maria-discuss team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Daniel!

On Apr 10, Daniel Black wrote:
> Quick proof of concept logrotate that hasn't really been changed in a while.
> 
> The aim is to get this closer to a state for distro maintainers to use
> directly.
> 
> By using a dedicated SQL user this shouldn't conflict with an existing
> user root user (which users always use despite the ability create other
> users with SUPER privs). As users will occasional change the password on
> the root without taking into account that logrotate typically uses the
> same user. Relying on users to update /root/.my.cnf is unreliable.
> Giving selinux permissions to allow logrotate read files under /root is
> also a little excessive.
> 
> Using a dedicated mysqladmin.logrotate this won't conflict with existing
> mysqladmin group.

1. What user logrotate is normally run as?

2. Does logrotate really need to connect to mysqld do issue "FLUSH"?
   Why not send SIGHUP instead? This needs no user and no password.

> Adds slow query log and general log to the logrotate script. Binary logs
> are deliberately omitted (MDEV-11610).
> 
> https://mariadb.com/kb/en/mariadb/sql_error_log-plugin/ seems to have
> its own rotation)
> 
> Proposed changes:
> 
> https://github.com/MariaDB/server/compare/10.2...grooverdan:10.2-logrotate?expand=1

I don't have logrotate installed locally, so I've googled for "man logrotate",
and the man page said it's "sharedscripts", not "shared". Why did you
have "shared" - different logrotate version?

I have no opinion on "daily" vs "weekly" and "rotate 3" vs "4".

> mysqladmin --local uses SET SESSION SQL_LOG_BIN=0 so I'll change its
> implementation to use FLUSH LOCAL ... which would preserve the need to
> use RELOAD only privs for logrotate.

Right, good idea.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx