maria-discuss team mailing list archive
-
maria-discuss team
-
Mailing list archive
-
Message #06190
Re: demo: running MariaDB with rootless Podman and socket activation
Erik,
Thanks for the email and repository.
On Wed, Feb 9, 2022 at 9:18 AM Erik Sjölund <erik.sjolund@xxxxxxxxx> wrote:
>
> Hi,
> Support for socket activation was added to MariaDB in release 10.6
> (released April 2021). Podman also supports socket activation
Nice. I saw some bits around sdnotify but didn't realize full socket
activation was there.
> so I
> thought it would be interesting to combine both of them into a systemd
> user service.
>
> I wrote a small demo:
> https://github.com/eriksjolund/mariadb-podman-socket-activation
> (tweet: https://twitter.com/eriksjolundcomp/status/1491162016429768704)
>
> and got it to work.
>
> Do you have any suggestions on how to improve this?
I did a few suggestions in
https://github.com/eriksjolund/mariadb-podman-socket-activation/pull/1
(tcp changes probably mirror these).
In general from what I've learnt with podman and systemd, the more you
can keep to the defaults the better.
There's some really powerful concepts with unix_socket auth across
into the container if you get the uid mapping, try to map the local %u
(uid - %U) to the mysql(999) user (or another user and start the
container with --user).
You'll probably need to add a user to the container. With that you'll
have a unix socket auth based mechanism in the container directly.
Also the current container entrypoint avoids creating unix socket auth
users (until very recently in a limited way
https://github.com/MariaDB/mariadb-docker/pull/409). Maybe its too
fiddly however to get right.
The mariadb has the service Restart as:
# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
If conmon acts a true passthough maybe the same option is needed. I
guess try with some invalid configuration.
In my talk https://lca2022.linux.org.au/schedule/presentation/18/ I
did get asked about systemd --user implemented and new it wasn't too
hard. Thanks for going a step further and integrating with podman.
Thanks for sharing.
> Thanks,
> Erik Sjölund
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help : https://help.launchpad.net/ListHelp
Follow ups
References