From 9ac0430b0fdddb95b55e32b9b54c656c23cb85ef Mon Sep 17 00:00:00 2001 From: Michal Schorm Date: Mon, 18 Dec 2023 06:44:39 +0100 Subject: [PATCH] [2/2] Rebase to 10.11.6 - start using upstream logrotate file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Explanation for removed notes follow: | * Enable creation of the log file by logrotate (needed since | /var/log/ isn't writable by mysql user); and set the same 640 | permissions we normally use. This is an ancient artefact. It originates in this commit from 2012 in the 'mysql' package in Fedora: https://src.fedoraproject.org/rpms/mysql/c/d3bdaa4a?branch=rawhide That was at the time, when the DB log resided directly in '/var/log/', rather than '/var/log/some-dir-specific-for-the-DB/'. Since that is no longer the case, the 'create 600 mysql mysql' directive is no longer necessary. | * Comment out the actual rotation commands, so that user must edit | the file to enable rotation. This is unfortunate, but the fact | that the script will probably fail without manual configuration | (to set a root password) means that we can't really have it turned | on by default. Fortunately, in most configurations the log file | is low-volume and so rotation is not critical functionality. This is no longer true. Since MariaDB 10.4, which introduced authentication via the UNIX socket, the 'root' and 'mysql' users can authenticate without login and password. So we can go back to using 'mysqladmin', or 'mariadb-admin' in this case, to flush logs | See discussions at RH bugs 799735, 547007 | * Note they are from Fedora 15 / 16 I found no more useful information there. Only information already mentioned in other notes here. | Update 3/2017 | * it would be big unexpected change for anyone upgrading, if we start shipping it now. | Maybe it is good candidate for shipping with MariaDB 10.2 ? Introduction of MariaDB 10.11 is the perfect time. | * the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost | during flushing, the operation is not atomic. | We should not ship it in that state True, however, no one likely cares about that, in reality, since those logs don't hold any journal-like entries. Explained here: https://github.com/MariaDB/server/pull/1556#issuecomment-941886220 | Update 6/2018 | * the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is | beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can. | * Submited as PR: https://github.com/MariaDB/server/pull/807 It has been dicussed on the upstream thoroughly and was found far from ideal. Now, that we can use 'mysqladmin', or 'mariadb-admin' in this case, safely again, there's no argument to keep using the PID file for flushing logs. | Update 02/2021 | * Enhance the script as proposed in: | https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ Enhanced again now. Significantly this time, however with a vision that the values will become an OS-independent defaults. | * Discussion continues in: | https://jira.mariadb.org/browse/MDEV-16621 Discussion finished. Better start a new one, if needed. --- mariadb-logrotate.patch | 102 ++++++++++------------------------------ mariadb.spec | 7 +-- 2 files changed, 27 insertions(+), 82 deletions(-) diff --git a/mariadb-logrotate.patch b/mariadb-logrotate.patch index a09a312..ec522b0 100644 --- a/mariadb-logrotate.patch +++ b/mariadb-logrotate.patch @@ -1,82 +1,32 @@ -Adjust the mysql-log-rotate script in several ways: +Adjust the 'mariadb.logrotate.sh' script in several ways: * Use the correct log file pathname for Red Hat installations. -* Enable creation of the log file by logrotate (needed since - /var/log/ isn't writable by mysql user); and set the same 640 - permissions we normally use. -* Comment out the actual rotation commands, so that user must edit - the file to enable rotation. This is unfortunate, but the fact - that the script will probably fail without manual configuration - (to set a root password) means that we can't really have it turned - on by default. Fortunately, in most configurations the log file - is low-volume and so rotation is not critical functionality. -See discussions at RH bugs 799735, 547007 -* Note they are from Fedora 15 / 16 +* Remove Debian specific code + for the very unlikely, but possible scenario + in which the debian config file would exist. -Update 3/2017 -* it would be big unexpected change for anyone upgrading, if we start shipping it now. - Maybe it is good candidate for shipping with MariaDB 10.2 ? -* the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost - during flushing, the operation is not atomic. - We should not ship it in that state - -Update 6/2018 -* the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is - beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can. -* Submited as PR: https://github.com/MariaDB/server/pull/807 - -Update 02/2021 -* Enhance the script as proposed in: - https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ -* Discussion continues in: - https://jira.mariadb.org/browse/MDEV-16621 - ---- mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh 2022-02-22 04:56:35.571185622 +0100 -+++ mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh_patched 2022-02-22 04:56:15.121003580 +0100 -@@ -3,36 +3,23 @@ - # in the [mysqld] section as follows: - # - # [mysqld] --# log-error=@localstatedir@/mysqld.log --# --# If the root user has a password you have to create a --# /root/.my.cnf configuration file with the following --# content: --# --# [mysqladmin] --# password = --# user= root --# --# where "" is the password. --# --# ATTENTION: This /root/.my.cnf should be readable ONLY --# for root ! -+# log-error=@LOG_LOCATION@ +--- mariadb-10.11.6/support-files/mariadb.logrotate.sh 2023-11-08 16:51:43.000000000 +0100 ++++ mariadb-10.11.6/support-files/mariadb.logrotate.sh_patched 2023-12-17 18:03:36.955861025 +0100 +@@ -6,7 +6,7 @@ + # Read https://mariadb.com/kb/en/error-log/ to learn more about logging and + # https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ about rotating logs. --@localstatedir@/mysqld.log { -- # create 600 mysql mysql +-@localstatedir@/mysqld.log @localstatedir@/mariadb.log @logdir@/*.log { +@LOG_LOCATION@ { -+ create 600 mysql mysql - su mysql mysql - notifempty - daily - rotate 3 - missingok - compress -+ delaycompress -+ sharedscripts - postrotate - # just if mariadbd is really running -- if test -x @bindir@/mysqladmin && \ -- @bindir@/mysqladmin ping &>/dev/null -- then -- @bindir@/mysqladmin --local flush-error-log \ -- flush-engine-log flush-general-log flush-slow-log -- fi -+ if [ -e @PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ] -+ then -+ kill -1 $(<@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid) -+ fi - endscript - } + + # Depends on a mysql@localhost unix_socket authenticated user with RELOAD privilege + @su_user@ +@@ -45,11 +45,6 @@ + # has thanks to the default use of Unix socket authentication for the 'mysql' + # (or root on Debian) account used everywhere since MariaDB 10.4. + postrotate +- if test -r /etc/mysql/debian.cnf +- then +- EXTRAPARAM='--defaults-file=/etc/mysql/debian.cnf' +- fi +- + if test -x @bindir@/mariadb-admin + then + @bindir@/mariadb-admin $EXTRAPARAM --local flush-error-log \ + diff --git a/mariadb.spec b/mariadb.spec index a070392..cf5fe33 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -968,11 +968,6 @@ rm %{buildroot}%{_mandir}/man1/mytop.1* # Should be shipped with mariadb-connector-c rm %{buildroot}%{_mandir}/man1/mariadb_config.1* -# put logrotate script where it needs to be -mkdir -p %{buildroot}%{logrotateddir} -mv %{buildroot}%{_datadir}/%{pkg_name}/mysql-log-rotate %{buildroot}%{logrotateddir}/%{daemon_name} -chmod 644 %{buildroot}%{logrotateddir}/%{daemon_name} - # for compatibility with upstream RPMs, create mysqld symlink in sbin mkdir -p %{buildroot}%{_sbindir} ln -s %{_libexecdir}/mysqld %{buildroot}%{_sbindir}/mysqld @@ -1008,7 +1003,7 @@ touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck install -p -m 0755 %{_vpath_builddir}/scripts/clustercheck %{buildroot}%{_bindir}/clustercheck # remove duplicate logrotate script -rm %{buildroot}%{logrotateddir}/mysql +rm %{buildroot}%{_datadir}/mariadb/mariadb.logrotate # Remove AppArmor files rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor