In this blog post, we talk about what happened during an installation of the Tungsten Cluster into an environment with SELinux running and mis-configured.
An attempt to execute `tpm install` on v5.3.2 recently failed with the below error:
ERROR >> node3_production_customer_com >> Unable to run 'sudo systemctl status mysqld.service' or the database server is not running (DatasourceBootScriptCheck) Update the /etc/sudoers file or disable sudo by adding --enable-sudo-access=false
Worse, this customer reported that this appeared as a WARNING only in Dev and Staging tests. So we checked, and it seemed we were able to access
shell> sudo systemctl status mysqld.service ● mysqld.service - MySQL Percona Server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled) Active: activating (start-post) since Tue 2018-06-19 17:46:19 BST; 1min 15s ago Process: 448996 ExecStart=/usr/bin/mysqld_safe (code=exited, status=0/SUCCESS) Process: 448964 ExecStartPre=/usr/bin/mysql-systemd pre (code=exited, status=0/SUCCESS) Main PID: 448996 (code=exited, status=0/SUCCESS); : 448997 (mysql-systemd) CGroup: /system.slice/mysqld.service └─control ├─448997 /bin/bash /usr/bin/mysql-systemd post └─450505 sleep 1 Jun 19 17:46:19 node3.production.customer.com systemd: Starting MySQL Percona Server... Jun 19 17:46:19 node3.production.customer.com mysqld_safe: 180619 17:46:19 mysqld_safe Logging to '/var/log/mysqld.log'. Jun 19 17:46:19 node3.production.customer.com mysqld_safe: 180619 17:46:19 mysqld_safe Starting mysqld daemon with databases from /dbdata/data01 Jun 19 17:46:20 node3.production.customer.com mysqld_safe: 180619 17:46:20 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
The problem with the
systemctl start-up for MySQL turned out to be related to SELinux, with the /data filesystem and the non-standard port having the wrong contexts.
The solution was to inform SELinux about the additional disk and port resources:
- Ensure the file contexts are set correctly for SELinux, in this case allow MySQL data to be stored in a non-standard location (
semanage fcontext -a -t etc_runtime_t /data restorecon -Rv /data/ semanage fcontext -a -t mysqld_db_t "/data(/.*)?" restorecon -Rv /data/*
- By default, MySQL uses port 3306, but our best practice is to change it to 13306 to prevent accidental connection directly to the database, bypassing the required Connector. If using a non-standard PORT for MySQL and SELinux is enabled, you must also change the port context:
semanage port -a -t mysqld_port_t -p tcp 13306
In future articles, we will continue to cover more advanced subjects of interest!
Questions? Contact Continuent