From 96d15413119e946542d0ad1ec8bd693877ef8949 Mon Sep 17 00:00:00 2001 From: mhoellein Date: Wed, 8 Jul 2020 21:58:14 +0200 Subject: [PATCH] committing changes in /etc made by "apt-get install mysql-server" Package changes: +mysql-client-8.0 8.0.20-0ubuntu0.20.04.1 amd64 +mysql-client-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 +mysql-server 8.0.20-0ubuntu0.20.04.1 all +mysql-server-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 --- .etckeeper | 5 + apparmor.d/usr.sbin.mysqld | 84 +++++++++++++++ init.d/mysql | 191 +++++++++++++++++++++++++++++++++++ logrotate.d/mysql-server | 27 +++++ mysql/FROZEN | 1 + mysql/debian-start | 5 + mysql/mysql.conf.d/mysql.cnf | 6 ++ 7 files changed, 319 insertions(+) create mode 100644 apparmor.d/usr.sbin.mysqld create mode 100755 init.d/mysql create mode 100644 logrotate.d/mysql-server create mode 120000 mysql/FROZEN create mode 100755 mysql/debian-start create mode 100644 mysql/mysql.conf.d/mysql.cnf diff --git a/.etckeeper b/.etckeeper index 82de55432..f520847b9 100755 --- a/.etckeeper +++ b/.etckeeper @@ -652,6 +652,7 @@ maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs.d/site.local' maybe chmod 0644 'apparmor.d/usr.bin.man' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.charon' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.stroke' +maybe chmod 0644 'apparmor.d/usr.sbin.mysqld' maybe chmod 0644 'apparmor.d/usr.sbin.named' maybe chmod 0644 'apparmor.d/usr.sbin.rsyslogd' maybe chmod 0644 'apparmor.d/usr.sbin.tcpdump' @@ -1316,6 +1317,7 @@ maybe chmod 0755 'init.d/kmod' maybe chmod 0755 'init.d/knockd' maybe chmod 0755 'init.d/lvm2' maybe chmod 0755 'init.d/lvm2-lvmpolld' +maybe chmod 0755 'init.d/mysql' maybe chmod 0755 'init.d/named' maybe chmod 0755 'init.d/opendkim' maybe chmod 0755 'init.d/opendmarc' @@ -5782,6 +5784,7 @@ maybe chmod 0644 'logrotate.d/dbconfig-common' maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/fail2ban' maybe chmod 0644 'logrotate.d/icinga2' +maybe chmod 0644 'logrotate.d/mysql-server' maybe chmod 0644 'logrotate.d/razor' maybe chmod 0644 'logrotate.d/redis-server' maybe chmod 0644 'logrotate.d/rsnapshot' @@ -5847,10 +5850,12 @@ maybe chmod 0755 'mysql' maybe chmod 0755 'mysql/conf.d' maybe chmod 0644 'mysql/conf.d/mysql.cnf' maybe chmod 0644 'mysql/conf.d/mysqldump.cnf' +maybe chmod 0755 'mysql/debian-start' maybe chmod 0600 'mysql/debian.cnf' maybe chmod 0644 'mysql/my.cnf.fallback' maybe chmod 0644 'mysql/mysql.cnf' maybe chmod 0755 'mysql/mysql.conf.d' +maybe chmod 0644 'mysql/mysql.conf.d/mysql.cnf' maybe chmod 0644 'mysql/mysql.conf.d/mysqld.cnf' maybe chmod 0644 'mysql/mysql.conf.d/mysqld_safe_syslog.cnf' maybe chmod 0755 'myssl' diff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld new file mode 100644 index 000000000..185cceb8b --- /dev/null +++ b/apparmor.d/usr.sbin.mysqld @@ -0,0 +1,84 @@ +# vim:syntax=apparmor +# Last Modified: Tue Feb 09 15:28:30 2016 +#include + +/usr/sbin/mysqld { + #include + #include + #include + #include + #include + +# Allow system resource access + /proc/*/status r, + /sys/devices/system/cpu/ r, + /sys/devices/system/node/ r, + /sys/devices/system/node/** r, + capability sys_resource, + capability dac_override, + capability dac_read_search, + capability setuid, + capability setgid, + +# Allow network access + network tcp, + + /etc/hosts.allow r, + /etc/hosts.deny r, + +# Allow config access + /etc/mysql/** r, + +# Allow pid, socket, socket lock file access + /var/run/mysqld/mysqld.pid rw, + /var/run/mysqld/mysqld.sock rw, + /var/run/mysqld/mysqld.sock.lock rw, + /var/run/mysqld/mysqlx.sock rw, + /var/run/mysqld/mysqlx.sock.lock rw, + /run/mysqld/mysqld.pid rw, + /run/mysqld/mysqld.sock rw, + /run/mysqld/mysqld.sock.lock rw, + /run/mysqld/mysqlx.sock rw, + /run/mysqld/mysqlx.sock.lock rw, + +# Allow systemd notify messages + /{,var/}run/systemd/notify w, + +# Allow execution of server binary + /usr/sbin/mysqld mr, + /usr/sbin/mysqld-debug mr, + +# Allow plugin access + /usr/lib/mysql/plugin/ r, + /usr/lib/mysql/plugin/*.so* mr, + +# Allow error msg and charset access + /usr/share/mysql/ r, + /usr/share/mysql/** r, + +# Allow data dir access + /var/lib/mysql/ r, + /var/lib/mysql/** rwk, + +# Allow data files dir access + /var/lib/mysql-files/ r, + /var/lib/mysql-files/** rwk, + +# Allow keyring dir access + /var/lib/mysql-keyring/ r, + /var/lib/mysql-keyring/** rwk, + +# Allow log file access + /var/log/mysql.err rw, + /var/log/mysql.log rw, + /var/log/mysql/ r, + /var/log/mysql/** rw, + +# Allow read access to mecab files + /var/lib/mecab/dic/ipadic-utf8/** r, + +# Allow read access to OpenSSL config + /etc/ssl/openssl.cnf r, + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/init.d/mysql b/init.d/mysql new file mode 100755 index 000000000..51537d20b --- /dev/null +++ b/init.d/mysql @@ -0,0 +1,191 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: mysql +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network $time +# Should-Stop: $network $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the mysql database server daemon +# Description: Controls the main MySQL database server daemon "mysqld" +# and its wrapper script "mysqld_safe". +### END INIT INFO +# +set -e +set -u +${DEBIAN_SCRIPT_DEBUG:+ set -v -x} + +test -x /usr/bin/mysqld_safe || exit 0 + +. /lib/lsb/init-functions + +SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) +CONF=/etc/mysql/my.cnf +MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" + +# priority can be overriden and "-s" adds output to stderr +ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" + +# Safeguard (relative paths, core dumps..) +cd / +umask 077 + +# mysqladmin likes to read /root/.my.cnf. This is usually not what I want +# as many admins e.g. only store a password without a username there and +# so break my scripts. +export HOME=/etc/mysql/ + +## Fetch a particular option from mysql's invocation. +# +# Usage: void mysqld_get_param option +mysqld_get_param() { + /usr/sbin/mysqld --print-defaults \ + | tr " " "\n" \ + | grep -- "--$1" \ + | tail -n 1 \ + | cut -d= -f2 +} + +## Do some sanity checks before even trying to start mysqld. +sanity_checks() { + # check for config file + if [ ! -r /etc/mysql/my.cnf ]; then + log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" + echo "WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" | $ERR_LOGGER + fi + + # check for diskspace shortage + datadir=`mysqld_get_param datadir` + if LC_ALL=C BLOCKSIZE= df --portability $datadir/. | tail -n 1 | awk '{ exit ($4>4096) }'; then + log_failure_msg "$0: ERROR: The partition with $datadir is too full!" + echo "ERROR: The partition with $datadir is too full!" | $ERR_LOGGER + exit 1 + fi +} + +## Checks if there is a server running and if so if it is accessible. +# +# check_alive insists on a pingable server +# check_dead also fails if there is a lost mysqld in the process list +# +# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] +mysqld_status () { + ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) + + ps_alive=0 + pidfile=`mysqld_get_param pid-file` + if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi + + if [ "$1" = "check_alive" -a $ping_alive = 1 ] || + [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then + return 0 # EXIT_SUCCESS + else + if [ "$2" = "warn" ]; then + echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug + fi + return 1 # EXIT_FAILURE + fi +} + +# +# main() +# + +case "${1:-''}" in + 'start') + sanity_checks; + # Start daemon + log_daemon_msg "Starting MySQL database server" "mysqld" + if mysqld_status check_alive nowarn; then + log_progress_msg "already running" + log_end_msg 0 + else + # Could be removed during boot + test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld + + # Start MySQL! + su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &" + + # 6s was reported in #352070 to be too few when using ndbcluster + # 14s was reported in #736452 to be too few with large installs + for i in $(seq 1 30); do + sleep 1 + if mysqld_status check_alive nowarn ; then break; fi + log_progress_msg "." + done + if mysqld_status check_alive warn; then + log_end_msg 0 + # Now start mysqlcheck or whatever the admin wants. + output=$(/etc/mysql/debian-start) + [ -n "$output" ] && log_action_msg "$output" + else + log_end_msg 1 + log_failure_msg "Please take a look at the syslog" + fi + fi + ;; + + 'stop') + # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible + # at least for cron, we can rely on it here, too. (although we have + # to specify it explicit as e.g. sudo environments points to the normal + # users home and not /root) + log_daemon_msg "Stopping MySQL database server" "mysqld" + if ! mysqld_status check_dead nowarn; then + set +e + shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? + set -e + if [ "$r" -ne 0 ]; then + log_end_msg 1 + [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" + log_daemon_msg "Killing MySQL database server by signal" "mysqld" + killall -15 mysqld + server_down= + for i in 1 2 3 4 5 6 7 8 9 10; do + sleep 1 + if mysqld_status check_dead nowarn; then server_down=1; break; fi + done + if test -z "$server_down"; then killall -9 mysqld; fi + fi + fi + + if ! mysqld_status check_dead warn; then + log_end_msg 1 + log_failure_msg "Please stop MySQL manually and read /usr/share/doc/mysql-server-5.7/README.Debian.gz!" + exit -1 + else + log_end_msg 0 + fi + ;; + + 'restart') + set +e; $SELF stop; set -e + $SELF start + ;; + + 'reload'|'force-reload') + log_daemon_msg "Reloading MySQL database server" "mysqld" + $MYADMIN reload + log_end_msg 0 + ;; + + 'status') + if mysqld_status check_alive nowarn; then + log_action_msg "$($MYADMIN version)" + else + log_action_msg "MySQL is stopped." + exit 3 + fi + ;; + + *) + echo "Usage: $SELF start|stop|restart|reload|force-reload|status" + exit 1 + ;; +esac + +# Some success paths end up returning non-zero so exit 0 explicitly. See +# bug #739846. +exit 0 diff --git a/logrotate.d/mysql-server b/logrotate.d/mysql-server new file mode 100644 index 000000000..2d9c71a75 --- /dev/null +++ b/logrotate.d/mysql-server @@ -0,0 +1,27 @@ +# - I put everything in one block and added sharedscripts, so that mysql gets +# flush-logs'd only once. +# Else the binary logs would automatically increase by n times every day. +# - The error log is obsolete, messages go to syslog now. +/var/log/mysql.log /var/log/mysql/*log { + daily + rotate 7 + missingok + create 640 mysql adm + compress + sharedscripts + postrotate + test -x /usr/bin/mysqladmin || exit 0 + # If this fails, check debian.conf! + MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" + if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then + # Really no mysqld or rather a missing debian-sys-maint user? + # If this occurs and is not a error please report a bug. + #if ps cax | grep -q mysqld; then + if killall -q -s0 -umysql mysqld; then + exit 1 + fi + else + $MYADMIN flush-logs + fi + endscript +} diff --git a/mysql/FROZEN b/mysql/FROZEN new file mode 120000 index 000000000..2bc63aea9 --- /dev/null +++ b/mysql/FROZEN @@ -0,0 +1 @@ +../../usr/share/doc/mysql-common/frozen-mode/downgrade \ No newline at end of file diff --git a/mysql/debian-start b/mysql/debian-start new file mode 100755 index 000000000..8be72eac2 --- /dev/null +++ b/mysql/debian-start @@ -0,0 +1,5 @@ +#!/bin/bash + +# Change to no-op as detailed in +# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1577712 +exit 0 diff --git a/mysql/mysql.conf.d/mysql.cnf b/mysql/mysql.conf.d/mysql.cnf new file mode 100644 index 000000000..dc4478efe --- /dev/null +++ b/mysql/mysql.conf.d/mysql.cnf @@ -0,0 +1,6 @@ +# +# The MySQL database client configuration file +# +# Ref to https://dev.mysql.com/doc/refman/en/mysql-command-options.html + +[mysql] -- 2.43.0