From: Frank Brehm Date: Mon, 4 May 2020 08:35:43 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=fe8496e7802a4c392fc13c8b28a1724208ac3b5f;p=config%2Fbruni%2Fetc-mint-new1.git committing changes in /etc after apt run Package changes: +galera-3 25.3.20-1 amd64 +libconfig-inifiles-perl 2.94-1 all +libdbd-mysql-perl 4.046-1 amd64 +libdbi-perl 1.640-1 amd64 +libjemalloc1 3.6.0-11 amd64 +mariadb-client-10.1 1:10.1.44-0ubuntu0.18.04.1 amd64 +mariadb-client-core-10.1 1:10.1.44-0ubuntu0.18.04.1 amd64 +mariadb-common 1:10.1.44-0ubuntu0.18.04.1 all +mariadb-server 1:10.1.44-0ubuntu0.18.04.1 all +mariadb-server-10.1 1:10.1.44-0ubuntu0.18.04.1 amd64 +mariadb-server-core-10.1 1:10.1.44-0ubuntu0.18.04.1 amd64 +socat 1.7.3.2-2ubuntu2 amd64 --- diff --git a/.etckeeper b/.etckeeper index 430ad1c..29592f7 100755 --- a/.etckeeper +++ b/.etckeeper @@ -399,6 +399,7 @@ maybe chmod 0644 'apparmor.d/usr.sbin.cups-browsed' maybe chmod 0644 'apparmor.d/usr.sbin.cupsd' maybe chmod 0644 'apparmor.d/usr.sbin.ippusbxd' maybe chmod 0644 'apparmor.d/usr.sbin.libvirtd' +maybe chmod 0644 'apparmor.d/usr.sbin.mysqld' maybe chmod 0644 'apparmor.d/usr.sbin.named' maybe chmod 0644 'apparmor.d/usr.sbin.rsyslogd' maybe chmod 0644 'apparmor.d/usr.sbin.tcpdump' @@ -1150,6 +1151,7 @@ maybe chmod 0644 'default/libvirtd' maybe chmod 0644 'default/locale' maybe chmod 0644 'default/mdadm' maybe chmod 0644 'default/motd-news' +maybe chmod 0644 'default/mysql' maybe chmod 0644 'default/netfilter-persistent' maybe chmod 0644 'default/networkd-dispatcher' maybe chmod 0644 'default/networking' @@ -1805,6 +1807,7 @@ maybe chmod 0755 'init.d/lvm2-lvmpolld' maybe chmod 0755 'init.d/mdadm' maybe chmod 0755 'init.d/mdadm-waitidle' maybe chmod 0755 'init.d/mintsystem' +maybe chmod 0755 'init.d/mysql' maybe chmod 0755 'init.d/netfilter-persistent' maybe chmod 0755 'init.d/network-manager' maybe chmod 0755 'init.d/networking' @@ -1849,6 +1852,7 @@ maybe chmod 0644 'inputrc' maybe chmod 0755 'insserv.conf.d' maybe chmod 0644 'insserv.conf.d/bind9' maybe chmod 0644 'insserv.conf.d/gdm3' +maybe chmod 0644 'insserv.conf.d/mariadb' maybe chmod 0644 'insserv.conf.d/postfix' maybe chmod 0644 'inxi.conf' maybe chmod 0755 'iproute2' @@ -2003,13 +2007,17 @@ maybe chmod 0644 'locale.gen' maybe chmod 0755 'logcheck' maybe chmod 0755 'logcheck/ignore.d.paranoid' maybe chmod 0644 'logcheck/ignore.d.paranoid/cracklib-runtime' +maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_1' maybe chmod 0755 'logcheck/ignore.d.server' maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent' maybe chmod 0644 'logcheck/ignore.d.server/hddtemp' maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules' +maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_1' maybe chmod 0644 'logcheck/ignore.d.server/mdadm' maybe chmod 0644 'logcheck/ignore.d.server/ntpdate' maybe chmod 0644 'logcheck/ignore.d.server/rsyslog' +maybe chmod 0755 'logcheck/ignore.d.workstation' +maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_1' maybe chmod 0755 'logcheck/violations.d' maybe chmod 0644 'logcheck/violations.d/mdadm' maybe chmod 0644 'login.defs' @@ -2030,6 +2038,7 @@ maybe chmod 0644 'logrotate.d/libvirtd.qemu' maybe chmod 0644 'logrotate.d/libvirtd.uml' maybe chmod 0644 'logrotate.d/lightdm' maybe chmod 0644 'logrotate.d/mintupdate' +maybe chmod 0644 'logrotate.d/mysql-server' maybe chmod 0644 'logrotate.d/pm-utils' maybe chmod 0644 'logrotate.d/ppp' maybe chmod 0644 'logrotate.d/rsyslog' @@ -2104,6 +2113,14 @@ maybe chmod 0755 'mysql' maybe chmod 0755 'mysql/conf.d' maybe chmod 0644 'mysql/conf.d/mysql.cnf' maybe chmod 0644 'mysql/conf.d/mysqldump.cnf' +maybe chmod 0755 'mysql/debian-start' +maybe chmod 0600 'mysql/debian.cnf' +maybe chmod 0644 'mysql/mariadb.cnf' +maybe chmod 0755 'mysql/mariadb.conf.d' +maybe chmod 0644 'mysql/mariadb.conf.d/50-client.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysql-clients.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysqld_safe.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-server.cnf' maybe chmod 0644 'mysql/my.cnf.fallback' maybe chmod 0644 'nanorc' maybe chmod 0755 'needrestart' diff --git a/alternatives/my.cnf b/alternatives/my.cnf index d16fc1d..c0fe3dd 120000 --- a/alternatives/my.cnf +++ b/alternatives/my.cnf @@ -1 +1 @@ -/etc/mysql/my.cnf.fallback \ No newline at end of file +/etc/mysql/mariadb.cnf \ No newline at end of file diff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld new file mode 100644 index 0000000..4ffb7ea --- /dev/null +++ b/apparmor.d/usr.sbin.mysqld @@ -0,0 +1,15 @@ +# This file is intensionally empty to disable apparmor by default for newer +# versions of MariaDB, while providing seamless upgrade from older versions +# and from mysql, where apparmor is used. +# +# By default, we do not want to have any apparmor profile for the MariaDB +# server. It does not provide much useful functionality/security, and causes +# several problems for users who often are not even aware that apparmor +# exists and runs on their system. +# +# Users can modify and maintain their own profile, and in this case it will +# be used. +# +# When upgrading from previous version, users who modified the profile +# will be promptet to keep or discard it, while for default installs +# we will automatically disable the profile. diff --git a/default/mysql b/default/mysql new file mode 100644 index 0000000..3d3bc80 --- /dev/null +++ b/default/mysql @@ -0,0 +1,24 @@ +# +# NOTE: This file is read only by the traditional SysV init script and has been +# available only in Ubuntu 16.04 and 16.10 and never in a official Debian release. +# Debian 9 and Ubuntu 17.04 onwards do not normally read this file as they use +# systemd by default. +# +# For similar behaviour, systemd users should override ExecStart by dropping +# files into /etc/systemd/system/mariadb.service.d/ +# +# See also: +# https://wiki.debian.org/Teams/pkg-systemd/Packaging#overriding_options_and_.2Fetc.2Fdefault_handling +# https://mariadb.com/kb/en/mariadb/systemd/ +# +# Note also that MariaDB systemd does _not_ utilize mysqld_safe nor debian-start. + + +# The delay in seconds the init script waits for the server to be up and running after having started "mysqld_safe" to run the "/etc/mysql/debian-start" script. +# If the server is still not responding after the delay, the script won't be executed and an error will be thrown on the syslog. +# Default: 30 +#MYSQLD_STARTUP_TIMEOUT=30 + +# The email recipient(s) of the output of the check for crashed and improperly closed MyISAM and Aria tables done at each server start by the "/etc/mysql/debian-start" script. +# Default: root +#MYCHECK_RCPT="root" diff --git a/group b/group index a952acc..8f52e69 100644 --- a/group +++ b/group @@ -76,3 +76,4 @@ gdm:x:118: libvirt:x:136:frank libvirt-qemu:x:64055:libvirt-qemu libvirt-dnsmasq:x:137: +mysql:x:138: diff --git a/group- b/group- index 7b14a90..a952acc 100644 --- a/group- +++ b/group- @@ -3,23 +3,23 @@ daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,frank -tty:x:5: +tty:x:5:frank disk:x:6: -lp:x:7: +lp:x:7:frank mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: -dialout:x:20: -fax:x:21: +dialout:x:20:frank +fax:x:21:frank voice:x:22: cdrom:x:24:frank -floppy:x:25: -tape:x:26: +floppy:x:25:frank +tape:x:26:frank sudo:x:27:frank -audio:x:29:pulse +audio:x:29:pulse,frank dip:x:30:frank www-data:x:33: backup:x:34: @@ -30,22 +30,22 @@ src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: -video:x:44:plex +video:x:44:plex,frank sasl:x:45: plugdev:x:46:frank staff:x:50: -games:x:60: +games:x:60:frank users:x:100: nogroup:x:65534: systemd-journal:x:101: systemd-network:x:102: systemd-resolve:x:103: input:x:104: -crontab:x:105: +crontab:x:105:frank syslog:x:106: messagebus:x:107: netdev:x:108: -mlocate:x:109: +mlocate:x:109:frank ssl-cert:x:110: uuidd:x:111: lpadmin:x:112:frank @@ -56,7 +56,7 @@ bluetooth:x:116: systemd-coredump:x:117: lightdm:x:119: nopasswdlogin:x:120: -scanner:x:121:saned +scanner:x:121:saned,frank saned:x:122: nm-openvpn:x:123: avahi:x:124: diff --git a/gshadow b/gshadow index 4384bce..a6adaca 100644 --- a/gshadow +++ b/gshadow @@ -76,3 +76,4 @@ gdm:!:: libvirt:!::frank libvirt-qemu:!::libvirt-qemu libvirt-dnsmasq:!:: +mysql:!:: diff --git a/gshadow- b/gshadow- index 8f0268c..4384bce 100644 --- a/gshadow- +++ b/gshadow- @@ -3,23 +3,23 @@ daemon:*:: bin:*:: sys:*:: adm:*::syslog,frank -tty:*:: +tty:*::frank disk:*:: -lp:*:: +lp:*::frank mail:*:: news:*:: uucp:*:: man:*:: proxy:*:: kmem:*:: -dialout:*:: -fax:*:: +dialout:*::frank +fax:*::frank voice:*:: cdrom:*::frank -floppy:*:: -tape:*:: +floppy:*::frank +tape:*::frank sudo:*::frank -audio:*::pulse +audio:*::pulse,frank dip:*::frank www-data:*:: backup:*:: @@ -30,22 +30,22 @@ src:*:: gnats:*:: shadow:*:: utmp:*:: -video:*::plex +video:*::plex,frank sasl:*:: plugdev:*::frank staff:*:: -games:*:: +games:*::frank users:*:: nogroup:*:: systemd-journal:!:: systemd-network:!:: systemd-resolve:!:: input:!:: -crontab:!:: +crontab:!::frank syslog:!:: messagebus:!:: netdev:!:: -mlocate:!:: +mlocate:!::frank ssl-cert:!:: uuidd:!:: lpadmin:!::frank @@ -56,7 +56,7 @@ bluetooth:!:: systemd-coredump:!:: lightdm:!:: nopasswdlogin:!:: -scanner:!::saned +scanner:!::saned,frank saned:!:: nm-openvpn:!:: avahi:!:: diff --git a/init.d/mysql b/init.d/mysql new file mode 100755 index 0000000..c18ef8c --- /dev/null +++ b/init.d/mysql @@ -0,0 +1,207 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: mysql +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network $named $time +# Should-Stop: $network $named $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the mysql database server daemon +# Description: Controls the main MariaDB database server daemon "mysqld" +# and its wrapper script "mysqld_safe". +### END INIT INFO +# +set -e +set -u +${DEBIAN_SCRIPT_DEBUG:+ set -v -x} + +test -x /usr/sbin/mysqld || exit 0 + +. /lib/lsb/init-functions + +SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) + +MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" + +# priority can be overridden and "-s" adds output to stderr +ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" + +if [ -f /etc/default/mysql ]; then + . /etc/default/mysql +fi + +# Also source default/mariadb in case the installation was upgraded from +# packages originally installed from MariaDB.org repositories, which have +# had support for reading /etc/default/mariadb since March 2016. +if [ -f /etc/default/mariadb ]; then + . /etc/default/mariadb +fi + +# Safeguard (relative paths, core dumps..) +cd / +umask 077 + +# mysqladmin likes to read /root/.my.cnf. This is usually not what I want +# as many admins e.g. only store a password without a username there and +# so break my scripts. +export HOME=/etc/mysql/ + +## Fetch a particular option from mysql's invocation. +# +# Usage: void mysqld_get_param option +mysqld_get_param() { + /usr/sbin/mysqld --print-defaults \ + | tr " " "\n" \ + | grep -- "--$1" \ + | tail -n 1 \ + | cut -d= -f2 +} + +## Do some sanity checks before even trying to start mysqld. +sanity_checks() { + # check for config file + if [ ! -r /etc/mysql/my.cnf ]; then + log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" + echo "WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" | $ERR_LOGGER + fi + + # check for diskspace shortage + datadir=`mysqld_get_param datadir` + if LC_ALL=C BLOCKSIZE= df --portability $datadir/. | tail -n 1 | awk '{ exit ($4>4096) }'; then + log_failure_msg "$0: ERROR: The partition with $datadir is too full!" + echo "ERROR: The partition with $datadir is too full!" | $ERR_LOGGER + exit 1 + fi +} + +## Checks if there is a server running and if so if it is accessible. +# +# check_alive insists on a pingable server +# check_dead also fails if there is a lost mysqld in the process list +# +# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] +mysqld_status () { + ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) + + ps_alive=0 + pidfile=`mysqld_get_param pid-file` + if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi + + if [ "$1" = "check_alive" -a $ping_alive = 1 ] || + [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then + return 0 # EXIT_SUCCESS + else + if [ "$2" = "warn" ]; then + echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug + fi + return 1 # EXIT_FAILURE + fi +} + +# +# main() +# + +case "${1:-''}" in + + 'start') + sanity_checks; + # Start daemon + log_daemon_msg "Starting MariaDB database server" "mysqld" + if mysqld_status check_alive nowarn; then + log_progress_msg "already running" + log_end_msg 0 + else + # Could be removed during boot + test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld + + # Start MariaDB! + /usr/bin/mysqld_safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER & + + for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do + sleep 1 + if mysqld_status check_alive nowarn ; then break; fi + log_progress_msg "." + done + if mysqld_status check_alive warn; then + log_end_msg 0 + # Now start mysqlcheck or whatever the admin wants. + output=$(/etc/mysql/debian-start) + if [ -n "$output" ]; then + log_action_msg "$output" + fi + else + log_end_msg 1 + log_failure_msg "Please take a look at the syslog" + fi + fi + ;; + + 'stop') + # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible + # at least for cron, we can rely on it here, too. (although we have + # to specify it explicit as e.g. sudo environments points to the normal + # users home and not /root) + log_daemon_msg "Stopping MariaDB database server" "mysqld" + if ! mysqld_status check_dead nowarn; then + set +e + shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? + set -e + if [ "$r" -ne 0 ]; then + log_end_msg 1 + [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" + log_daemon_msg "Killing MariaDB database server by signal" "mysqld" + killall -15 mysqld + server_down= + for i in `seq 1 600`; do + sleep 1 + if mysqld_status check_dead nowarn; then server_down=1; break; fi + done + if test -z "$server_down"; then killall -9 mysqld; fi + fi + fi + + if ! mysqld_status check_dead warn; then + log_end_msg 1 + log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.1/README.Debian.gz!" + exit -1 + else + log_end_msg 0 + fi + ;; + + 'restart') + set +e; $SELF stop; set -e + shift + $SELF start "${@}" + ;; + + 'reload'|'force-reload') + log_daemon_msg "Reloading MariaDB database server" "mysqld" + $MYADMIN reload + log_end_msg 0 + ;; + + 'status') + if mysqld_status check_alive nowarn; then + log_action_msg "$($MYADMIN version)" + else + log_action_msg "MariaDB is stopped." + exit 3 + fi + ;; + + 'bootstrap') + # Bootstrap the cluster, start the first node + # that initiates the cluster + log_daemon_msg "Bootstrapping the cluster" "mysqld" + $SELF start "${@:2}" --wsrep-new-cluster + ;; + + *) + echo "Usage: $SELF start|stop|restart|reload|force-reload|status|bootstrap" + exit 1 + ;; +esac diff --git a/insserv.conf.d/mariadb b/insserv.conf.d/mariadb new file mode 100644 index 0000000..cb29a54 --- /dev/null +++ b/insserv.conf.d/mariadb @@ -0,0 +1 @@ +$database mysql diff --git a/logcheck/ignore.d.paranoid/mariadb-server-10_1 b/logcheck/ignore.d.paranoid/mariadb-server-10_1 new file mode 100644 index 0000000..00cc5c3 --- /dev/null +++ b/logcheck/ignore.d.paranoid/mariadb-server-10_1 @@ -0,0 +1,9 @@ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: $ +mysqld\[[0-9]+\]: Version: .* socket: '/var/run/mysqld/mysqld.sock' port: 3306$ +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: started$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.server/mariadb-server-10_1 b/logcheck/ignore.d.server/mariadb-server-10_1 new file mode 100644 index 0000000..d6e7f90 --- /dev/null +++ b/logcheck/ignore.d.server/mariadb-server-10_1 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.workstation/mariadb-server-10_1 b/logcheck/ignore.d.workstation/mariadb-server-10_1 new file mode 100644 index 0000000..a0b4792 --- /dev/null +++ b/logcheck/ignore.d.workstation/mariadb-server-10_1 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at https://order.mysql.com$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logrotate.d/mysql-server b/logrotate.d/mysql-server new file mode 100644 index 0000000..34ef638 --- /dev/null +++ b/logrotate.d/mysql-server @@ -0,0 +1,20 @@ +# - I put everything in one block and added sharedscripts, so that mysql gets +# flush-logs'd only once. +# Else the binary logs would automatically increase by n times every day. +# - The error log is obsolete, messages go to syslog now. +/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log { + daily + rotate 7 + missingok + create 640 mysql adm + compress + sharedscripts + postrotate + test -x /usr/bin/mysqladmin || exit 0 + if [ -f `my_print_defaults --mysqld | grep -m 1 -oP "pid-file=\K.+$"` ]; then + # If this fails, check debian.conf! + mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \ + flush-engine-log flush-general-log flush-slow-log + fi + endscript +} diff --git a/mysql/debian-start b/mysql/debian-start new file mode 100755 index 0000000..40c248f --- /dev/null +++ b/mysql/debian-start @@ -0,0 +1,42 @@ +#!/bin/bash +# +# This script is executed by "/etc/init.d/mysql" on every (re)start. +# +# Changes to this file will be preserved when updating the Debian package. +# +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# + +source /usr/share/mysql/debian-start.inc.sh + +if [ -f /etc/default/mysql ]; then + . /etc/default/mysql +fi + +MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf" +MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" +MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf" +MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf" +MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables" +MYCHECK_PARAMS="--all-databases --fast --silent" +MYCHECK_RCPT="${MYCHECK_RCPT:-root}" + +## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables. + +# The following commands should be run when the server is up but in background +# where they do not block the server start and in one shell instance so that +# they run sequentially. They are supposed not to echo anything to stdout. +# If you want to disable the check for crashed tables comment +# "check_for_crashed_tables" out. +# (There may be no output to stdout inside the background process!) + +# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade +# process in the middle. +trap "" SIGHUP +( + upgrade_system_tables_if_necessary; + check_root_accounts; + check_for_crashed_tables; +) >&2 & + +exit 0 diff --git a/mysql/debian.cnf b/mysql/debian.cnf new file mode 100644 index 0000000..1ca3c71 --- /dev/null +++ b/mysql/debian.cnf @@ -0,0 +1,12 @@ +# Automatically generated for Debian scripts. DO NOT TOUCH! +[client] +host = localhost +user = root +password = +socket = /var/run/mysqld/mysqld.sock +[mysql_upgrade] +host = localhost +user = root +password = +socket = /var/run/mysqld/mysqld.sock +basedir = /usr diff --git a/mysql/mariadb.cnf b/mysql/mariadb.cnf new file mode 100644 index 0000000..94d8f10 --- /dev/null +++ b/mysql/mariadb.cnf @@ -0,0 +1,23 @@ +# The MariaDB configuration file +# +# The MariaDB/MySQL tools read configuration files in the following order: +# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults, +# 2. "/etc/mysql/conf.d/*.cnf" to set global options. +# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options. +# 4. "~/.my.cnf" to set user-specific options. +# +# If the same option is defined multiple times, the last one will apply. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. + +# +# This group is read both both by the client and the server +# use it for options that affect everything +# +[client-server] + +# Import all .cnf files from configuration directory +!includedir /etc/mysql/conf.d/ +!includedir /etc/mysql/mariadb.conf.d/ diff --git a/mysql/mariadb.conf.d/50-client.cnf b/mysql/mariadb.conf.d/50-client.cnf new file mode 100644 index 0000000..b509f19 --- /dev/null +++ b/mysql/mariadb.conf.d/50-client.cnf @@ -0,0 +1,25 @@ +# +# This group is read by the client library +# Use it for options that affect all clients, but not the server +# + +[client] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +# socket location +socket = /var/run/mysqld/mysqld.sock + +# Example of client certificate usage +# ssl-cert=/etc/mysql/client-cert.pem +# ssl-key=/etc/mysql/client-key.pem +# +# Allow only TLS encrypted connections +# ssl-verify-server-cert=on + +# This group is *never* read by mysql client library, though this +# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL +# client anyway. +# If you use the same .cnf file for MySQL and MariaDB, +# use it for MariaDB-only client options +[client-mariadb] diff --git a/mysql/mariadb.conf.d/50-mysql-clients.cnf b/mysql/mariadb.conf.d/50-mysql-clients.cnf new file mode 100644 index 0000000..55cfda2 --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysql-clients.cnf @@ -0,0 +1,24 @@ +# +# These groups are read by MariaDB command-line tools +# Use it for options that affect only one utility +# + +[mysql] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +[mysql_upgrade] + +[mysqladmin] + +[mysqlbinlog] + +[mysqlcheck] + +[mysqldump] + +[mysqlimport] + +[mysqlshow] + +[mysqlslap] diff --git a/mysql/mariadb.conf.d/50-mysqld_safe.cnf b/mysql/mariadb.conf.d/50-mysqld_safe.cnf new file mode 100644 index 0000000..141d51f --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysqld_safe.cnf @@ -0,0 +1,30 @@ +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# MariaDB systemd does _not_ utilize mysqld_safe nor read this file. +# +# For similar behaviour, systemd users should create the following file: +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# +# To achieve the same result as the default 50-mysqld_safe.cnf, please create +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# with the following contents: +# +# [Service] +# User=mysql +# StandardOutput=syslog +# StandardError=syslog +# SyslogFacility=daemon +# SyslogLevel=err +# SyslogIdentifier=mysqld +# +# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/ +# + +[mysqld_safe] +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# especially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +socket = /var/run/mysqld/mysqld.sock +nice = 0 +skip_log_error +syslog diff --git a/mysql/mariadb.conf.d/50-server.cnf b/mysql/mariadb.conf.d/50-server.cnf new file mode 100644 index 0000000..ee30148 --- /dev/null +++ b/mysql/mariadb.conf.d/50-server.cnf @@ -0,0 +1,134 @@ +# +# These groups are read by MariaDB server. +# Use it for options that only the server (but not clients) should see +# +# See the examples of server my.cnf files in /usr/share/mysql/ +# + +# this is read by the standalone daemon and embedded servers +[server] + +# this is only for the mysqld standalone daemon +[mysqld] + +# +# * Basic Settings +# +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking + +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = 127.0.0.1 + +# +# * Fine Tuning +# +key_buffer_size = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam_recover_options = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 + +# +# * Query Cache Configuration +# +query_cache_limit = 1M +query_cache_size = 16M + +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Enable the slow query log to see queries with especially long duration +#slow_query_log_file = /var/log/mysql/mariadb-slow.log +#long_query_time = 10 +#log_slow_rate_limit = 1000 +#log_slow_verbosity = query_plan +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = exclude_database_name + +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! + +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates you can use for example the GUI tool "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem +# +# Accept only connections using the latest and most secure TLS protocol version. +# ..when MariaDB is compiled with OpenSSL: +# ssl-cipher=TLSv1.2 +# ..when MariaDB is compiled with YaSSL (default in Debian): +# ssl=on + +# +# * Character sets +# +# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full +# utf8 4-byte character set. See also client.cnf +# +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci + +# +# * Unix socket authentication plugin is built-in since 10.0.22-6 +# +# Needed so the root database user can authenticate without a password but +# only when running as the unix root user. +# +# Also available for other users if required. +# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ + +# this is only for embedded server +[embedded] + +# This group is only read by MariaDB servers, not by MySQL. +# If you use the same .cnf file for MySQL and MariaDB, +# you can put MariaDB-only options here +[mariadb] + +# This group is only read by MariaDB-10.1 servers. +# If you use the same .cnf file for MariaDB of different versions, +# use this group for options that older servers don't understand +[mariadb-10.1] diff --git a/passwd b/passwd index aa6b4c8..c578159 100644 --- a/passwd +++ b/passwd @@ -56,3 +56,4 @@ _chrony:x:126:135:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin gdm:x:112:118:Gnome Display Manager:/var/lib/gdm3:/bin/false libvirt-qemu:x:64055:133:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin libvirt-dnsmasq:x:127:137:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin +mysql:x:128:138:MySQL Server,,,:/nonexistent:/bin/false diff --git a/passwd- b/passwd- index 7c52145..27484e6 100644 --- a/passwd- +++ b/passwd- @@ -55,4 +55,5 @@ plex:x:136:963:Plex Media Server:/var/lib/plexmediaserver:/bin/sh _chrony:x:126:135:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin gdm:x:112:118:Gnome Display Manager:/var/lib/gdm3:/bin/false libvirt-qemu:x:64055:133:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin -libvirt-dnsmasq:x:127:137::/var/lib/libvirt/dnsmasq:/usr/sbin/nologin +libvirt-dnsmasq:x:127:137:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin +mysql:x:128:138::/nonexistent:/bin/false diff --git a/rc0.d/K01mysql b/rc0.d/K01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc0.d/K01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc1.d/K01mysql b/rc1.d/K01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc1.d/K01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc2.d/S01mysql b/rc2.d/S01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc2.d/S01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc3.d/S01mysql b/rc3.d/S01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc3.d/S01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc4.d/S01mysql b/rc4.d/S01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc4.d/S01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc5.d/S01mysql b/rc5.d/S01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc5.d/S01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc6.d/K01mysql b/rc6.d/K01mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc6.d/K01mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/shadow b/shadow index 90c16ae..2034980 100644 --- a/shadow +++ b/shadow @@ -56,3 +56,4 @@ _chrony:*:18385:0:99999:7::: gdm:*:18385:0:99999:7::: libvirt-qemu:!:18385:0:99999:7::: libvirt-dnsmasq:!:18385:0:99999:7::: +mysql:!:18386:0:99999:7::: diff --git a/shadow- b/shadow- index 90c16ae..2034980 100644 --- a/shadow- +++ b/shadow- @@ -56,3 +56,4 @@ _chrony:*:18385:0:99999:7::: gdm:*:18385:0:99999:7::: libvirt-qemu:!:18385:0:99999:7::: libvirt-dnsmasq:!:18385:0:99999:7::: +mysql:!:18386:0:99999:7::: diff --git a/systemd/system/multi-user.target.wants/mariadb.service b/systemd/system/multi-user.target.wants/mariadb.service new file mode 120000 index 0000000..fd9e114 --- /dev/null +++ b/systemd/system/multi-user.target.wants/mariadb.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file diff --git a/systemd/system/mysql.service b/systemd/system/mysql.service new file mode 120000 index 0000000..fd9e114 --- /dev/null +++ b/systemd/system/mysql.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file diff --git a/systemd/system/mysqld.service b/systemd/system/mysqld.service new file mode 120000 index 0000000..fd9e114 --- /dev/null +++ b/systemd/system/mysqld.service @@ -0,0 +1 @@ +/lib/systemd/system/mariadb.service \ No newline at end of file