009a37ee4b
For Pike Milestone 3 we need to fix the SHA's before we release. Change-Id: I471a426442cf6913b21eb21b7e50138557bd6cfd
22 lines
1014 B
YAML
22 lines
1014 B
YAML
---
|
|
issues:
|
|
- |
|
|
MariaDB 10.1+ includes `PrivateDevices=true` in its systemd unit files to
|
|
add extra security around mount namespaces for MariaDB. While this is
|
|
useful when running MariaDB on a bare metal host with other services, it
|
|
is less useful when MariaDB is already in a container with its own
|
|
namespaces. In addition, LXC 2.0.8 presents `/dev/ptmx` as a bind mount
|
|
within the container and systemd 219 (on CentOS 7) cannot make an
|
|
additional bind mount of `/dev/ptmx` when `PrivateDevices` is enabled.
|
|
|
|
Deployers can `galera_disable_privatedevices` to `yes` to set
|
|
`PrivateDevices=false` in the systemd unit file for MariaDB on CentOS 7.
|
|
The default is `no`, which keeps the default systemd unit file settings
|
|
from the MariaDB package.
|
|
|
|
For additional information, refer to the following bugs:
|
|
|
|
* https://bugs.launchpad.net/openstack-ansible/+bug/1697531
|
|
* https://github.com/lxc/lxc/issues/1623
|
|
* https://github.com/systemd/systemd/issues/6121
|