ubuntu 16.04下使用APT安装的MySQL的数据库,目录同时接受apparmor的管理,因此在修改数据库目录的时候,需要同步更新apparmor的配置文件。如果只是迁移数据库的话
$ sudo service mysql stop $ sudo mv /var/lib/mysql /data/ $ sudo ln -s /data/mysql /var/lib/mysql $ sudo cp /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/usr.sbin.mysqld.bak # 增加数据库的访问目录权限,增加如下目录的权限 # /data/mysql/ r, # /data/mysql/** rw, $ sudo sed -i "s/^[ \t]*\/var\/lib\/mysql\/\*\* rw,/ \/var\/lib\/mysql\/** rw,\n \/data\/mysql r,\n \/data\/mysql\/** rwk,/g" /etc/apparmor.d/usr.sbin.mysqld # 检查完成无误之后,需要删除备份的 usr.sbin.mysqld.bak ,老版本的 apparmor 不会解析备份的文件/或者解析顺序变更了,但是新版本的会解析,导致出现两个不同的配置同时存在,引起异常 $ sudo rm -rf /etc/apparmor.d/usr.sbin.mysqld.bak $ sudo service apparmor restart $ sudo service mysql start
对于日志文件一起迁移的情况
$ sudo service tomcat7 stop $ sudo service denyhosts stop $ sudo service php7.0-fpm stop $ sudo service apache2 stop $ sudo service mysql stop $ sudo service nginx stop $ sudo service apparmor stop $ sudo mv /var/log /data/ $ sudo ln -s /data/log /var/log # 配置日志文件的访问目录权限,增加如下目录的权限 # /data/log/mysql.err rw, # /data/log/mysql.log rw, # /data/log/mysql/ r, # /data/log/mysql/** rw, $ sudo sed -i "s/^[ \t]*\/var\/log\/mysql\/\*\* rw,/ \/var\/log\/mysql\/** rw,\n\n \/data\/log\/mysql.err rw,\n \/data\/log\/mysql.log rw,\n \/data\/log\/mysql\/ r,\n \/data\/log\/mysql\/** rw,/g" /etc/apparmor.d/usr.sbin.mysqld # 逐个启动服务,不如直接重启系统 $ sudo reboot
如果依旧启动失败,并且 `MySQL` 是从低版本升级上来的,并且目前正在使用的版本大于或者等于 `MySQL 5.7` ,执行 `journalctl -xe` 观察到类似如下内容:
-- Unit mysql.service has begun starting up. Aug 20 10:16:50 AY130422143404983ad9 audit[8762]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/8762/status" pid=8762 comm="mysqld" requested_mask="r" denied_mask= Aug 20 10:16:50 AY130422143404983ad9 kernel: audit_printk_skb: 21 callbacks suppressed Aug 20 10:16:50 AY130422143404983ad9 kernel: audit: type=1400 audit(1566267410.233:325): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/8762/status" pid=8762 comm="mysq Aug 20 10:16:50 AY130422143404983ad9 audit[8762]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=8762 comm="mysqld" requested_mask="r" deni Aug 20 10:16:50 AY130422143404983ad9 audit[8762]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/8762/status" pid=8762 comm="mysqld" requested_mask="r" denied_mask= Aug 20 10:16:50 AY130422143404983ad9 kernel: audit: type=1400 audit(1566267410.237:326): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=8762 co Aug 20 10:16:50 AY130422143404983ad9 kernel: audit: type=1400 audit(1566267410.237:327): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/8762/status" pid=8762 comm="mysq Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.244672Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000) Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.244721Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000) Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.418600Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.418629Z 0 [Warning] 'NO_ZERO_DATE', 'NO_ZERO_IN_DATE' and 'ERROR_FOR_DIVISION_BY_ZERO' sql modes should be used with strict Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.420618Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.27-0ubuntu0.16.04.1-log) starting as process 8762 ... Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.422604Z 0 [ERROR] Could not open file '/var/log/mysql/error.log' for error logging: Permission denied Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.423358Z 0 [ERROR] Aborting Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.423499Z 0 [Note] Binlog end Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.423685Z 0 [Note] /usr/sbin/mysqld: Shutdown complete Aug 20 10:16:50 AY130422143404983ad9 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
那么,此时的`MySQL`的 `apparmor` 配置文件可能还没有更新,这个时候,我们需要手工在`/etc/apparmor.d/usr.sbin.mysqld` 增加几个文件目录的权限,如下:
/proc/*/status r, /sys/devices/system/node/ r, /sys/devices/system/node/node0/meminfo r,
另外,注意到我这边出现
Aug 20 10:16:50 AY130422143404983ad9 mysqld[8762]: 2019-08-20T02:16:50.422604Z 0 [ERROR] Could not open file '/var/log/mysql/error.log' for error logging: Permission denied
此时,如果检查目录权限,出现如下现象:
$ ls -la /var/log/mysql/ total 256260 dr--r-s--- 2 mysql adm 4096 Aug 20 10:04 . drwxrwxr-x+ 21 root syslog 4096 Aug 20 06:25 .. -rw-r--r-- 1 mysql adm 0 Aug 20 10:04 error.log -r--r-x---+ 1 mysql adm 2982 Aug 20 06:25 error.log.1 -r--r-x---+ 1 mysql adm 3195 Aug 19 01:52 error.log.2.gz -r--r-x---+ 1 mysql adm 20 Aug 17 06:25 error.log.3.gz -r--r-x---+ 1 mysql adm 20 Aug 16 06:25 error.log.4.gz -r--r-x---+ 1 mysql adm 20 Aug 15 06:25 error.log.5.gz -r--r-x---+ 1 mysql adm 20 Aug 14 06:25 error.log.6.gz -r--r-x---+ 1 mysql adm 20 Aug 13 06:25 error.log.7.gz -r--r-x---+ 1 mysql adm 20 Aug 12 06:25 error.log.8.gz -r--r-x---+ 1 mysql adm 11235835 Aug 10 06:25 mysql-bin.000637 -r--r-x---+ 1 mysql adm 9529581 Aug 11 06:25 mysql-bin.000638 -r--r-x---+ 1 mysql adm 8299217 Aug 12 06:25 mysql-bin.000639 -r--r-x---+ 1 mysql adm 15319155 Aug 13 06:25 mysql-bin.000640 -r--r-x---+ 1 mysql adm 15816427 Aug 14 06:25 mysql-bin.000641 -r--r-x---+ 1 mysql adm 47746113 Aug 15 06:25 mysql-bin.000642 -r--r-x---+ 1 mysql adm 29508705 Aug 16 06:25 mysql-bin.000643 -r--r-x---+ 1 mysql adm 29720349 Aug 17 06:25 mysql-bin.000644 -r--r-x---+ 1 mysql adm 34429847 Aug 18 06:25 mysql-bin.000645 -r--r-x---+ 1 mysql adm 10252663 Aug 18 19:10 mysql-bin.000646 -r--r-x---+ 1 mysql adm 3971401 Aug 19 01:51 mysql-bin.000647 -r--r-x---+ 1 mysql adm 1799987 Aug 19 06:25 mysql-bin.000648 -r--r-x---+ 1 mysql adm 44653600 Aug 20 06:25 mysql-bin.000649 -r--r-x---+ 1 mysql adm 416 Aug 19 06:25 mysql-bin.index
那么需要变更用户的所有者,早期版本支持所有者为 `adm` 用户组,新版本需要 `mysql` ,我们执行如下命令:
$ sudo chown -R mysql:mysql /var/log/mysql* $ sudo service mysql restart