 f46e152506
			
		
	
	f46e152506
	
	
	
		
			
			This patch adds the `galera_disable_privatedevices` variable that allows deployers to disable PrivateDevices in the systemd unit file shipped with MariaDB 10.1+ on CentOS 7 systems. This is a workaround to fix the systemd/LXC issues with bind mounting an already bind mounted `/dev/ptmx` inside the LXC container. See Launchpad bug, lxc/lxc#1623, or systemd/systemd#6121 for more details. Co-Authored-By: Major Hayden <major@mhtx.net> Closes-bug: 1697531 Change-Id: I8a74113bd16a768a4754fb1f6ee04caf1ac82920
		
			
				
	
	
		
			22 lines
		
	
	
		
			1014 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			22 lines
		
	
	
		
			1014 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| issues:
 | |
|   - |
 | |
|     MariaDB 10.1+ includes `PrivateDevices=true` in its systemd unit files to
 | |
|     add extra security around mount namespaces for MariaDB. While this is
 | |
|     useful when running MariaDB on a bare metal host with other services, it
 | |
|     is less useful when MariaDB is already in a container with its own
 | |
|     namespaces. In addition, LXC 2.0.8 presents `/dev/ptmx` as a bind mount
 | |
|     within the container and systemd 219 (on CentOS 7) cannot make an
 | |
|     additional bind mount of `/dev/ptmx` when `PrivateDevices` is enabled.
 | |
| 
 | |
|     Deployers can `galera_disable_privatedevices` to `yes` to set
 | |
|     `PrivateDevices=false` in the systemd unit file for MariaDB on CentOS 7.
 | |
|     The default is `no`, which keeps the default systemd unit file settings
 | |
|     from the MariaDB package.
 | |
| 
 | |
|     For additional information, refer to the following bugs:
 | |
| 
 | |
|     * https://bugs.launchpad.net/openstack-ansible/+bug/1697531
 | |
|     * https://github.com/lxc/lxc/issues/1623
 | |
|     * https://github.com/systemd/systemd/issues/6121
 |