Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add MySQL server example #28

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

jkr0103
Copy link
Contributor

@jkr0103 jkr0103 commented May 27, 2022

Add MySQL server example.

How to test:
Please follow the instructions in README.md file.


This change is Reviewable

@jkr0103 jkr0103 changed the title add mysql-server to gramine examples Add mysql-server to gramine examples May 28, 2022
Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: all files reviewed, 28 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ), "Merge branch '" found in commit messages' one-liners (waiting on @jkr0103)


-- commits line 3 at r1:
I suggest a simple Add MySQL server example


-- commits line 11 at r1:
Please never use git merge for PRs


mysql/Makefile line 19 at r1 (raw file):

                -Dlog_level=$(GRAMINE_LOG_LEVEL) \
                -Darch_libdir=$(ARCH_LIBDIR) \
		-Dentrypoint=$(realpath $(shell sh -c "command -v mysqld")) \

Here you have two tabs instead of spaces, please fix


mysql/Makefile line 25 at r1 (raw file):

	gramine-sgx-sign \
                --manifest $< \
                --output $@

We now have a slightly different (and better) way of specifying these Make targets. Please see the example: https://github.com/gramineproject/examples/blob/master/curl/Makefile and apply a similar change here.


mysql/mysqld.manifest.template line 1 at r1 (raw file):

# mysql manifest example

MySQL manifest example (capitalize the name)

Also, please add an empty line after it, to visually separate this top-level comment


mysql/mysqld.manifest.template line 2 at r1 (raw file):

# mysql manifest example
loader.preload = "file:{{ gramine.libos }}" # for compatibility with v1.0

This line can be removed, because Examples now need to be compatible only with v1.2


mysql/mysqld.manifest.template line 10 at r1 (raw file):


loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/lib:/usr/{{ arch_libdir }}"
loader.env.PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Is this envvar really needed? What happens if you remove it?


mysql/mysqld.manifest.template line 17 at r1 (raw file):

sgx.nonpie_binary = true
sgx.enclave_size = "4G"
sys.stack.size = "16M"

Is 16MB really needed? I haven't seen applications that require such huge stacks. Could you try 2MB and 8MB?


mysql/mysqld.manifest.template line 18 at r1 (raw file):

sgx.enclave_size = "4G"
sys.stack.size = "16M"
sgx.thread_num = 64

Why 64 threads? MySQL is multi-threaded and spawns many threads?


mysql/mysqld.manifest.template line 24 at r1 (raw file):

  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
  { path = "/usr", uri = "file:/usr" },

Is this /usr mount point really needed?

If you need this for /usr/lib/mysql/ and /usr/share/mysql-8.0/, then I would like to request to add these two mount points, instead of the generic /usr.


mysql/mysqld.manifest.template line 28 at r1 (raw file):

  { path = "/var/lib/mysql-keyring", uri = "file:/var/lib/mysql-keyring" },
  { path = "/var/run/mysqld", uri = "file:/var/run/mysqld" },
  { path = "/tmp", uri = "file:/tmp" },

Please try { type = "tmpfs", path = "/tmp" },

I am pretty sure it will work, and you won't need sgx.allowed_files = "file:/tmp/" below.


mysql/README.md line 1 at r1 (raw file):

# Mysql example

The correct spelling is MySQL


mysql/README.md line 2 at r1 (raw file):

# Mysql example
# This example is tested with mysql Ver 8.0.29

Please don't use the header (#), just make it a normal sentence. And put a dot at the end.


mysql/README.md line 2 at r1 (raw file):

# Mysql example
# This example is tested with mysql Ver 8.0.29

MySQL version 8.0.29


mysql/README.md line 4 at r1 (raw file):

# This example is tested with mysql Ver 8.0.29

This directory contains an example for running Mysql-Server in Gramine, including

MySQL server in Gramine


mysql/README.md line 7 at r1 (raw file):

the Makefile and a template for generating the manifest.

# Prerequisites Steps

Simply Pre-requisites


mysql/README.md line 9 at r1 (raw file):

# Prerequisites Steps

## Install mysql-server on baremetal:

Please don't use headers (#, ##, ...) but just use something like this:

- Install MySQL server:
```
sudo apt-get install mysql-server
```

- Comment out the log in the config file `/etc/mysql/mysql.conf.d/mysqld.cnf` (to see the log on console)
```
# log_error = /var/log/mysql/error.log
```

- Stop the default MySQL service (we will manually run MySQL process)
```
systemctl stop mysql.service
sudo mkdir /var/run/mysqld && sudo chown -R <current_user>:<current_user> /var/run/mysqld
sudo chown -R <current_user>:<current_user> /var/lib/mysql-files
sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring
```

- Prepare new data directory for MySQL
```
mkdir mysql-data/
```

- Initialize MySQL
```
 mysqld --initialize-insecure --datadir=mysql-data/

___
*[`mysql/README.md` line 17 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OUKMz6PafJcDqt4z1:-N3OUKN-E1zZ7ke7rcHJ:bg5d61m) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L17)):*
> ```Markdown
> ## Stop mysql service, we need to manually run mysql with mysqld:
>     systemctl stop mysql.service
>     sudo mkdir /var/run/mysqld && sudo chown -R <current_user>:<current_user> /var/run/mysqld
> ```

What's the point of this? Must it be exactly `/var/run/mysqld`? What does this path mean to MySQL?
___
*[`mysql/README.md` line 22 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OUVGW1xyE_YYKwO9b:-N3OUVGW1xyE_YYKwO9c:b-peab0) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L22)):*
> ```Markdown
> 
> ## Prepare new data directory:
>     sudo mkdir /tmp/mysql && sudo chown -R <current_user>:<current_user> /tmp/mysql
> ```

Why do you need to call it `/tmp/mysql`? Why not simply `mysql-data/` directory?
___
*[`mysql/README.md` line 26 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OUzCb5DhfK5UfgUf9:-N3OUzCb5DhfK5UfgUfA:b-wl2fse) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L26)):*
> ```Markdown
> ## Add the following 2 lines to /etc/apparmor.d/usr.sbin.mysqld:
>     /tmp/mysql r,
>     /tmp/mysql/** rwk,
> ```

Why are these lines needed? What do they do?
___
*[`mysql/README.md` line 29 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OV3SHD98UW971pjgH:-N3OV3SHD98UW971pjgI:bpn6rj1) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L29)):*
> ```Markdown
> 
> ## Restart apparmor:
>     sudo service apparmor restart
> ```

So MySQL uses AppArmor? For what? Can it be disabled (since Gramine-SGX doesn't trust nor verify AppArmor anyway)?
___
*[`mysql/README.md` line 32 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OVK7w7OjIgblnEqOt:-N3OVK7w7OjIgblnEqOu:bb4fjed) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L32)):*
> ```Markdown
> 
> ## Initialize mysql:
>     mysqld --initialize-insecure --datadir=/tmp/mysql
> ```

Why `initialize-insecure`?
___
*[`mysql/README.md` line 33 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OVM-C4CF3HBQ7ppr_:-N3OVM-C4CF3HBQ7ppra:b-imv824) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L33)):*
> ```Markdown
> ## Initialize mysql:
>     mysqld --initialize-insecure --datadir=/tmp/mysql
>     sudo rm /tmp/mysql/undo*
> ```

What does this do? Why needed?
___
*[`mysql/README.md` line 37 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OVWX45Foy0DqbeAdm:-N3OVWX45Foy0DqbeAdn:bvdc1jt) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L37)):*
> ```Markdown
> # Generating the manifest
> 
> ## Installing prerequisites
> ```

You already described it above, please remove this.
___
*[`mysql/README.md` line 45 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OVRge4bQbB0IOJMt-:-N3OVRge4bQbB0IOJMt0:b-zfl7ub) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L45)):*
> ```Markdown
> ## Building for SGX
> 
> Run `make SGX=1` (non-debug) or `make SGX=1 DEBUG=1` (debug) in the directory.
> ```

This is too verbose. Just use this text as an example: https://github.com/gramineproject/examples/tree/master/pytorch#build
___
*[`mysql/README.md` line 47 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OV_-Y15-kY0ocDoEo:-N3OV_-Y15-kY0ocDoEp:b-8pet53) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L47)):*
> ```Markdown
> Run `make SGX=1` (non-debug) or `make SGX=1 DEBUG=1` (debug) in the directory.
> 
> # Run Mysql with Gramine
> ```

`MySQL`
___
*[`mysql/README.md` line 49 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OV_yp6z6V15dTTGRq:-N3OV_yp6z6V15dTTGRr:b-8pet53) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L49)):*
> ```Markdown
> # Run Mysql with Gramine
> 
> Here's an example of running Mysql under Gramine:
> ```

`MySQL`
___
*[`mysql/README.md` line 59 at r1](https://reviewable.io/reviews/gramineproject/examples/28#-N3OVjT32FVB5HdWfnxV:-N3OVjT32FVB5HdWfnxW:bi0773i) ([raw file](https://github.com/gramineproject/examples/blob/0e5d94b2171d09a2c40f6c10e5d9eda3b6007cc1/mysql/README.md#L59)):*
> ```Markdown
> ```
> gramine-sgx mysqld -u root --datadir /tmp/mysql
> ```
> ```

Please add the stuff that you described in the PR description here, under the new header `Benchmarking`. I'm talking about this stuff:

Connect Client to mysql server: mysql -P 3306 --protocol=tcp -uroot

Execute Sysbench benchmarking:

sudo mysqladmin -h 127.0.0.1 -P 3306 create sbtest

Install sysbench if not installed: sudo apt install -y sysbench

sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest /usr/share/sysbench/oltp_common.lua --tables=10 --table_size=100000 prepare

sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --threads=4 --time=20 --report-interval=5 /usr/share/sysbench/oltp_read_write.lua --tables=10 --table_size=100000 run


But please format it to be more user-friendly.


<!-- Sent from Reviewable.io -->

@jkr0103 jkr0103 changed the title Add mysql-server to gramine examples Add mysql-server to examples Jun 14, 2022
@jkr0103 jkr0103 changed the title Add mysql-server to examples Add MySQL server example Jun 14, 2022
Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 28 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv)


-- commits line 3 at r1:

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

I suggest a simple Add MySQL server example

Done.


-- commits line 11 at r1:

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please never use git merge for PRs

Sure, I will keep that in mind.


mysql/Makefile line 19 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Here you have two tabs instead of spaces, please fix

Done.


mysql/Makefile line 25 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

We now have a slightly different (and better) way of specifying these Make targets. Please see the example: https://github.com/gramineproject/examples/blob/master/curl/Makefile and apply a similar change here.

Done.


mysql/mysqld.manifest.template line 1 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

MySQL manifest example (capitalize the name)

Also, please add an empty line after it, to visually separate this top-level comment

Done.


mysql/mysqld.manifest.template line 2 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

This line can be removed, because Examples now need to be compatible only with v1.2

Done.


mysql/mysqld.manifest.template line 10 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Is this envvar really needed? What happens if you remove it?

removed.


mysql/mysqld.manifest.template line 17 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Is 16MB really needed? I haven't seen applications that require such huge stacks. Could you try 2MB and 8MB?

not required, hence removed.


mysql/mysqld.manifest.template line 18 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Why 64 threads? MySQL is multi-threaded and spawns many threads?

increased to 128 as sysbench failed with 64 threads.


mysql/mysqld.manifest.template line 24 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Is this /usr mount point really needed?

If you need this for /usr/lib/mysql/ and /usr/share/mysql-8.0/, then I would like to request to add these two mount points, instead of the generic /usr.

Done.


mysql/mysqld.manifest.template line 28 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please try { type = "tmpfs", path = "/tmp" },

I am pretty sure it will work, and you won't need sgx.allowed_files = "file:/tmp/" below.

that did not work. MySQL server was unable to create any file in /tmp/mysql-data directory.


mysql/README.md line 1 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

The correct spelling is MySQL

Done.


mysql/README.md line 2 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please don't use the header (#), just make it a normal sentence. And put a dot at the end.

Done.


mysql/README.md line 2 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

MySQL version 8.0.29

Done.


mysql/README.md line 4 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

MySQL server in Gramine

Done.


mysql/README.md line 7 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Simply Pre-requisites

Done.


mysql/README.md line 9 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please don't use headers (#, ##, ...) but just use something like this:

- Install MySQL server:
```
sudo apt-get install mysql-server
```

- Comment out the log in the config file `/etc/mysql/mysql.conf.d/mysqld.cnf` (to see the log on console)
```
# log_error = /var/log/mysql/error.log
```

- Stop the default MySQL service (we will manually run MySQL process)
```
systemctl stop mysql.service
sudo mkdir /var/run/mysqld && sudo chown -R <current_user>:<current_user> /var/run/mysqld
sudo chown -R <current_user>:<current_user> /var/lib/mysql-files
sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring
```

- Prepare new data directory for MySQL
```
mkdir mysql-data/
```

- Initialize MySQL
```
 mysqld --initialize-insecure --datadir=mysql-data/

followed pytorch example README.md and made changes accordingly.


mysql/README.md line 17 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

What's the point of this? Must it be exactly /var/run/mysqld? What does this path mean to MySQL?

MySQL server needs permission to create mysqld.sock file.


mysql/README.md line 22 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Why do you need to call it /tmp/mysql? Why not simply mysql-data/ directory?

Done.


mysql/README.md line 26 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Why are these lines needed? What do they do?

not needed, removed.


mysql/README.md line 29 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

So MySQL uses AppArmor? For what? Can it be disabled (since Gramine-SGX doesn't trust nor verify AppArmor anyway)?

not needed, disabled AppArmor, tried, worked.


mysql/README.md line 32 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Why initialize-insecure?

with this option MySQL server doesn't generate password for root user. Even with secure way MySQL generates one time password, which has to be changes on first login.

Use --initialize for “secure by default” installation (that is, including generation of a random initial root password). In this case, the password is marked as expired and you must choose a new one.

With --initialize-insecure, no root password is generated. This is insecure; it is assumed that you assign a password to the account in timely fashion before putting the server into production use.

Ref: https://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.7/en/data-directory-initialization.html


mysql/README.md line 33 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

What does this do? Why needed?

not needed, removed.


mysql/README.md line 37 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

You already described it above, please remove this.

Done.


mysql/README.md line 45 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

This is too verbose. Just use this text as an example: https://github.com/gramineproject/examples/tree/master/pytorch#build

Done.


mysql/README.md line 47 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

MySQL

Done.


mysql/README.md line 49 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

MySQL

Done.


mysql/README.md line 59 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please add the stuff that you described in the PR description here, under the new header Benchmarking. I'm talking about this stuff:

Connect Client to mysql server: mysql -P 3306 --protocol=tcp -uroot

Execute Sysbench benchmarking:

sudo mysqladmin -h 127.0.0.1 -P 3306 create sbtest

Install sysbench if not installed: sudo apt install -y sysbench

sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest /usr/share/sysbench/oltp_common.lua --tables=10 --table_size=100000 prepare

sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --threads=4 --time=20 --report-interval=5 /usr/share/sysbench/oltp_read_write.lua --tables=10 --table_size=100000 run

But please format it to be more user-friendly.

Done.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r2, all commit messages.
Reviewable status: all files reviewed, 19 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv and @jkr0103)


mysql/mysqld.manifest.template line 10 at r1 (raw file):

Previously, jkr0103 (Jitender Kumar) wrote…

removed.

Sorry, this is wrong. Now you have loader.PATH which is not a recognized-by-Gramine manifest option (Gramine only recognizes loader.env.* options as environment variables).

So if with this change your MySQL workload still works, it means that this whole PATH environment variable is not needed. Which means you can remove this whole line. Please do it.


mysql/mysqld.manifest.template line 22 at r2 (raw file):

  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
  { path = "/usr/sbin/mysqld", uri = "file:/usr/sbin/mysqld" },

If I understand correctly, the {{ entrypoint }} variable will contain exactly this path (/usr/sbin/mysqld). Please replace with this line then:

  { path = "{{ entrypoint }}", uri = "file:{{ entrypoint }}" },

mysql/README.md line 4 at r1 (raw file):

Previously, jkr0103 (Jitender Kumar) wrote…

Done.

Not fully done (still need to Mysql -> MySQL)


mysql/README.md line 7 at r2 (raw file):

the Makefile and a template for generating the manifest.

# Pre-requisites

Please use a second-level title (## Pre-requisites, notice two sharp signs)


mysql/README.md line 10 at r2 (raw file):

- `sudo apt-get install mysql-server` to install MySQL server.
- Comment out the log line `log_error = /var/log/mysql/error.log` in the config file 

You have trailing spaces at the end of some lines. Please fix it in this whole file.


mysql/README.md line 12 at r2 (raw file):

- Comment out the log line `log_error = /var/log/mysql/error.log` in the config file 
 `/etc/mysql/mysql.conf.d/mysqld.cnf` to see the log on console.
- `systemctl stop mysql.service` to stop the default MySQL service .We will manually

... service .We will ... -> ... service. We will ... (remove the space before the dot, and add a space after the dot)


mysql/README.md line 17 at r2 (raw file):

to allow MySQL server to create socket file `mysqld.sock`.
- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-files` to allow MySQL server for 
internal usage.

...for internal usage sounds strange. Maybe rephrase to ...to allow running MySQL server under the current non-root user.


mysql/README.md line 19 at r2 (raw file):

internal usage.
- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring` to allow MySQL server for 
internal usage.

...for internal usage sounds strange. Maybe rephrase to ...to allow running MySQL server under the current non-root user.


mysql/README.md line 20 at r2 (raw file):

- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring` to allow MySQL server for 
internal usage.
- `mysqld --initialize-insecure --datadir=mysql-data/` to initialize data directory.

Could you add a sentence in this bullet point: For details on '--initialize-insecure', please see the https://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.7/en/data-directory-initialization.html page.


mysql/README.md line 20 at r2 (raw file):

- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring` to allow MySQL server for 
internal usage.
- `mysqld --initialize-insecure --datadir=mysql-data/` to initialize data directory.

I don't understand this:

  • During initialization, you specify mysql-data/ as the data directory.
  • But during runtime, you specify /tmp/mysql as the data directory.

How can this work?


mysql/README.md line 22 at r2 (raw file):

- `mysqld --initialize-insecure --datadir=mysql-data/` to initialize data directory.

# Build

Please use a second-level title (## Pre-requisites, notice two sharp signs)


mysql/README.md line 27 at r2 (raw file):

version.

# Run

Please use a second-level title (## Pre-requisites, notice two sharp signs)


mysql/README.md line 33 at r2 (raw file):

- Natively: `mysqld --datadir /tmp/mysql`.
- Gramine w/o SGX: `gramine-direct mysqld -u root --datadir /tmp/mysql`.
- Gramine with SGX: `gramine-sgx mysqld -u root --datadir /tmp/mysql`.

Why do you need to specify -u root here? What happens if you don't specify it?

If there is a particular reason why we need to specify it, please also add a paragraph here with a brief explanation.


mysql/README.md line 35 at r2 (raw file):

- Gramine with SGX: `gramine-sgx mysqld -u root --datadir /tmp/mysql`.

# Testing client connection and running sysbench benchmarking

Please use a second-level title (## Pre-requisites, notice two sharp signs)


mysql/README.md line 35 at r2 (raw file):

- Gramine with SGX: `gramine-sgx mysqld -u root --datadir /tmp/mysql`.

# Testing client connection and running sysbench benchmarking

running sysbench benchmarking -> simply running Sysbench (also capitalize Sysbench)


mysql/README.md line 39 at r2 (raw file):

Run below command from new terminal:

- `mysql -P 3306 --protocol=tcp -uroot` to connect a client to MySQL server.

What is -uroot? Is it the same as -u root? If yes, then please use -u root for uniformity. Also, do you really need to use -uroot at all?


mysql/README.md line 44 at r2 (raw file):

Run Sysbench benchmarking:

- `sudo apt install -y sysbench` to install sysbench.

...to install Sysbench (capitalize)


mysql/README.md line 50 at r2 (raw file):

 create records in test database.
- `sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --time=20 --report-interval=5 oltp_read_write --tables=2 --table_size=100000 --threads=32 run` to
 run the sysbench benchmarks.

...to run the sysbench benchmarks -> ...to run Sysbench benchmarks

Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 19 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)


mysql/mysqld.manifest.template line 10 at r1 (raw file):

Add MySQL server example
removed


mysql/mysqld.manifest.template line 22 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

If I understand correctly, the {{ entrypoint }} variable will contain exactly this path (/usr/sbin/mysqld). Please replace with this line then:

  { path = "{{ entrypoint }}", uri = "file:{{ entrypoint }}" },

Done.


mysql/README.md line 4 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Not fully done (still need to Mysql -> MySQL)

Done.


mysql/README.md line 7 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please use a second-level title (## Pre-requisites, notice two sharp signs)

Done.


mysql/README.md line 10 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

You have trailing spaces at the end of some lines. Please fix it in this whole file.

Done.


mysql/README.md line 12 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

... service .We will ... -> ... service. We will ... (remove the space before the dot, and add a space after the dot)

Done.


mysql/README.md line 17 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

...for internal usage sounds strange. Maybe rephrase to ...to allow running MySQL server under the current non-root user.

Done.


mysql/README.md line 19 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

...for internal usage sounds strange. Maybe rephrase to ...to allow running MySQL server under the current non-root user.

Done.


mysql/README.md line 20 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Could you add a sentence in this bullet point: For details on '--initialize-insecure', please see the https://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.7/en/data-directory-initialization.html page.

Done.


mysql/README.md line 20 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

I don't understand this:

  • During initialization, you specify mysql-data/ as the data directory.
  • But during runtime, you specify /tmp/mysql as the data directory.

How can this work?

it was a typo, corrected to /tmp/mysql-data


mysql/README.md line 22 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please use a second-level title (## Pre-requisites, notice two sharp signs)

Done.


mysql/README.md line 27 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please use a second-level title (## Pre-requisites, notice two sharp signs)

Done.


mysql/README.md line 33 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Why do you need to specify -u root here? What happens if you don't specify it?

If there is a particular reason why we need to specify it, please also add a paragraph here with a brief explanation.

i was required to launch mysqld as non-root user. Other way was to use current user's uid and gid. I am using uid and gid of current user, hence removed -u root flag from the command.


mysql/README.md line 35 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please use a second-level title (## Pre-requisites, notice two sharp signs)

Done.


mysql/README.md line 39 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

What is -uroot? Is it the same as -u root? If yes, then please use -u root for uniformity. Also, do you really need to use -uroot at all?

corrected to -u root. and Yes it's required to connect mysql client as at this point we don't have other user's created, this is admin's job to create different users. Please see the below query results for enquiring users:
mysql> Select user from mysql.user;
+------------------+
| user |
+------------------+
| mysql.infoschema |
| mysql.session |
| mysql.sys |
| root |
+------------------+
4 rows in set (0.00 sec)

mysql>


mysql/README.md line 44 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

...to install Sysbench (capitalize)

Done.


mysql/README.md line 50 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

...to run the sysbench benchmarks -> ...to run Sysbench benchmarks

Done.

Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 19 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)


mysql/README.md line 39 at r2 (raw file):

Previously, jkr0103 (Jitender Kumar) wrote…

corrected to -u root. and Yes it's required to connect mysql client as at this point we don't have other user's created, this is admin's job to create different users. Please see the below query results for enquiring users:
mysql> Select user from mysql.user;
+------------------+
| user |
+------------------+
| mysql.infoschema |
| mysql.session |
| mysql.sys |
| root |
+------------------+
4 rows in set (0.00 sec)

mysql>

and this client connect command is just to test if mysql client is able to connect to MySQL server.

Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 19 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv)


mysql/README.md line 35 at r2 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

running sysbench benchmarking -> simply running Sysbench (also capitalize Sysbench)

Done.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r3, all commit messages.
Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @jkr0103)

a discussion (no related file):
Generally looks good to me (bar a couple small comments). I or someone else will need to test this PR -- that MySQL indeed works -- before final merge.



-- commits line 3 at r1:

Previously, jkr0103 (Jitender Kumar) wrote…

Done.

Looks like you did a rebase to fix this. Please don't do this. I should have mentioned that "we will fix it at the final rebase, after all reviews are done". Just a note for the future.


-- commits line 15 at r3:
? This is not a fixup commit. Please don't rebase in the middle of review. Just a note for the future.


mysql/mysqld.manifest.template line 29 at r3 (raw file):

  { path = "/var/lib/mysql-keyring", uri = "file:/var/lib/mysql-keyring" },
  { path = "/var/run/mysqld", uri = "file:/var/run/mysqld" },
  { path = "/lib/mysql/plugin", uri = "file:/lib/mysql/plugin" },

You didn't have this /lib/mysql/plugin before. MySQL doesn't work without this? Just want to make sure.


mysql/README.md line 21 at r3 (raw file):

 MySQL server under the current non-root user.
- `mysqld --initialize-insecure --datadir=/tmp/mysql-data` to initialize data directory. For
 details on '--initialize-insecure', please see the https://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.7/en/data-directory-initialization.html page.

Please re-wrap to 80 char per line limit.

Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 2 of 3 files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv)

a discussion (no related file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Generally looks good to me (bar a couple small comments). I or someone else will need to test this PR -- that MySQL indeed works -- before final merge.

sure, please try from your side as well.



-- commits line 15 at r3:

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

? This is not a fixup commit. Please don't rebase in the middle of review. Just a note for the future.

Sure, will keep the very first commit of PR with fixeup.


mysql/mysqld.manifest.template line 29 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

You didn't have this /lib/mysql/plugin before. MySQL doesn't work without this? Just want to make sure.

I get following warning without this path in manifest, though MySQL launches successfully:

2022-06-23T13:00:54.594357Z 0 [ERROR] [MY-010986] [Server] Unable to determine CAP_SYS_NICE capability. mysqld: Can't open shared library '/lib/mysql/plugin/component_reference_cache.so' (errno: 2 /lib/mysql/plugin/component_reference_cache.so: cannot open shared object file: No such file or directory) mysqld: Cannot load component from specified URN: 'file://component_reference_cache'


mysql/README.md line 21 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please re-wrap to 80 char per line limit.

Done.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r4, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv)


mysql/mysqld.manifest.template line 29 at r3 (raw file):

Previously, jkr0103 (Jitender Kumar) wrote…

I get following warning without this path in manifest, though MySQL launches successfully:

2022-06-23T13:00:54.594357Z 0 [ERROR] [MY-010986] [Server] Unable to determine CAP_SYS_NICE capability. mysqld: Can't open shared library '/lib/mysql/plugin/component_reference_cache.so' (errno: 2 /lib/mysql/plugin/component_reference_cache.so: cannot open shared object file: No such file or directory) mysqld: Cannot load component from specified URN: 'file://component_reference_cache'

Ok, sounds good. Thanks for explanation.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 5 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)

a discussion (no related file):

Previously, jkr0103 (Jitender Kumar) wrote…

sure, please try from your side as well.

Ok, tried, see my comments.


a discussion (no related file):
On a fresh Ubuntu system, I installed MySQL and did all the prerequisite steps.

Running native MySQL works fine.

Running MySQL under Gramine gave me this:

$ gramine-direct mysqld --datadir /tmp/mysql-data
[P1:T1:] error: error mounting "file:/lib/mysql/plugin" (chroot) under /lib/mysql/plugin: -2
[P1:T1:] error: Error during libos_init() in init_mount (-2)

Removing /lib/mysql/plugin from the manifest.template file helped.


a discussion (no related file):
Running Gramine direct, I cannot connect the MySQL client.

  • In one terminal I start the MySQL server:
$ gramine-direct mysqld --datadir /tmp/mysql-data
... takes some time ...
2022-06-27T09:56:28.822455Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2022-06-27T09:56:28.822607Z 0 [Note] IPv6 is available.
2022-06-27T09:56:28.822762Z 0 [Note]   - '::' resolves to '::';
2022-06-27T09:56:28.822887Z 0 [Note] Server socket created on IP: '::'.
2022-06-27T09:56:28.823552Z 0 [Warning] Insecure configuration for --pid-file: Location '/tmp' in the path is accessible to all OS users. Consider choosing a different directory.
2022-06-27T09:56:28.834381Z 0 [Note] Event Scheduler: Loaded 0 events
2022-06-27T09:56:28.834911Z 0 [Note]
2022-06-27T09:56:28.851255Z 0 [Note] InnoDB: Buffer pool(s) load completed at 220627  9:56:28
... now starts listening on the sock ...
  • In another terminal I start the MySQL client:
$ mysql -P 3306 --protocol=tcp -u root
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

The first terminal (with the MySQL server) prints this error:

2022-06-27T09:56:58.896866Z 2 [Note] Unknown error 1160

What do I do wrong? How to check what's going on?



mysql/README.md line 16 at r3 (raw file):

- `sudo mkdir /var/run/mysqld && sudo chown -R <current_user>:<current_user> /var/run/mysqld`
to allow MySQL server to create socket file `mysqld.sock`.
- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-files` to allow running

This looks unnecessary. You're changing permissions on /var/lib/mysql-files/ directory which is not used at all when MySQL is run with --datadir=/tmp/mysql-data. Please remove this prerequisite.

Or explain to me why it's important.


mysql/README.md line 18 at r3 (raw file):

- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-files` to allow running
 MySQL server under the current non-root user.
- `sudo chown -R <current_user>:<current_user> /var/lib/mysql-keyring` to allow running

This looks unnecessary. You're changing permissions on /var/lib/mysql-keyring/ directory which is not used at all when MySQL is run with --datadir=/tmp/mysql-data. Please remove this prerequisite.

Or explain to me why it's important.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)

a discussion (no related file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Running Gramine direct, I cannot connect the MySQL client.

  • In one terminal I start the MySQL server:
$ gramine-direct mysqld --datadir /tmp/mysql-data
... takes some time ...
2022-06-27T09:56:28.822455Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2022-06-27T09:56:28.822607Z 0 [Note] IPv6 is available.
2022-06-27T09:56:28.822762Z 0 [Note]   - '::' resolves to '::';
2022-06-27T09:56:28.822887Z 0 [Note] Server socket created on IP: '::'.
2022-06-27T09:56:28.823552Z 0 [Warning] Insecure configuration for --pid-file: Location '/tmp' in the path is accessible to all OS users. Consider choosing a different directory.
2022-06-27T09:56:28.834381Z 0 [Note] Event Scheduler: Loaded 0 events
2022-06-27T09:56:28.834911Z 0 [Note]
2022-06-27T09:56:28.851255Z 0 [Note] InnoDB: Buffer pool(s) load completed at 220627  9:56:28
... now starts listening on the sock ...
  • In another terminal I start the MySQL client:
$ mysql -P 3306 --protocol=tcp -u root
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

The first terminal (with the MySQL server) prints this error:

2022-06-27T09:56:58.896866Z 2 [Note] Unknown error 1160

What do I do wrong? How to check what's going on?

Ok, turned out this is the case of a missing sendmsg(MSG_DONTWAIT) handling after Big Sockets Rewrite from @boryspoplawski.

A quick check with a MSG_DONTWAIT patch shows that latest Gramine works again.

Gramine v1.2 (last stable release to date, before the Big Sockets Rewrite) works fine on this example. Resolving my comment.


Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 6 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)


mysql/mysqld.manifest.template line 45 at r4 (raw file):

sgx.allowed_files = [
  "file:/var/run/mysqld/",
  "file:/tmp/",

Please add a comment here that this stores data insecurely, like this:

  "file:/tmp/",         # MySQL data will be stored in plaintext; this is insecure!

mysql/README.md line 16 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

This looks unnecessary. You're changing permissions on /var/lib/mysql-files/ directory which is not used at all when MySQL is run with --datadir=/tmp/mysql-data. Please remove this prerequisite.

Or explain to me why it's important.

Jitender explained offline. Keeping the reply here for history:

/var/lib/mysql-files is used to limit the effect of data import and export operations, see https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_secure_file_priv. This directory must be accessible.

In our example manifest, we only mount this dir (so that the dir can be found by MySQL), but do not mark it as trusted or allowed. So if MySQL would try to perform some import/export, it won't be able to write it to the hard drive anyway. So this is safe and is done purely to allow MySQL to initialize.


mysql/README.md line 18 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

This looks unnecessary. You're changing permissions on /var/lib/mysql-keyring/ directory which is not used at all when MySQL is run with --datadir=/tmp/mysql-data. Please remove this prerequisite.

Or explain to me why it's important.

https://dev.mysql.com/doc/refman/5.7/en/keyring-system-variables.html#sysvar_keyring_file_data

This is used to store (in plaintext!) the master key used to decrypt the data in tables that use InnoDB tablespace encryption.

In our example manifest, we only mount this dir (so that the dir can be found by MySQL), but do not mark it as trusted or allowed. So if MySQL would try to create the master key, it won't be able to write it to the hard drive anyway. So this is safe and is done purely to allow MySQL to initialize.


mysql/README.md line 1 at r4 (raw file):

# MySQL example

Please add an empty line after this.


mysql/README.md line 2 at r4 (raw file):

# MySQL example
This example is tested with MySQL version 8.0.29.

Please change to... is tested with MySQL version 8.0.29. -> ... was tested with MySQL version 8.0.29 and Ubuntu 20.04.


mysql/README.md line 5 at r4 (raw file):

This directory contains an example for running MySQL server in Gramine,
 including the Makefile and a template for generating the manifest.

Please remove a space at the beginning of the line.

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 8 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @jkr0103)

a discussion (no related file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

On a fresh Ubuntu system, I installed MySQL and did all the prerequisite steps.

Running native MySQL works fine.

Running MySQL under Gramine gave me this:

$ gramine-direct mysqld --datadir /tmp/mysql-data
[P1:T1:] error: error mounting "file:/lib/mysql/plugin" (chroot) under /lib/mysql/plugin: -2
[P1:T1:] error: Error during libos_init() in init_mount (-2)

Removing /lib/mysql/plugin from the manifest.template file helped.

So on my Ubuntu 20.04, I have:

$ mysql --version
mysql  Ver 8.0.29-0ubuntu0.20.04.3 for Linux on x86_64 ((Ubuntu))

But I don't have /lib/mysql/plugin path. Instead I have /usr/lib/mysql/plugin:

$ ls /usr/lib/mysql/plugin/
adt_null.so                          component_query_attributes.so   keyring_udf.so      semisync_master.so
auth_socket.so                       component_reference_cache.so    libmemcached.so     semisync_replica.so
component_audit_api_message_emit.so  component_validate_password.so  libpluginmecab.so   semisync_slave.so
component_keyring_file.so            connection_control.so           locking_service.so  semisync_source.so
component_log_filter_dragnet.so      ddl_rewriter.so                 mypluglib.so        validate_password.so
component_log_sink_json.so           group_replication.so            mysql_clone.so      version_token.so
component_log_sink_syseventlog.so    innodb_engine.so                mysql_no_login.so
component_mysqlbackup.so             keyring_file.so                 rewriter.so

In the manifest file, this path /usr/lib/mysql/plugin is already covered by the one-level-up dir /usr/lib/mysql, so there is no need to add it explicitly.

I too get the warning:

mysqld: Can't open shared library '/lib/mysql/plugin/component_reference_cache.so' (errno: 2 /lib/mysql/plugin/component_reference_cache.so: cannot open shared object file: No such file or directory)
mysqld: Cannot load component from specified URN: 'file://component_reference_cache'.  

But MySQL continues running. From quick googling, this looks like some bug in MySQL packaging. I suggest to just remove these lines from the manifest.


a discussion (no related file):
I tested with mysql client and with sysbench. Works fine (with removing /lib/mysql/plugin lines from the manifest).


a discussion (no related file):
This works fine with Gramine v1.2. It doesn't work with the latest Gramine because of the sendmsg(MSG_DONTWAIT) non-implemented functionality. @boryspoplawski will fix this.



mysql/mysqld.manifest.template line 29 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Ok, sounds good. Thanks for explanation.

See my other comment. I don't have this path /lib/mysql/plugin on my Ubuntu 20.04. Let's remove these lines.


mysql/README.md line 11 at r4 (raw file):

- `sudo apt-get install mysql-server` to install MySQL server.
- Comment out the log line `log_error = /var/log/mysql/error.log` in the config
 file `/etc/mysql/mysql.conf.d/mysqld.cnf` to see the log on console.

Could you please indent all such lines under the first - line?

Like this:

- Comment out the log line `log_error = /var/log/mysql/error.log` in the config
  file `/etc/mysql/mysql.conf.d/mysqld.cnf` to see the log on console.

Copy link
Contributor Author

@jkr0103 jkr0103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 of 3 files reviewed, 7 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv)

a discussion (no related file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

So on my Ubuntu 20.04, I have:

$ mysql --version
mysql  Ver 8.0.29-0ubuntu0.20.04.3 for Linux on x86_64 ((Ubuntu))

But I don't have /lib/mysql/plugin path. Instead I have /usr/lib/mysql/plugin:

$ ls /usr/lib/mysql/plugin/
adt_null.so                          component_query_attributes.so   keyring_udf.so      semisync_master.so
auth_socket.so                       component_reference_cache.so    libmemcached.so     semisync_replica.so
component_audit_api_message_emit.so  component_validate_password.so  libpluginmecab.so   semisync_slave.so
component_keyring_file.so            connection_control.so           locking_service.so  semisync_source.so
component_log_filter_dragnet.so      ddl_rewriter.so                 mypluglib.so        validate_password.so
component_log_sink_json.so           group_replication.so            mysql_clone.so      version_token.so
component_log_sink_syseventlog.so    innodb_engine.so                mysql_no_login.so
component_mysqlbackup.so             keyring_file.so                 rewriter.so

In the manifest file, this path /usr/lib/mysql/plugin is already covered by the one-level-up dir /usr/lib/mysql, so there is no need to add it explicitly.

I too get the warning:

mysqld: Can't open shared library '/lib/mysql/plugin/component_reference_cache.so' (errno: 2 /lib/mysql/plugin/component_reference_cache.so: cannot open shared object file: No such file or directory)
mysqld: Cannot load component from specified URN: 'file://component_reference_cache'.  

But MySQL continues running. From quick googling, this looks like some bug in MySQL packaging. I suggest to just remove these lines from the manifest.

removed



mysql/mysqld.manifest.template line 29 at r3 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

See my other comment. I don't have this path /lib/mysql/plugin on my Ubuntu 20.04. Let's remove these lines.

Done.


mysql/mysqld.manifest.template line 45 at r4 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please add a comment here that this stores data insecurely, like this:

  "file:/tmp/",         # MySQL data will be stored in plaintext; this is insecure!

Done.


mysql/README.md line 1 at r4 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please add an empty line after this.

Done.


mysql/README.md line 2 at r4 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please change to... is tested with MySQL version 8.0.29. -> ... was tested with MySQL version 8.0.29 and Ubuntu 20.04.

Done.


mysql/README.md line 5 at r4 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Please remove a space at the beginning of the line.

Done.


mysql/README.md line 11 at r4 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Could you please indent all such lines under the first - line?

Like this:

- Comment out the log line `log_error = /var/log/mysql/error.log` in the config
  file `/etc/mysql/mysql.conf.d/mysqld.cnf` to see the log on console.

Done.

dimakuv
dimakuv previously approved these changes Jun 29, 2022
Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 2 files at r5, all commit messages.
Reviewable status: all files reviewed, all discussions resolved, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel), "fixup! " found in commit messages' one-liners

Copy link

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @jkr0103)

a discussion (no related file):
Add the explicit BSD-3 license, see #90


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants