Now that we do not pollute systemd's environment but write private
environment files running these as root is not longer required. So
let's drop `PermissionsStartOnly=true`.
Debian adds extra `ExecStartPre=` and `ExecStartPost=`, though.
Use special executable prefix for full privileges there. (See
systemd.service(5) for details.)
Prevent wsrep files from being installed if WITH_WSREP=OFF.
Reviewed by Daniel Black
Additionally excluded #include wsrep files and galera* files
along with galera/wsrep tests.
mysql-test/include/have_wsrep.inc remainds as its used by
a few isolated tests.
Co-authored-by: Chris Ross <cross2@cisco.com>
Add SYSTEMD_READWRITEPATH-variable to mariadb{@,}.service.in to make sure that
if one is not building RPM or DEB packages then make sure there is ReadWritePaths
directive is defined in systemd service file.
This ensures that tar-ball installation has permissions to write database default
installation path (default: /usr/local/mysql/data) even if it's located
under /usr. Writing to that location is prevented by 'ProtectSystem=full'
systemd directive by default.
Prefixing the path with "-" in systemd causes there to not be an error if the
path doesn't exist. This may occur if the user has configured a datadir
elsewhere.
Reviewer: Daniel Black
This gives a short overview over found/missing dependencies as well
as enabled/disabled features.
Initial author Heinz Wiesinger <heinz@m2mobi.com>
Additions by Vicențiu Ciorbaru <vicentiu@mariadb.org>
* Report all plugins enabled via MYSQL_ADD_PLUGIN
* Simplify code. Eliminate duplication by making use of WITH_xxx
variable values to set feature "ON" / "OFF" state.
Reviewed by: wlad@mariadb.com (code details) serg@mariadb.com (the idea)
Systemd has a socket activation feature where a mariadb.socket
definition defines the sockets to listen to, and passes those
file descriptors directly to mariadbd to use when a connection
occurs.
The new functionality is utilized when starting as follows:
systemctl start mariadb.socket
The mariadb.socket definition only needs to contain the network
information, ListenStream= directives, the mariadb.service
definition is still used for service instigation.
When mariadbd is started in this way, the socket, port, bind-address
backlog are all assumed to be self contained in the mariadb.socket
definition and as such the mariadb settings and command line
arguments of these network settings are ignored.
See man systemd.socket for how to limit this to specific ports.
Extra ports, those specified with extra_port in socket activation
mode, are those with a FileDescriptorName=extra. These need
to be in a separate service name like mariadb-extra.socket and
these require a Service={mariadb.service} directive to map to the
original service. Extra ports need systemd v227 or greater
(not RHEL/Centos7 - v219) when FileDescriptorName= was added,
otherwise the extra ports are treated like ordinary ports.
The number of sockets isn't limited when using systemd socket activation
(except by operating system limits on file descriptors and a minimal
amount of memory used per file descriptor). The systemd sockets passed
can include any ownership or permissions, including those the
mariadbd process wouldn't normally have the permission to create.
This implementation is compatible with mariadb.service definitions.
Those services started with:
systemctl start mariadb.service
does actually start the mariadb.service and used all the my.cnf
settings of sockets and ports like it previously did.
The new default values WITH_URING:BOOL=OFF, WITH_PMEM:BOOL=OFF imply
that the dependencies are optional.
An explicit request WITH_URING=ON or WITH_PMEM=ON will cause the
build to fail if the requested dependencies are not available.
Last, to prevent a feature to be built in even though the built-time
dependencies are available, the following can be used:
cmake -DCMAKE_DISABLE_FIND_PACKAGE_URING=1
cmake -DCMAKE_DISABLE_FIND_PACKAGE_PMEM=1
This cleanup was suggested by Vladislav Vaintroub.
liburing is a new optional dependency (WITH_URING=auto|yes|no)
that replaces libaio when it is available.
aio_uring: class which wraps io_uring stuff
aio_uring::bind()/unbind(): optional optimization
aio_uring::submit_io(): mutex prevents data race. liburing calls are
thread-unsafe. But if you look into it's implementation you'll see
atomic operations. They're used for synchronization between kernel and
user-space only. That's why our own synchronization is still needed.
For systemd, we add LimitMEMLOCK=524288 (ulimit -l 524288)
because the io_uring_setup system call that is invoked
by io_uring_queue_init() requests locked memory. The value
was found empirically; with 262144, we would occasionally
fail to enable io_uring when using the maximum values of
innodb_read_io_threads=64 and innodb_write_io_threads=64.
aio_uring::thread_routine(): Tolerate -EINTR return from
io_uring_wait_cqe(), because it may occur on shutdown
on Ubuntu 20.10 (Groovy Gorilla).
This was mostly implemented by Eugene Kosov. Systemd integration
and improved startup/shutdown error handling by Marko Mäkelä.
don't ignore LIBSYSTEMD_LDFLAGS when trying out systemd
(and put them in LIBSYSTEMD, because MYSQLD_LINK_FLAGS has stuff like
-lmtmalloc and is used only for mysqld, not for, say, explain_filename-t)
LIBSYSTEMD_LDFLAGS come from libsystemd.pc via pkg-config
special cases:
* change systemd detection to use CHECK_LIBRARY_EXISTS at least once,
to have it detected by build_depends.cmake
* similarly, use find_library for pam
* unixODBC is weird, libodbc.so is in the unixODBC package, not
in the unixODBC-devel, where normally all .so files belong.
Packaging bug? As a workaround, use find_file(sql.h) instead of
find_path(sql.h) to make sure that /usr/include/sql.h (not /usr/include)
is cached by cmake, and later build_depends.cmake will select
unixODBC-devel, as a package owning /usr/include/sql.h file.
Even if cmake can find pkg-config (e.g the one supplied with strawberry perl
), we cannot link with pkg-config-found libraries or use the headers -they
are mingw, 32bit-only.
The control file contents must be correct from the start and cannot
be modified at build time by CMake. Also all static Debian package
analyzers will fail to see all manipulations by CMake later on.
It is best to do all manipulations like these in autobake-deb.sh.
Galera recovery process works in two phases. In the first
phase, mysqld is started as non-daemon with --wsrep-recover
to recover and fetch the last logged global transaction ID.
This ID is then used in second phase as the start position
(--wsrep-start-position=XX) to start mysqld as daemon.
As this process was implemented in mysqld_safe script, the
recovery did not work when server was started using systemd.
Fixed by introducing a shell script (wsrep_recovery.sh) that
mimics the first phase of the recovery process.
Use galera_new_cluster instead. systemctl start mariadb@bootstrap
will generate error message, use_galera_new_cluster.conf is the name
of the file that will generate this error.
Output:
Job for mariadb@bootstrap.service failed. See "systemctl status
mariadb@bootstrap.service" and "journalctl -xe" for details.
● mariadb@bootstrap.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb@.service; disabled;
vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/mariadb@bootstrap.service.d
└─use_galera_new_cluster.conf
Active: failed (Result: exit-code) since Thu 2015-10-15 19:27:52
CEST; 5s ago
Process: 24334 ExecStart=/usr/bin/false (code=exited,
status=1/FAILURE)
Process: 24330 ExecStart=/usr/bin/echo Please use galera_new_cluster
to start the mariadb service with --wsrep-new-cluster (code=exited,
status=0/SUCCESS)
Main PID: 24334 (code=exited, status=1/FAILURE)
Oct 15 19:27:52 spaceman systemd[1]: Starting MariaDB database server...
Oct 15 19:27:52 spaceman systemd[1]: mariadb@bootstrap.service: main
process exited, code=exited, status=1/FAILURE
Oct 15 19:27:52 spaceman systemd[1]: Failed to start MariaDB database
server.
Oct 15 19:27:52 spaceman systemd[1]: Unit mariadb@bootstrap.service
entered failed state.
Oct 15 19:27:52 spaceman systemd[1]: mariadb@bootstrap.service failed.
mariadb-service-convert during migration can create a file containing
ExecStartPre=/usr/sbin/sysctl -q -w vm.drop_caches=3 if the users my.cnf
contains [mysqld_safe] flush_caches. This sysctl entry change requires root
access. No existing ExecStartPre requires execution requires execution
as another user.
There is a comment in the mariadb{,@}.service.in that indicates
mysqld_install which would require -u mysql to explicity change user to
mysql from root since PermissionsStartOnly=true.
Otherwise the following error would be generated:
Oct 14 07:38:38 spaceman systemd[1]: Starting MariaDB database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mariadb.service has begun starting up.
Oct 14 07:38:38 spaceman sysctl[10089]: sysctl: permission denied on key 'vm.drop_caches'
Oct 14 07:38:38 spaceman systemd[1]: mariadb.service: control process exited, code=exited status=255
Oct 14 07:38:38 spaceman systemd[1]: Failed to start MariaDB database server.
