f46e152506
This patch adds the `galera_disable_privatedevices` variable that allows deployers to disable PrivateDevices in the systemd unit file shipped with MariaDB 10.1+ on CentOS 7 systems. This is a workaround to fix the systemd/LXC issues with bind mounting an already bind mounted `/dev/ptmx` inside the LXC container. See Launchpad bug, lxc/lxc#1623, or systemd/systemd#6121 for more details. Co-Authored-By: Major Hayden <major@mhtx.net> Closes-bug: 1697531 Change-Id: I8a74113bd16a768a4754fb1f6ee04caf1ac82920
22 lines
1014 B
YAML
22 lines
1014 B
YAML
---
|
|
issues:
|
|
- |
|
|
MariaDB 10.1+ includes `PrivateDevices=true` in its systemd unit files to
|
|
add extra security around mount namespaces for MariaDB. While this is
|
|
useful when running MariaDB on a bare metal host with other services, it
|
|
is less useful when MariaDB is already in a container with its own
|
|
namespaces. In addition, LXC 2.0.8 presents `/dev/ptmx` as a bind mount
|
|
within the container and systemd 219 (on CentOS 7) cannot make an
|
|
additional bind mount of `/dev/ptmx` when `PrivateDevices` is enabled.
|
|
|
|
Deployers can `galera_disable_privatedevices` to `yes` to set
|
|
`PrivateDevices=false` in the systemd unit file for MariaDB on CentOS 7.
|
|
The default is `no`, which keeps the default systemd unit file settings
|
|
from the MariaDB package.
|
|
|
|
For additional information, refer to the following bugs:
|
|
|
|
* https://bugs.launchpad.net/openstack-ansible/+bug/1697531
|
|
* https://github.com/lxc/lxc/issues/1623
|
|
* https://github.com/systemd/systemd/issues/6121
|