[MCOL-4012] Enable ColumnStore to run as a non root user - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.4.1
Component/s: installation
Labels:
None

Description

MCS itself is perfectly fine running w/o root privileges except a couple of things:
ExeMgr, WriteEngine and PrimProc raise a number of open file descriptors so systemd units must contain LimitNOFILE=65536.
There are a number of directories that must have appropriate access modes and owners. Here is the list of related commands I run to get MCS working under an arbitrary user.

chown -R mcs /var/log/mariadb/columnstore/

chown -R mcs /etc/columnstore/

chown -R mcs /var/lib/columnstore/

chown -R mcs /tmp/columnstore_tmp_files/

chmod 764 /tmp/columnstore_tmp_files/

There is a relevant article on installing MCS under non-root user.

The upgrade from 1.2/4 to 1.5 must be tested.

Attachments

Issue Links

causes

MCOL-4328 New segments files created as the result of bulk insertion with cpimport belongs to root

Closed

includes

MCOL-4194 Running As Non Root Failing

Closed

MCOL-4195 CMAPI Cannot Communicate When Running As Non-Root

Closed

relates to

MCOL-4283 Crash/assertion failure after "RWLock failed to attach to the InfiniDB-shm-00020000 shared mem segment, got Permission denied"

Closed

Activity

Ascending order - Click to sort in descending order

Roman added a comment - 2020-09-02 13:38

4QA All MCS services now runs under mysql user. Plz run generic tests to confirm that MCS operates.

Roman added a comment - 2020-09-02 13:38 4QA All MCS services now runs under mysql user. Plz run generic tests to confirm that MCS operates.

Daniel Lee (Inactive) added a comment - 2020-09-15 21:19

build tested: 1.5.4-1 (drone #631

Verified that ColumnStore processes are running under 'mysql'user, except:

root 13570 2.4 0.7 1392128 47264 ? Ssl 13:28 11:05 /opt/cmapi/python/bin/python3 -m cmapi_server

Development confirmed that is per design for now.

There is a permission issue for cpimport. During cpimport, if new .cdf files need to be created, the files are created under 'root' user. Therefore, queries would fail. LDI using batch insert seems to be fine.

MariaDB [mytest]> select count from t1;
ERROR 1815 (HY000): Internal error: An unexpected condition within the query caused an internal processing error within Columnstore. Please check the log files for more details. Additional Information: error in BatchPrimitivePro

crit.log

Sep 15 21:03:11 localhost PrimProc[13143]: 11.365443 |0|0|0| C 28 CAL0000: thr_popper: Error opening file for OID 3321; /var/lib/columnstore/data1/000.dir/000.dir/012.dir/249.dir/000.dir/FILE001.cdf; Operation not permitted

~~rw-r~~r- 1 root root 7938048 Sep 15 21:01 FILE003.cdf
~~rw-r~~r- 1 root root 13508608 Sep 15 21:01 FILE002.cdf
~~rw-r~~r- 1 root root 13508608 Sep 15 21:01 FILE001.cdf
~~rw-r~~r- 1 mysql mysql 13508608 Sep 15 21:01 FILE000.cdf
~~rw-r~~r- 1 mysql mysql 2097152 Sep 15 20:57 FILE000.cdf

Daniel Lee (Inactive) added a comment - 2020-09-15 21:19 build tested: 1.5.4-1 (drone #631 Verified that ColumnStore processes are running under 'mysql'user, except: root 13570 2.4 0.7 1392128 47264 ? Ssl 13:28 11:05 /opt/cmapi/python/bin/python3 -m cmapi_server Development confirmed that is per design for now. There is a permission issue for cpimport. During cpimport, if new .cdf files need to be created, the files are created under 'root' user. Therefore, queries would fail. LDI using batch insert seems to be fine. MariaDB [mytest] > select count from t1; ERROR 1815 (HY000): Internal error: An unexpected condition within the query caused an internal processing error within Columnstore. Please check the log files for more details. Additional Information: error in BatchPrimitivePro crit.log Sep 15 21:03:11 localhost PrimProc [13143] : 11.365443 |0|0|0| C 28 CAL0000: thr_popper: Error opening file for OID 3321; /var/lib/columnstore/data1/000.dir/000.dir/012.dir/249.dir/000.dir/FILE001.cdf; Operation not permitted rw-r r - 1 root root 7938048 Sep 15 21:01 FILE003.cdf rw-r r - 1 root root 13508608 Sep 15 21:01 FILE002.cdf rw-r r - 1 root root 13508608 Sep 15 21:01 FILE001.cdf rw-r r - 1 mysql mysql 13508608 Sep 15 21:01 FILE000.cdf rw-r r - 1 mysql mysql 2097152 Sep 15 20:57 FILE000.cdf

Daniel Lee (Inactive) added a comment - 2020-09-15 21:21

As the title of the ticket suggested, cmapi should be running under a non-root user. If we cannot do that for now, we should change the ticket title.

Daniel Lee (Inactive) added a comment - 2020-09-15 21:21 As the title of the ticket suggested, cmapi should be running under a non-root user. If we cannot do that for now, we should change the ticket title.

People

Assignee:: Roman

Reporter:: Roman

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2020-05-20 15:13

Updated:: 2021-01-25 18:17

Resolved:: 2020-09-28 17:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB ColumnStore