Page MenuHomePhabricator

role::simplelamp fails to start mysql due to apparmor
Open, LowPublic

Description

Installed a new instance an enabled role::simplelamp on it. Apache comes up fine, but mysqld fails. The instance is using the ubuntu-14.04-trusty image. dmesg contains the following:

[1119949.334982] type=1400 audit(1456950475.834:16997): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/srv/mysql/ibdata1" pid=3731 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=112 ouid=112

It looks like hieradata/labs.yaml in operations/puppet should be disabling apparmor, but it still seems in effect:

mysql::server::use_apparmor: false

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 2 2016, 8:50 PM

I was able to workaround by doing the following:

sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo service apparmor reload
sudo  puppet agent -tv
chasemp triaged this task as Low priority.Apr 4 2016, 2:07 PM
Dzahn added a subscriber: Dzahn.Feb 8 2019, 10:33 PM

It looks like hieradata/labs.yaml in operations/puppet should be disabling apparmor, but it still seems in effect:
mysql::server::use_apparmor: false

I stumbled upon this tasked by accident but this seemed familar, look here, i removed that.

https://gerrit.wikimedia.org/r/c/operations/puppet/+/470726

So that resolved this ticket too i think ?

Also T215662 means we want to use mariadb instead of the mysql module.

Mentioned in SAL (#wikimedia-cloud) [2019-02-08T22:52:18Z] <mutante> - creating throw away instance to test if T128642 is still true or not

Dzahn added a comment.Feb 8 2019, 11:20 PM

tested on a fresh instance. still broken, ack

Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, Failed to parse template mysql/apparmor.template.usr.sbin.mysqld.erb:
  Filepath: /etc/puppet/modules/mysql/templates/apparmor.template.usr.sbin.mysqld.erb
  Line: 27
  Detail: undefined local variable or method `config_file' for #<Puppet::Parser::TemplateWrapper:0x007f3959599950>
 at /etc/puppet/modules/mysql/manifests/server.pp:59:20 on node t128642.wikistats.eqiad.wmflabs
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Mentioned in SAL (#wikimedia-cloud) [2019-09-30T19:17:38Z] <mutante> - deleted old instances T128642 and T21008

bd808 edited projects, added Cloud-VPS, Puppet; removed Cloud-Services.Sat, Jan 4, 8:32 PM