Page MenuHomePhabricator

questions about standalone wmf-mariadb103
Closed, ResolvedPublic

Description

We have a few use cases where we need stand-alone mysql databases. In particular powerdns uses a local database.

With previous versions of the wmf-mariadb package, I've been able to install the packages with puppet, and then

# /path/to/mysql_install_db
<snip>
# mysql
mysql:root@localhost [(none)]>

The latest package (wmf-mariadb103, on Stretch) doesn't seem to support that. The install_db command fails because it's expecting to be installed in /opt/wmf-mariadb10 instead of /opt/wmf-mariadb103. When I work around that with a symlink I can bootstrap, but then I see...

# mysql
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

And, indeed, /tmp/mysql.sock doesn't exist.

I'm not sure whether this is an issue with the package being broken, or just that I'm not using it as intended. If the latter, can you suggest the 'proper' way to get mysql up and running for my purposes? Should I just use debian stock mysql packages?

Details

Related Gerrit Patches:

Event Timeline

Andrew created this task.Apr 19 2019, 4:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2019, 4:24 PM

Huh, the socket is /tmp/systemd-private-838b9005a03d4e24b1649b6ecbae7bb3-mariadb.service-rKXi7L/tmp/mysql.sock

Unexpected!

For the record I ran into this at T219087 and basically my way around it was find /tmp -name mysql.sock, which returned something like /tmp/systemd-private-d6c71da3465641b3aa68e8390a2cc75c-mariadb.service-HPflMl/tmp/mysql.sock, then ran mysql -S <path>

Is there any specific reason to use 10.3 instead of 10.1?
@jcrespo is our package master, so he can probably provide more info about it. However, I believe 10.3 isn't fully ready yet from a package point of view, configuration+puppet as well.

Regarding the error itself, you might need to adjust your socket configuration to point to: socket = /run/mysqld/mysqld.sock (for both mysqld and for the client)

Marostegui triaged this task as Medium priority.Apr 22 2019, 5:13 AM

Adding @arturo who wrote a46d04c79dbb7d9690ea9998260dfaf06fc383b6 to install 10.3 on Stretch.

Adding @arturo who wrote a46d04c79dbb7d9690ea9998260dfaf06fc383b6 to install 10.3 on Stretch.

I just used the most recent version in the repo. If 10.1 is better, let's just switch the version in the puppet class.

Change 505641 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] openstack: pdns: auth: use mariadb 10.1 on stretch

https://gerrit.wikimedia.org/r/505641

Change 505641 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] openstack: pdns: auth: use mariadb 10.1 on stretch

https://gerrit.wikimedia.org/r/505641

We will at some point go for 10.3 but I don't think we are ready for it. It hasn't been properly tested yet, if you want to be an early adopter within WMF that's fine by me, otherwise I would suggest to go for 10.1 and migrate once we are a bit more sure about 10.3 :-)

wmf-mariadb103 doesn't exist, and if it exists, it won't work- we don't support it yet as we found some bugs and we are not working on those at the moment. The plan is only to support wmf-mariadb101 for stretch, and wmf-mariadb103 for buster (we stopped supporting wmf-mariadb for ubuntu and wmf-mariadb10 for jessie). If you need a roadmap, please ask us.

Having said that, the instructions on the body seem to me like a security concern, as no proper security hardening is done.

Also /tmp must never be used for socket location, because that is another security concern (everybody can write to /tmp, so it was banned at T148507), so both you and @Krenair might be doing bad practices regarding mysql installation (not sure about that), and that is why you may run into issues (systemd enforces no tmp access). We don't mind if you use wmf-mariadb1* (instead of the debian package), but please understand that if you do, that requires extra work, as the focus of wmf-mariadb* packages, patches and configuration is serving mediawiki on production -with automation provided outside of the installation (very low level setup)-, not a general-purpose package, easy to maintain by everyone.

Note that not supporting doesn't mean we don't accept and review patches if other people submit them for their use case, but we are not actively working on them at the moment. Alternatively, our MariaDB puppet module should be compatible with the Debian package for the most part if that is easier.

Marostegui assigned this task to Andrew.Apr 26 2019, 1:33 PM

Assigning this back to you to decide what you want to do :-)
Our opinion has been given :-) T221463#5127855 T221463#5130471
Basically: better to use 10.1 on stretch and do not place the socket under /tmp :-)

Reedy renamed this task from questions about standalone wmf-mariadb103 to questions about standalone wmf-mariadb103.Apr 26 2019, 1:35 PM
Marostegui closed this task as Resolved.May 6 2019, 5:32 AM

Resolving this for now - please re-open if needed