powerel9
/
mariadb
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

initial package creation 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 1 month ago
commit
448f5946cc
24 changed files with 4439 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      SOURCES/LICENSE.clustercheck
  2. 9
      SOURCES/README.mariadb-docs
  3. 132
      SOURCES/README.wsrep_sst_rsync_tunnel
  4. 89
      SOURCES/clustercheck.sh
  5. 39
      SOURCES/mariadb-check-socket.sh
  6. 39
      SOURCES/mariadb-check-upgrade.sh
  7. 82
      SOURCES/mariadb-logrotate.patch
  8. 31
      SOURCES/mariadb-ownsetup.patch
  9. 137
      SOURCES/mariadb-prepare-db-dir.sh
  10. 68
      SOURCES/mariadb-scripts-common.sh
  11. 41
      SOURCES/mariadb-scripts.patch
  12. 23
      SOURCES/mariadb-server-galera.te
  13. 13
      SOURCES/mariadb-ssl-cipher-tests.patch
  14. 3
      SOURCES/mariadb.tmpfiles.d.in
  15. 18
      SOURCES/my.cnf.in
  16. 64
      SOURCES/mysql.service.in
  17. 85
      SOURCES/mysql@.service.in
  18. 26
      SOURCES/mysql_config_multilib.sh
  19. 5
      SOURCES/rh-skipped-tests-arm.list
  20. 98
      SOURCES/rh-skipped-tests-base.list
  21. 7
      SOURCES/rh-skipped-tests-ppc.list
  22. 3
      SOURCES/rh-skipped-tests-s390.list
  23. 492
      SOURCES/wsrep_sst_rsync_tunnel
  24. 2908
      SPECS/mariadb.spec

27
SOURCES/LICENSE.clustercheck
Unescape View File

@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
Copyright (c) 2012-2014, Olaf van Zandwijk
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

9
SOURCES/README.mariadb-docs
Unescape View File

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
MariaDB haven't yet made a document package available for offline.

You can create your own copy with the instructions here:

https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/

You can find view the on-line documentation at:

https://mariadb.com/kb/en/documentation/

132
SOURCES/README.wsrep_sst_rsync_tunnel
Unescape View File

@ -0,0 +1,132 @@ @@ -0,0 +1,132 @@
socat tunnel for encrypted rsync SST
====================================

`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer)
implementation that ships with mariadb. Its purpose is to encrypt
communication between the donor and the joiner during an SST.

Encryption is implemented by means of a socat tunnel, using OPENSSL
addresses. It can be configured via the regular openssl flags exposed
by socat.


## How to configure the script

This SST script can configured by setting a few keys in your favorite
mariadb option file in addition to the usual galera settings.

[mysqld]
...
bind_address=<node-name>
wsrep_sst_method=rsync_tunnel
...
[sst]
tca=/path/to/your/ca-file.crt
tcert=/path/to/node/certificate.crt
tkey=/path/to/node/key.key
sockopt=<openssl-address-options-as-per-socat-manual>

When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses
socat to listen to incoming SSL connections on port 4444 in lieu of
the original rsync daemon. Received data will be forwarded to the
rscynd daemon started locally to replicate the database.

When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes
a series of rsync calls that target a locally started socat daemon.
The daemon tunnels all rsync traffic into an encrypted SSL connection
that targets the joiner's end of the socat tunnel.

Encryption parameters are specified under the `[sst]` group in the
mariadb option file, where `tkey` and `tcert` are respectively the key
and the certificate that are used by both sides of the socat tunnel.
Each node typically has a different key and cert. Both key and
certificate can be combined into a single PEM file and referenced by
`tcert`. Option `tca` holds a list of the trusted signing
certificates.

In case you need to tweak the creation of the SSL connection, you can
pass valid socat options (as per socat manual) via the `sockopt` key.
For debugging purpose, the exact socat command that is being executed
shows up in the mariadb log file.

Note that socat verifies that the certificate's commonName matches
that of the host that is being targeted. The target name comes from
the value configured in `bind_address`, so it's important that it
matches the certificate's commonName. An IP address can be used for
`bind_address`, but you may get into trouble in case different
hostnames resolve to the same IP (e.g. multiple networks per host).


## Examples of use

Suppose you're running a 3-node galera cluster
`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`.

### Scenario: using self-signed certificates

On each node, create a key and a certificate, and bundle them into a
single PEM file. For instance on `node1.my.cluster`:

openssl genrsa -out /tls/mysql-$(hostname -f).key 2048
openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch
cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem

Then, on each node, create a cafile that will contain all the certs to
trust:

for n in node1.my.cluster node2.my.cluster node3.my.cluster; do
ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt
done

Once you have those two files on each host, you can configure the SST
appropriately. For instance from `/etc/my.cnf.d/galera.cnf`:

[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem

### Scenario: using self-signed certificates, without verification

By default, when socat tries to establish a SSL connection to a peer,
it also verifies that it can trust the peer's certificate. If for some
reason you need to disable that feature, you can amend the previous
configuration with a sockopt option:

[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem
sockopt="verify=0"

The associated sockopt value is passed to socat when
the donor or the joiner configures his part of the tunnel.

Note: please do not do so in production, this is inherently insecure
as you will not verify the identity of the peer you're connecting to!

### Scenario: using certificates from a CA

Suppose you have a FreeIPA service which generated a key file and a
certificate file for the three galera nodes, respectively located at
/tls/mysql.key and /tls/mysql.crt.

Assuming that the certificate for the FreeIPA server is available at
/etc/ipa/ca.crt, you can configure you galera servers as follows:

[sst]
tca=/etc/ipa/ca.crt
tcert=/tls/mysql.crt
tkey=/tls/mysql.key

## License

Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin).
This work is derived from the original `wsrep_rsync_sst`, copyright
© 2010-2014 [Codership Oy](https://github.com/codership).
Released under the GNU GPLv2.

89
SOURCES/clustercheck.sh
Unescape View File

@ -0,0 +1,89 @@ @@ -0,0 +1,89 @@
#!/bin/bash
#
# Script to make a proxy (ie HAProxy) capable of monitoring Galera cluster nodes properly
#
# Author: Olaf van Zandwijk <olaf.vanzandwijk@nedap.com>
# Author: Raghavendra Prabhu <raghavendra.prabhu@percona.com>
# Author: Ryan O'Hara <rohara@redhat.com>
#
# Documentation and download: https://github.com/olafz/percona-clustercheck
#
# Based on the original script from Unai Rodriguez
#

if [ -f @INSTALL_SYSCONFDIR@/sysconfig/clustercheck ]; then
. @INSTALL_SYSCONFDIR@/sysconfig/clustercheck
fi

MYSQL_USERNAME="${MYSQL_USERNAME-clustercheckuser}"
MYSQL_PASSWORD="${MYSQL_PASSWORD-clustercheckpassword!}"
MYSQL_HOST="${MYSQL_HOST:-127.0.0.1}"
MYSQL_PORT="${MYSQL_PORT:-3306}"
ERR_FILE="${ERR_FILE:-/dev/null}"
AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-0}
AVAILABLE_WHEN_READONLY=${AVAILABLE_WHEN_READONLY:-1}
DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-@INSTALL_SYSCONFDIR@/my.cnf}

#Timeout exists for instances where mysqld may be hung
TIMEOUT=10

if [[ -r $DEFAULTS_EXTRA_FILE ]];then
MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE \
--connect-timeout=$TIMEOUT \
--user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
--host=${MYSQL_HOST} --port=${MYSQL_PORT}"
else
MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT \
--user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
--host=${MYSQL_HOST} --port=${MYSQL_PORT}"
fi
#
# Perform the query to check the wsrep_local_state
#
WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})

if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]]
then
# Check only when set to 0 to avoid latency in response.
if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then
READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})

if [[ "${READ_ONLY}" == "ON" ]];then
# Galera cluster node local state is 'Synced', but it is in
# read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0.
# => return HTTP 503
# Shell return-code is 1
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
echo -en "Content-Type: text/plain\r\n"
echo -en "Connection: close\r\n"
echo -en "Content-Length: 35\r\n"
echo -en "\r\n"
echo -en "Galera cluster node is read-only.\r\n"
sleep 0.1
exit 1
fi
fi
# Galera cluster node local state is 'Synced' => return HTTP 200
# Shell return-code is 0
echo -en "HTTP/1.1 200 OK\r\n"
echo -en "Content-Type: text/plain\r\n"
echo -en "Connection: close\r\n"
echo -en "Content-Length: 32\r\n"
echo -en "\r\n"
echo -en "Galera cluster node is synced.\r\n"
sleep 0.1
exit 0
else
# Galera cluster node local state is not 'Synced' => return HTTP 503
# Shell return-code is 1
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
echo -en "Content-Type: text/plain\r\n"
echo -en "Connection: close\r\n"
echo -en "Content-Length: 36\r\n"
echo -en "\r\n"
echo -en "Galera cluster node is not synced.\r\n"
sleep 0.1
exit 1
fi

39
SOURCES/mariadb-check-socket.sh
Unescape View File

@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
#!/bin/sh

# We check if there is already a process using the socket file,
# since otherwise the systemd service file could report false
# positive result when starting and mysqld_safe could remove
# a socket file, which is actually being used by a different daemon.

source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"

if test -e "$socketfile" ; then
echo "Socket file $socketfile exists." >&2

# no write permissions
if ! test -w "$socketfile" ; then
echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi

# not a socket file
if ! test -S "$socketfile" ; then
echo "The file $socketfile is not a socket file, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi

# some process uses the socket file
response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
echo "Is another MariaDB daemon already running with the same unix socket?" >&2
echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
exit 1
fi

# socket file is a garbage
echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2
fi

exit 0

39
SOURCES/mariadb-check-upgrade.sh
Unescape View File

@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
#!/bin/sh

source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"

upgrade_info_file="$datadir/mysql_upgrade_info"
version=0
# get version as integer from mysql_upgrade_info file
if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then
version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/')
version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/')
if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then
version=$((version_major*100+version_minor))
fi
fi

# compute current version as integer
thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@))

# provide warning in cases we should run mysql_upgrade
if [ $version -ne $thisversion ] ; then

# give extra warning if some version seems to be skipped
if [ $version -gt 0 ] && [ $version -lt 505 ] ; then
echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2
fi

cat <<EOF >&2
The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps:

1. Back-up your data before with 'mariadb-upgrade'
2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service'
3. Run 'mariadb-upgrade' with a database user that has sufficient privileges

Read more about 'mariadb-upgrade' usage at:
https://mariadb.com/kb/en/mysql_upgrade/
EOF
fi

exit 0

82
SOURCES/mariadb-logrotate.patch
Unescape View File

@ -0,0 +1,82 @@ @@ -0,0 +1,82 @@
Adjust the mysql-log-rotate script in several ways:

* Use the correct log file pathname for Red Hat installations.
* Enable creation of the log file by logrotate (needed since
/var/log/ isn't writable by mysql user); and set the same 640
permissions we normally use.
* Comment out the actual rotation commands, so that user must edit
the file to enable rotation. This is unfortunate, but the fact
that the script will probably fail without manual configuration
(to set a root password) means that we can't really have it turned
on by default. Fortunately, in most configurations the log file
is low-volume and so rotation is not critical functionality.

See discussions at RH bugs 799735, 547007
* Note they are from Fedora 15 / 16

Update 3/2017
* it would be big unexpected change for anyone upgrading, if we start shipping it now.
Maybe it is good candidate for shipping with MariaDB 10.2 ?
* the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost
during flushing, the operation is not atomic.
We should not ship it in that state

Update 6/2018
* the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is
beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
* Submited as PR: https://github.com/MariaDB/server/pull/807

Update 02/2021
* Enhance the script as proposed in:
https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/
* Discussion continues in:
https://jira.mariadb.org/browse/MDEV-16621

--- mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh 2022-02-22 04:56:35.571185622 +0100
+++ mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh_patched 2022-02-22 04:56:15.121003580 +0100
@@ -3,36 +3,23 @@
# in the [mysqld] section as follows:
#
# [mysqld]
-# log-error=@localstatedir@/mysqld.log
-#
-# If the root user has a password you have to create a
-# /root/.my.cnf configuration file with the following
-# content:
-#
-# [mysqladmin]
-# password = <secret>
-# user= root
-#
-# where "<secret>" is the password.
-#
-# ATTENTION: This /root/.my.cnf should be readable ONLY
-# for root !
+# log-error=@LOG_LOCATION@
-@localstatedir@/mysqld.log {
- # create 600 mysql mysql
+@LOG_LOCATION@ {
+ create 600 mysql mysql
su mysql mysql
notifempty
daily
rotate 3
missingok
compress
+ delaycompress
+ sharedscripts
postrotate
# just if mariadbd is really running
- if test -x @bindir@/mysqladmin && \
- @bindir@/mysqladmin ping &>/dev/null
- then
- @bindir@/mysqladmin --local flush-error-log \
- flush-engine-log flush-general-log flush-slow-log
- fi
+ if [ -e @PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ]
+ then
+ kill -1 $(<@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid)
+ fi
endscript
}

31
SOURCES/mariadb-ownsetup.patch
Unescape View File

@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200
+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200
@@ -187,6 +187,7 @@ IF(UNIX)
COMPONENT SharedLibraries)
INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
COMPONENT Client)
+ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY)
INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
COMPONENT IniFiles)
INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR}

diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100
+++ mariadb-10.0.15/support-files/rpm/server.cnf 2015-01-24 23:57:42.308114387 +0100
@@ -9,7 +9,16 @@
[server]
# this is only for the mysqld standalone daemon
+# Settings user and group are ignored when systemd is used.
+# If you need to run mysqld under a different user or group,
+# customize your systemd unit file for mysqld/mariadb according to the
+# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld]
+datadir=@MYSQL_DATADIR@
+socket=@MYSQL_UNIX_ADDR@
+log-error=@LOG_LOCATION@
+pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
+
#
# * Galera-related settings

137
SOURCES/mariadb-prepare-db-dir.sh
Unescape View File

@ -0,0 +1,137 @@ @@ -0,0 +1,137 @@
#!/bin/sh

# This script creates the MariaDB data directory during first service start.
# In subsequent starts, it does nothing much.

source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"

export LC_ALL=C

# Returns content of the specified directory
# If listing files fails, fake-file is returned so which means
# we'll behave like there was some data initialized
# Some files or directories are fine to be there, so those are
# explicitly removed from the listing
# @param <dir> datadir
list_datadir ()
{
( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
-e '^lost+found$' \
-e '\.err$' \
-e '^.bash_history$'
}

# Checks whether datadir should be initialized
# @param <dir> datadir
should_initialize ()
{
test -z "$(list_datadir "$1")"
}

# If two args given first is user, second is group
# otherwise the arg is the systemd service file
if [ "$#" -eq 2 ]
then
myuser="$1"
mygroup="$2"
else
# Absorb configuration settings from the specified systemd service file,
# or the default service if not specified
SERVICE_NAME="$1"
if [ x"$SERVICE_NAME" = x ]
then
SERVICE_NAME=@DAEMON_NAME@.service
fi

myuser=`systemctl show -p User "${SERVICE_NAME}" |
sed 's/^User=//'`
if [ x"$myuser" = x ]
then
myuser=mysql
fi

mygroup=`systemctl show -p Group "${SERVICE_NAME}" |
sed 's/^Group=//'`
if [ x"$mygroup" = x ]
then
mygroup=mysql
fi
fi

# Set up the errlogfile with appropriate permissions
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
case $(basename "$errlogfile") in
mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
*) ;;
esac
else
# Provide some advice if the log file cannot be created by this script
errlogdir=$(dirname "$errlogfile")
if ! [ -d "$errlogdir" ] ; then
echo "The directory $errlogdir does not exist." >&2
exit 1
elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
echo "The daemon will be run under $myuser:$mygroup" >&2
exit 1
fi
fi

# Make the data directory if doesn't exist or empty
if should_initialize "$datadir" ; then
# First, make sure $datadir is there with correct permissions
# (note: if it's not, and we're not root, this'll fail ...)
if [ ! -e "$datadir" -a ! -h "$datadir" ]
then
mkdir -p "$datadir" || exit 1
fi
chown "$myuser:$mygroup" "$datadir"
chmod 0755 "$datadir"
[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"

# Now create the database
echo "Initializing @NICE_PROJECT_NAME@ database" >&2
# Avoiding deletion of files not created by mysql_install_db is
# guarded by time check and sleep should help work-arounded
# potential issues on systems with 1 second resolution timestamps
# https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
INITDB_TIMESTAMP=`LANG=C date -u`
sleep 1
@bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
ret=$?
if [ $ret -ne 0 ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
# Clean up any partially-created database files
if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
echo "Files created so far will be removed." >&2
find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
-not -name "lost+found" -exec rm -rf {} +
if [ $? -ne 0 ] ; then
echo "Removing of created files was not successfull." >&2
echo "Please, clean directory $datadir manually." >&2
fi
else
echo "However, part of data has been initialized and those will not be removed." >&2
echo "Please, clean directory $datadir manually." >&2
fi
exit $ret
fi
# upgrade does not need to be run on a fresh datadir
echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
else
if [ -d "$datadir/mysql/" ] ; then
# mysql dir exists, it seems data are initialized properly
echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
else
# if the directory is not empty but mysql/ directory is missing, then
# print error and let user to initialize manually or empty the directory
echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
echo "Make sure the $datadir is empty before running `basename $0`." >&2
exit 1
fi
fi

exit 0

68
SOURCES/mariadb-scripts-common.sh
Unescape View File

@ -0,0 +1,68 @@ @@ -0,0 +1,68 @@
#!/bin/sh

# Some useful functions used in other MariaDB helper scripts
# This scripts defines variables datadir, errlogfile, socketfile

export LC_ALL=C

# extract value of a MariaDB option from config files
# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
# result is returned in $result
# We use my_print_defaults which prints all options from multiple files,
# with the more specific ones later; hence take the last match.
get_mysql_option(){
if [ $# -ne 3 ] ; then
echo "get_mysql_option requires 3 arguments: section option default_value"
return
fi
sections="$1"
option_name="$2"
default_value="$3"
result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="${default_value}"
fi
}

# For the case of running more instances via systemd, scripts that source
# this file can get --default-group-suffix or similar option as the first
# argument. The utility my_print_defaults needs to use it as well, so the
# scripts sourcing this file work with the same options as the daemon.
my_print_defaults_extra_args=''
while echo "$1" | grep -q '^--defaults' ; do
my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
shift
done

# Defaults here had better match what mariadbd-safe will default to
# The option values are generally defined on three important places
# on the default installation:
# 1) default values are hardcoded in the code of mariadbd daemon or
# mariadbd-safe script
# 2) configurable values are defined in @sysconfdir@/my.cnf
# 3) default values for helper scripts are specified bellow
# So, in case values are defined in my.cnf, we need to get that value.
# In case they are not defined in my.cnf, we need to get the same value
# in the daemon, as in the helper scripts. Thus, default values here
# must correspond with values defined in mariadbd-safe script and source
# code itself.

server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera"

get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
datadir="$result"

# if there is log_error in the my.cnf, my_print_defaults still
# returns log-error
# log-error might be defined in mysqld_safe and mysqld sections,
# the former has bigger priority
get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
errlogfile="$result"

get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
socketfile="$result"

get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
pidfile="$result"

41
SOURCES/mariadb-scripts.patch
Unescape View File

@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
We have some downstream patches and other scripts that include variables to
be expanded by cmake. Cmake needs to know about them, so adding them manually.

# Install libgcc as mylibgcc.a
--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200
+++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200
@@ -377,6 +377,34 @@
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT})
ENDIF()
ENDFOREACH()
+
+ # files for systemd
+ SET(SYSTEMD_SCRIPTS
+ mariadb.tmpfiles.d
+ mysql.service
+ mysql@.service
+ mariadb-prepare-db-dir
+ mariadb-check-socket
+ mariadb-check-upgrade
+ mariadb-scripts-common
+ mysql_config_multilib
+ clustercheck
+ galera_new_cluster
+ my.cnf
+ )
+ FOREACH(file ${SYSTEMD_SCRIPTS})
+ IF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh)
+ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh
+ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY)
+ ELSEIF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.in)
+ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.in
+ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY)
+ ELSE()
+ MESSAGE(FATAL_ERROR "Can not find ${file}.sh or ${file}.in in "
+ "${CMAKE_CURRENT_SOURCE_DIR}" )
+ ENDIF()
+ ENDFOREACH()
+
ENDIF()
# Install libgcc as mylibgcc.a

23
SOURCES/mariadb-server-galera.te
Unescape View File

@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@

module mariadb-server-galera 1.0;

require {
type mysqld_t;
type rsync_exec_t;
type anon_inodefs_t;
type proc_net_t;
type kerberos_port_t;
class file { read execute execute_no_trans getattr open };
class tcp_socket { name_bind name_connect };
class process { setpgid siginh rlimitinh noatsecure };
}

# allow mysqld to run rsyncd
allow mysqld_t self:process setpgid;
allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open };
allow mysqld_t anon_inodefs_t:file getattr;
allow mysqld_t proc_net_t:file { read open };

# allow rsyncd to listen on port 4444
allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect };

13
SOURCES/mariadb-ssl-cipher-tests.patch
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100
+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100
@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
let $restart_parameters=--ssl-cipher=AES128-SHA;
source include/restart_mysqld.inc;
connect (ssl_con,localhost,root,,,,,SSL);
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher_list';
disconnect ssl_con;
connection default;

3
SOURCES/mariadb.tmpfiles.d.in
Unescape View File

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
# Do not edit this file.
# To override this, put /etc/tmpfiles.d/mariadb.conf instead.
d @PID_FILE_DIR@ 0755 mysql mysql -

18
SOURCES/my.cnf.in
Unescape View File

@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]

#
# This group is read by the server
#
[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

#
# include all files from the config directory
#
!includedir @INSTALL_SYSCONF2DIR@

64
SOURCES/mysql.service.in
Unescape View File

@ -0,0 +1,64 @@ @@ -0,0 +1,64 @@
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades. If you want to customize, the
# best way is to:
#
# root> systemctl edit @DAEMON_NAME@.service
#
# Then add additonal directives under a section (probably [Service]).
#
# For more info about custom unit files, see systemd.unit(5) or
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
#
# For example, if you want to increase MariaDB's open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, use the contents below:
#
# [Service]
# LimitNOFILE=10000
#

[Unit]
Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
Documentation=man:mariadbd(8)
Documentation=https://mariadb.com/kb/en/library/systemd/
After=network.target

[Install]
WantedBy=multi-user.target
Alias=mysql.service
Alias=mysqld.service

[Service]
Type=notify
User=mysql
Group=mysql

ExecStartPre=@libexecdir@/mariadb-check-socket
# '%n' expands to 'Full unit name'; man systemd.unit
ExecStartPre=@libexecdir@/mariadb-prepare-db-dir %n
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# per bug #547485
ExecStart=@libexecdir@/mariadbd --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
ExecStartPost=@libexecdir@/mariadb-check-upgrade

# Setting this to true can break replication and the Type=notify settings
# See also bind-address MariaDB option.
PrivateNetwork=false

KillSignal=SIGTERM

# Don't want to see an automated SIGKILL ever
SendSIGKILL=no

# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s

UMask=007

# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300

# Place temp files in a secure directory, not /tmp
PrivateTmp=true

85
SOURCES/mysql@.service.in
Unescape View File

@ -0,0 +1,85 @@ @@ -0,0 +1,85 @@
# Multi instance version of MariaDB. For if you run mutiple verions at once.
# Also used for @DAEMON_NAME@@bootstrap to bootstrap Galera.
#
# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
# @sysconfdir@/@my.cnf to change per instance settings. A minimumal necessary
# configuration items to change to avoid conflicts between instances is:
#
# [mariadbd.instancename]
# # TCP port to make available for clients
# port=3306
# # Socket to make available for clients
# socket=/tmp/mariadb-instancename.sock
# # Where MariaDB should store all its data
# datadir=/usr/local/mariadb-instancename/data
#
# and start the service via:
#
# root> systemctl start @DAEMON_NAME@@{instancename}.server
#
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades. If you want to customize, for
# all instances, the best way is:
#
# root> systemctl edit @DAEMON_NAME@@.service
#
# Then add additonal directives under a section (probably [Service]).
#
# If you only want to change a specific instance:
#
# root> systemctl edit @DAEMON_NAME@@{instancename}.server
#
# For more info about custom unit files, see systemd.unit(5) or
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
#
# For example, if you want to increase MariaDB's open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, use the contents below:
#
# [Service]
# LimitNOFILE=10000

[Unit]
Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
Documentation=man:mariadbd(8)
Documentation=https://mariadb.com/kb/en/library/systemd/
After=network.target

[Install]
WantedBy=multi-user.target
Alias=mysql.service
Alias=mysqld.service

[Service]
Type=notify
User=mysql
Group=mysql

ExecStartPre=@libexecdir@/mariadb-check-socket --defaults-group-suffix=.%I
ExecStartPre=@libexecdir@/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# per bug #547485
ExecStart=@libexecdir@/mariadbd --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
ExecStartPost=@libexecdir@/mariadb-check-upgrade --defaults-group-suffix=.%I

# Setting this to true can break replication and the Type=notify settings
# See also bind-address MariaDB option.
PrivateNetwork=false

KillSignal=SIGTERM

# Don't want to see an automated SIGKILL ever
SendSIGKILL=no

# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s

UMask=007

# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300

# Place temp files in a secure directory, not /tmp
PrivateTmp=true

26
SOURCES/mysql_config_multilib.sh
Unescape View File

@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
#! /bin/sh
#
# Wrapper script for mysql_config to support multilib
#
# This command respects setarch

bits=$(rpm --eval %__isa_bits)

case $bits in
32|64) status=known ;;
*) status=unknown ;;
esac

if [ "$status" = "unknown" ] ; then
echo "$0: error: command 'rpm --eval %__isa_bits' returned unknown value: $bits"
exit 1
fi


if [ -x @bindir@/mysql_config-$bits ] ; then
@bindir@/mysql_config-$bits "$@"
else
echo "$0: error: needed binary: @bindir@/mysql_config-$bits is missing"
exit 1
fi

5
SOURCES/rh-skipped-tests-arm.list
Unescape View File

@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
# Fails since 10.3.17, only on armv7hl
versioning.partition :

# Fail since 10.4.16 only on armv7hl
versioning.partition_rotation :

98
SOURCES/rh-skipped-tests-base.list
Unescape View File

@ -0,0 +1,98 @@ @@ -0,0 +1,98 @@
# The SSL test are failing correctly. Fro more explanation, see:
# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275
main.ssl_7937 : #1399847
main.ssl_8k_key :
main.ssl_crl : #1399847

# ------------------------------
# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
perfschema.cnf_option :

rpl.rpl_row_img_blobs :
rpl.rpl_row_img_eng_min :
rpl.rpl_row_img_eng_noblob :

sys_vars.slave_parallel_threads_basic :

# ------------------------------
# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead
plugins.auth_ed25519 :
plugins.multiauth :

# ------------------------------
perfschema.nesting : #1399847
perfschema.socket_summary_by_instance_func : #1399847
perfschema.socket_summary_by_event_name_func :

# ------------------------------
# Fails since 10.1.12
innodb.innodb_defrag_binlog :

# Fails everywhere since 10.2.15
main.userstat :

# Fails everywhere since 10.4.11
main.events_bugs :
sys_vars.tcp_nodelay :

# Fails on i686
encryption.innodb-redo-badkey :

# Fails since 10.5.2
main.mysqld--help2 :
disks.disks :
disks.disks_notembedded :

# Fails since 10.5.3
main.mysqld--help-aria :

# Fails since 10.5.4
main.ssl_system_ca :

# Fails since 10.5.7
innodb.innodb_wl6326_big :
plugins.feedback_plugin_load :

# Fails only on RHEL 9 BETA on i686 architecture
main.myisampack :

# Fails on all arches since 10.5.13 on CentOS Stream 9
oqgraph.regression_mdev6345 :
type_test.type_test_double :
# Fails only on i686 since 10.5.13 on CentOS Stream 9
oqgraph.general-innodb :
oqgraph.general-Aria :
oqgraph.general-MyISAM :
oqgraph.legacy_upgrade :
oqgraph.regression_1133093 :
oqgraph.regression_1196036 :
oqgraph.regression_1213120 :

# Fails since RHEL 9.0.0 GA
# TLSv1.0 and TLSv1.1 are not allowed anymore
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index
main.tls_version1 :

# Fails on all architectures since 10.5.18
main.information_schema :
main.loadxml :
main.lock_kill :

# Fails since 10.5.20
innodb.innodb_bug51920 :
innodb.row_size_error_log_warnings_3 :
binlog_encryption.rpl_cant_read_event_incident :
bg.spider_fixes :
bugfix.mdev_29904 : "[Warning] mariadbd: Can't get hardware address with error 0"
sys_vars.completion_type_func :
rpl.rpl_report_port :
rpl.rpl_reset_slave_fail :
rpl.rpl_xa_survive_disconnect_lsu_off :
rpl.rpl_heartbeat_basic :
rpl.rpl_xa_survive_disconnect :
rpl.rpl_err_ignoredtable :
rpl.rpl_row_img_sequence_full :
rpl.rpl_row_img_sequence_min :
rpl.rpl_row_img_sequence_noblob :
rpl.rpl_xa_empty_transaction :
rpl.rpl_slave_shutdown_mdev20821 :

7
SOURCES/rh-skipped-tests-ppc.list
Unescape View File

@ -0,0 +1,7 @@ @@ -0,0 +1,7 @@
# Fails on ppc64le since 10.4.12
oqgraph.social :

# Fails since 10.5.20
innodb.innodb_defrag_concurrent :
parts.partition_alter4_innodb :
rpl.rpl_parallel_optimistic_xa_lsu_off :

3
SOURCES/rh-skipped-tests-s390.list
Unescape View File

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
# Fails since 10.5.2
perfschema.memory_aggregate_32bit :
period.overlaps :

492
SOURCES/wsrep_sst_rsync_tunnel
Unescape View File

@ -0,0 +1,492 @@ @@ -0,0 +1,492 @@
#!/bin/bash -ue

# Copyright (C) 2010-2014 Codership Oy
# Copyright (C) 2017-2020 Damien Ciabrini <damien.ciabrini@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING. If not, write to the
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston
# MA 02110-1301 USA.

# This is a reference script for rsync-based state snapshot tansfer
# over an encrypted communication channel, managed by socat

RSYNC_PID= # rsync pid file
RSYNC_CONF= # rsync configuration file
RSYNC_REAL_PID= # rsync process id

SOCAT_PID= # socat pid file
SOCAT_REAL_PID= # socat process id

SOCAT_OPTS= # openssl connection args

MODULE="rsync_tunnel_sst"

OS=$(uname)
[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH

# Setting the path for lsof on CentOS
export PATH="/usr/sbin:/sbin:$PATH"

. $(dirname $0)/wsrep_sst_common

wsrep_check_programs rsync socat

cleanup_pid()
{
local real_pid=$1
[ "0" != "$real_pid" ] && \
kill $real_pid && \
sleep 0.5 && \
kill -9 $real_pid >/dev/null 2>&1 || \
:
}

cleanup_tunnel()
{
if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then
wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID"
cleanup_pid $SOCAT_REAL_PID
fi
rm -rf "$SOCAT_PID"
}

cleanup_joiner()
{
wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID"
[ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID
rm -rf "$RSYNC_CONF"
rm -rf "$MAGIC_FILE"
rm -rf "$RSYNC_PID"

cleanup_tunnel

wsrep_log_info "Joiner cleanup done."
if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then
wsrep_cleanup_progress_file
fi
}

# Check whether process is still running.
check_pid()
{
local pid_file=$1
[ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1
}

check_pid_and_port()
{
local pid_file=$1
local service_pid=$2
local service_port=$3
local service_host=$4
local service_name=$5

if ! which lsof > /dev/null; then
wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed."
exit 2 # ENOENT
fi

local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \
grep "(LISTEN)")
local is_service=$(echo $port_info | \
grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null)

if [ -n "$port_info" -a -z "$is_service" ]; then
wsrep_log_error "$service_name daemon port '$service_port' has been taken"
exit 16 # EBUSY
fi

if ! check_pid $pid_file; then
wsrep_log_error "$service_name process terminated unexpectedly"
exit 10 # ECHILD
fi

[ -n "$port_info" ] && [ -n "$is_service" ] && \
[ $(cat $pid_file) -eq $service_pid ]
}

config_from_cnf()
{
local group=$1
local key=$2
echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1)
}

setup_tunnel_args()
{
tca=$(config_from_cnf sst tca)
tkey=$(config_from_cnf sst tkey)
tcert=$(config_from_cnf sst tcert)
sockopt=$(config_from_cnf sst sockopt)

if [ -z "$tcert" ]; then
wsrep_log_error "Encryption certificate not found in my.cnf"
exit 3
else
SOCAT_OPTS="cert=$tcert"
fi
[ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey"
[ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca"
wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS"

[ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt"
}

MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete"
rm -rf "$MAGIC_FILE"

BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar"
BINLOG_N_FILES=1
rm -f "$BINLOG_TAR_FILE" || :

if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG)
BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG)
fi

WSREP_LOG_DIR=${WSREP_LOG_DIR:-""}
# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf
if [ -z "$WSREP_LOG_DIR" ]; then
WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \
| grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \
| cut -b 29- )
fi

if [ -n "$WSREP_LOG_DIR" ]; then
# handle both relative and absolute paths
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P)
else
# default to datadir
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P)
fi

# Old filter - include everything except selected
# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \
# --exclude '*.conf' --exclude core --exclude 'galera.*' \
# --exclude grastate.txt --exclude '*.pem' \
# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index')

# New filter - exclude everything except dirs (schemas) and innodb files
FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes'
-f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*')

SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid"

if check_pid $SOCAT_PID
then
wsrep_log_error "socat tunnel already running."
exit 114 # EALREADY
fi
rm -rf "$SOCAT_PID"

setup_tunnel_args

if [ "$WSREP_SST_OPT_ROLE" = "donor" ]
then

SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}')
# map to name in case we received an IP
SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_JOINER_HOST" ]; then
SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR
fi
SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }')
if [ -z "$SOCAT_PORT" ]
then
SOCAT_PORT=4444
fi
TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE

trap cleanup_tunnel EXIT

# Socat forwards rsync connections to the joiner
SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork
SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS
wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat"
do
sleep 0.2
done

if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
then

FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed"
ERROR="$WSREP_SST_OPT_DATA/sst_error"

rm -rf "$FLUSHED"
rm -rf "$ERROR"

# Use deltaxfer only for WAN
inv=$(basename $0)
[ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \
|| WHOLE_FILE_OPT="--whole-file"

echo "flush tables"

# Wait for :
# (a) Tables to be flushed, AND
# (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR
# (c) ERROR file, in case flush tables operation failed.

while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1
do
# Check whether ERROR file exists.
if [ -f "$ERROR" ]
then
# Flush tables operation failed.
rm -rf "$ERROR"
exit 255
fi

sleep 0.2
done

STATE="$(cat $FLUSHED)"
rm -rf "$FLUSHED"

sync

if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
# Prepare binlog files
pushd $BINLOG_DIRNAME &> /dev/null
binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index)
binlog_files=""
for ii in $binlog_files_full
do
binlog_files="$binlog_files $(basename $ii)"
done
if ! [ -z "$binlog_files" ]
then
wsrep_log_info "Preparing binlog files for transfer:"
tar -cvf $BINLOG_TAR_FILE $binlog_files >&2
fi
popd &> /dev/null
fi

# first, the normal directories, so that we can detect incompatible protocol
RC=0
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \
rsync://$TARGET_ADDR >&2 || RC=$?

if [ "$RC" -ne 0 ]; then
wsrep_log_error "rsync returned code $RC:"

case $RC in
12) RC=71 # EPROTO
wsrep_log_error \
"rsync server on the other end has incompatible protocol. " \
"Make sure you have the same version of rsync on all nodes."
;;
22) RC=12 # ENOMEM
;;
*) RC=255 # unknown error
;;
esac
exit $RC
fi

# second, we transfer InnoDB log files
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \
rsync://$TARGET_ADDR-log_dir >&2 || RC=$?

if [ $RC -ne 0 ]; then
wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:"
exit 255 # unknown error
fi

# then, we parallelize the transfer of database directories, use . so that pathconcatenation works
pushd "$WSREP_SST_OPT_DATA" >/dev/null

count=1
[ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo)
[ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu)

find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \
xargs -I{} -0 -P $count \
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --recursive --delete --quiet \
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \
rsync://$TARGET_ADDR/{} >&2 || RC=$?

popd >/dev/null

if [ $RC -ne 0 ]; then
wsrep_log_error "find/rsync returned code $RC:"
exit 255 # unknown error
fi

else # BYPASS
wsrep_log_info "Bypassing state dump."

# Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id
# (separated by a space).
STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID"
fi

echo "continue" # now server can resume updating data

echo "$STATE" > "$MAGIC_FILE"
rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR

# to avoid cleanup race, stop tunnel before declaring the SST finished.
# This ensures galera won't start a new SST locally before we exit.
cleanup_tunnel

echo "done $STATE"

elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ]
then
wsrep_check_programs lsof socat

touch $SST_PROGRESS_FILE
MYSQLD_PID=$WSREP_SST_OPT_PARENT

RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid"

if check_pid $RSYNC_PID
then
wsrep_log_error "rsync daemon already running."
exit 114 # EALREADY
fi
rm -rf "$RSYNC_PID"

ADDR=$WSREP_SST_OPT_ADDR
RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }')
if [ -z "$RSYNC_PORT" ]
then
RSYNC_PORT=4444
ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT"
fi

SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }')
# map to name in case we received an IP
SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_HOST" ]; then
SOCAT_HOST=$SOCAT_ADDR
fi
SOCAT_PORT=$RSYNC_PORT

trap "exit 32" HUP PIPE
trap "exit 3" INT TERM ABRT
trap cleanup_joiner EXIT

RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf"

if [ -n "${MYSQL_TMP_DIR:-}" ] ; then
SILENT="log file = $MYSQL_TMP_DIR/rsynd.log"
else
SILENT=""
fi

cat << EOF > "$RSYNC_CONF"
pid file = $RSYNC_PID
use chroot = no
read only = no
timeout = 300
$SILENT
[$MODULE]
path = $WSREP_SST_OPT_DATA
[$MODULE-log_dir]
path = $WSREP_LOG_DIR
EOF

# rm -rf "$DATA"/ib_logfile* # we don't want old logs around

# Socat receives rsync connections from the donor
SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS
SOCAT_DST=tcp:localhost:$RSYNC_PORT
wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat"
do
sleep 0.2
done

wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\""
rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" &
RSYNC_REAL_PID=$!

until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync"
do
sleep 0.2
done

echo "ready $ADDR/$MODULE"

# wait for SST to complete by monitoring magic file
while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \
check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null
do
sleep 1
done

# to avoid cleanup race, we can tear down the socat tunnel now
# before signaling the end of the SST to galera.
cleanup_tunnel

if ! ps -p $MYSQLD_PID >/dev/null
then
wsrep_log_error \
"Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly."
exit 32
fi

if ! [ -z $WSREP_SST_OPT_BINLOG ]
then

pushd $BINLOG_DIRNAME &> /dev/null
if [ -f $BINLOG_TAR_FILE ]
then
# Clean up old binlog files first
rm -f ${BINLOG_FILENAME}.*
wsrep_log_info "Extracting binlog files:"
tar -xvf $BINLOG_TAR_FILE >&2
for ii in $(ls -1 ${BINLOG_FILENAME}.*)
do
echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index
done
fi
popd &> /dev/null
fi
if [ -r "$MAGIC_FILE" ]
then
# UUID:seqno & wsrep_gtid_domain_id is received here.
cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id
else
# this message should cause joiner to abort
echo "rsync process ended without creating '$MAGIC_FILE'"
fi
wsrep_cleanup_progress_file
# cleanup_joiner
else
wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'"
exit 22 # EINVAL
fi

rm -f $BINLOG_TAR_FILE || :

exit 0

2908
SPECS/mariadb.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save