Update cnf and service files with MySQL 8.0 features and clean up patches.

This commit is contained in:
Norvald H. Ryeng 2018-04-26 10:27:31 +02:00 committed by Michal Schorm
parent a4a6473e61
commit 2f2956058b
9 changed files with 102 additions and 279 deletions

View File

@ -1,154 +0,0 @@
Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA,
which is no longer the case as of openssl 1.0.1.
This patch enhances connect command by an option to specify a cipher
and tests are adjusted to specify the expected cipher explicitly.
Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
diff --git a/client/mysqltest.cc b/client/mysqltest.cc
index 2def9bd..128dc00 100644
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@@ -5503,6 +5503,7 @@ void do_connect(struct st_command *command)
my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0;
my_bool con_secure_auth= 1;
struct st_connection* con_slot;
+ char *con_cipher=NULL;
static DYNAMIC_STRING ds_connection_name;
static DYNAMIC_STRING ds_host;
@@ -5595,6 +5596,8 @@ void do_connect(struct st_command *command)
con_cleartext_enable= 1;
else if (!strncmp(con_options, "SKIPSECUREAUTH",14))
con_secure_auth= 0;
+ else if (!strncmp(con_options, "CIPHER:", 7))
+ con_cipher = con_options + 7;
else
die("Illegal option to connect: %.*s",
(int) (end - con_options), con_options);
@@ -5642,8 +5645,11 @@ void do_connect(struct st_command *command)
if (con_ssl)
{
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
+ /* default cipher */
+ if (con_cipher == NULL && opt_ssl_cipher != NULL)
+ con_cipher = opt_ssl_cipher;
mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
- opt_ssl_capath, opt_ssl_cipher);
+ opt_ssl_capath, con_cipher);
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
#if MYSQL_VERSION_ID >= 50000
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result
index a767a71..3c1ee27 100644
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -197,8 +197,6 @@ Variable_name Value
Ssl_cipher EDH-RSA-DES-CBC3-SHA
Variable_name Value
Ssl_cipher AES256-SHA
-Variable_name Value
-Ssl_cipher RC4-SHA
select 'is still running; no cipher request crashed the server' as result from dual;
result
is still running; no cipher request crashed the server
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test
index 426de1e..f8c6203 100644
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
-connect (con1,localhost,ssl_user1,,,,,SSL);
-connect (con2,localhost,ssl_user2,,,,,SSL);
-connect (con3,localhost,ssl_user3,,,,,SSL);
-connect (con4,localhost,ssl_user4,,,,,SSL);
+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
-connect (con5,localhost,ssl_user5,,,,,SSL);
+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
connection con1;
# Check ssl turned on
@@ -125,7 +125,7 @@ drop table t1;
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
--echo End of 5.0 tests
#
@@ -215,7 +215,6 @@ DROP TABLE t1;
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=RC4-SHA
--disable_query_log
--disable_result_log
@@ -250,7 +249,7 @@ select 'is still running; no cipher request crashed the server' as result from d
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
-connect(con1,localhost,bug42158,,,,,SSL);
+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con1;
connection default;
diff --git a/mysql-test/t/plugin_auth_sha256_tls.test b/mysql-test/t/plugin_auth_sha256_tls.test
index f99df8a..1b38fda 100644
--- a/mysql-test/t/plugin_auth_sha256_tls.test
+++ b/mysql-test/t/plugin_auth_sha256_tls.test
@@ -1,7 +1,7 @@
--source include/not_embedded.inc
--source include/have_ssl.inc
-connect (ssl_con,localhost,root,,,,,SSL);
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
SHOW STATUS LIKE 'Ssl_cipher';
CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password';
diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test
index ea8be39..c61ca8b 100644
--- a/mysql-test/t/ssl.test
+++ b/mysql-test/t/ssl.test
@@ -8,7 +8,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_con,localhost,root,,,,,SSL);
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test
index d94c2fc..c27ca58 100644
--- a/mysql-test/t/ssl_8k_key.test
+++ b/mysql-test/t/ssl_8k_key.test
@@ -4,7 +4,7 @@
#
# Bug#29784 YaSSL assertion failure when reading 8k key.
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
## This test file is for testing encrypted communication only, not other
## encryption routines that the SSL library happens to provide!
diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test
index 2cb4c0d..feaa0e7 100644
--- a/mysql-test/t/ssl_compress.test
+++ b/mysql-test/t/ssl_compress.test
@@ -9,7 +9,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';

View File

@ -1,50 +0,0 @@
Added to address RHBZ#1449689
Original patch notes from <hhorak@redhat.com> follows:
...
In FIPS mode there is no md5 by default, unless declared it is specifically
allowed. MD5 is used for non-crypto related things in MySQL (digests related
to performance schema and table list), so it is ok to use MD5 there.
However, there is also MD5() SQL function, that should still keep working,
but users should know they should avoid using it in FIPS mode.
RHBZ: #1351791
Upstream bug reports:
http://bugs.mysql.com/bug.php?id=83696
https://jira.mariadb.org/browse/MDEV-7788
diff -Naurp mysql-5.7.18_original/mysys_ssl/my_md5.cc mysql-5.7.18_patched/mysys_ssl/my_md5.cc
--- mysql-5.7.18_original/mysys_ssl/my_md5.cc 2017-03-18 08:45:14.000000000 +0100
+++ mysql-5.7.18_patched/mysys_ssl/my_md5.cc 2017-05-12 12:19:38.584814619 +0200
@@ -38,13 +38,22 @@ static void my_md5_hash(char *digest, co
#elif defined(HAVE_OPENSSL)
#include <openssl/md5.h>
+#include <openssl/evp.h>
static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
{
- MD5_CTX ctx;
- MD5_Init (&ctx);
- MD5_Update (&ctx, buf, len);
- MD5_Final (digest, &ctx);
+ EVP_MD_CTX *ctx;
+ ctx = EVP_MD_CTX_create();
+
+ #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ /* we will be using MD5, which is not allowed under FIPS */
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ #endif
+
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, buf, len);
+ EVP_DigestFinal_ex(ctx, digest, NULL);
+ EVP_MD_CTX_destroy(ctx);
}
#endif /* HAVE_YASSL */

View File

@ -4,7 +4,7 @@ Software Collections. Removing these hard-coded paths should fix it.
Upstream report: https://mariadb.atlassian.net/browse/MDEV-6485
diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake
index ec2b492..43e4ccd 100644
index f5ac0bf2..cd3132de 100644
--- a/cmake/install_layout.cmake
+++ b/cmake/install_layout.cmake
@@ -114,7 +114,7 @@ IF(UNIX)
@ -25,10 +25,10 @@ index ec2b492..43e4ccd 100644
IF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
SET(INSTALL_LIBDIR_RPM "lib64")
diff --git a/mysys_ssl/my_default.cc b/mysys_ssl/my_default.cc
index 2d76700..02c5885 100644
index 1317e362..cfa0feb7 100644
--- a/mysys_ssl/my_default.cc
+++ b/mysys_ssl/my_default.cc
@@ -1733,12 +1733,12 @@ static const char **init_default_directories(MEM_ROOT *alloc)
@@ -1570,12 +1570,12 @@ static const char **init_default_directories(MEM_ROOT *alloc) {
#else
@ -45,20 +45,32 @@ index 2d76700..02c5885 100644
#endif
diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
index c66a910..af9bc9e 100644
index c1202103..06a055b1 100644
--- a/scripts/CMakeLists.txt
+++ b/scripts/CMakeLists.txt
@@ -324,7 +324,7 @@ ELSE()
@@ -315,7 +315,7 @@ ENDIF(UNIX)
SET(bindir ${prefix}/${INSTALL_BINDIR})
SET(sbindir ${prefix}/${INSTALL_SBINDIR})
-SET(libexecdir ${prefix}/${INSTALL_SBINDIR})
+SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR})
SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
IF(INSTALL_LAYOUT MATCHES "STANDALONE")
SET(localstatedir ${prefix}/data)
@@ -324,9 +324,9 @@ ELSE()
ENDIF()
SET(prefix "${CMAKE_INSTALL_PREFIX}")
-SET(sysconfdir ${prefix})
+SET(sysconfdir ${SYSCONFDIR})
SET(bindir ${prefix}/${INSTALL_BINDIR})
SET(libexecdir ${prefix}/${INSTALL_SBINDIR})
-SET(libexecdir ${prefix}/${INSTALL_SBINDIR})
+SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR})
SET(datadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
SET(libsubdir ${INSTALL_LIBDIR})
diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh
index 5ad36e7..5dd032f 100644
index 5ad36e7b..5dd032f2 100644
--- a/scripts/mysqld_multi.sh
+++ b/scripts/mysqld_multi.sh
@@ -572,9 +572,7 @@ sub list_defaults_files

View File

@ -80,7 +80,7 @@
Name: community-mysql
Version: 8.0.11
Release: 1%{?with_debug:.debug}%{?dist}
Release: 2%{?with_debug:.debug}%{?dist}
Summary: MySQL client programs and shared libraries
URL: http://www.mysql.com
@ -112,10 +112,9 @@ Source31: server.cnf.in
# Patches common for more mysql-like packages
Patch1: %{pkgnamepatch}-install-test.patch
Patch2: %{pkgnamepatch}-s390-tsc.patch
Patch4: %{pkgnamepatch}-file-contents.patch
Patch5: %{pkgnamepatch}-scripts.patch
Patch6: %{pkgnamepatch}-paths.patch
Patch7: %{pkgnamepatch}-md5_fips.patch
Patch3: %{pkgnamepatch}-file-contents.patch
Patch4: %{pkgnamepatch}-scripts.patch
Patch5: %{pkgnamepatch}-paths.patch
# Patches specific for this mysql package
Patch51: %{pkgnamepatch}-chain-certs.patch
@ -353,9 +352,9 @@ the MySQL sources.
%setup -q -n mysql-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch51 -p1
%patch52 -p1
%patch75 -p1
@ -485,12 +484,13 @@ cmake .. \
-DINSTALL_DOCREADMEDIR="share/doc/%{_pkgdocdirname}" \
-DINSTALL_INCLUDEDIR=include/mysql \
-DINSTALL_INFODIR=share/info \
-DINSTALL_LIBEXECDIR=libexec \
-DINSTALL_LIBDIR="%{_lib}/mysql" \
-DINSTALL_MANDIR=share/man \
-DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \
-DINSTALL_MYSQLTESTDIR=share/mysql-test \
-DINSTALL_PLUGINDIR="%{_lib}/mysql/plugin" \
-DINSTALL_SBINDIR=libexec \
-DINSTALL_SBINDIR=bin \
-DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \
-DMYSQL_DATADIR="%{dbdatadir}" \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
@ -568,7 +568,7 @@ install -p -m 755 scripts/mysql-wait-ready %{buildroot}%{_libexecdir}/mysql-wait
%endif
# helper scripts for service starting
install -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir
install -D -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir
install -p -m 755 scripts/mysql-wait-stop %{buildroot}%{_libexecdir}/mysql-wait-stop
install -p -m 755 scripts/mysql-check-socket %{buildroot}%{_libexecdir}/mysql-check-socket
install -p -m 755 scripts/mysql-check-upgrade %{buildroot}%{_libexecdir}/mysql-check-upgrade
@ -595,7 +595,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d
echo "%{_libdir}/mysql" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%if %{with debug}
mv %{buildroot}%{_libexecdir}/mysqld-debug %{buildroot}%{_libexecdir}/mysqld
mv %{buildroot}%{_bindir}/mysqld-debug %{buildroot}%{_bindir}/mysqld
%endif
# Back to src dir
@ -833,7 +833,7 @@ fi
%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
%{_libexecdir}/mysqld
%{_bindir}/mysqld
%{_libdir}/mysql/INFO_SRC
%{_libdir}/mysql/INFO_BIN
@ -922,6 +922,19 @@ fi
%endif
%changelog
* Mon May 14 2018 Norvald H. Ryeng <norvald.ryeng@oracle.com> - 8.0.11-2
- MySQL 8.0 has notify support
- SQL restart command needs MYSQLD_PARENT_PID=1
- Increase LimitNOFILE
- Disable symbolic links is default (and option deprecated)
- Move mysqld to /usr/bin, with mysqld_safe gone there no reason
to have mysqld in libexec
- FIPS mode is now supported:
https://dev.mysql.com/doc/refman/8.0/en/fips-mode.html
- Remove legacy embedded refs from cnf files
- Clean up patches: re-numbering and removing
- Recommend to use systemctl edit to modify service files
* Fri Apr 20 2018 Norvald H. Ryeng <norvald.ryeng@oracle.com> - 8.0.11-1
- Update to MySQL 8.0.11 (GA).

View File

@ -8,8 +8,6 @@
# This group is read by the server
#
[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
#
# include all files from the config directory

View File

@ -94,7 +94,7 @@ if should_initialize "$datadir" ; then
# Now create the database
echo "Initializing @NICE_PROJECT_NAME@ database"
@libexecdir@/mysqld --initialize-insecure --datadir="$datadir" --user="$myuser"
@bindir@/mysqld --initialize-insecure --datadir="$datadir" --user="$myuser"
ret=$?
if [ $ret -ne 0 ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2

View File

@ -1,27 +1,27 @@
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades. If you want to customize, the
# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
# containing
# .include /usr/lib/systemd/system/@DAEMON_NAME@.service
# ...make your changes here...
# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
# which doesn't need to include ".include" call and which will be parsed
# after the file @DAEMON_NAME@.service itself is parsed.
# best way is to use systemctl edit:
#
# $ systemctl edit @DAEMON_NAME@.service
#
# this will create file
#
# /etc/systemd/system/@DAEMON_NAME@.service.d/override.conf
#
# which be parsed after the file @DAEMON_NAME@.service itself is parsed.
#
# For example, if you want to increase mysql's open-files-limit to 20000
# add following when editing with command above:
#
# [Service]
# LimitNOFILE=20000
#
# Or if you require to execute pre and post scripts in the unit file as root, set
# PermissionsStartOnly=true
#
# For more info about custom unit files, see systemd.unit(5) or
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
# For example, if you want to increase mysql's open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, so create a file named
# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
# [Service]
# LimitNOFILE=10000
# Or if you require to execute pre and post scripts in the unit file as root, set
# PermissionsStartOnly=true
# Note: /usr/lib/... is recommended in the .include line though /lib/...
# still works.
#
# Don't forget to reload systemd daemon after you change unit configuration:
# root> systemctl --system daemon-reload
@ -31,16 +31,15 @@ After=syslog.target
After=network.target
[Service]
Type=forking
Type=notify
User=mysql
Group=mysql
PIDFile=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
ExecStartPre=@libexecdir@/mysql-check-socket
ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# per bug #547485
ExecStart=@libexecdir@/mysqld --daemonize --basedir=@prefix@ --pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
ExecStart=@bindir@/mysqld --basedir=@prefix@
ExecStartPost=@libexecdir@/mysql-check-upgrade
ExecStopPost=@libexecdir@/mysql-wait-stop
@ -54,5 +53,11 @@ Restart=on-failure
RestartPreventExitStatus=1
# Sets open_files_limit
LimitNOFILE = 10000
# Set enviroment variable MYSQLD_PARENT_PID. This is required for SQL restart command.
Environment=MYSQLD_PARENT_PID=1
[Install]
WantedBy=multi-user.target

View File

@ -1,27 +1,27 @@
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades. If you want to customize, the
# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
# containing
# .include /usr/lib/systemd/system/@DAEMON_NAME@.service
# ...make your changes here...
# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
# which doesn't need to include ".include" call and which will be parsed
# after the file @DAEMON_NAME@.service itself is parsed.
# best way is to use systemctl edit:
#
# $ systemctl edit @DAEMON_NAME@.service
#
# this will create file
#
# /etc/systemd/system/@DAEMON_NAME@.service.d/override.conf
#
# which be parsed after the file @DAEMON_NAME@.service itself is parsed.
#
# For example, if you want to increase mysql's open-files-limit to 20000
# add following when editing with command above:
#
# [Service]
# LimitNOFILE=20000
#
# Or if you require to execute pre and post scripts in the unit file as root, set
# PermissionsStartOnly=true
#
# For more info about custom unit files, see systemd.unit(5) or
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
# For example, if you want to increase mysql's open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, so create a file named
# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
# [Service]
# LimitNOFILE=10000
# Or if you require to execute pre and post scripts in the unit file as root, set
# PermissionsStartOnly=true
# Note: /usr/lib/... is recommended in the .include line though /lib/...
# still works.
#
# Don't forget to reload systemd daemon after you change unit configuration:
# root> systemctl --system daemon-reload
@ -31,7 +31,7 @@ After=syslog.target
After=network.target
[Service]
Type=forking
Type=notify
User=mysql
Group=mysql
@ -39,7 +39,7 @@ ExecStartPre=@libexecdir@/mysql-check-socket --defaults-group-suffix=.%I
ExecStartPre=@libexecdir@/mysql-prepare-db-dir --defaults-group-suffix=.%I %n
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# per bug #547485
ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --daemonize --basedir=@prefix@ --pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
ExecStart=@bindir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@
ExecStartPost=@libexecdir@/mysql-check-upgrade --defaults-group-suffix=.%I
ExecStopPost=@libexecdir@/mysql-wait-stop --defaults-group-suffix=.%I
@ -53,5 +53,11 @@ Restart=on-failure
RestartPreventExitStatus=1
# Sets open_files_limit
LimitNOFILE = 10000
# Set enviroment variable MYSQLD_PARENT_PID. This is required for SQL restart command.
Environment=MYSQLD_PARENT_PID=1
[Install]
WantedBy=multi-user.target

View File

@ -1,25 +1,18 @@
#
# These groups are read by MySQL server.
# This group are read by MySQL server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/en/server-configuration-defaults.html
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mysqld/mariadb according to the
# customize your systemd unit file for mysqld according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld]
datadir=@MYSQL_DATADIR@
socket=@MYSQL_UNIX_ADDR@
log-error=@LOG_LOCATION@
pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
# this is only for embedded server
[embedded]