mkdir -p './libpaper.d'
mkdir -p './logcheck/violations.ignore.d'
mkdir -p './monit/conf-available'
+mkdir -p './mysql/mariadb.conf.d'
mkdir -p './networkd-dispatcher/carrier.d'
mkdir -p './networkd-dispatcher/degraded.d'
mkdir -p './networkd-dispatcher/dormant.d'
maybe chmod 0755 'monit/conf-available'
maybe chmod 0755 'monit/monitrc.d'
maybe chmod 0644 'monit/monitrc.d/fail2ban'
+maybe chmod 0755 'mysql'
+maybe chmod 0755 'mysql/debian-start'
+maybe chmod 0600 'mysql/debian.cnf'
+maybe chmod 0755 'mysql/mariadb.conf.d'
maybe chmod 0755 'myssl'
maybe chmod 0600 'myssl/dh2048.pem'
maybe chmod 0755 'nagios-plugins'
-# vim:syntax=apparmor
-# Last Modified: Tue Feb 09 15:28:30 2016
-#include <tunables/global>
-
-/usr/sbin/mysqld {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
- #include <abstractions/mysql>
- #include <abstractions/winbind>
-
-# Allow system resource access
- /proc/*/status r,
- /sys/devices/system/cpu/ r,
- /sys/devices/system/node/ r,
- /sys/devices/system/node/** r,
- capability sys_resource,
- capability dac_override,
- capability dac_read_search,
- capability setuid,
- capability setgid,
-
-# Allow network access
- network tcp,
-
- /etc/hosts.allow r,
- /etc/hosts.deny r,
-
-# Allow config access
- /etc/mysql/** r,
-
-# Allow pid, socket, socket lock file access
- /var/run/mysqld/mysqld.pid rw,
- /var/run/mysqld/mysqld.sock rw,
- /var/run/mysqld/mysqld.sock.lock rw,
- /var/run/mysqld/mysqlx.sock rw,
- /var/run/mysqld/mysqlx.sock.lock rw,
- /run/mysqld/mysqld.pid rw,
- /run/mysqld/mysqld.sock rw,
- /run/mysqld/mysqld.sock.lock rw,
- /run/mysqld/mysqlx.sock rw,
- /run/mysqld/mysqlx.sock.lock rw,
-
-# Allow systemd notify messages
- /{,var/}run/systemd/notify w,
-
-# Allow execution of server binary
- /usr/sbin/mysqld mr,
- /usr/sbin/mysqld-debug mr,
-
-# Allow plugin access
- /usr/lib/mysql/plugin/ r,
- /usr/lib/mysql/plugin/*.so* mr,
-
-# Allow error msg and charset access
- /usr/share/mysql/ r,
- /usr/share/mysql/** r,
-
-# Allow data dir access
- /var/lib/mysql/ r,
- /var/lib/mysql/** rwk,
-
-# Allow data files dir access
- /var/lib/mysql-files/ r,
- /var/lib/mysql-files/** rwk,
-
-# Allow keyring dir access
- /var/lib/mysql-keyring/ r,
- /var/lib/mysql-keyring/** rwk,
-
-# Allow log file access
- /var/log/mysql.err rw,
- /var/log/mysql.log rw,
- /var/log/mysql/ r,
- /var/log/mysql/** rw,
-
-# Allow read access to mecab files
- /var/lib/mecab/dic/ipadic-utf8/** r,
-
-# Allow read access to OpenSSL config
- /etc/ssl/openssl.cnf r,
- # Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.mysqld>
-}
+# This file is intensionally empty to disable apparmor by default for newer
+# versions of MariaDB, while providing seamless upgrade from older versions
+# and from mysql, where apparmor is used.
+#
+# By default, we do not want to have any apparmor profile for the MariaDB
+# server. It does not provide much useful functionality/security, and causes
+# several problems for users who often are not even aware that apparmor
+# exists and runs on their system.
+#
+# Users can modify and maintain their own profile, and in this case it will
+# be used.
+#
+# When upgrading from previous version, users who modified the profile
+# will be promptet to keep or discard it, while for default installs
+# we will automatically disable the profile.
# Provides: mysql
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
-# Should-Start: $network $time
-# Should-Stop: $network $time
+# Should-Start: $network $named $time
+# Should-Stop: $network $named $time
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop the mysql database server daemon
-# Description: Controls the main MySQL database server daemon "mysqld"
+# Description: Controls the main MariaDB database server daemon "mysqld"
# and its wrapper script "mysqld_safe".
### END INIT INFO
#
set -u
${DEBIAN_SCRIPT_DEBUG:+ set -v -x}
-test -x /usr/bin/mysqld_safe || exit 0
+test -x /usr/sbin/mysqld || exit 0
. /lib/lsb/init-functions
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
-CONF=/etc/mysql/my.cnf
+
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
-# priority can be overriden and "-s" adds output to stderr
+# priority can be overridden and "-s" adds output to stderr
ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i"
+if [ -f /etc/default/mysql ]; then
+ . /etc/default/mysql
+fi
+
+# Also source default/mariadb in case the installation was upgraded from
+# packages originally installed from MariaDB.org repositories, which have
+# had support for reading /etc/default/mariadb since March 2016.
+if [ -f /etc/default/mariadb ]; then
+ . /etc/default/mariadb
+fi
+
# Safeguard (relative paths, core dumps..)
cd /
umask 077
#
# Usage: void mysqld_get_param option
mysqld_get_param() {
- /usr/sbin/mysqld --print-defaults \
- | tr " " "\n" \
- | grep -- "--$1" \
- | tail -n 1 \
- | cut -d= -f2
+ /usr/sbin/mysqld --print-defaults \
+ | tr " " "\n" \
+ | grep -- "--$1" \
+ | tail -n 1 \
+ | cut -d= -f2
}
## Do some sanity checks before even trying to start mysqld.
#
# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn]
mysqld_status () {
- ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? ))
-
- ps_alive=0
- pidfile=`mysqld_get_param pid-file`
- if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi
-
- if [ "$1" = "check_alive" -a $ping_alive = 1 ] ||
- [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then
- return 0 # EXIT_SUCCESS
- else
- if [ "$2" = "warn" ]; then
- echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug
- fi
- return 1 # EXIT_FAILURE
+ ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? ))
+
+ ps_alive=0
+ pidfile=`mysqld_get_param pid-file`
+ if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi
+
+ if [ "$1" = "check_alive" -a $ping_alive = 1 ] ||
+ [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then
+ return 0 # EXIT_SUCCESS
+ else
+ if [ "$2" = "warn" ]; then
+ echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug
fi
+ return 1 # EXIT_FAILURE
+ fi
}
#
#
case "${1:-''}" in
+
'start')
- sanity_checks;
- # Start daemon
- log_daemon_msg "Starting MySQL database server" "mysqld"
- if mysqld_status check_alive nowarn; then
- log_progress_msg "already running"
- log_end_msg 0
- else
- # Could be removed during boot
- test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld
-
- # Start MySQL!
- su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"
-
- # 6s was reported in #352070 to be too few when using ndbcluster
- # 14s was reported in #736452 to be too few with large installs
- for i in $(seq 1 30); do
- sleep 1
- if mysqld_status check_alive nowarn ; then break; fi
- log_progress_msg "."
- done
- if mysqld_status check_alive warn; then
- log_end_msg 0
- # Now start mysqlcheck or whatever the admin wants.
- output=$(/etc/mysql/debian-start)
- [ -n "$output" ] && log_action_msg "$output"
- else
- log_end_msg 1
- log_failure_msg "Please take a look at the syslog"
- fi
- fi
- ;;
+ sanity_checks;
+ # Start daemon
+ log_daemon_msg "Starting MariaDB database server" "mysqld"
+ if mysqld_status check_alive nowarn; then
+ log_progress_msg "already running"
+ log_end_msg 0
+ else
+ # Could be removed during boot
+ test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld
+
+ # Start MariaDB!
+ /usr/bin/mysqld_safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER &
+
+ for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do
+ sleep 1
+ if mysqld_status check_alive nowarn ; then break; fi
+ log_progress_msg "."
+ done
+ if mysqld_status check_alive warn; then
+ log_end_msg 0
+ # Now start mysqlcheck or whatever the admin wants.
+ output=$(/etc/mysql/debian-start)
+ if [ -n "$output" ]; then
+ log_action_msg "$output"
+ fi
+ else
+ log_end_msg 1
+ log_failure_msg "Please take a look at the syslog"
+ fi
+ fi
+ ;;
'stop')
- # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible
- # at least for cron, we can rely on it here, too. (although we have
- # to specify it explicit as e.g. sudo environments points to the normal
- # users home and not /root)
- log_daemon_msg "Stopping MySQL database server" "mysqld"
- if ! mysqld_status check_dead nowarn; then
- set +e
- shutdown_out=`$MYADMIN shutdown 2>&1`; r=$?
- set -e
- if [ "$r" -ne 0 ]; then
- log_end_msg 1
- [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out"
- log_daemon_msg "Killing MySQL database server by signal" "mysqld"
- killall -15 mysqld
- server_down=
- for i in 1 2 3 4 5 6 7 8 9 10; do
- sleep 1
- if mysqld_status check_dead nowarn; then server_down=1; break; fi
- done
- if test -z "$server_down"; then killall -9 mysqld; fi
- fi
- fi
-
- if ! mysqld_status check_dead warn; then
- log_end_msg 1
- log_failure_msg "Please stop MySQL manually and read /usr/share/doc/mysql-server-5.7/README.Debian.gz!"
- exit -1
- else
- log_end_msg 0
- fi
- ;;
+ # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible
+ # at least for cron, we can rely on it here, too. (although we have
+ # to specify it explicit as e.g. sudo environments points to the normal
+ # users home and not /root)
+ log_daemon_msg "Stopping MariaDB database server" "mysqld"
+ if ! mysqld_status check_dead nowarn; then
+ set +e
+ shutdown_out=`$MYADMIN shutdown 2>&1`; r=$?
+ set -e
+ if [ "$r" -ne 0 ]; then
+ log_end_msg 1
+ [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out"
+ log_daemon_msg "Killing MariaDB database server by signal" "mysqld"
+ killall -15 mysqld
+ server_down=
+ for i in `seq 1 600`; do
+ sleep 1
+ if mysqld_status check_dead nowarn; then server_down=1; break; fi
+ done
+ if test -z "$server_down"; then killall -9 mysqld; fi
+ fi
+ fi
+
+ if ! mysqld_status check_dead warn; then
+ log_end_msg 1
+ log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.3/README.Debian.gz!"
+ exit -1
+ else
+ log_end_msg 0
+ fi
+ ;;
'restart')
- set +e; $SELF stop; set -e
- $SELF start
- ;;
+ set +e; $SELF stop; set -e
+ shift
+ $SELF start "${@}"
+ ;;
'reload'|'force-reload')
- log_daemon_msg "Reloading MySQL database server" "mysqld"
- $MYADMIN reload
- log_end_msg 0
- ;;
+ log_daemon_msg "Reloading MariaDB database server" "mysqld"
+ $MYADMIN reload
+ log_end_msg 0
+ ;;
'status')
- if mysqld_status check_alive nowarn; then
- log_action_msg "$($MYADMIN version)"
- else
- log_action_msg "MySQL is stopped."
- exit 3
- fi
- ;;
+ if mysqld_status check_alive nowarn; then
+ log_action_msg "$($MYADMIN version)"
+ else
+ log_action_msg "MariaDB is stopped."
+ exit 3
+ fi
+ ;;
- *)
- echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
- exit 1
+ 'bootstrap')
+ # Bootstrap the cluster, start the first node
+ # that initiates the cluster
+ log_daemon_msg "Bootstrapping the cluster" "mysqld"
+ $SELF start "${@:2}" --wsrep-new-cluster
;;
-esac
-# Some success paths end up returning non-zero so exit 0 explicitly. See
-# bug #739846.
-exit 0
+ *)
+ echo "Usage: $SELF start|stop|restart|reload|force-reload|status|bootstrap"
+ exit 1
+ ;;
+esac
-# - I put everything in one block and added sharedscripts, so that mysql gets
+# - I put everything in one block and added sharedscripts, so that mysql gets
# flush-logs'd only once.
# Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
-/var/log/mysql.log /var/log/mysql/*log {
+/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log {
daily
rotate 7
missingok
compress
sharedscripts
postrotate
- test -x /usr/bin/mysqladmin || exit 0
- # If this fails, check debian.conf!
- MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
- if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
- # Really no mysqld or rather a missing debian-sys-maint user?
- # If this occurs and is not a error please report a bug.
- #if ps cax | grep -q mysqld; then
- if killall -q -s0 -umysql mysqld; then
- exit 1
- fi
- else
- $MYADMIN flush-logs
- fi
+ test -x /usr/bin/mysqladmin || exit 0
+ if [ -f `my_print_defaults --mysqld | grep -m 1 -oP "pid-file=\K.+$"` ]; then
+ # If this fails, check debian.conf!
+ mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \
+ flush-engine-log flush-general-log flush-slow-log
+ fi
endscript
}
--- /dev/null
+#!/bin/bash
+#
+# This script is executed by "/etc/init.d/mysql" on every (re)start.
+#
+# Changes to this file will be preserved when updating the Debian package.
+#
+# NOTE: This file is read only by the traditional SysV init script, not systemd.
+#
+
+source /usr/share/mysql/debian-start.inc.sh
+
+if [ -f /etc/default/mysql ]; then
+ . /etc/default/mysql
+fi
+
+MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf"
+MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
+# Don't run full mysql_upgrade on every server restart, use --version-check to do it only once
+MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check"
+MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf"
+MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables"
+MYCHECK_PARAMS="--all-databases --fast --silent"
+MYCHECK_RCPT="${MYCHECK_RCPT:-root}"
+
+## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables.
+
+# The following commands should be run when the server is up but in background
+# where they do not block the server start and in one shell instance so that
+# they run sequentially. They are supposed not to echo anything to stdout.
+# If you want to disable the check for crashed tables comment
+# "check_for_crashed_tables" out.
+# (There may be no output to stdout inside the background process!)
+
+# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade
+# process in the middle.
+trap "" SIGHUP
+(
+ upgrade_system_tables_if_necessary;
+ check_root_accounts;
+ check_for_crashed_tables;
+) >&2 &
+
+exit 0
--- /dev/null
+# Automatically generated for Debian scripts. DO NOT TOUCH!
+[client]
+host = localhost
+user = root
+password =
+socket = /var/run/mysqld/mysqld.sock
+[mysql_upgrade]
+host = localhost
+user = root
+password =
+socket = /var/run/mysqld/mysqld.sock
projects / vserver / commitdiff