From 778f965ec1f9f1b456dab5dce947c2b48a4be18f Mon Sep 17 00:00:00 2001 From: "Norvald H. Ryeng" Date: Thu, 26 Apr 2018 10:27:31 +0200 Subject: [PATCH] Update cnf and service files with MySQL 8.0 features and clean up patches. --- community-mysql-cipherspec.patch | 154 ------------------------------- community-mysql-md5_fips.patch | 50 ---------- community-mysql-paths.patch | 26 ++++-- community-mysql.spec | 33 +++++-- my.cnf.in | 2 - mysql-prepare-db-dir.sh | 2 +- mysql.service.in | 49 +++++----- mysql@.service.in | 48 +++++----- server.cnf.in | 17 +--- 9 files changed, 102 insertions(+), 279 deletions(-) delete mode 100644 community-mysql-cipherspec.patch delete mode 100644 community-mysql-md5_fips.patch diff --git a/community-mysql-cipherspec.patch b/community-mysql-cipherspec.patch deleted file mode 100644 index b0c5b09..0000000 --- a/community-mysql-cipherspec.patch +++ /dev/null @@ -1,154 +0,0 @@ -Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA, -which is no longer the case as of openssl 1.0.1. -This patch enhances connect command by an option to specify a cipher -and tests are adjusted to specify the expected cipher explicitly. -Upstream bug report: http://bugs.mysql.com/bug.php?id=64461 - -diff --git a/client/mysqltest.cc b/client/mysqltest.cc -index 2def9bd..128dc00 100644 ---- a/client/mysqltest.cc -+++ b/client/mysqltest.cc -@@ -5503,6 +5503,7 @@ void do_connect(struct st_command *command) - my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0; - my_bool con_secure_auth= 1; - struct st_connection* con_slot; -+ char *con_cipher=NULL; - - static DYNAMIC_STRING ds_connection_name; - static DYNAMIC_STRING ds_host; -@@ -5595,6 +5596,8 @@ void do_connect(struct st_command *command) - con_cleartext_enable= 1; - else if (!strncmp(con_options, "SKIPSECUREAUTH",14)) - con_secure_auth= 0; -+ else if (!strncmp(con_options, "CIPHER:", 7)) -+ con_cipher = con_options + 7; - else - die("Illegal option to connect: %.*s", - (int) (end - con_options), con_options); -@@ -5642,8 +5645,11 @@ void do_connect(struct st_command *command) - if (con_ssl) - { - #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) -+ /* default cipher */ -+ if (con_cipher == NULL && opt_ssl_cipher != NULL) -+ con_cipher = opt_ssl_cipher; - mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, -- opt_ssl_capath, opt_ssl_cipher); -+ opt_ssl_capath, con_cipher); - mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); - mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); - #if MYSQL_VERSION_ID >= 50000 -diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result -index a767a71..3c1ee27 100644 ---- a/mysql-test/r/openssl_1.result -+++ b/mysql-test/r/openssl_1.result -@@ -197,8 +197,6 @@ Variable_name Value - Ssl_cipher EDH-RSA-DES-CBC3-SHA - Variable_name Value - Ssl_cipher AES256-SHA --Variable_name Value --Ssl_cipher RC4-SHA - select 'is still running; no cipher request crashed the server' as result from dual; - result - is still running; no cipher request crashed the server -diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test -index 426de1e..f8c6203 100644 ---- a/mysql-test/t/openssl_1.test -+++ b/mysql-test/t/openssl_1.test -@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA - grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; - flush privileges; - --connect (con1,localhost,ssl_user1,,,,,SSL); --connect (con2,localhost,ssl_user2,,,,,SSL); --connect (con3,localhost,ssl_user3,,,,,SSL); --connect (con4,localhost,ssl_user4,,,,,SSL); -+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); -+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); -+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); -+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); - --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT - --error ER_ACCESS_DENIED_ERROR --connect (con5,localhost,ssl_user5,,,,,SSL); -+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); - - connection con1; - # Check ssl turned on -@@ -125,7 +125,7 @@ drop table t1; - # verification of servers certificate by setting both ca certificate - # and ca path to NULL - # ----exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 -+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 - --echo End of 5.0 tests - - # -@@ -215,7 +215,6 @@ DROP TABLE t1; - --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA - --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA - --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA ----exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=RC4-SHA - --disable_query_log - --disable_result_log - -@@ -250,7 +249,7 @@ select 'is still running; no cipher request crashed the server' as result from d - - GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; - FLUSH PRIVILEGES; --connect(con1,localhost,bug42158,,,,,SSL); -+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); - SHOW STATUS LIKE 'Ssl_cipher'; - disconnect con1; - connection default; -diff --git a/mysql-test/t/plugin_auth_sha256_tls.test b/mysql-test/t/plugin_auth_sha256_tls.test -index f99df8a..1b38fda 100644 ---- a/mysql-test/t/plugin_auth_sha256_tls.test -+++ b/mysql-test/t/plugin_auth_sha256_tls.test -@@ -1,7 +1,7 @@ - --source include/not_embedded.inc - --source include/have_ssl.inc - --connect (ssl_con,localhost,root,,,,,SSL); -+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); - SHOW STATUS LIKE 'Ssl_cipher'; - - CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password'; -diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test -index ea8be39..c61ca8b 100644 ---- a/mysql-test/t/ssl.test -+++ b/mysql-test/t/ssl.test -@@ -8,7 +8,7 @@ - # Save the initial number of concurrent sessions - --source include/count_sessions.inc - --connect (ssl_con,localhost,root,,,,,SSL); -+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); - - # Check ssl turned on - SHOW STATUS LIKE 'Ssl_cipher'; -diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test -index d94c2fc..c27ca58 100644 ---- a/mysql-test/t/ssl_8k_key.test -+++ b/mysql-test/t/ssl_8k_key.test -@@ -4,7 +4,7 @@ - # - # Bug#29784 YaSSL assertion failure when reading 8k key. - # ----exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 -+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 - - ## This test file is for testing encrypted communication only, not other - ## encryption routines that the SSL library happens to provide! -diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test -index 2cb4c0d..feaa0e7 100644 ---- a/mysql-test/t/ssl_compress.test -+++ b/mysql-test/t/ssl_compress.test -@@ -9,7 +9,7 @@ - # Save the initial number of concurrent sessions - --source include/count_sessions.inc - --connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); -+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA); - - # Check ssl turned on - SHOW STATUS LIKE 'Ssl_cipher'; diff --git a/community-mysql-md5_fips.patch b/community-mysql-md5_fips.patch deleted file mode 100644 index 4c2ad54..0000000 --- a/community-mysql-md5_fips.patch +++ /dev/null @@ -1,50 +0,0 @@ -Added to address RHBZ#1449689 - -Original patch notes from follows: - -... - -In FIPS mode there is no md5 by default, unless declared it is specifically -allowed. MD5 is used for non-crypto related things in MySQL (digests related -to performance schema and table list), so it is ok to use MD5 there. - -However, there is also MD5() SQL function, that should still keep working, -but users should know they should avoid using it in FIPS mode. - -RHBZ: #1351791 - -Upstream bug reports: -http://bugs.mysql.com/bug.php?id=83696 -https://jira.mariadb.org/browse/MDEV-7788 - - -diff -Naurp mysql-5.7.18_original/mysys_ssl/my_md5.cc mysql-5.7.18_patched/mysys_ssl/my_md5.cc ---- mysql-5.7.18_original/mysys_ssl/my_md5.cc 2017-03-18 08:45:14.000000000 +0100 -+++ mysql-5.7.18_patched/mysys_ssl/my_md5.cc 2017-05-12 12:19:38.584814619 +0200 -@@ -38,13 +38,22 @@ static void my_md5_hash(char *digest, co - - #elif defined(HAVE_OPENSSL) - #include -+#include - - static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len) - { -- MD5_CTX ctx; -- MD5_Init (&ctx); -- MD5_Update (&ctx, buf, len); -- MD5_Final (digest, &ctx); -+ EVP_MD_CTX *ctx; -+ ctx = EVP_MD_CTX_create(); -+ -+ #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW -+ /* we will be using MD5, which is not allowed under FIPS */ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ #endif -+ -+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL); -+ EVP_DigestUpdate(ctx, buf, len); -+ EVP_DigestFinal_ex(ctx, digest, NULL); -+ EVP_MD_CTX_destroy(ctx); - } - - #endif /* HAVE_YASSL */ diff --git a/community-mysql-paths.patch b/community-mysql-paths.patch index 20b77d5..078782f 100644 --- a/community-mysql-paths.patch +++ b/community-mysql-paths.patch @@ -4,7 +4,7 @@ Software Collections. Removing these hard-coded paths should fix it. Upstream report: https://mariadb.atlassian.net/browse/MDEV-6485 diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake -index ec2b492..43e4ccd 100644 +index f5ac0bf2..cd3132de 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -114,7 +114,7 @@ IF(UNIX) @@ -25,10 +25,10 @@ index ec2b492..43e4ccd 100644 IF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") SET(INSTALL_LIBDIR_RPM "lib64") diff --git a/mysys_ssl/my_default.cc b/mysys_ssl/my_default.cc -index 2d76700..02c5885 100644 +index 1317e362..cfa0feb7 100644 --- a/mysys_ssl/my_default.cc +++ b/mysys_ssl/my_default.cc -@@ -1733,12 +1733,12 @@ static const char **init_default_directories(MEM_ROOT *alloc) +@@ -1570,12 +1570,12 @@ static const char **init_default_directories(MEM_ROOT *alloc) { #else @@ -45,20 +45,32 @@ index 2d76700..02c5885 100644 #endif diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt -index c66a910..af9bc9e 100644 +index c1202103..06a055b1 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt -@@ -324,7 +324,7 @@ ELSE() +@@ -315,7 +315,7 @@ ENDIF(UNIX) + + SET(bindir ${prefix}/${INSTALL_BINDIR}) + SET(sbindir ${prefix}/${INSTALL_SBINDIR}) +-SET(libexecdir ${prefix}/${INSTALL_SBINDIR}) ++SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR}) + SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR}) + IF(INSTALL_LAYOUT MATCHES "STANDALONE") + SET(localstatedir ${prefix}/data) +@@ -324,9 +324,9 @@ ELSE() ENDIF() SET(prefix "${CMAKE_INSTALL_PREFIX}") -SET(sysconfdir ${prefix}) +SET(sysconfdir ${SYSCONFDIR}) SET(bindir ${prefix}/${INSTALL_BINDIR}) - SET(libexecdir ${prefix}/${INSTALL_SBINDIR}) +-SET(libexecdir ${prefix}/${INSTALL_SBINDIR}) ++SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR}) SET(datadir ${prefix}/${INSTALL_MYSQLSHAREDIR}) + SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR}) + SET(libsubdir ${INSTALL_LIBDIR}) diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh -index 5ad36e7..5dd032f 100644 +index 5ad36e7b..5dd032f2 100644 --- a/scripts/mysqld_multi.sh +++ b/scripts/mysqld_multi.sh @@ -572,9 +572,7 @@ sub list_defaults_files diff --git a/community-mysql.spec b/community-mysql.spec index 18e8585..ebcf674 100644 --- a/community-mysql.spec +++ b/community-mysql.spec @@ -80,7 +80,7 @@ Name: community-mysql Version: 8.0.11 -Release: 1%{?with_debug:.debug}%{?dist} +Release: 2%{?with_debug:.debug}%{?dist} Summary: MySQL client programs and shared libraries URL: http://www.mysql.com @@ -112,10 +112,9 @@ Source31: server.cnf.in # Patches common for more mysql-like packages Patch1: %{pkgnamepatch}-install-test.patch Patch2: %{pkgnamepatch}-s390-tsc.patch -Patch4: %{pkgnamepatch}-file-contents.patch -Patch5: %{pkgnamepatch}-scripts.patch -Patch6: %{pkgnamepatch}-paths.patch -Patch7: %{pkgnamepatch}-md5_fips.patch +Patch3: %{pkgnamepatch}-file-contents.patch +Patch4: %{pkgnamepatch}-scripts.patch +Patch5: %{pkgnamepatch}-paths.patch # Patches specific for this mysql package Patch51: %{pkgnamepatch}-chain-certs.patch @@ -353,9 +352,9 @@ the MySQL sources. %setup -q -n mysql-%{version} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 %patch51 -p1 %patch52 -p1 %patch75 -p1 @@ -485,12 +484,13 @@ cmake .. \ -DINSTALL_DOCREADMEDIR="share/doc/%{_pkgdocdirname}" \ -DINSTALL_INCLUDEDIR=include/mysql \ -DINSTALL_INFODIR=share/info \ + -DINSTALL_LIBEXECDIR=libexec \ -DINSTALL_LIBDIR="%{_lib}/mysql" \ -DINSTALL_MANDIR=share/man \ -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ -DINSTALL_MYSQLTESTDIR=share/mysql-test \ -DINSTALL_PLUGINDIR="%{_lib}/mysql/plugin" \ - -DINSTALL_SBINDIR=libexec \ + -DINSTALL_SBINDIR=bin \ -DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \ -DMYSQL_DATADIR="%{dbdatadir}" \ -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ @@ -568,7 +568,7 @@ install -p -m 755 scripts/mysql-wait-ready %{buildroot}%{_libexecdir}/mysql-wait %endif # helper scripts for service starting -install -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir +install -D -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir install -p -m 755 scripts/mysql-wait-stop %{buildroot}%{_libexecdir}/mysql-wait-stop install -p -m 755 scripts/mysql-check-socket %{buildroot}%{_libexecdir}/mysql-check-socket install -p -m 755 scripts/mysql-check-upgrade %{buildroot}%{_libexecdir}/mysql-check-upgrade @@ -595,7 +595,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d echo "%{_libdir}/mysql" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %if %{with debug} -mv %{buildroot}%{_libexecdir}/mysqld-debug %{buildroot}%{_libexecdir}/mysqld +mv %{buildroot}%{_bindir}/mysqld-debug %{buildroot}%{_bindir}/mysqld %endif # Back to src dir @@ -833,7 +833,7 @@ fi %config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf -%{_libexecdir}/mysqld +%{_bindir}/mysqld %{_libdir}/mysql/INFO_SRC %{_libdir}/mysql/INFO_BIN @@ -922,6 +922,19 @@ fi %endif %changelog +* Mon May 14 2018 Norvald H. Ryeng - 8.0.11-2 +- MySQL 8.0 has notify support +- SQL restart command needs MYSQLD_PARENT_PID=1 +- Increase LimitNOFILE +- Disable symbolic links is default (and option deprecated) +- Move mysqld to /usr/bin, with mysqld_safe gone there no reason + to have mysqld in libexec +- FIPS mode is now supported: + https://dev.mysql.com/doc/refman/8.0/en/fips-mode.html +- Remove legacy embedded refs from cnf files +- Clean up patches: re-numbering and removing +- Recommend to use systemctl edit to modify service files + * Fri Apr 20 2018 Norvald H. Ryeng - 8.0.11-1 - Update to MySQL 8.0.11 (GA). diff --git a/my.cnf.in b/my.cnf.in index 1e9009e..2bb9e88 100644 --- a/my.cnf.in +++ b/my.cnf.in @@ -8,8 +8,6 @@ # This group is read by the server # [mysqld] -# Disabling symbolic-links is recommended to prevent assorted security risks -symbolic-links=0 # # include all files from the config directory diff --git a/mysql-prepare-db-dir.sh b/mysql-prepare-db-dir.sh index 46cf636..65726bd 100644 --- a/mysql-prepare-db-dir.sh +++ b/mysql-prepare-db-dir.sh @@ -94,7 +94,7 @@ if should_initialize "$datadir" ; then # Now create the database echo "Initializing @NICE_PROJECT_NAME@ database" - @libexecdir@/mysqld --initialize-insecure --datadir="$datadir" --user="$myuser" + @bindir@/mysqld --initialize-insecure --datadir="$datadir" --user="$myuser" ret=$? if [ $ret -ne 0 ] ; then echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2 diff --git a/mysql.service.in b/mysql.service.in index 256cac2..743af60 100644 --- a/mysql.service.in +++ b/mysql.service.in @@ -1,27 +1,27 @@ # It's not recommended to modify this file in-place, because it will be # overwritten during package upgrades. If you want to customize, the -# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service", -# containing -# .include /usr/lib/systemd/system/@DAEMON_NAME@.service -# ...make your changes here... -# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf", -# which doesn't need to include ".include" call and which will be parsed -# after the file @DAEMON_NAME@.service itself is parsed. +# best way is to use systemctl edit: +# +# $ systemctl edit @DAEMON_NAME@.service +# +# this will create file +# +# /etc/systemd/system/@DAEMON_NAME@.service.d/override.conf +# +# which be parsed after the file @DAEMON_NAME@.service itself is parsed. +# +# For example, if you want to increase mysql's open-files-limit to 20000 +# add following when editing with command above: +# +# [Service] +# LimitNOFILE=20000 +# +# Or if you require to execute pre and post scripts in the unit file as root, set +# PermissionsStartOnly=true # # For more info about custom unit files, see systemd.unit(5) or # http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F - -# For example, if you want to increase mysql's open-files-limit to 10000, -# you need to increase systemd's LimitNOFILE setting, so create a file named -# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing: -# [Service] -# LimitNOFILE=10000 - -# Or if you require to execute pre and post scripts in the unit file as root, set -# PermissionsStartOnly=true - -# Note: /usr/lib/... is recommended in the .include line though /lib/... -# still works. +# # Don't forget to reload systemd daemon after you change unit configuration: # root> systemctl --system daemon-reload @@ -31,16 +31,15 @@ After=syslog.target After=network.target [Service] -Type=forking +Type=notify User=mysql Group=mysql -PIDFile=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ExecStartPre=@libexecdir@/mysql-check-socket ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n # Note: we set --basedir to prevent probes that might trigger SELinux alarms, # per bug #547485 -ExecStart=@libexecdir@/mysqld --daemonize --basedir=@prefix@ --pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid +ExecStart=@bindir@/mysqld --basedir=@prefix@ ExecStartPost=@libexecdir@/mysql-check-upgrade ExecStopPost=@libexecdir@/mysql-wait-stop @@ -54,5 +53,11 @@ Restart=on-failure RestartPreventExitStatus=1 +# Sets open_files_limit +LimitNOFILE = 10000 + +# Set enviroment variable MYSQLD_PARENT_PID. This is required for SQL restart command. +Environment=MYSQLD_PARENT_PID=1 + [Install] WantedBy=multi-user.target diff --git a/mysql@.service.in b/mysql@.service.in index aad98f7..ec0004f 100644 --- a/mysql@.service.in +++ b/mysql@.service.in @@ -1,27 +1,27 @@ # It's not recommended to modify this file in-place, because it will be # overwritten during package upgrades. If you want to customize, the -# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service", -# containing -# .include /usr/lib/systemd/system/@DAEMON_NAME@.service -# ...make your changes here... -# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf", -# which doesn't need to include ".include" call and which will be parsed -# after the file @DAEMON_NAME@.service itself is parsed. +# best way is to use systemctl edit: +# +# $ systemctl edit @DAEMON_NAME@.service +# +# this will create file +# +# /etc/systemd/system/@DAEMON_NAME@.service.d/override.conf +# +# which be parsed after the file @DAEMON_NAME@.service itself is parsed. +# +# For example, if you want to increase mysql's open-files-limit to 20000 +# add following when editing with command above: +# +# [Service] +# LimitNOFILE=20000 +# +# Or if you require to execute pre and post scripts in the unit file as root, set +# PermissionsStartOnly=true # # For more info about custom unit files, see systemd.unit(5) or # http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F - -# For example, if you want to increase mysql's open-files-limit to 10000, -# you need to increase systemd's LimitNOFILE setting, so create a file named -# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing: -# [Service] -# LimitNOFILE=10000 - -# Or if you require to execute pre and post scripts in the unit file as root, set -# PermissionsStartOnly=true - -# Note: /usr/lib/... is recommended in the .include line though /lib/... -# still works. +# # Don't forget to reload systemd daemon after you change unit configuration: # root> systemctl --system daemon-reload @@ -31,7 +31,7 @@ After=syslog.target After=network.target [Service] -Type=forking +Type=notify User=mysql Group=mysql @@ -39,7 +39,7 @@ ExecStartPre=@libexecdir@/mysql-check-socket --defaults-group-suffix=.%I ExecStartPre=@libexecdir@/mysql-prepare-db-dir --defaults-group-suffix=.%I %n # Note: we set --basedir to prevent probes that might trigger SELinux alarms, # per bug #547485 -ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --daemonize --basedir=@prefix@ --pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid +ExecStart=@bindir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@ ExecStartPost=@libexecdir@/mysql-check-upgrade --defaults-group-suffix=.%I ExecStopPost=@libexecdir@/mysql-wait-stop --defaults-group-suffix=.%I @@ -53,5 +53,11 @@ Restart=on-failure RestartPreventExitStatus=1 +# Sets open_files_limit +LimitNOFILE = 10000 + +# Set enviroment variable MYSQLD_PARENT_PID. This is required for SQL restart command. +Environment=MYSQLD_PARENT_PID=1 + [Install] WantedBy=multi-user.target diff --git a/server.cnf.in b/server.cnf.in index e25b599..ba3d479 100644 --- a/server.cnf.in +++ b/server.cnf.in @@ -1,25 +1,18 @@ # -# These groups are read by MySQL server. +# This group are read by MySQL server. # Use it for options that only the server (but not clients) should see # -# See the examples of server my.cnf files in /usr/share/mysql/ -# +# For advice on how to change settings please see +# http://dev.mysql.com/doc/refman/en/server-configuration-defaults.html -# this is read by the standalone daemon and embedded servers -[server] - -# this is only for the mysqld standalone daemon # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, -# customize your systemd unit file for mysqld/mariadb according to the +# customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd + [mysqld] datadir=@MYSQL_DATADIR@ socket=@MYSQL_UNIX_ADDR@ log-error=@LOG_LOCATION@ pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid - -# this is only for embedded server -[embedded] -