|
# Shell return-code is 0
|
||||||
|
echo -en "HTTP/1.1 200 OK\r\n"
|
||||||
|
echo -en "Content-Type: text/plain\r\n"
|
||||||
|
echo -en "Connection: close\r\n"
|
||||||
|
echo -en "Content-Length: 32\r\n"
|
||||||
|
echo -en "\r\n"
|
||||||
|
echo -en "Galera cluster node is synced.\r\n"
|
||||||
|
sleep 0.1
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
# Galera cluster node local state is not 'Synced' => return HTTP 503
|
||||||
|
# Shell return-code is 1
|
||||||
|
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
|
||||||
|
echo -en "Content-Type: text/plain\r\n"
|
||||||
|
echo -en "Connection: close\r\n"
|
||||||
|
echo -en "Content-Length: 36\r\n"
|
||||||
|
echo -en "\r\n"
|
||||||
|
echo -en "Galera cluster node is not synced.\r\n"
|
||||||
|
sleep 0.1
|
||||||
|
exit 1
|
||||||
|
fi
|
@ -0,0 +1,29 @@
|
|||||||
|
This scirpt is ran by the systemd service.
|
||||||
|
In Fedora the service has priviledges dropped to the mysql user.
|
||||||
|
Thus "chown 0" will always fail
|
||||||
|
|
||||||
|
Never parse 'ls' output!
|
||||||
|
http://mywiki.wooledge.org/BashFAQ/087
|
||||||
|
|
||||||
|
--- mariadb-10.4.12/scripts/mysql_install_db.sh 2020-01-26 21:43:53.000000000 +0100
|
||||||
|
+++ mariadb-10.4.12/scripts/mysql_install_db.sh_patched 2020-01-29 11:11:09.448812331 +0100
|
||||||
|
@@ -482,13 +482,16 @@ if test -n "$user"
|
||||||
|
then
|
||||||
|
if test -z "$srcdir" -a "$in_rpm" -eq 0
|
||||||
|
then
|
||||||
|
- chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||||
|
- chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||||
|
- if test $? -ne 0
|
||||||
|
+ if [ `stat "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" -c %u` -ne 0 ]
|
||||||
|
then
|
||||||
|
+ chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||||
|
+ chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||||
|
+ if test $? -ne 0
|
||||||
|
+ then
|
||||||
|
echo "Couldn't set an owner to '$pamtooldir/auth_pam_tool_dir/auth_pam_tool'."
|
||||||
|
echo "It must be root, the PAM authentication plugin doesn't work otherwise.."
|
||||||
|
echo
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
chown $user "$pamtooldir/auth_pam_tool_dir" && \
|
||||||
|
chmod 0700 "$pamtooldir/auth_pam_tool_dir"
|
@ -0,0 +1,31 @@
|
|||||||
|
--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200
|
||||||
|
+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200
|
||||||
|
@@ -187,6 +187,7 @@ IF(UNIX)
|
||||||
|
COMPONENT SharedLibraries)
|
||||||
|
INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||||
|
COMPONENT Client)
|
||||||
|
+ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY)
|
||||||
|
INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||||
|
COMPONENT IniFiles)
|
||||||
|
INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||||
|
|
||||||
|
diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
|
||||||
|
--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100
|
||||||
|
+++ mariadb-10.0.15/support-files/rpm/server.cnf 2015-01-24 23:57:42.308114387 +0100
|
||||||
|
@@ -9,7 +9,16 @@
|
||||||
|
[server]
|
||||||
|
|
||||||
|
# this is only for the mysqld standalone daemon
|
||||||
|
+# Settings user and group are ignored when systemd is used.
|
||||||
|
+# If you need to run mysqld under a different user or group,
|
||||||
|
+# customize your systemd unit file for mysqld/mariadb according to the
|
||||||
|
+# instructions in http://fedoraproject.org/wiki/Systemd
|
||||||
|
[mysqld]
|
||||||
|
+datadir=@MYSQL_DATADIR@
|
||||||
|
+socket=@MYSQL_UNIX_ADDR@
|
||||||
|
+log-error=@LOG_LOCATION@
|
||||||
|
+pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
|
||||||
|
+
|
||||||
|
|
||||||
|
#
|
||||||
|
# * Galera-related settings
|
@ -0,0 +1,41 @@
|
|||||||
|
We have some downstream patches and other scripts that include variables to
|
||||||
|
be expanded by cmake. Cmake needs to know about them, so adding them manually.
|
||||||
|
|
||||||
|
# Install libgcc as mylibgcc.a
|
||||||
|
--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200
|
||||||
|
+++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200
|
||||||
|
@@ -377,6 +377,34 @@
|
||||||
|
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT})
|
||||||
|
ENDIF()
|
||||||
|
ENDFOREACH()
|
||||||
|
+
|
||||||
|
+ # files for systemd
|
||||||
|
+ SET(SYSTEMD_SCRIPTS
|
||||||
|
+ mysql.tmpfiles.d
|
||||||
|
+ mysql.service
|
||||||
|
+ mysql@.service
|
||||||
|
+ mysql-prepare-db-dir
|
||||||
|
+ mysql-check-socket
|
||||||
|
+ mysql-check-upgrade
|
||||||
|
+ mysql-scripts-common
|
||||||
|
+ mysql_config_multilib
|
||||||
|
+ clustercheck
|
||||||
|
+ galera_new_cluster
|
||||||
|
+ my.cnf
|
||||||
|
+ )
|
||||||
|
+ FOREACH(file ${SYSTEMD_SCRIPTS})
|
||||||
|
+ IF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh)
|
||||||
|
+ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh
|
||||||
|
+ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY)
|
||||||
|
+ ELSEIF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.in)
|
||||||
|
+ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.in
|
||||||
|
+ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY)
|
||||||
|
+ ELSE()
|
||||||
|
+ MESSAGE(FATAL_ERROR "Can not find ${file}.sh or ${file}.in in "
|
||||||
|
+ "${CMAKE_CURRENT_SOURCE_DIR}" )
|
||||||
|
+ ENDIF()
|
||||||
|
+ ENDFOREACH()
|
||||||
|
+
|
||||||
|
ENDIF()
|
||||||
|
|
||||||
|
# Install libgcc as mylibgcc.a
|
@ -0,0 +1,23 @@
|
|||||||
|
|
||||||
|
module mariadb-server-galera 1.0;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type mysqld_t;
|
||||||
|
type rsync_exec_t;
|
||||||
|
type anon_inodefs_t;
|
||||||
|
type proc_net_t;
|
||||||
|
type kerberos_port_t;
|
||||||
|
class file { read execute execute_no_trans getattr open };
|
||||||
|
class tcp_socket { name_bind name_connect };
|
||||||
|
class process { setpgid siginh rlimitinh noatsecure };
|
||||||
|
}
|
||||||
|
|
||||||
|
# allow mysqld to run rsyncd
|
||||||
|
allow mysqld_t self:process setpgid;
|
||||||
|
allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
|
||||||
|
allow mysqld_t anon_inodefs_t:file getattr;
|
||||||
|
allow mysqld_t proc_net_t:file { read open };
|
||||||
|
|
||||||
|
# allow rsyncd to listen on port 4444
|
||||||
|
allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
|
||||||
|
--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100
|
||||||
|
+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100
|
||||||
|
@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
|
||||||
|
let $restart_parameters=--ssl-cipher=AES128-SHA;
|
||||||
|
source include/restart_mysqld.inc;
|
||||||
|
connect (ssl_con,localhost,root,,,,,SSL);
|
||||||
|
+--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||||
|
SHOW STATUS LIKE 'Ssl_cipher';
|
||||||
|
+--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||||
|
SHOW STATUS LIKE 'Ssl_cipher_list';
|
||||||
|
disconnect ssl_con;
|
||||||
|
connection default;
|
@ -0,0 +1,18 @@
|
|||||||
|
#
|
||||||
|
# This group is read both both by the client and the server
|
||||||
|
# use it for options that affect everything
|
||||||
|
#
|
||||||
|
[client-server]
|
||||||
|
|
||||||
|
#
|
||||||
|
# This group is read by the server
|
||||||
|
#
|
||||||
|
[mysqld]
|
||||||
|
# Disabling symbolic-links is recommended to prevent assorted security risks
|
||||||
|
symbolic-links=0
|
||||||
|
|
||||||
|
#
|
||||||
|
# include all files from the config directory
|
||||||
|
#
|
||||||
|
!includedir @INSTALL_SYSCONF2DIR@
|
||||||
|
|
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# We check if there is already a process using the socket file,
|
||||||
|
# since otherwise the systemd service file could report false
|
||||||
|
# positive result when starting and mysqld_safe could remove
|
||||||
|
# a socket file, which is actually being used by a different daemon.
|
||||||
|
|
||||||
|
source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
|
||||||
|
|
||||||
|
if test -e "$socketfile" ; then
|
||||||
|
echo "Socket file $socketfile exists." >&2
|
||||||
|
|
||||||
|
# no write permissions
|
||||||
|
if ! test -w "$socketfile" ; then
|
||||||
|
echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2
|
||||||
|
echo "Please, remove $socketfile manually to start the service." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# not a socket file
|
||||||
|
if ! test -S "$socketfile" ; then
|
||||||
|
echo "The file $socketfile is not a socket file, which is suspicious." >&2
|
||||||
|
echo "Please, remove $socketfile manually to start the service." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# some process uses the socket file
|
||||||
|
response=`@bindir@/mysqladmin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
|
||||||
|
if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
|
||||||
|
echo "Is another MySQL daemon already running with the same unix socket?" >&2
|
||||||
|
echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# socket file is a garbage
|
||||||
|
echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
|
||||||
|
|
||||||
|
upgrade_info_file="$datadir/mysql_upgrade_info"
|
||||||
|
version=0
|
||||||
|
# get version as integer from mysql_upgrade_info file
|
||||||
|
if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then
|
||||||
|
version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/')
|
||||||
|
version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/')
|
||||||
|
if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then
|
||||||
|
version=$((version_major*100+version_minor))
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# compute current version as integer
|
||||||
|
thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@))
|
||||||
|
|
||||||
|
# provide warning in cases we should run mysql_upgrade
|
||||||
|
if [ $version -ne $thisversion ] ; then
|
||||||
|
|
||||||
|
# give extra warning if some version seems to be skipped
|
||||||
|
if [ $version -gt 0 ] && [ $version -lt 505 ] ; then
|
||||||
|
echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF >&2
|
||||||
|
The datadir located at $datadir needs to be upgraded using 'mysql_upgrade' tool. This can be done using the following steps:
|
||||||
|
|
||||||
|
1. Back-up your data before with 'mysql_upgrade'
|
||||||
|
2. Start the database daemon using 'service @DAEMON_NAME@ start'
|
||||||
|
3. Run 'mysql_upgrade' with a database user that has sufficient privileges
|
||||||
|
|
||||||
|
Read more about 'mysql_upgrade' usage at:
|
||||||
|
https://mariadb.com/kb/en/mariadb/documentation/sql-commands/table-commands/mysql_upgrade/
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,137 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# This script creates the mysql data directory during first service start.
|
||||||
|
# In subsequent starts, it does nothing much.
|
||||||
|
|
||||||
|
source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
|
||||||
|
|
||||||
|
export LC_ALL=C
|
||||||
|
|
||||||
|
# Returns content of the specified directory
|
||||||
|
# If listing files fails, fake-file is returned so which means
|
||||||
|
# we'll behave like there was some data initialized
|
||||||
|
# Some files or directories are fine to be there, so those are
|
||||||
|
# explicitly removed from the listing
|
||||||
|
# @param <dir> datadir
|
||||||
|
list_datadir ()
|
||||||
|
{
|
||||||
|
( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
|
||||||
|
-e '^lost+found$' \
|
||||||
|
-e '\.err$' \
|
||||||
|
-e '^.bash_history$'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks whether datadir should be initialized
|
||||||
|
# @param <dir> datadir
|
||||||
|
should_initialize ()
|
||||||
|
{
|
||||||
|
test -z "$(list_datadir "$1")"
|
||||||
|
}
|
||||||
|
|
||||||
|
# If two args given first is user, second is group
|
||||||
|
# otherwise the arg is the systemd service file
|
||||||
|
if [ "$#" -eq 2 ]
|
||||||
|
then
|
||||||
|
myuser="$1"
|
||||||
|
mygroup="$2"
|
||||||
|
else
|
||||||
|
# Absorb configuration settings from the specified systemd service file,
|
||||||
|
# or the default service if not specified
|
||||||
|
SERVICE_NAME="$1"
|
||||||
|
if [ x"$SERVICE_NAME" = x ]
|
||||||
|
then
|
||||||
|
SERVICE_NAME=@DAEMON_NAME@.service
|
||||||
|
fi
|
||||||
|
|
||||||
|
myuser=`systemctl show -p User "${SERVICE_NAME}" |
|
||||||
|
sed 's/^User=//'`
|
||||||
|
if [ x"$myuser" = x ]
|
||||||
|
then
|
||||||
|
myuser=mysql
|
||||||
|
fi
|
||||||
|
|
||||||
|
mygroup=`systemctl show -p Group "${SERVICE_NAME}" |
|
||||||
|
sed 's/^Group=//'`
|
||||||
|
if [ x"$mygroup" = x ]
|
||||||
|
then
|
||||||
|
mygroup=mysql
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set up the errlogfile with appropriate permissions
|
||||||
|
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
|
||||||
|
case $(basename "$errlogfile") in
|
||||||
|
mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
|
||||||
|
*) ;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
# Provide some advice if the log file cannot be created by this script
|
||||||
|
errlogdir=$(dirname "$errlogfile")
|
||||||
|
if ! [ -d "$errlogdir" ] ; then
|
||||||
|
echo "The directory $errlogdir does not exist." >&2
|
||||||
|
exit 1
|
||||||
|
elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
|
||||||
|
echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
|
||||||
|
echo "The daemon will be run under $myuser:$mygroup" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make the data directory if doesn't exist or empty
|
||||||
|
if should_initialize "$datadir" ; then
|
||||||
|
# First, make sure $datadir is there with correct permissions
|
||||||
|
# (note: if it's not, and we're not root, this'll fail ...)
|
||||||
|
if [ ! -e "$datadir" -a ! -h "$datadir" ]
|
||||||
|
then
|
||||||
|
mkdir -p "$datadir" || exit 1
|
||||||
|
fi
|
||||||
|
chown "$myuser:$mygroup" "$datadir"
|
||||||
|
chmod 0755 "$datadir"
|
||||||
|
[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
|
||||||
|
|
||||||
|
# Now create the database
|
||||||
|
echo "Initializing @NICE_PROJECT_NAME@ database" >&2
|
||||||
|
# Avoiding deletion of files not created by mysql_install_db is
|
||||||
|
# guarded by time check and sleep should help work-arounded
|
||||||
|
# potential issues on systems with 1 second resolution timestamps
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
|
||||||
|
INITDB_TIMESTAMP=`LANG=C date -u`
|
||||||
|
sleep 1
|
||||||
|
@bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
|
||||||
|
ret=$?
|
||||||
|
if [ $ret -ne 0 ] ; then
|
||||||
|
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
|
||||||
|
echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
|
||||||
|
# Clean up any partially-created database files
|
||||||
|
if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
|
||||||
|
echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
|
||||||
|
echo "Files created so far will be removed." >&2
|
||||||
|
find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
|
||||||
|
-not -name "lost+found" -exec rm -rf {} +
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "Removing of created files was not successfull." >&2
|
||||||
|
echo "Please, clean directory $datadir manually." >&2
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "However, part of data has been initialized and those will not be removed." >&2
|
||||||
|
echo "Please, clean directory $datadir manually." >&2
|
||||||
|
fi
|
||||||
|
exit $ret
|
||||||
|
fi
|
||||||
|
# upgrade does not need to be run on a fresh datadir
|
||||||
|
echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
|
||||||
|
else
|
||||||
|
if [ -d "$datadir/mysql/" ] ; then
|
||||||
|
# mysql dir exists, it seems data are initialized properly
|
||||||
|
echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
|
||||||
|
echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
|
||||||
|
else
|
||||||
|
# if the directory is not empty but mysql/ directory is missing, then
|
||||||
|
# print error and let user to initialize manually or empty the directory
|
||||||
|
echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
|
||||||
|
echo "Make sure the $datadir is empty before running `basename $0`." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,68 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Some useful functions used in other MySQL helper scripts
|
||||||
|
# This scripts defines variables datadir, errlogfile, socketfile
|
||||||
|
|
||||||
|
export LC_ALL=C
|
||||||
|
|
||||||
|
# extract value of a MySQL option from config files
|
||||||
|
# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
|
||||||
|
# result is returned in $result
|
||||||
|
# We use my_print_defaults which prints all options from multiple files,
|
||||||
|
# with the more specific ones later; hence take the last match.
|
||||||
|
get_mysql_option(){
|
||||||
|
if [ $# -ne 3 ] ; then
|
||||||
|
echo "get_mysql_option requires 3 arguments: section option default_value"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
sections="$1"
|
||||||
|
option_name="$2"
|
||||||
|
default_value="$3"
|
||||||
|
result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
|
||||||
|
if [ -z "$result" ]; then
|
||||||
|
# not found, use default
|
||||||
|
result="${default_value}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# For the case of running more instances via systemd, scrits that source
|
||||||
|
# this file can get --default-group-suffix or similar option as the first
|
||||||
|
# argument. The utility my_print_defaults needs to use it as well, so the
|
||||||
|
# scripts sourcing this file work with the same options as the daemon.
|
||||||
|
my_print_defaults_extra_args=''
|
||||||
|
while echo "$1" | grep -q '^--defaults' ; do
|
||||||
|
my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
# Defaults here had better match what mysqld_safe will default to
|
||||||
|
# The option values are generally defined on three important places
|
||||||
|
# on the default installation:
|
||||||
|
# 1) default values are hardcoded in the code of mysqld daemon or
|
||||||
|
# mysqld_safe script
|
||||||
|
# 2) configurable values are defined in @sysconfdir@/my.cnf
|
||||||
|
# 3) default values for helper scripts are specified bellow
|
||||||
|
# So, in case values are defined in my.cnf, we need to get that value.
|
||||||
|
# In case they are not defined in my.cnf, we need to get the same value
|
||||||
|
# in the daemon, as in the helper scripts. Thus, default values here
|
||||||
|
# must correspond with values defined in mysqld_safe script and source
|
||||||
|
# code itself.
|
||||||
|
|
||||||
|
server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ client-server"
|
||||||
|
|
||||||
|
get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
|
||||||
|
datadir="$result"
|
||||||
|
|
||||||
|
# if there is log_error in the my.cnf, my_print_defaults still
|
||||||
|
# returns log-error
|
||||||
|
# log-error might be defined in mysqld_safe and mysqld sections,
|
||||||
|
# the former has bigger priority
|
||||||
|
get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
|
||||||
|
errlogfile="$result"
|
||||||
|
|
||||||
|
get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
|
||||||
|
socketfile="$result"
|
||||||
|
|
||||||
|
get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
|
||||||
|
pidfile="$result"
|
||||||
|
|
@ -0,0 +1,73 @@
|
|||||||
|
# It's not recommended to modify this file in-place, because it will be
|
||||||
|
# overwritten during package upgrades. If you want to customize, the
|
||||||
|
# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
|
||||||
|
# containing
|
||||||
|
# .include /usr/lib/systemd/system/@DAEMON_NAME@.service
|
||||||
|
# ...make your changes here...
|
||||||
|
# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
|
||||||
|
# which doesn't need to include ".include" call and which will be parsed
|
||||||
|
# after the file @DAEMON_NAME@.service itself is parsed.
|
||||||
|
#
|
||||||
|
# For more info about custom unit files, see systemd.unit(5) or
|
||||||
|
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||||
|
|
||||||
|
# For example, if you want to increase mysql's open-files-limit to 10000,
|
||||||
|
# you need to increase systemd's LimitNOFILE setting, so create a file named
|
||||||
|
# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
|
||||||
|
# [Service]
|
||||||
|
# LimitNOFILE=10000
|
||||||
|
|
||||||
|
# Note: /usr/lib/... is recommended in the .include line though /lib/...
|
||||||
|
# still works.
|
||||||
|
# Don't forget to reload systemd daemon after you change unit configuration:
|
||||||
|
# root> systemctl --system daemon-reload
|
||||||
|
|
||||||
|
# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance.
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
|
||||||
|
Documentation=man:mysqld(8)
|
||||||
|
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
Alias=mysql.service
|
||||||
|
Alias=mysqld.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
User=mysql
|
||||||
|
Group=mysql
|
||||||
|
|
||||||
|
ExecStartPre=@libexecdir@/mysql-check-socket
|
||||||
|
# '%n' expands to 'Full unit name'; man systemd.unit
|
||||||
|
ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n
|
||||||
|
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
|
||||||
|
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||||
|
# per bug #547485
|
||||||
|
ExecStart=@libexecdir@/mysqld --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
|
||||||
|
ExecStartPost=@libexecdir@/mysql-check-upgrade
|
||||||
|
|
||||||
|
# Setting this to true can break replication and the Type=notify settings
|
||||||
|
# See also bind-address mysqld option.
|
||||||
|
PrivateNetwork=false
|
||||||
|
|
||||||
|
KillMode=process
|
||||||
|
KillSignal=SIGTERM
|
||||||
|
|
||||||
|
# Don't want to see an automated SIGKILL ever
|
||||||
|
SendSIGKILL=no
|
||||||
|
|
||||||
|
# Restart crashed server only, on-failure would also restart, for example, when
|
||||||
|
# my.cnf contains unknown option
|
||||||
|
Restart=on-abort
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
UMask=007
|
||||||
|
|
||||||
|
# Give a reasonable amount of time for the server to start up/shut down
|
||||||
|
TimeoutSec=300
|
||||||
|
|
||||||
|
# Place temp files in a secure directory, not /tmp
|
||||||
|
PrivateTmp=true
|
@ -0,0 +1,3 @@
|
|||||||
|
# Do not edit this file.
|
||||||
|
# To override this, put /etc/tmpfiles.d/mariadb.conf instead.
|
||||||
|
d @PID_FILE_DIR@ 0755 mysql mysql -
|
@ -0,0 +1,79 @@
|
|||||||
|
# Multi instance version of mariadb. For if you run mutiple verions at once.
|
||||||
|
# Also used for @DAEMON_NAME@@bootstrap to bootstrap Galera.
|
||||||
|
#
|
||||||
|
# To use multi instance variant, use [mysqld.INSTANCENAME] as sections in my.cnf
|
||||||
|
# and start the service via:
|
||||||
|
# systemctl start @DAEMON_NAME@@{instancename}.server
|
||||||
|
#
|
||||||
|
# It's not recommended to modify this file in-place, because it will be
|
||||||
|
# overwritten during package upgrades. If you want to customize, the
|
||||||
|
# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
|
||||||
|
# containing
|
||||||
|
# .include /usr/lib/systemd/system/@DAEMON_NAME@.service
|
||||||
|
# ...make your changes here...
|
||||||
|
# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
|
||||||
|
# which doesn't need to include ".include" call and which will be parsed
|
||||||
|
# after the file @DAEMON_NAME@.service itself is parsed.
|
||||||
|
#
|
||||||
|
# For more info about custom unit files, see systemd.unit(5) or
|
||||||
|
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
|
||||||
|
|
||||||
|
# For example, if you want to increase mysql's open-files-limit to 10000,
|
||||||
|
# you need to increase systemd's LimitNOFILE setting, so create a file named
|
||||||
|
# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
|
||||||
|
# [Service]
|
||||||
|
# LimitNOFILE=10000
|
||||||
|
|
||||||
|
# Note: /usr/lib/... is recommended in the .include line though /lib/...
|
||||||
|
# still works.
|
||||||
|
# Don't forget to reload systemd daemon after you change unit configuration:
|
||||||
|
# root> systemctl --system daemon-reload
|
||||||
|
|
||||||
|
# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance.
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
|
||||||
|
Documentation=man:mysqld(8)
|
||||||
|
Documentation=https://mariadb.com/kb/en/library/systemd/
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
Alias=mysql.service
|
||||||
|
Alias=mysqld.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
User=mysql
|
||||||
|
Group=mysql
|
||||||
|
|
||||||
|
ExecStartPre=@libexecdir@/mysql-check-socket --defaults-group-suffix=.%I
|
||||||
|
ExecStartPre=@libexecdir@/mysql-prepare-db-dir --defaults-group-suffix=.%I %n
|
||||||
|
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
|
||||||
|
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
||||||
|
# per bug #547485
|
||||||
|
ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
|
||||||
|
ExecStartPost=@libexecdir@/mysql-check-upgrade --defaults-group-suffix=.%I
|
||||||
|
|
||||||
|
# Setting this to true can break replication and the Type=notify settings
|
||||||
|
# See also bind-address mysqld option.
|
||||||
|
PrivateNetwork=false
|
||||||
|
|
||||||
|
KillMode=process
|
||||||
|
KillSignal=SIGTERM
|
||||||
|
|
||||||
|
# Don't want to see an automated SIGKILL ever
|
||||||
|
SendSIGKILL=no
|
||||||
|
|
||||||
|
# Restart crashed server only, on-failure would also restart, for example, when
|
||||||
|
# my.cnf contains unknown option
|
||||||
|
Restart=on-abort
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
UMask=007
|
||||||
|
|
||||||
|
# Give a reasonable amount of time for the server to start up/shut down
|
||||||
|
TimeoutSec=300
|
||||||
|
|
||||||
|
# Place temp files in a secure directory, not /tmp
|
||||||
|
PrivateTmp=true
|
@ -0,0 +1,26 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# Wrapper script for mysql_config to support multilib
|
||||||
|
#
|
||||||
|
# This command respects setarch
|
||||||
|
|
||||||
|
bits=$(rpm --eval %__isa_bits)
|
||||||
|
|
||||||
|
case $bits in
|
||||||
|
32|64) status=known ;;
|
||||||
|
*) status=unknown ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ "$status" = "unknown" ] ; then
|
||||||
|
echo "$0: error: command 'rpm --eval %__isa_bits' returned unknown value: $bits"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ -x @bindir@/mysql_config-$bits ] ; then
|
||||||
|
@bindir@/mysql_config-$bits "$@"
|
||||||
|
else
|
||||||
|
echo "$0: error: needed binary: @bindir@/mysql_config-$bits is missing"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,2 @@
|
|||||||
|
# Fails since 10.3.17, only on armv7hl
|
||||||
|
versioning.partition :
|
@ -0,0 +1,64 @@
|
|||||||
|
# The SSL test are failing correctly. Fro more explanation, see:
|
||||||
|
# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275
|
||||||
|
main.ssl_7937 : #1399847
|
||||||
|
main.ssl_8k_key :
|
||||||
|
main.ssl_crl : #1399847
|
||||||
|
|
||||||
|
# ------------------------------
|
||||||
|
# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
|
||||||
|
perfschema.cnf_option :
|
||||||
|
|
||||||
|
rpl.rpl_row_img_blobs :
|
||||||
|
rpl.rpl_row_img_eng_min :
|
||||||
|
rpl.rpl_row_img_eng_noblob :
|
||||||
|
|
||||||
|
sys_vars.slave_parallel_threads_basic :
|
||||||
|
|
||||||
|
# ------------------------------
|
||||||
|
# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead
|
||||||
|
plugins.auth_ed25519 :
|
||||||
|
plugins.multiauth :
|
||||||
|
|
||||||
|
# ------------------------------
|
||||||
|
perfschema.nesting : #1399847
|
||||||
|
perfschema.socket_summary_by_instance_func : #1399847
|
||||||
|
perfschema.socket_summary_by_event_name_func :
|
||||||
|
|
||||||
|
# ------------------------------
|
||||||
|
# Fails since 10.1.12
|
||||||
|
innodb.innodb_defrag_binlog :
|
||||||
|
|
||||||
|
# Fails everywhere since 10.2.15
|
||||||
|
main.userstat :
|
||||||
|
|
||||||
|
# Fails everywhere since 10.4.11
|
||||||
|
main.events_bugs :
|
||||||
|
sys_vars.tcp_nodelay :
|
||||||
|
|
||||||
|
# Fails on i686
|
||||||
|
encryption.innodb-redo-badkey :
|
||||||
|
|
||||||
|
# Fails since 10.5.2
|
||||||
|
main.mysqld--help2 :
|
||||||
|
disks.disks :
|
||||||
|
disks.disks_notembedded :
|
||||||
|
|
||||||
|
# Fails since 10.5.3
|
||||||
|
main.mysqld--help-aria :
|
||||||
|
|
||||||
|
# Fails since 10.5.4
|
||||||
|
main.ssl_system_ca :
|
||||||
|
|
||||||
|
# Fails since 10.5.7
|
||||||
|
innodb.innodb_wl6326_big :
|
||||||
|
plugins.feedback_plugin_load :
|
||||||
|
|
||||||
|
# Fails only on i686
|
||||||
|
main.myisampack :
|
||||||
|
|
||||||
|
# Fails everywhere in 10.5.8
|
||||||
|
rpl.rpl_innodb_mixed_dml :
|
||||||
|
|
||||||
|
# Since 10.5.10
|
||||||
|
sys_vars.tcp_nodelay :
|
||||||
|
innodb.restart :
|
@ -0,0 +1,11 @@
|
|||||||
|
# Fails on ppc64le since 10.4.12
|
||||||
|
oqgraph.social :
|
||||||
|
|
||||||
|
# Fails since 10.5.13
|
||||||
|
encryption.create_or_replace_big :
|
||||||
|
rpl.rpl_parallel_optimistic_xa_lsu_off :
|
||||||
|
rpl.rpl_parallel_optimistic_xa :
|
||||||
|
innodb.innodb_defrag_concurrent :
|
||||||
|
rpl.rpl_parallel_xa_same_xid :
|
||||||
|
parts.part_supported_sql_func_innodb :
|
||||||
|
parts.partition_alter2_1_1_innodb :
|
@ -0,0 +1,7 @@
|
|||||||
|
# Fails since 10.5.2
|
||||||
|
perfschema.memory_aggregate_32bit :
|
||||||
|
period.overlaps :
|
||||||
|
# Fails since 10.5.9
|
||||||
|
bugfix.wait_timeout :
|
||||||
|
#Fails since 10.5.16
|
||||||
|
innodb.row_size_error_log_warnings_3 :
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,492 @@
|
|||||||
|
#!/bin/bash -ue
|
||||||
|
|
||||||
|
# Copyright (C) 2010-2014 Codership Oy
|
||||||
|
# Copyright (C) 2017-2020 Damien Ciabrini <damien.ciabrini@gmail.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; version 2 of the License.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; see the file COPYING. If not, write to the
|
||||||
|
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston
|
||||||
|
# MA 02110-1301 USA.
|
||||||
|
|
||||||
|
# This is a reference script for rsync-based state snapshot tansfer
|
||||||
|
# over an encrypted communication channel, managed by socat
|
||||||
|
|
||||||
|
RSYNC_PID= # rsync pid file
|
||||||
|
RSYNC_CONF= # rsync configuration file
|
||||||
|
RSYNC_REAL_PID= # rsync process id
|
||||||
|
|
||||||
|
SOCAT_PID= # socat pid file
|
||||||
|
SOCAT_REAL_PID= # socat process id
|
||||||
|
|
||||||
|
SOCAT_OPTS= # openssl connection args
|
||||||
|
|
||||||
|
MODULE="rsync_tunnel_sst"
|
||||||
|
|
||||||
|
OS=$(uname)
|
||||||
|
[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH
|
||||||
|
|
||||||
|
# Setting the path for lsof on CentOS
|
||||||
|
export PATH="/usr/sbin:/sbin:$PATH"
|
||||||
|
|
||||||
|
. $(dirname $0)/wsrep_sst_common
|
||||||
|
|
||||||
|
wsrep_check_programs rsync socat
|
||||||
|
|
||||||
|
cleanup_pid()
|
||||||
|
{
|
||||||
|
local real_pid=$1
|
||||||
|
[ "0" != "$real_pid" ] && \
|
||||||
|
kill $real_pid && \
|
||||||
|
sleep 0.5 && \
|
||||||
|
kill -9 $real_pid >/dev/null 2>&1 || \
|
||||||
|
:
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup_tunnel()
|
||||||
|
{
|
||||||
|
if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then
|
||||||
|
wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID"
|
||||||
|
cleanup_pid $SOCAT_REAL_PID
|
||||||
|
fi
|
||||||
|
rm -rf "$SOCAT_PID"
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup_joiner()
|
||||||
|
{
|
||||||
|
wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID"
|
||||||
|
[ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID
|
||||||
|
rm -rf "$RSYNC_CONF"
|
||||||
|
rm -rf "$MAGIC_FILE"
|
||||||
|
rm -rf "$RSYNC_PID"
|
||||||
|
|
||||||
|
cleanup_tunnel
|
||||||
|
|
||||||
|
wsrep_log_info "Joiner cleanup done."
|
||||||
|
if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then
|
||||||
|
wsrep_cleanup_progress_file
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check whether process is still running.
|
||||||
|
check_pid()
|
||||||
|
{
|
||||||
|
local pid_file=$1
|
||||||
|
[ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
check_pid_and_port()
|
||||||
|
{
|
||||||
|
local pid_file=$1
|
||||||
|
local service_pid=$2
|
||||||
|
local service_port=$3
|
||||||
|
local service_host=$4
|
||||||
|
local service_name=$5
|
||||||
|
|
||||||
|
if ! which lsof > /dev/null; then
|
||||||
|
wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed."
|
||||||
|
exit 2 # ENOENT
|
||||||
|
fi
|
||||||
|
|
||||||
|
local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \
|
||||||
|
grep "(LISTEN)")
|
||||||
|
local is_service=$(echo $port_info | \
|
||||||
|
grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null)
|
||||||
|
|
||||||
|
if [ -n "$port_info" -a -z "$is_service" ]; then
|
||||||
|
wsrep_log_error "$service_name daemon port '$service_port' has been taken"
|
||||||
|
exit 16 # EBUSY
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! check_pid $pid_file; then
|
||||||
|
wsrep_log_error "$service_name process terminated unexpectedly"
|
||||||
|
exit 10 # ECHILD
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -n "$port_info" ] && [ -n "$is_service" ] && \
|
||||||
|
[ $(cat $pid_file) -eq $service_pid ]
|
||||||
|
}
|
||||||
|
|
||||||
|
config_from_cnf()
|
||||||
|
{
|
||||||
|
local group=$1
|
||||||
|
local key=$2
|
||||||
|
echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1)
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_tunnel_args()
|
||||||
|
{
|
||||||
|
tca=$(config_from_cnf sst tca)
|
||||||
|
tkey=$(config_from_cnf sst tkey)
|
||||||
|
tcert=$(config_from_cnf sst tcert)
|
||||||
|
sockopt=$(config_from_cnf sst sockopt)
|
||||||
|
|
||||||
|
if [ -z "$tcert" ]; then
|
||||||
|
wsrep_log_error "Encryption certificate not found in my.cnf"
|
||||||
|
exit 3
|
||||||
|
else
|
||||||
|
SOCAT_OPTS="cert=$tcert"
|
||||||
|
fi
|
||||||
|
[ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey"
|
||||||
|
[ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca"
|
||||||
|
wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS"
|
||||||
|
|
||||||
|
[ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt"
|
||||||
|
}
|
||||||
|
|
||||||
|
MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete"
|
||||||
|
rm -rf "$MAGIC_FILE"
|
||||||
|
|
||||||
|
BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar"
|
||||||
|
BINLOG_N_FILES=1
|
||||||
|
rm -f "$BINLOG_TAR_FILE" || :
|
||||||
|
|
||||||
|
if ! [ -z $WSREP_SST_OPT_BINLOG ]
|
||||||
|
then
|
||||||
|
BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG)
|
||||||
|
BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG)
|
||||||
|
fi
|
||||||
|
|
||||||
|
WSREP_LOG_DIR=${WSREP_LOG_DIR:-""}
|
||||||
|
# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf
|
||||||
|
if [ -z "$WSREP_LOG_DIR" ]; then
|
||||||
|
WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \
|
||||||
|
| grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \
|
||||||
|
| cut -b 29- )
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$WSREP_LOG_DIR" ]; then
|
||||||
|
# handle both relative and absolute paths
|
||||||
|
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P)
|
||||||
|
else
|
||||||
|
# default to datadir
|
||||||
|
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Old filter - include everything except selected
|
||||||
|
# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \
|
||||||
|
# --exclude '*.conf' --exclude core --exclude 'galera.*' \
|
||||||
|
# --exclude grastate.txt --exclude '*.pem' \
|
||||||
|
# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index')
|
||||||
|
|
||||||
|
# New filter - exclude everything except dirs (schemas) and innodb files
|
||||||
|
FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes'
|
||||||
|
-f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*')
|
||||||
|
|
||||||
|
SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid"
|
||||||
|
|
||||||
|
if check_pid $SOCAT_PID
|
||||||
|
then
|
||||||
|
wsrep_log_error "socat tunnel already running."
|
||||||
|
exit 114 # EALREADY
|
||||||
|
fi
|
||||||
|
rm -rf "$SOCAT_PID"
|
||||||
|
|
||||||
|
setup_tunnel_args
|
||||||
|
|
||||||
|
if [ "$WSREP_SST_OPT_ROLE" = "donor" ]
|
||||||
|
then
|
||||||
|
|
||||||
|
SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}')
|
||||||
|
# map to name in case we received an IP
|
||||||
|
SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }')
|
||||||
|
if [ -z "$SOCAT_JOINER_HOST" ]; then
|
||||||
|
SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR
|
||||||
|
fi
|
||||||
|
SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }')
|
||||||
|
if [ -z "$SOCAT_PORT" ]
|
||||||
|
then
|
||||||
|
SOCAT_PORT=4444
|
||||||
|
fi
|
||||||
|
TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE
|
||||||
|
|
||||||
|
trap cleanup_tunnel EXIT
|
||||||
|
|
||||||
|
# Socat forwards rsync connections to the joiner
|
||||||
|
SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork
|
||||||
|
SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS
|
||||||
|
wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST"
|
||||||
|
socat $SOCAT_SRC $SOCAT_DST &
|
||||||
|
SOCAT_REAL_PID=$!
|
||||||
|
# This is ok because a local galera node doesn't run SST concurrently
|
||||||
|
echo $SOCAT_REAL_PID >"$SOCAT_PID"
|
||||||
|
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat"
|
||||||
|
do
|
||||||
|
sleep 0.2
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
|
||||||
|
then
|
||||||
|
|
||||||
|
FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed"
|
||||||
|
ERROR="$WSREP_SST_OPT_DATA/sst_error"
|
||||||
|
|
||||||
|
rm -rf "$FLUSHED"
|
||||||
|
rm -rf "$ERROR"
|
||||||
|
|
||||||
|
# Use deltaxfer only for WAN
|
||||||
|
inv=$(basename $0)
|
||||||
|
[ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \
|
||||||
|
|| WHOLE_FILE_OPT="--whole-file"
|
||||||
|
|
||||||
|
echo "flush tables"
|
||||||
|
|
||||||
|
# Wait for :
|
||||||
|
# (a) Tables to be flushed, AND
|
||||||
|
# (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR
|
||||||
|
# (c) ERROR file, in case flush tables operation failed.
|
||||||
|
|
||||||
|
while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1
|
||||||
|
do
|
||||||
|
# Check whether ERROR file exists.
|
||||||
|
if [ -f "$ERROR" ]
|
||||||
|
then
|
||||||
|
# Flush tables operation failed.
|
||||||
|
rm -rf "$ERROR"
|
||||||
|
exit 255
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep 0.2
|
||||||
|
done
|
||||||
|
|
||||||
|
STATE="$(cat $FLUSHED)"
|
||||||
|
rm -rf "$FLUSHED"
|
||||||
|
|
||||||
|
sync
|
||||||
|
|
||||||
|
if ! [ -z $WSREP_SST_OPT_BINLOG ]
|
||||||
|
then
|
||||||
|
# Prepare binlog files
|
||||||
|
pushd $BINLOG_DIRNAME &> /dev/null
|
||||||
|
binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index)
|
||||||
|
binlog_files=""
|
||||||
|
for ii in $binlog_files_full
|
||||||
|
do
|
||||||
|
binlog_files="$binlog_files $(basename $ii)"
|
||||||
|
done
|
||||||
|
if ! [ -z "$binlog_files" ]
|
||||||
|
then
|
||||||
|
wsrep_log_info "Preparing binlog files for transfer:"
|
||||||
|
tar -cvf $BINLOG_TAR_FILE $binlog_files >&2
|
||||||
|
fi
|
||||||
|
popd &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# first, the normal directories, so that we can detect incompatible protocol
|
||||||
|
RC=0
|
||||||
|
rsync --owner --group --perms --links --specials \
|
||||||
|
--ignore-times --inplace --dirs --delete --quiet \
|
||||||
|
$WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \
|
||||||
|
rsync://$TARGET_ADDR >&2 || RC=$?
|
||||||
|
|
||||||
|
if [ "$RC" -ne 0 ]; then
|
||||||
|
wsrep_log_error "rsync returned code $RC:"
|
||||||
|
|
||||||
|
case $RC in
|
||||||
|
12) RC=71 # EPROTO
|
||||||
|
wsrep_log_error \
|
||||||
|
"rsync server on the other end has incompatible protocol. " \
|
||||||
|
"Make sure you have the same version of rsync on all nodes."
|
||||||
|
;;
|
||||||
|
22) RC=12 # ENOMEM
|
||||||
|
;;
|
||||||
|
*) RC=255 # unknown error
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
exit $RC
|
||||||
|
fi
|
||||||
|
|
||||||
|
# second, we transfer InnoDB log files
|
||||||
|
rsync --owner --group --perms --links --specials \
|
||||||
|
--ignore-times --inplace --dirs --delete --quiet \
|
||||||
|
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \
|
||||||
|
rsync://$TARGET_ADDR-log_dir >&2 || RC=$?
|
||||||
|
|
||||||
|
if [ $RC -ne 0 ]; then
|
||||||
|
wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:"
|
||||||
|
exit 255 # unknown error
|
||||||
|
fi
|
||||||
|
|
||||||
|
# then, we parallelize the transfer of database directories, use . so that pathconcatenation works
|
||||||
|
pushd "$WSREP_SST_OPT_DATA" >/dev/null
|
||||||
|
|
||||||
|
count=1
|
||||||
|
[ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo)
|
||||||
|
[ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu)
|
||||||
|
|
||||||
|
find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \
|
||||||
|
xargs -I{} -0 -P $count \
|
||||||
|
rsync --owner --group --perms --links --specials \
|
||||||
|
--ignore-times --inplace --recursive --delete --quiet \
|
||||||
|
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \
|
||||||
|
rsync://$TARGET_ADDR/{} >&2 || RC=$?
|
||||||
|
|
||||||
|
popd >/dev/null
|
||||||
|
|
||||||
|
if [ $RC -ne 0 ]; then
|
||||||
|
wsrep_log_error "find/rsync returned code $RC:"
|
||||||
|
exit 255 # unknown error
|
||||||
|
fi
|
||||||
|
|
||||||
|
else # BYPASS
|
||||||
|
wsrep_log_info "Bypassing state dump."
|
||||||
|
|
||||||
|
# Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id
|
||||||
|
# (separated by a space).
|
||||||
|
STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "continue" # now server can resume updating data
|
||||||
|
|
||||||
|
echo "$STATE" > "$MAGIC_FILE"
|
||||||
|
rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR
|
||||||
|
|
||||||
|
# to avoid cleanup race, stop tunnel before declaring the SST finished.
|
||||||
|
# This ensures galera won't start a new SST locally before we exit.
|
||||||
|
cleanup_tunnel
|
||||||
|
|
||||||
|
echo "done $STATE"
|
||||||
|
|
||||||
|
elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ]
|
||||||
|
then
|
||||||
|
wsrep_check_programs lsof socat
|
||||||
|
|
||||||
|
touch $SST_PROGRESS_FILE
|
||||||
|
MYSQLD_PID=$WSREP_SST_OPT_PARENT
|
||||||
|
|
||||||
|
RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid"
|
||||||
|
|
||||||
|
if check_pid $RSYNC_PID
|
||||||
|
then
|
||||||
|
wsrep_log_error "rsync daemon already running."
|
||||||
|
exit 114 # EALREADY
|
||||||
|
fi
|
||||||
|
rm -rf "$RSYNC_PID"
|
||||||
|
|
||||||
|
ADDR=$WSREP_SST_OPT_ADDR
|
||||||
|
RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }')
|
||||||
|
if [ -z "$RSYNC_PORT" ]
|
||||||
|
then
|
||||||
|
RSYNC_PORT=4444
|
||||||
|
ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }')
|
||||||
|
# map to name in case we received an IP
|
||||||
|
SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }')
|
||||||
|
if [ -z "$SOCAT_HOST" ]; then
|
||||||
|
SOCAT_HOST=$SOCAT_ADDR
|
||||||
|
fi
|
||||||
|
SOCAT_PORT=$RSYNC_PORT
|
||||||
|
|
||||||
|
trap "exit 32" HUP PIPE
|
||||||
|
trap "exit 3" INT TERM ABRT
|
||||||
|
trap cleanup_joiner EXIT
|
||||||
|
|
||||||
|
RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf"
|
||||||
|
|
||||||
|
if [ -n "${MYSQL_TMP_DIR:-}" ] ; then
|
||||||
|
SILENT="log file = $MYSQL_TMP_DIR/rsynd.log"
|
||||||
|
else
|
||||||
|
SILENT=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF > "$RSYNC_CONF"
|
||||||
|
pid file = $RSYNC_PID
|
||||||
|
use chroot = no
|
||||||
|
read only = no
|
||||||
|
timeout = 300
|
||||||
|
$SILENT
|
||||||
|
[$MODULE]
|
||||||
|
path = $WSREP_SST_OPT_DATA
|
||||||
|
[$MODULE-log_dir]
|
||||||
|
path = $WSREP_LOG_DIR
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# rm -rf "$DATA"/ib_logfile* # we don't want old logs around
|
||||||
|
|
||||||
|
# Socat receives rsync connections from the donor
|
||||||
|
SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS
|
||||||
|
SOCAT_DST=tcp:localhost:$RSYNC_PORT
|
||||||
|
wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST"
|
||||||
|
socat $SOCAT_SRC $SOCAT_DST &
|
||||||
|
SOCAT_REAL_PID=$!
|
||||||
|
# This is ok because a local galera node doesn't run SST concurrently
|
||||||
|
echo $SOCAT_REAL_PID >"$SOCAT_PID"
|
||||||
|
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat"
|
||||||
|
do
|
||||||
|
sleep 0.2
|
||||||
|
done
|
||||||
|
|
||||||
|
wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\""
|
||||||
|
rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" &
|
||||||
|
RSYNC_REAL_PID=$!
|
||||||
|
|
||||||
|
until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync"
|
||||||
|
do
|
||||||
|
sleep 0.2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "ready $ADDR/$MODULE"
|
||||||
|
|
||||||
|
# wait for SST to complete by monitoring magic file
|
||||||
|
while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \
|
||||||
|
check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null
|
||||||
|
do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
# to avoid cleanup race, we can tear down the socat tunnel now
|
||||||
|
# before signaling the end of the SST to galera.
|
||||||
|
cleanup_tunnel
|
||||||
|
|
||||||
|
if ! ps -p $MYSQLD_PID >/dev/null
|
||||||
|
then
|
||||||
|
wsrep_log_error \
|
||||||
|
"Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly."
|
||||||
|
exit 32
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! [ -z $WSREP_SST_OPT_BINLOG ]
|
||||||
|
then
|
||||||
|
|
||||||
|
pushd $BINLOG_DIRNAME &> /dev/null
|
||||||
|
if [ -f $BINLOG_TAR_FILE ]
|
||||||
|
then
|
||||||
|
# Clean up old binlog files first
|
||||||
|
rm -f ${BINLOG_FILENAME}.*
|
||||||
|
wsrep_log_info "Extracting binlog files:"
|
||||||
|
tar -xvf $BINLOG_TAR_FILE >&2
|
||||||
|
for ii in $(ls -1 ${BINLOG_FILENAME}.*)
|
||||||
|
do
|
||||||
|
echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
popd &> /dev/null
|
||||||
|
fi
|
||||||
|
if [ -r "$MAGIC_FILE" ]
|
||||||
|
then
|
||||||
|
# UUID:seqno & wsrep_gtid_domain_id is received here.
|
||||||
|
cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id
|
||||||
|
else
|
||||||
|
# this message should cause joiner to abort
|
||||||
|
echo "rsync process ended without creating '$MAGIC_FILE'"
|
||||||
|
fi
|
||||||
|
wsrep_cleanup_progress_file
|
||||||
|
# cleanup_joiner
|
||||||
|
else
|
||||||
|
wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'"
|
||||||
|
exit 22 # EINVAL
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f $BINLOG_TAR_FILE || :
|
||||||
|
|
||||||
|
exit 0
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue