From: mhoellein Date: Wed, 8 Jul 2020 18:23:21 +0000 (+0200) Subject: committing changes in /etc made by "apt-get install mariadb-server-10.3" X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=8dbbc05c7bcd3118a9fc10386d6963eb9071e335;p=vserver committing changes in /etc made by "apt-get install mariadb-server-10.3" Package changes: +galera-3 25.3.29-1 amd64 +gawk 1:5.0.1+dfsg-1 amd64 +libconfig-inifiles-perl 3.000002-1 all +libsigsegv2 2.12-2 amd64 +libsnappy1v5 1.1.8-1build1 amd64 +libterm-readkey-perl 2.38-1build1 amd64 +mariadb-client-10.3 1:10.3.22-1ubuntu1 amd64 +mariadb-client-core-10.3 1:10.3.22-1ubuntu1 amd64 +mariadb-common 1:10.3.22-1ubuntu1 all +mariadb-server-10.3 1:10.3.22-1ubuntu1 amd64 +mariadb-server-core-10.3 1:10.3.22-1ubuntu1 amd64 -mysql-client-8.0 8.0.20-0ubuntu0.20.04.1 amd64 -mysql-client-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 -mysql-server 8.0.20-0ubuntu0.20.04.1 all -mysql-server-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 +socat 1.7.3.3-2 amd64 --- diff --git a/.etckeeper b/.etckeeper index e077ce84a..0f1f23843 100755 --- a/.etckeeper +++ b/.etckeeper @@ -868,6 +868,7 @@ maybe chmod 0644 'default/keyboard' maybe chmod 0644 'default/knockd' maybe chmod 0644 'default/locale' maybe chmod 0644 'default/motd-news' +maybe chmod 0644 'default/mysql' maybe chmod 0644 'default/named' maybe chmod 0644 'default/networkd-dispatcher' maybe chmod 0644 'default/nss' @@ -1356,6 +1357,7 @@ maybe chmod 0644 'initramfs-tools/update-initramfs.conf' maybe chmod 0644 'inputrc' maybe chmod 0755 'insserv.conf.d' maybe chmod 0644 'insserv.conf.d/bind9' +maybe chmod 0644 'insserv.conf.d/mariadb' maybe chmod 0644 'insserv.conf.d/postfix' maybe chmod 0755 'iproute2' maybe chmod 0644 'iproute2/bpf_pinning' @@ -5755,17 +5757,20 @@ maybe chmod 0644 'locale.alias' maybe chmod 0644 'locale.gen' maybe chmod 0755 'logcheck' maybe chmod 0755 'logcheck/ignore.d.paranoid' +maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_7' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-8_0' maybe chmod 0755 'logcheck/ignore.d.server' maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent' maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules' +maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_7' maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-8_0' maybe chmod 0644 'logcheck/ignore.d.server/postfix-policyd-spf-python' maybe chmod 0644 'logcheck/ignore.d.server/razor' maybe chmod 0644 'logcheck/ignore.d.server/rsyslog' maybe chmod 0755 'logcheck/ignore.d.workstation' +maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-5_7' maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-8_0' maybe chmod 0755 'logcheck/violations.ignore.d' @@ -5850,6 +5855,12 @@ maybe chmod 0644 'mysql/conf.d/mysql.cnf' maybe chmod 0644 'mysql/conf.d/mysqldump.cnf' maybe chmod 0755 'mysql/debian-start' maybe chmod 0600 'mysql/debian.cnf' +maybe chmod 0644 'mysql/mariadb.cnf' +maybe chmod 0755 'mysql/mariadb.conf.d' +maybe chmod 0644 'mysql/mariadb.conf.d/50-client.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysql-clients.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysqld_safe.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-server.cnf' maybe chmod 0644 'mysql/my.cnf.fallback' maybe chmod 0644 'mysql/mysql.cnf' maybe chmod 0755 'mysql/mysql.conf.d' @@ -6102,6 +6113,8 @@ maybe chmod 0755 'profile.d' maybe chmod 0644 'profile.d/01-locale-fix.sh' maybe chmod 0644 'profile.d/bash_completion.sh' maybe chmod 0644 'profile.d/cedilla-portuguese.sh' +maybe chmod 0644 'profile.d/gawk.csh' +maybe chmod 0644 'profile.d/gawk.sh' maybe chmod 0644 'profile.d/ssh_mail.sh' maybe chmod 0644 'protocols' maybe chmod 0755 'python' diff --git a/alternatives/awk b/alternatives/awk index 6190dcb84..19ba657e8 120000 --- a/alternatives/awk +++ b/alternatives/awk @@ -1 +1 @@ -/usr/bin/mawk \ No newline at end of file +/usr/bin/gawk \ No newline at end of file diff --git a/alternatives/awk.1.gz b/alternatives/awk.1.gz index 5d8f19b40..134262bcb 120000 --- a/alternatives/awk.1.gz +++ b/alternatives/awk.1.gz @@ -1 +1 @@ -/usr/share/man/man1/mawk.1.gz \ No newline at end of file +/usr/share/man/man1/gawk.1.gz \ No newline at end of file diff --git a/alternatives/my.cnf b/alternatives/my.cnf index 572c785cc..c0fe3dd77 120000 --- a/alternatives/my.cnf +++ b/alternatives/my.cnf @@ -1 +1 @@ -/etc/mysql/mysql.cnf \ No newline at end of file +/etc/mysql/mariadb.cnf \ No newline at end of file diff --git a/alternatives/nawk b/alternatives/nawk index 6190dcb84..19ba657e8 120000 --- a/alternatives/nawk +++ b/alternatives/nawk @@ -1 +1 @@ -/usr/bin/mawk \ No newline at end of file +/usr/bin/gawk \ No newline at end of file diff --git a/alternatives/nawk.1.gz b/alternatives/nawk.1.gz index 5d8f19b40..134262bcb 120000 --- a/alternatives/nawk.1.gz +++ b/alternatives/nawk.1.gz @@ -1 +1 @@ -/usr/share/man/man1/mawk.1.gz \ No newline at end of file +/usr/share/man/man1/gawk.1.gz \ No newline at end of file diff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld index 185cceb8b..4ffb7eab5 100644 --- a/apparmor.d/usr.sbin.mysqld +++ b/apparmor.d/usr.sbin.mysqld @@ -1,84 +1,15 @@ -# vim:syntax=apparmor -# Last Modified: Tue Feb 09 15:28:30 2016 -#include - -/usr/sbin/mysqld { - #include - #include - #include - #include - #include - -# Allow system resource access - /proc/*/status r, - /sys/devices/system/cpu/ r, - /sys/devices/system/node/ r, - /sys/devices/system/node/** r, - capability sys_resource, - capability dac_override, - capability dac_read_search, - capability setuid, - capability setgid, - -# Allow network access - network tcp, - - /etc/hosts.allow r, - /etc/hosts.deny r, - -# Allow config access - /etc/mysql/** r, - -# Allow pid, socket, socket lock file access - /var/run/mysqld/mysqld.pid rw, - /var/run/mysqld/mysqld.sock rw, - /var/run/mysqld/mysqld.sock.lock rw, - /var/run/mysqld/mysqlx.sock rw, - /var/run/mysqld/mysqlx.sock.lock rw, - /run/mysqld/mysqld.pid rw, - /run/mysqld/mysqld.sock rw, - /run/mysqld/mysqld.sock.lock rw, - /run/mysqld/mysqlx.sock rw, - /run/mysqld/mysqlx.sock.lock rw, - -# Allow systemd notify messages - /{,var/}run/systemd/notify w, - -# Allow execution of server binary - /usr/sbin/mysqld mr, - /usr/sbin/mysqld-debug mr, - -# Allow plugin access - /usr/lib/mysql/plugin/ r, - /usr/lib/mysql/plugin/*.so* mr, - -# Allow error msg and charset access - /usr/share/mysql/ r, - /usr/share/mysql/** r, - -# Allow data dir access - /var/lib/mysql/ r, - /var/lib/mysql/** rwk, - -# Allow data files dir access - /var/lib/mysql-files/ r, - /var/lib/mysql-files/** rwk, - -# Allow keyring dir access - /var/lib/mysql-keyring/ r, - /var/lib/mysql-keyring/** rwk, - -# Allow log file access - /var/log/mysql.err rw, - /var/log/mysql.log rw, - /var/log/mysql/ r, - /var/log/mysql/** rw, - -# Allow read access to mecab files - /var/lib/mecab/dic/ipadic-utf8/** r, - -# Allow read access to OpenSSL config - /etc/ssl/openssl.cnf r, - # Site-specific additions and overrides. See local/README for details. - #include -} +# This file is intensionally empty to disable apparmor by default for newer +# versions of MariaDB, while providing seamless upgrade from older versions +# and from mysql, where apparmor is used. +# +# By default, we do not want to have any apparmor profile for the MariaDB +# server. It does not provide much useful functionality/security, and causes +# several problems for users who often are not even aware that apparmor +# exists and runs on their system. +# +# Users can modify and maintain their own profile, and in this case it will +# be used. +# +# When upgrading from previous version, users who modified the profile +# will be promptet to keep or discard it, while for default installs +# we will automatically disable the profile. diff --git a/default/mysql b/default/mysql new file mode 100644 index 000000000..3d3bc8007 --- /dev/null +++ b/default/mysql @@ -0,0 +1,24 @@ +# +# NOTE: This file is read only by the traditional SysV init script and has been +# available only in Ubuntu 16.04 and 16.10 and never in a official Debian release. +# Debian 9 and Ubuntu 17.04 onwards do not normally read this file as they use +# systemd by default. +# +# For similar behaviour, systemd users should override ExecStart by dropping +# files into /etc/systemd/system/mariadb.service.d/ +# +# See also: +# https://wiki.debian.org/Teams/pkg-systemd/Packaging#overriding_options_and_.2Fetc.2Fdefault_handling +# https://mariadb.com/kb/en/mariadb/systemd/ +# +# Note also that MariaDB systemd does _not_ utilize mysqld_safe nor debian-start. + + +# The delay in seconds the init script waits for the server to be up and running after having started "mysqld_safe" to run the "/etc/mysql/debian-start" script. +# If the server is still not responding after the delay, the script won't be executed and an error will be thrown on the syslog. +# Default: 30 +#MYSQLD_STARTUP_TIMEOUT=30 + +# The email recipient(s) of the output of the check for crashed and improperly closed MyISAM and Aria tables done at each server start by the "/etc/mysql/debian-start" script. +# Default: root +#MYCHECK_RCPT="root" diff --git a/init.d/mysql b/init.d/mysql index 51537d20b..0694ed752 100755 --- a/init.d/mysql +++ b/init.d/mysql @@ -4,12 +4,12 @@ # Provides: mysql # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog -# Should-Start: $network $time -# Should-Stop: $network $time +# Should-Start: $network $named $time +# Should-Stop: $network $named $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop the mysql database server daemon -# Description: Controls the main MySQL database server daemon "mysqld" +# Description: Controls the main MariaDB database server daemon "mysqld" # and its wrapper script "mysqld_safe". ### END INIT INFO # @@ -17,17 +17,28 @@ set -e set -u ${DEBIAN_SCRIPT_DEBUG:+ set -v -x} -test -x /usr/bin/mysqld_safe || exit 0 +test -x /usr/sbin/mysqld || exit 0 . /lib/lsb/init-functions SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) -CONF=/etc/mysql/my.cnf + MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" -# priority can be overriden and "-s" adds output to stderr +# priority can be overridden and "-s" adds output to stderr ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" +if [ -f /etc/default/mysql ]; then + . /etc/default/mysql +fi + +# Also source default/mariadb in case the installation was upgraded from +# packages originally installed from MariaDB.org repositories, which have +# had support for reading /etc/default/mariadb since March 2016. +if [ -f /etc/default/mariadb ]; then + . /etc/default/mariadb +fi + # Safeguard (relative paths, core dumps..) cd / umask 077 @@ -41,11 +52,11 @@ export HOME=/etc/mysql/ # # Usage: void mysqld_get_param option mysqld_get_param() { - /usr/sbin/mysqld --print-defaults \ - | tr " " "\n" \ - | grep -- "--$1" \ - | tail -n 1 \ - | cut -d= -f2 + /usr/sbin/mysqld --print-defaults \ + | tr " " "\n" \ + | grep -- "--$1" \ + | tail -n 1 \ + | cut -d= -f2 } ## Do some sanity checks before even trying to start mysqld. @@ -72,21 +83,21 @@ sanity_checks() { # # Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] mysqld_status () { - ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) - - ps_alive=0 - pidfile=`mysqld_get_param pid-file` - if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi - - if [ "$1" = "check_alive" -a $ping_alive = 1 ] || - [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then - return 0 # EXIT_SUCCESS - else - if [ "$2" = "warn" ]; then - echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug - fi - return 1 # EXIT_FAILURE + ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) + + ps_alive=0 + pidfile=`mysqld_get_param pid-file` + if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi + + if [ "$1" = "check_alive" -a $ping_alive = 1 ] || + [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then + return 0 # EXIT_SUCCESS + else + if [ "$2" = "warn" ]; then + echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug fi + return 1 # EXIT_FAILURE + fi } # @@ -94,98 +105,103 @@ mysqld_status () { # case "${1:-''}" in + 'start') - sanity_checks; - # Start daemon - log_daemon_msg "Starting MySQL database server" "mysqld" - if mysqld_status check_alive nowarn; then - log_progress_msg "already running" - log_end_msg 0 - else - # Could be removed during boot - test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld - - # Start MySQL! - su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &" - - # 6s was reported in #352070 to be too few when using ndbcluster - # 14s was reported in #736452 to be too few with large installs - for i in $(seq 1 30); do - sleep 1 - if mysqld_status check_alive nowarn ; then break; fi - log_progress_msg "." - done - if mysqld_status check_alive warn; then - log_end_msg 0 - # Now start mysqlcheck or whatever the admin wants. - output=$(/etc/mysql/debian-start) - [ -n "$output" ] && log_action_msg "$output" - else - log_end_msg 1 - log_failure_msg "Please take a look at the syslog" - fi - fi - ;; + sanity_checks; + # Start daemon + log_daemon_msg "Starting MariaDB database server" "mysqld" + if mysqld_status check_alive nowarn; then + log_progress_msg "already running" + log_end_msg 0 + else + # Could be removed during boot + test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld + + # Start MariaDB! + /usr/bin/mysqld_safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER & + + for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do + sleep 1 + if mysqld_status check_alive nowarn ; then break; fi + log_progress_msg "." + done + if mysqld_status check_alive warn; then + log_end_msg 0 + # Now start mysqlcheck or whatever the admin wants. + output=$(/etc/mysql/debian-start) + if [ -n "$output" ]; then + log_action_msg "$output" + fi + else + log_end_msg 1 + log_failure_msg "Please take a look at the syslog" + fi + fi + ;; 'stop') - # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible - # at least for cron, we can rely on it here, too. (although we have - # to specify it explicit as e.g. sudo environments points to the normal - # users home and not /root) - log_daemon_msg "Stopping MySQL database server" "mysqld" - if ! mysqld_status check_dead nowarn; then - set +e - shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? - set -e - if [ "$r" -ne 0 ]; then - log_end_msg 1 - [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" - log_daemon_msg "Killing MySQL database server by signal" "mysqld" - killall -15 mysqld - server_down= - for i in 1 2 3 4 5 6 7 8 9 10; do - sleep 1 - if mysqld_status check_dead nowarn; then server_down=1; break; fi - done - if test -z "$server_down"; then killall -9 mysqld; fi - fi - fi - - if ! mysqld_status check_dead warn; then - log_end_msg 1 - log_failure_msg "Please stop MySQL manually and read /usr/share/doc/mysql-server-5.7/README.Debian.gz!" - exit -1 - else - log_end_msg 0 - fi - ;; + # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible + # at least for cron, we can rely on it here, too. (although we have + # to specify it explicit as e.g. sudo environments points to the normal + # users home and not /root) + log_daemon_msg "Stopping MariaDB database server" "mysqld" + if ! mysqld_status check_dead nowarn; then + set +e + shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? + set -e + if [ "$r" -ne 0 ]; then + log_end_msg 1 + [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" + log_daemon_msg "Killing MariaDB database server by signal" "mysqld" + killall -15 mysqld + server_down= + for i in `seq 1 600`; do + sleep 1 + if mysqld_status check_dead nowarn; then server_down=1; break; fi + done + if test -z "$server_down"; then killall -9 mysqld; fi + fi + fi + + if ! mysqld_status check_dead warn; then + log_end_msg 1 + log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.3/README.Debian.gz!" + exit -1 + else + log_end_msg 0 + fi + ;; 'restart') - set +e; $SELF stop; set -e - $SELF start - ;; + set +e; $SELF stop; set -e + shift + $SELF start "${@}" + ;; 'reload'|'force-reload') - log_daemon_msg "Reloading MySQL database server" "mysqld" - $MYADMIN reload - log_end_msg 0 - ;; + log_daemon_msg "Reloading MariaDB database server" "mysqld" + $MYADMIN reload + log_end_msg 0 + ;; 'status') - if mysqld_status check_alive nowarn; then - log_action_msg "$($MYADMIN version)" - else - log_action_msg "MySQL is stopped." - exit 3 - fi - ;; + if mysqld_status check_alive nowarn; then + log_action_msg "$($MYADMIN version)" + else + log_action_msg "MariaDB is stopped." + exit 3 + fi + ;; - *) - echo "Usage: $SELF start|stop|restart|reload|force-reload|status" - exit 1 + 'bootstrap') + # Bootstrap the cluster, start the first node + # that initiates the cluster + log_daemon_msg "Bootstrapping the cluster" "mysqld" + $SELF start "${@:2}" --wsrep-new-cluster ;; -esac -# Some success paths end up returning non-zero so exit 0 explicitly. See -# bug #739846. -exit 0 + *) + echo "Usage: $SELF start|stop|restart|reload|force-reload|status|bootstrap" + exit 1 + ;; +esac diff --git a/insserv.conf.d/mariadb b/insserv.conf.d/mariadb new file mode 100644 index 000000000..cb29a5477 --- /dev/null +++ b/insserv.conf.d/mariadb @@ -0,0 +1 @@ +$database mysql diff --git a/logcheck/ignore.d.paranoid/mariadb-server-10_3 b/logcheck/ignore.d.paranoid/mariadb-server-10_3 new file mode 100644 index 000000000..00cc5c3e2 --- /dev/null +++ b/logcheck/ignore.d.paranoid/mariadb-server-10_3 @@ -0,0 +1,9 @@ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: $ +mysqld\[[0-9]+\]: Version: .* socket: '/var/run/mysqld/mysqld.sock' port: 3306$ +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: started$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.server/mariadb-server-10_3 b/logcheck/ignore.d.server/mariadb-server-10_3 new file mode 100644 index 000000000..d6e7f9025 --- /dev/null +++ b/logcheck/ignore.d.server/mariadb-server-10_3 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.workstation/mariadb-server-10_3 b/logcheck/ignore.d.workstation/mariadb-server-10_3 new file mode 100644 index 000000000..a0b4792ec --- /dev/null +++ b/logcheck/ignore.d.workstation/mariadb-server-10_3 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at https://order.mysql.com$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logrotate.d/mysql-server b/logrotate.d/mysql-server index 2d9c71a75..34ef6385e 100644 --- a/logrotate.d/mysql-server +++ b/logrotate.d/mysql-server @@ -1,8 +1,8 @@ -# - I put everything in one block and added sharedscripts, so that mysql gets +# - I put everything in one block and added sharedscripts, so that mysql gets # flush-logs'd only once. # Else the binary logs would automatically increase by n times every day. # - The error log is obsolete, messages go to syslog now. -/var/log/mysql.log /var/log/mysql/*log { +/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log { daily rotate 7 missingok @@ -10,18 +10,11 @@ compress sharedscripts postrotate - test -x /usr/bin/mysqladmin || exit 0 - # If this fails, check debian.conf! - MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" - if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then - # Really no mysqld or rather a missing debian-sys-maint user? - # If this occurs and is not a error please report a bug. - #if ps cax | grep -q mysqld; then - if killall -q -s0 -umysql mysqld; then - exit 1 - fi - else - $MYADMIN flush-logs - fi + test -x /usr/bin/mysqladmin || exit 0 + if [ -f `my_print_defaults --mysqld | grep -m 1 -oP "pid-file=\K.+$"` ]; then + # If this fails, check debian.conf! + mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \ + flush-engine-log flush-general-log flush-slow-log + fi endscript } diff --git a/mysql/debian-start b/mysql/debian-start index 8be72eac2..7de59ce1f 100755 --- a/mysql/debian-start +++ b/mysql/debian-start @@ -1,5 +1,43 @@ #!/bin/bash +# +# This script is executed by "/etc/init.d/mysql" on every (re)start. +# +# Changes to this file will be preserved when updating the Debian package. +# +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# + +source /usr/share/mysql/debian-start.inc.sh + +if [ -f /etc/default/mysql ]; then + . /etc/default/mysql +fi + +MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf" +MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" +# Don't run full mysql_upgrade on every server restart, use --version-check to do it only once +MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check" +MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf" +MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables" +MYCHECK_PARAMS="--all-databases --fast --silent" +MYCHECK_RCPT="${MYCHECK_RCPT:-root}" + +## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables. + +# The following commands should be run when the server is up but in background +# where they do not block the server start and in one shell instance so that +# they run sequentially. They are supposed not to echo anything to stdout. +# If you want to disable the check for crashed tables comment +# "check_for_crashed_tables" out. +# (There may be no output to stdout inside the background process!) + +# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade +# process in the middle. +trap "" SIGHUP +( + upgrade_system_tables_if_necessary; + check_root_accounts; + check_for_crashed_tables; +) >&2 & -# Change to no-op as detailed in -# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1577712 exit 0 diff --git a/mysql/mariadb.cnf b/mysql/mariadb.cnf new file mode 100644 index 000000000..94d8f107a --- /dev/null +++ b/mysql/mariadb.cnf @@ -0,0 +1,23 @@ +# The MariaDB configuration file +# +# The MariaDB/MySQL tools read configuration files in the following order: +# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults, +# 2. "/etc/mysql/conf.d/*.cnf" to set global options. +# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options. +# 4. "~/.my.cnf" to set user-specific options. +# +# If the same option is defined multiple times, the last one will apply. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. + +# +# This group is read both both by the client and the server +# use it for options that affect everything +# +[client-server] + +# Import all .cnf files from configuration directory +!includedir /etc/mysql/conf.d/ +!includedir /etc/mysql/mariadb.conf.d/ diff --git a/mysql/mariadb.conf.d/50-client.cnf b/mysql/mariadb.conf.d/50-client.cnf new file mode 100644 index 000000000..b509f1910 --- /dev/null +++ b/mysql/mariadb.conf.d/50-client.cnf @@ -0,0 +1,25 @@ +# +# This group is read by the client library +# Use it for options that affect all clients, but not the server +# + +[client] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +# socket location +socket = /var/run/mysqld/mysqld.sock + +# Example of client certificate usage +# ssl-cert=/etc/mysql/client-cert.pem +# ssl-key=/etc/mysql/client-key.pem +# +# Allow only TLS encrypted connections +# ssl-verify-server-cert=on + +# This group is *never* read by mysql client library, though this +# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL +# client anyway. +# If you use the same .cnf file for MySQL and MariaDB, +# use it for MariaDB-only client options +[client-mariadb] diff --git a/mysql/mariadb.conf.d/50-mysql-clients.cnf b/mysql/mariadb.conf.d/50-mysql-clients.cnf new file mode 100644 index 000000000..55cfda261 --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysql-clients.cnf @@ -0,0 +1,24 @@ +# +# These groups are read by MariaDB command-line tools +# Use it for options that affect only one utility +# + +[mysql] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +[mysql_upgrade] + +[mysqladmin] + +[mysqlbinlog] + +[mysqlcheck] + +[mysqldump] + +[mysqlimport] + +[mysqlshow] + +[mysqlslap] diff --git a/mysql/mariadb.conf.d/50-mysqld_safe.cnf b/mysql/mariadb.conf.d/50-mysqld_safe.cnf new file mode 100644 index 000000000..141d51f61 --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysqld_safe.cnf @@ -0,0 +1,30 @@ +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# MariaDB systemd does _not_ utilize mysqld_safe nor read this file. +# +# For similar behaviour, systemd users should create the following file: +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# +# To achieve the same result as the default 50-mysqld_safe.cnf, please create +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# with the following contents: +# +# [Service] +# User=mysql +# StandardOutput=syslog +# StandardError=syslog +# SyslogFacility=daemon +# SyslogLevel=err +# SyslogIdentifier=mysqld +# +# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/ +# + +[mysqld_safe] +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# especially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +socket = /var/run/mysqld/mysqld.sock +nice = 0 +skip_log_error +syslog diff --git a/mysql/mariadb.conf.d/50-server.cnf b/mysql/mariadb.conf.d/50-server.cnf new file mode 100644 index 000000000..e7e88ef8e --- /dev/null +++ b/mysql/mariadb.conf.d/50-server.cnf @@ -0,0 +1,133 @@ +# +# These groups are read by MariaDB server. +# Use it for options that only the server (but not clients) should see +# +# See the examples of server my.cnf files in /usr/share/mysql + +# this is read by the standalone daemon and embedded servers +[server] + +# this is only for the mysqld standalone daemon +[mysqld] + +# +# * Basic Settings +# +user = mysql +pid-file = /run/mysqld/mysqld.pid +socket = /run/mysqld/mysqld.sock +#port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +#skip-external-locking + +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = 127.0.0.1 + +# +# * Fine Tuning +# +#key_buffer_size = 16M +#max_allowed_packet = 16M +#thread_stack = 192K +#thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +#myisam_recover_options = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 + +# +# * Query Cache Configuration +# +#query_cache_limit = 1M +query_cache_size = 16M + +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Enable the slow query log to see queries with especially long duration +#slow_query_log_file = /var/log/mysql/mariadb-slow.log +#long_query_time = 10 +#log_slow_rate_limit = 1000 +#log_slow_verbosity = query_plan +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +#max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = exclude_database_name + +# +# * Security Features +# +# Read the manual, too, if you want chroot! +#chroot = /var/lib/mysql/ +# +# For generating SSL certificates you can use for example the GUI tool "tinyca". +# +#ssl-ca = /etc/mysql/cacert.pem +#ssl-cert = /etc/mysql/server-cert.pem +#ssl-key = /etc/mysql/server-key.pem +# +# Accept only connections using the latest and most secure TLS protocol version. +# ..when MariaDB is compiled with OpenSSL: +#ssl-cipher = TLSv1.2 +# ..when MariaDB is compiled with YaSSL (default in Debian): +#ssl = on + +# +# * Character sets +# +# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full +# utf8 4-byte character set. See also client.cnf +# +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci + +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! + +# +# * Unix socket authentication plugin is built-in since 10.0.22-6 +# +# Needed so the root database user can authenticate without a password but +# only when running as the unix root user. +# +# Also available for other users if required. +# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ + +# this is only for embedded server +[embedded] + +# This group is only read by MariaDB servers, not by MySQL. +# If you use the same .cnf file for MySQL and MariaDB, +# you can put MariaDB-only options here +[mariadb] + +# This group is only read by MariaDB-10.3 servers. +# If you use the same .cnf file for MariaDB of different versions, +# use this group for options that older servers don't understand +[mariadb-10.3] diff --git a/profile.d/gawk.csh b/profile.d/gawk.csh new file mode 100644 index 000000000..583d5bcd0 --- /dev/null +++ b/profile.d/gawk.csh @@ -0,0 +1,11 @@ +alias gawkpath_default 'unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`' + +alias gawkpath_prepend 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "\!*"":$AWKPATH"' + +alias gawkpath_append 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "$AWKPATH"":\!*"' + +alias gawklibpath_default 'unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`' + +alias gawklibpath_prepend 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "\!*"":$AWKLIBPATH"' + +alias gawklibpath_append 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "$AWKLIBPATH"":\!*"' diff --git a/profile.d/gawk.sh b/profile.d/gawk.sh new file mode 100644 index 000000000..c35471fac --- /dev/null +++ b/profile.d/gawk.sh @@ -0,0 +1,31 @@ +gawkpath_default () { + unset AWKPATH + export AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` +} + +gawkpath_prepend () { + [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` + export AWKPATH="$*:$AWKPATH" +} + +gawkpath_append () { + [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` + export AWKPATH="$AWKPATH:$*" +} + +gawklibpath_default () { + unset AWKLIBPATH + export AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` +} + +gawklibpath_prepend () { + [ -z "$AWKLIBPATH" ] && \ + AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` + export AWKLIBPATH="$*:$AWKLIBPATH" +} + +gawklibpath_append () { + [ -z "$AWKLIBPATH" ] && \ + AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` + export AWKLIBPATH="$AWKLIBPATH:$*" +} diff --git a/systemd/system/multi-user.target.wants/mariadb.service b/systemd/system/multi-user.target.wants/mariadb.service new file mode 120000 index 000000000..fd9e114a4 --- /dev/null +++ b/systemd/system/multi-user.target.wants/mariadb.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file diff --git a/systemd/system/mysql.service b/systemd/system/mysql.service new file mode 120000 index 000000000..fd9e114a4 --- /dev/null +++ b/systemd/system/mysql.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file diff --git a/systemd/system/mysqld.service b/systemd/system/mysqld.service new file mode 120000 index 000000000..fd9e114a4 --- /dev/null +++ b/systemd/system/mysqld.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file