From fd0dcad676e7b8665f5363d97849a20cbb712933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Wed, 4 May 2022 21:42:38 -0700 Subject: [PATCH] MDEV-22659: Create one single unified and optimal logrotate config Replace mysql-log-rotate.sh and debian/...mysql-server.logrotate with one new unified and well documented version. Name is mariadb.logrotate.in as in 10.11 branch onward we use now the 'mariadb' name, and use 'logrotate' to match the actual name of the utility. Also automatically disable deprecated /etc/logrotate.d/mysql-server file on deb upgrades. Reviewer: Daniel Black Reviewer edits made: * Added 'su mysql mysql' to the logrotate this is more RPM friendly. This is commented on Debian * /var/log/mysql is the path on SuSe based distributions --- .gitignore | 2 +- debian/mariadb-server.install | 1 + debian/mariadb-server.mysql-server.logrotate | 20 ------- debian/mariadb-server.postinst | 7 +++ debian/not-installed | 1 - debian/rules | 3 - support-files/CMakeLists.txt | 20 ++++++- support-files/mariadb.logrotate.sh | 59 ++++++++++++++++++++ support-files/mysql-log-rotate.sh | 38 ------------- 9 files changed, 85 insertions(+), 66 deletions(-) delete mode 100644 debian/mariadb-server.mysql-server.logrotate create mode 100644 support-files/mariadb.logrotate.sh delete mode 100644 support-files/mysql-log-rotate.sh diff --git a/.gitignore b/.gitignore index 93a132b3d83..2fb3857120c 100644 --- a/.gitignore +++ b/.gitignore @@ -261,7 +261,7 @@ support-files/my-innodb-heavy-4G.cnf support-files/my-large.cnf support-files/my-medium.cnf support-files/my-small.cnf -support-files/mysql-log-rotate +support-files/mariadb.logrotate support-files/mysql.10.0.11.spec support-files/mysql.server support-files/mysql.service diff --git a/debian/mariadb-server.install b/debian/mariadb-server.install index 254e9cc8945..2350196e9d3 100644 --- a/debian/mariadb-server.install +++ b/debian/mariadb-server.install @@ -5,6 +5,7 @@ debian/additions/mariadb.conf.d/50-mysqld_safe.cnf etc/mysql/mariadb.conf.d debian/additions/mariadb.conf.d/50-server.cnf etc/mysql/mariadb.conf.d debian/additions/source_mariadb.py usr/share/apport/package-hooks etc/apparmor.d/usr.sbin.mariadbd +etc/logrotate.d/mariadb etc/security/user_map.conf lib/*/security/pam_user_map.so lib/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf diff --git a/debian/mariadb-server.mysql-server.logrotate b/debian/mariadb-server.mysql-server.logrotate deleted file mode 100644 index 11e4480c427..00000000000 --- a/debian/mariadb-server.mysql-server.logrotate +++ /dev/null @@ -1,20 +0,0 @@ -# - I put everything in one block and added sharedscripts, so that mysql gets -# flush-logs'd only once. -# Else the binary logs would automatically increase by n times every day. -# - The error log is obsolete, messages go to syslog now. -/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log { - daily - rotate 7 - missingok - create 640 mysql adm - compress - sharedscripts - postrotate - test -x /usr/bin/mysqladmin || exit 0 - # check if server is running - if mysqladmin ping > /dev/null 2>&1; then - mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \ - flush-engine-log flush-general-log flush-slow-log - fi - endscript -} diff --git a/debian/mariadb-server.postinst b/debian/mariadb-server.postinst index 9cf0821eb10..2e89e983d95 100644 --- a/debian/mariadb-server.postinst +++ b/debian/mariadb-server.postinst @@ -220,6 +220,13 @@ EOF fi fi + # The introduction of /etc/logrotate.d/mariadb has made the old config + # obsolete and it needs to be disabled to prevent logrotate running twice. + if [ -f /etc/logrotate.d/mysql-server ] + then + mv -vf /etc/logrotate.d/mysql-server /etc/logrotate.d/mysql-server.dpkg-bak + fi + # @TODO: Remove once buildbot.askmonty.org has been updated not to expect this file mkdir -p /etc/systemd/system/mariadb.service.d/ # Note that file cannot be empty, otherwise systemd version in Ubuntu Bionic diff --git a/debian/not-installed b/debian/not-installed index b94bfaf3c6e..c2cd8b43482 100644 --- a/debian/not-installed +++ b/debian/not-installed @@ -52,7 +52,6 @@ usr/share/mysql/Mongo3.jar usr/share/mysql/binary-configure usr/share/mysql/magic usr/share/mysql/maria_add_gis_sp.sql # mariadb-server-core.install has *_bootstrap.sql -usr/share/mysql/mysql-log-rotate # Debian packaging uses mariadb-server.mysql-server.logrotate usr/share/mysql/mysql-test/asan.supp usr/share/mysql/mysql-test/lsan.supp usr/share/mysql/mysql-test/unstable-tests diff --git a/debian/rules b/debian/rules index 660797f3c2b..cd4865d9f38 100755 --- a/debian/rules +++ b/debian/rules @@ -190,9 +190,6 @@ endif # Move test plugins that are only needed by the client to the libmariadb path mv -v $(TMP)/usr/lib/mysql/plugin/qa_auth_client.so $(TMP)/usr/lib/$(DEB_HOST_MULTIARCH)/libmariadb3/plugin/ -override_dh_installlogrotate-arch: - dh_installlogrotate --name mysql-server - override_dh_systemd_enable: dh_systemd_enable --name=mariadb dh_systemd_enable --no-enable --name=mariadb mariadb.socket diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt index 9623440f110..26091e472a3 100644 --- a/support-files/CMakeLists.txt +++ b/support-files/CMakeLists.txt @@ -32,6 +32,19 @@ ELSE() SET(MYSQLD_GROUP "mysql") SET(ini_file_extension "cnf") SET(HOSTNAME "uname -n") + + # Define directly here, as cmake/install_layout.cmake has no LOGDIR to be inherited + SET(su_user "su mysql mysql") + IF(RPM MATCHES "(suse|sles)") + SET(logdir "/var/log/mysql") + ELSEIF(RPM) + SET(logdir "/var/log/mariadb") + ELSE() + SET(logdir "/var/log/mysql") + ENDIF() + IF(DEB) + SET(su_user "#su mysql mysql") + ENDIF() ENDIF() # XXX: shouldn't we just have variables for all this stuff and centralise @@ -51,7 +64,7 @@ ENDIF() IF(UNIX AND NOT WITHOUT_SERVER) SET(prefix ${CMAKE_INSTALL_PREFIX}) - FOREACH(script mysqld_multi.server mysql-log-rotate binary-configure wsrep_notify mini-benchmark) + FOREACH(script mysqld_multi.server mariadb.logrotate binary-configure wsrep_notify mini-benchmark) CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${script}.sh ${CMAKE_CURRENT_BINARY_DIR}/${script} @ONLY ) INSTALL(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/${script} @@ -199,8 +212,9 @@ IF(UNIX AND NOT WITHOUT_SERVER) ENDIF() IF (INSTALL_SYSCONFDIR) - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mysql-log-rotate DESTINATION ${INSTALL_SYSCONFDIR}/logrotate.d - RENAME mysql COMPONENT SupportFiles) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.logrotate + DESTINATION ${INSTALL_SYSCONFDIR}/logrotate.d + RENAME mariadb COMPONENT SupportFiles) IF(NOT HAVE_SYSTEMD) INSTALL(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/mysql.server DESTINATION ${INSTALL_SYSCONFDIR}/init.d diff --git a/support-files/mariadb.logrotate.sh b/support-files/mariadb.logrotate.sh new file mode 100644 index 00000000000..811b274778f --- /dev/null +++ b/support-files/mariadb.logrotate.sh @@ -0,0 +1,59 @@ +# This is the MariaDB configuration for the logrotate utility +# +# Note that on most Linux systems logs are written to journald, which has its +# own rotation scheme. +# +# Read https://mariadb.com/kb/en/error-log/ to learn more about logging and +# https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ about rotating logs. + +@localstatedir@/mysqld.log @localstatedir@/mariadb.log @logdir@/*.log { + + # Depends on a mysql@localhost unix_socket authenticated user with RELOAD privilege + @su_user@ + + # If any of the files listed above is missing, skip them silently without + # emitting any errors + missingok + + # If file exists but is empty, don't rotate it + notifempty + + # Run monthly + monthly + + # Keep 6 months of logs + rotate 6 + + # If file is growing too big, rotate immediately + maxsize 500M + + # If file size is too small, don't rotate at all + minsize 50M + + # Compress logs, as they are text and compression will save a lot of disk space + compress + + # Don't compress the log immediately to avoid errors about "file size changed while zipping" + delaycompress + + # Don't run the postrotate script for each file configured in this file, but + # run it only once if one or more files were rotated + sharedscripts + + # After each rotation, run this custom script to flush the logs. Note that + # this assumes that the mariadb-admin command has database access, which it + # has thanks to the default use of Unix socket authentication for the 'mysql' + # (or root on Debian) account used everywhere since MariaDB 10.4. + postrotate + if test -r /etc/mysql/debian.cnf + then + EXTRAPARAM='--defaults-file=/etc/mysql/debian.cnf' + fi + + if test -x @bindir@/mariadb-admin + then + @bindir@/mariadb-admin $EXTRAPARAM --local flush-error-log \ + flush-engine-log flush-general-log flush-slow-log + fi + endscript +} diff --git a/support-files/mysql-log-rotate.sh b/support-files/mysql-log-rotate.sh deleted file mode 100644 index c89aa6e0b99..00000000000 --- a/support-files/mysql-log-rotate.sh +++ /dev/null @@ -1,38 +0,0 @@ -# This logname can be set in /etc/my.cnf -# by setting the variable "log-error" -# in the [mysqld] section as follows: -# -# [mysqld] -# log-error=@localstatedir@/mysqld.log -# -# If the root user has a password you have to create a -# /root/.my.cnf configuration file with the following -# content: -# -# [mysqladmin] -# password = -# user= root -# -# where "" is the password. -# -# ATTENTION: This /root/.my.cnf should be readable ONLY -# for root ! - -@localstatedir@/mysqld.log { - # create 600 mysql mysql - su mysql mysql - notifempty - daily - rotate 3 - missingok - compress - postrotate - # just if mariadbd is really running - if test -x @bindir@/mysqladmin && \ - @bindir@/mysqladmin ping &>/dev/null - then - @bindir@/mysqladmin --local flush-error-log \ - flush-engine-log flush-general-log flush-slow-log - fi - endscript -}