summaryrefslogtreecommitdiff
path: root/support-files/mariadb@.service.in
blob: 371b7047eacb1e3611fc5843cc748cf52e9ee330 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
# Multi instance version of MariaDB
#
# Use this if you run multiple instances of MariaDB on a single server.
#
# This systemd service is not suitable for Galera as specialised SST recovery
# scripts are needed.
#
#
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades.  If you want to customize, the
# best way is to create a file "/etc/systemd/system/mariadb@.service",
# containing
#	.include /usr/lib/systemd/system/mariadb@.service
#	...make your changes here...
# or create a file "/etc/systemd/system/mariadb@.service.d/foo.conf",
# which doesn't need to include ".include" call and which will be parsed
# after the file mariadb@.service itself is parsed.
#
# For more info about custom unit files, see systemd.unit(5) or
# https://mariadb.com/kb/en/mariadb/systemd/
#
# Copyright notice:
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
#
# MULTI INSTANCES
#
# When multiple instances of MariaDB are running on a server they need to
# ensure that they don't conflict with each other. This includes elements
# like network ports, sockets and data directories listed under CONFLICTING
# VARIABLES below. The systemd environment variable MYSQLD_MULTI_INSTANCE
# controls each instance to ensure it is run independently. It is passed to
# mariadbd and mysql_install
#
# By default, a group suffix exists and within the default configuration
# files, a group [mariadbd.{instancename}] is read for each service. Other
# default groups, like [server.{instancename}] and [mariadb.{instancename}],
# are also read. For each instance, one of the groups will need to contain
# the conflicting variables listed below under CONFLICTING VARIABLES.
#
# The MYSQLD_MULTI_INSTANCE environment used is:
#    Environment='MYSQLD_MULTI_INSTANCE=--defaults-group-suffix=.%I --basedir=@prefix@'
#
#
# APPLYING YOUR MULTI INSTANCE MECHANISM
#
# To apply one of the non-default multi-instance mechanisms, create a file
# "/etc/systemd/system/mariadb@.service.d/multi.conf" containing:
#
#   [Service]
#   Environment=MYSQLD_MULTI_INSTANCE="...."
#
# Include any other settings you which to override. Directives like Exec* are
# lists and adding a directive will append to the list. You can clear the list
# by starting with "Directive=" and no value. Follow this by the list that you
# do want. See the systemd.unit(5) manual page for more information.
#
# Then run "systemctl daemon-reload".
#
#
# EXAMPLE MYSQLD_MULTI_INSTANCE CONFIGURATIONS
#
# Configuration File Based Mechanism:
#
# This has a configuration file per instance.
#
#   [Unit]
#   ConditionPathExists=@sysconfdir@/my.%I.cnf
#
#   [Service]
#   Environment=MYSQLD_MULTI_INSTANCE=--defaults-file=@sysconfdir@/my.%I.cnf
#
# Here you need to create a configuration file @sysconfdir@/my.%I.cnf for each
# instance, each containing the conflicting variables to separate instances.
#
#
# Multi User Based Mechanism:
#
# Here each user (the instance name) has their own mysql instance.
#
# Create instances in users home directory with abstract socket:
#
#   [Service]
#   User=%I
#   ProtectHome=false
#   ExecStartPre=
#   ExecStartPre=@scriptdir@/mysql_install_db $MYSQLD_MULTI_INSTANCE \
#       --auth-root-authentication-method=socket --auth-root-socket-user=%I
#   Environment=MYSQLD_MULTI_INSTANCE="--defaults-file=/home/%I/my%I.cnf \
#       --datadir=/home/%I/mysqldatadir --skip-networking --socket=@mysql-%I"
#
#
# Command Line Mechanism:
#
# This is a good way run multiple instance where there is little difference
# in configuration between instances.
#
#   [Service]
#   Environment=MYSQLD_MULTI_INSTANCE="--socket=/var/run/mysqld/%I.sock \
#                        --datadir=/var/lib/mysqld-multi/%I \
#                        --skip-networking"
#
#
# CONFLICTING VARIABLES
#
# A number of MariaDB system variables may conflict. The main ones that need to
# be set because their default values will conflict are:
#   * socket
#   * port
#   * datadir
#
#
# PRE-10.4
#
# Before 10.4 MYSQLD_MULTI_INSTANCE was effectively --defaults-file=@sysconf2dir@/my%I.cnf
# As @sysconfdir@/my.cnf included these files it was a bad choice as an
# existing single instance would include all these files. If you want to
# continue a file based multi-instance mariadbd, recommend the Configuration File
# Based Mechanism above and moving @sysconf2dir@/my%I.cnf files to @sysconfdir@/my%I.cnf.
#
#
# SELINUX
#
# As basic selinux rules are written around a single instance of MariaDB you may need
# to define labels for the files and network ports of all instances.
#
# See: https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#selinux
#
#
# STARTING
#
# Start the instance: systemctl start mariadb@{instancename}.service
#
#
# DOCUMENTATION:
#
# Read https://mariadb.com/kb/en/mariadb/systemd/ regarding customisation.
#
# Also see systemd man pages: systemd.unit(5), systemd.exec(5) and
# systemd.service(5)

[Unit]
Description=MariaDB @VERSION@ database server (multi-instance %I)
Documentation=man:mariadbd(8)
Documentation=https://mariadb.com/kb/en/library/systemd/
After=network.target

# Negated condition here is because 10.3 and before had @sysconf2dir@/my%I.cnf
# as the configuration difference for multiple instances. This condition here
# to prevent an accidental change during an upgrade in the case the user
# created these file(s).
#
## See Environment=MYSQLD_MULTI_INSTANCE below for current recommended options.
ConditionPathExists=!@sysconf2dir@/my%I.cnf


[Install]
WantedBy=multi-user.target


[Service]
##############################################################################
## Core requirements
##

Type=notify

# Setting this to true can break replication and the Type=notify settings
# See also bind-address mariadbd option.
PrivateNetwork=false

##############################################################################
## Package maintainers
##

# CAP_IPC_LOCK To allow memlock to be used as non-root user
# CAP_DAC_OVERRIDE To allow auth_pam_tool (which is SUID root) to read /etc/shadow when it's chmod 0
#   does nothing for non-root, not needed if /etc/shadow is u+r
# CAP_AUDIT_WRITE auth_pam_tool needs it on Debian for whatever reason
CapabilityBoundingSet=CAP_IPC_LOCK CAP_DAC_OVERRIDE CAP_AUDIT_WRITE

# PrivateDevices=true implies NoNewPrivileges=true and
# SUID auth_pam_tool suddenly doesn't do setuid anymore
PrivateDevices=false

# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full

# Requires kernel 4.14 or later and SELinux transition rule for mysqld_t
# (https://github.com/systemd/systemd/issues/3845)
# NoNewPrivileges=true

# Prevent accessing /home, /root and /run/user
ProtectHome=true

# Needed to create system tables etc.
ExecStartPre=@scriptdir@/mysql_install_db $MYSQLD_MULTI_INSTANCE

# Start main service
# A few variables are here:
# * MYSQLD_MULTI_INSTANCE - control how multiple instances are distinguisable
# * MYSQLD_OPTS - user definable extras - not a replacement for my.cnf
#
# Note 1: Place $MYSQLD_OPTS at the very end for its options to take precedence.
ExecStart=@sbindir@/mariadbd $MYSQLD_MULTI_INSTANCE $MYSQLD_OPTS

@SYSTEMD_EXECSTARTPOST@

KillSignal=SIGTERM

# Don't want to see an automated SIGKILL ever
SendSIGKILL=no

# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s

UMask=007

##############################################################################
## USERs can override
##
##
## by creating a file in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
## and adding/setting the following below [Service] will override this file's
## settings.

# Useful options not previously available in [mysqld_safe]

# Kernels like killing mariadbd when out of memory because its big.
# Lets temper that preference a little.
# OOMScoreAdjust=-600

# Explicitly start with high IO priority
# BlockIOWeight=1000

# If you don't use the /tmp directory for SELECT ... OUTFILE and
# LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
PrivateTmp=false

# Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
# this is the same value as used in SysV init scripts in the past
# if you need a longer timeout, check the KB:
# https://mariadb.com/kb/en/library/systemd/#configuring-the-systemd-service-timeout
TimeoutStartSec=900
TimeoutStopSec=900

# Controlling how multiple instances are separated. See top of this file.
# Note: This service isn't User=mysql by default so we need to be explicit.
# It is as an option here as a user may want to use the MYSQLD_MULTI_INSTANCE
# to run multiple versions.
Environment='MYSQLD_MULTI_INSTANCE=--defaults-group-suffix=.%I'

# While you can override these, you shouldn't leave them empty as that
# will default to root.
User=mysql
Group=mysql

##
## Options previously available to be set via [mysqld_safe]
## that now needs to be set by systemd config files as mysqld_safe
## isn't executed.
##

# Number of files limit. previously [mysqld_safe] open-files-limit
LimitNOFILE=16364

# Maximium core size. previously [mysqld_safe] core-file-size
# LimitCore=

# Nice priority. previously [mysqld_safe] nice
# Nice=-5

# Timezone. previously [mysqld_safe] timezone
# Environment="TZ=UTC"

# Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths
# (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=

# Flush caches. previously [mysqld_safe] flush-caches=1
# ExecStartPre=sync
# ExecStartPre=sysctl -q -w vm.drop_caches=3

# numa-interleave=1 equalivant
# Change ExecStart=numactl --interleave=all @sbindir@/mariadbd......

# crash-script equalivent
# FailureAction=