New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/mysql: run postStart as an unprivileged user #95231
Conversation
@GrahamcOfBorg test mysql |
4c60882
to
019e1dc
Compare
019e1dc
to
a0539fb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From a read-only review, this looks like a well-done and necessary cleanup of the module.
155e5a6
to
8062538
Compare
count=0 | ||
while [ ! -e /run/mysqld/mysqld.sock ] | ||
do | ||
if [ $count -eq 30 ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know, that this has been like this before, but I think 30 seconds might not be quite enough, especially for large instances. I've got two servers in production which need several minutes to start up (they're using a custom MySQL NixOS module). They're MariaDB instances however and thus have support for notify, but longer startup times (especially if eg. innodb tables need to be recovered) could happen for MySQL as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aszlig if you want to provide a value for me I'd be happy to add a commit for you in my next PR against this module (which is coming soon). I've seen 600 seconds as a timeout on some other distros for mysql
.
Merging based on review and feedback. Thanks all 🎉 |
@GrahamcOfBorg test mysql |
The |
Also had to run the following commands under `sudo mysql -u root`: CREATE USER IF NOT EXISTS 'mysql'@'localhost' identified with unix_socket; GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; Otherwise, mysql would fail to start in `ensureDatabases` with Aug 23 03:03:11 azazel mysql-post-start[254503]: + /nix/store/nr3klbhk0cni9v0azgc2kjnajv83k31r-mariadb-server-10.4.14/bin/mysql -N Aug 23 03:03:11 azazel mysql-post-start[254503]: ERROR 1044 (42000) at line 1: Access denied for user ''@'localhost' to database 'ostrov-tucnaku' The solution is described in NixOS/nixpkgs#95231.
Motivation for this change
root
upstream
My intention is to squash e3c210d (
nixos/mysql: run ExecStartPost as an unprivileged user
) and a0539fbe8635205ce3e5d0bf4daba316a92651ba (nixos/mysql: move ExecStartPost into postStart
) before merge.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)ping @thorstenweber83